Windows Event Monitoring Script
This script emails filtered events to an administrator as the event log records them.
January 11, 2004
[Share your scripting discoveries, comments, problems, solutions, and experiences with products. Email your contributions (500 words or less) to [email protected]. We edit submissions for style, grammar, and length. If we print your submission, you'll get $100.]
Sometimes when you're monitoring a server, you want to ignore certain events. For example, when I'm monitoring a Microsoft Exchange Server system, I prefer to ignore the Norton Antivirus for Exchange event. I wrote the script that Listing 1, page 16, shows to monitor crucial events such as Warning and Error events and to exclude Audit Success, Audit Failure, and Information events. The script emails filtered events to an administrator. Web Figure 1 (http://www.winnetmag.com/windows scripting, InstantDoc ID 41197) shows a sample email message.
The script will fail and generate the Access Denied error message if you ask it to monitor the machine from which you're running it. You need to run the script from a machine that's running Windows XP or Windows 2000, with Microsoft IIS SMTP and the Windows Management Instrumentation (WMI) service. In addition, you need administrative privileges on the remote system you want to monitor, and that remote system must also be running the WMI service.
When you start the script, it prompts you for a server name. The script then monitors that server indefinitely for event occurrences. (If you don't enter a computer name, the script tries to connect to the local PC and you receive the Access Denied error message.) To stop the script, you can go to the Task Manager's Processes tab, select wscript.exe, and click End Process.
Using this script saves time and increases productivity. I no longer have to log on to the server, filter the event logs to review specific events, or copy error messages to search for solutions to problems. I don't need to review the Event Viewer for particular logs because the filtered crucial event logs come to my Inbox, so I can take immediate action.
—Santhosh H.
[email protected]
About the Author
You May Also Like