I concur with Joe's reply. I just want to stress that both approaches are valid: usage of scripting or usage of an Enterprise Management software (e.g. HPOV, MOM ...). In the case of Enterprise Management software, some people avoid them simply because they need to setup that infrastructure to manage the actual infrastructure, which represent for them an additional cost and complexity (depending of the size of the enterprise and infrastructure). On the other hand, even though most large enterprises have such a software in place, it happens that local admins want to have a pin-point solution instead of interacting with this type of software (for political reasons of asking a work item to another team they don't control, for technical reasons, etc ... Real life has more imagination than we do sometimes).
Last but not least, these Enterprise Management software often use WMI behind the scene. For instance, HPOV and Tivoli uses WMI to report Event Log entries via their agents to their consoles. So even if you are not a WMI guru, you do use it even if you ignore that it is in the game. The WMIWatcher script does nothing else than these enterprise management software currently do. But instead of being a C++ compiled code, it is just simple WSH script that can be run as a Windows Service (thanks to SRVANY.EXE from the RESKIT) which is acting like an agent where the console becomes the email client. Not perfect as you rely on the infrastructure you monitor to relay alerts (email queues). This is why these enterprise management solutions often have their own path and queues to reports alerts. However, the WMIWatcher script is a foundation that can address some pin-point problems for some people. Let's say it has the benefit to exist even though it is not a perfect solution. I recognize that WMI is not intuitive, but for people passing the step, it is a very powerful technology to get data out of the system from scripts or any other software consuming WMI. It offers things you can't really do with other technologies like ADSI. The aim is of it is just different. For the SMTP consumer, you must create a WQL query selecting event log entries + some typical SMTP parameters. You must also use MOFCOMP to set it up in WMI. Of course, far from me to push for my business, there are many literature on WMI in the wild but everything is explained in my books. ;-) (same link bwloe) About the links, I rechecked them and all works fine for me. And no worries, I'm not offended. I know that emails don't always allow to put all shades and colors we would like in the tone! :-) I've been through this myself. HTH /Alain -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Saturday, March 19, 2005 8:47 AM To: [email protected] Subject: Re: [ActiveDir] Event Log Ops.... I appreciated Alain's input, I was depressed cause it didn't work from where I am in the world. I hope Alain is not offended by what I said, how ever if he is my deep apology, I really appreciate his input. thanks. r.c. On Sat, 19 Mar 2005 11:32:46 -0500, joe <[EMAIL PROTECTED]> wrote: > It is requested by many people. > > So many people, in fact, many companies sell software along this > concept called Event Log Scrapers or monitors. They tend to have an > agent that picks up the events, ships them onto a console, the console > then executes some process specified for the specific events. You can > look at tools such as OpenView, Microsoft Operations Manager (MOM), > HostMonitor (www.ks-soft.net), etc. There are most likely open source > projects in the various repositories to do it as well. The reason it > is a separate process like this is because not everyone would want it > going to their email. What if the error is that email doesn't work > like say the smtp queue is backing up? These products offer multiple > paths to get the info to people or maybe just collects it and > generates reports from it. Putting and configuring all of that logic > on each individual server in an environment with say thousands or even > hundreds or tens of machines would be a pain in the butt if feasible > at all. That is where the beauty of dropping a simple agent on the > machines that is the same across all machines which shoots the data > all to a central place is so inviting. If you need to make changes to the rules you don't have to go manually tweak each machine again. > > The OS doesn't really have to provide an exact mechanism to do this > because it allows you to use something else to get it quite easily due > to all of the programmatic mechanisms to access the information. On > the overall scale of things I would like to see the developers of MS > doing for the OS, built in event log notification emails or monitoring > isn't really one of them. Lots of other rather large things I think > that don't have any answers or possibility at the moment that I would > like to see done because you can't write scripts or programs to do it. > > Finally, I think you were a bit rough on Alain. He was simply trying > to help. I agree that WMI is less than intuitive and I personally > dislike it and avoid it myself. However if you aren't someone who can > write code to access the API or aren't a good perl scripter, WMI > offers the mechansims to do some of the things you may want to do and > in some cases the only programmatic way to accomplish what you want to > do (say like reconnect Exchange mailboxes). Additionally both of the > links Alain mentions below work just fine from where I am at in the > world. Alain is actually the Microsoft PM for WMI, it is rather nice > of him to take time out to respond at all. > > One item you might want to look at to help you with WMI is a tool > called the scriptomatic which is a free download from Microsoft. > > > joe > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > Sent: Saturday, March 19, 2005 7:56 AM > To: [email protected] > Subject: Re: [ActiveDir] Event Log > > Thanks for your help > > am not a WMI girl and you made my life misreable and I couldn't even > download the WMIWatcher.zip and when I googled for it couldn't find it > either, and even the http://www.lissware.net was not accessible. > I will try the SMTP Event Consumer and see how it goes (Since it was > the only link I could reach). > > I thought it is a simple thing requested by many people, have the > event viewer alarms (specific ones) delivered to thier mailboxes > instead of checking the event viewer of the servers. > > Thanks again > > On Fri, 18 Mar 2005 07:21:44 -0800, Alain Lissoir > <[EMAIL PROTECTED]> wrote: > > Absolutely! WMI is a good way to do this. > > The WMIWatcher script does this for you. > > You can download the the script from > > http://users.skynet.be/alain.lissoir/temp/WMIWatcher.zip > > > > You can find other script samples doing this at > > http://www.lissware.net (Volume 1 samples): > > Sample 6.13 - SynchronousEventConsumer.wsf to Sample 6.17 - > > GenericEventAsyncConsumer.wsf show the basic mechanic to catch > > events from WMI. > > > > and Sample 6.22 to 6.23 - EventLogTimeDiffMonitor.wsf to Sample 6.25 > > to 6.27 - EventLogTimeDiffMonitorWithNonEvent.wsf show how to catch > > events from the NT event log and calculate the time between two > > events (or no event after a timeout). It also sends an email alert. > > > > However, you don't necessarily have to run a script to do this. > > You can also leverage the SMTP Permanent Event Consumer Provider. > > It requires a MOF file compilation. > > You can find a sample at http://www.lissware.net (Volume 1 samples): > > Sample 2.03 - SMTPConsumerInstanceReg.mof For non-WMI people, this > > will be a bit more complex to setup, however. > > It described in my WMI books but MSDN has also some information > > about it at > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmi > > sd > > k/wmi/ > > smtpeventconsumer.asp > > > > This WMI provider consumes any WMI events and send an SMTP email to > > a relay of your choice. > > The WQL query you submit makes the WMI event selection. > > > > HTH > > /Alain > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of joe > > Sent: Friday, March 18, 2005 12:15 AM > > To: [email protected] > > Subject: RE: [ActiveDir] Event Log > > > > Just to be specific, event viewer is a simple client tool used to > > view entries in the event log. It is like notepad reading a file. > > > > If you need to get alerts like that, you will need to use a third > > party tool or script. WMI tends to be good in this space, take a > > look at some of the WMI web sites or books. > > > > joe > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > > Sent: Monday, March 14, 2005 5:08 AM > > To: [email protected] > > Subject: [ActiveDir] Event Log > > > > Please is there any way to make the event viewer trigger an email? > > Thanks > > r.c. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
