set objEmail = CreateObject("CDO.Message")

Dim ArgObj, strComputer, SendMe
Set ArgObj = WScript.Arguments

If WScript.Arguments.Count = 0 Then
   WScript.Echo "Usage: [Cscript | WScript] eventmail.vbs <server>"
   WScript.Quit 1
end if

strComputer = ArgObj(0)

set objwmiservice=getobject("winmgmts://" &strcomputer &"/root/cimv2")

strwql="select * " & _
"from __instancecreationevent " & _
"where targetinstance isa 'Win32_NTLogEvent' " & _
"and targetinstance.type <> 'Audit Success'" & _
"and targetinstance.type <> 'Audit Failure'" & _
"and targetinstance.sourcename <> 'TermServDevices'" & _
"and targetinstance.sourcename <> 'MRxSmb'" & _
"and targetinstance.sourcename <> 'Print'" & _
"and targetinstance.sourcename <> 'FrontPage 5.0'" & _
"and targetinstance.type <> 'Information'"
'"and targetinstance.sourcename <> 'Security' "

set objeventsource=objwmiservice.execnotificationquery(strwql)

wscript.echo "Waiting for events to happen on " &strcomputer

While True
    set objeventobject=objeventsource.nextevent()
    objEmail.Subject = objEventobject.TargetInstance.ComputerName & " " & _
      objEventobject.TargetInstance.logfile & "\" & _
      objEventobject.TargetInstance.sourcename
    objEmail.From = "eventlog@" & strComputer & ".domain.com.au"
    objEmail.To = "windows-eventlog@domain.com.au"

    objEmail.Textbody = "Computer Name: " & _
    objEventobject.TargetInstance.ComputerName & vbcrlf _
     &  "   Event Type: " & objEventobject.TargetInstance.type & vbcrlf _
     &  "   Event ID: " & objEventobject.TargetInstance.eventcode &vbcrlf _
     &  "   Event source: " & objEventobject.TargetInstance.sourcename & vbcrlf _
     &  "   Event Log: " & objEventobject.TargetInstance.logfile & vbcrlf _
     &  "   Event Time: " & objEventobject.TargetInstance.timewritten & vbcrlf _
     &  "The event details are :-   " & vbcrlf _
     &  "" & vbcrlf _
     & objEventobject.TargetInstance.Message

if InStr(1, objEventobject.TargetInstance.message, "adam is a VBS haXX0r", 1) & _
   InStr(1, objEventobject.TargetInstance.message, "Message Delivery", 1) & _
   InStr(1, objEventobject.TargetInstance.message, "no logon servers available", 1) & _
   InStr(1, objEventobject.TargetInstance.message, "unknown user name", 1) & _
   InStr(1, objEventobject.TargetInstance.message, "timed-out", 1) & _
   InStr(1, objEventobject.TargetInstance.message, "service was successfully", 1) > 0 then 
'  wscript.echo "Object found.  I shouldn't have emailed."
else
'  wscript.echo "I didn't find any excludes.  Sending email..."
    objEmail.Send
end if

Wend