It is requested by many people. So many people, in fact, many companies sell software along this concept called Event Log Scrapers or monitors. They tend to have an agent that picks up the events, ships them onto a console, the console then executes some process specified for the specific events. You can look at tools such as OpenView, Microsoft Operations Manager (MOM), HostMonitor (www.ks-soft.net), etc. There are most likely open source projects in the various repositories to do it as well. The reason it is a separate process like this is because not everyone would want it going to their email. What if the error is that email doesn't work like say the smtp queue is backing up? These products offer multiple paths to get the info to people or maybe just collects it and generates reports from it. Putting and configuring all of that logic on each individual server in an environment with say thousands or even hundreds or tens of machines would be a pain in the butt if feasible at all. That is where the beauty of dropping a simple agent on the machines that is the same across all machines which shoots the data all to a central place is so inviting. If you need to make changes to the rules you don't have to go manually tweak each machine again.
The OS doesn't really have to provide an exact mechanism to do this because it allows you to use something else to get it quite easily due to all of the programmatic mechanisms to access the information. On the overall scale of things I would like to see the developers of MS doing for the OS, built in event log notification emails or monitoring isn't really one of them. Lots of other rather large things I think that don't have any answers or possibility at the moment that I would like to see done because you can't write scripts or programs to do it. Finally, I think you were a bit rough on Alain. He was simply trying to help. I agree that WMI is less than intuitive and I personally dislike it and avoid it myself. However if you aren't someone who can write code to access the API or aren't a good perl scripter, WMI offers the mechansims to do some of the things you may want to do and in some cases the only programmatic way to accomplish what you want to do (say like reconnect Exchange mailboxes). Additionally both of the links Alain mentions below work just fine from where I am at in the world. Alain is actually the Microsoft PM for WMI, it is rather nice of him to take time out to respond at all. One item you might want to look at to help you with WMI is a tool called the scriptomatic which is a free download from Microsoft. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Saturday, March 19, 2005 7:56 AM To: [email protected] Subject: Re: [ActiveDir] Event Log Thanks for your help am not a WMI girl and you made my life misreable and I couldn't even download the WMIWatcher.zip and when I googled for it couldn't find it either, and even the http://www.lissware.net was not accessible. I will try the SMTP Event Consumer and see how it goes (Since it was the only link I could reach). I thought it is a simple thing requested by many people, have the event viewer alarms (specific ones) delivered to thier mailboxes instead of checking the event viewer of the servers. Thanks again On Fri, 18 Mar 2005 07:21:44 -0800, Alain Lissoir <[EMAIL PROTECTED]> wrote: > Absolutely! WMI is a good way to do this. > The WMIWatcher script does this for you. > You can download the the script from > http://users.skynet.be/alain.lissoir/temp/WMIWatcher.zip > > You can find other script samples doing this at > http://www.lissware.net (Volume 1 samples): > Sample 6.13 - SynchronousEventConsumer.wsf to Sample 6.17 - > GenericEventAsyncConsumer.wsf show the basic mechanic to catch events > from WMI. > > and Sample 6.22 to 6.23 - EventLogTimeDiffMonitor.wsf to Sample 6.25 > to 6.27 - EventLogTimeDiffMonitorWithNonEvent.wsf show how to catch > events from the NT event log and calculate the time between two events > (or no event after a timeout). It also sends an email alert. > > However, you don't necessarily have to run a script to do this. > You can also leverage the SMTP Permanent Event Consumer Provider. > It requires a MOF file compilation. > You can find a sample at http://www.lissware.net (Volume 1 samples): > Sample 2.03 - SMTPConsumerInstanceReg.mof For non-WMI people, this > will be a bit more complex to setup, however. > It described in my WMI books but MSDN has also some information about > it at > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisd > k/wmi/ > smtpeventconsumer.asp > > This WMI provider consumes any WMI events and send an SMTP email to a > relay of your choice. > The WQL query you submit makes the WMI event selection. > > HTH > /Alain > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Friday, March 18, 2005 12:15 AM > To: [email protected] > Subject: RE: [ActiveDir] Event Log > > Just to be specific, event viewer is a simple client tool used to view > entries in the event log. It is like notepad reading a file. > > If you need to get alerts like that, you will need to use a third > party tool or script. WMI tends to be good in this space, take a look > at some of the WMI web sites or books. > > joe > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > Sent: Monday, March 14, 2005 5:08 AM > To: [email protected] > Subject: [ActiveDir] Event Log > > Please is there any way to make the event viewer trigger an email? > Thanks > r.c. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
