I would be curious to know what you bloker doesn't like in my URLs. :-) Good luck!
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Saturday, March 19, 2005 9:59 PM To: [email protected] Subject: Re: [ActiveDir] Event Log :) Thanks I rechecked the links and they are still blocked in here. u know in here http://www.msexchange.org/ is blocked because it has the word "sex" in the URL! r.c. On Sat, 19 Mar 2005 08:56:03 -0800, Alain Lissoir <[EMAIL PROTECTED]> wrote: > I concur with Joe's reply. > I just want to stress that both approaches are valid: usage of > scripting or usage of an Enterprise Management software (e.g. HPOV, MOM ...). > In the case of Enterprise Management software, some people avoid them > simply because they need to setup that infrastructure to manage the > actual infrastructure, which represent for them an additional cost and > complexity (depending of the size of the enterprise and > infrastructure). On the other hand, even though most large enterprises > have such a software in place, it happens that local admins want to > have a pin-point solution instead of interacting with this type of > software (for political reasons of asking a work item to another team they don't control, for technical reasons, etc ... > Real life has more imagination than we do sometimes). > > Last but not least, these Enterprise Management software often use WMI > behind the scene. For instance, HPOV and Tivoli uses WMI to report > Event Log entries via their agents to their consoles. So even if you > are not a WMI guru, you do use it even if you ignore that it is in the game. > The WMIWatcher script does nothing else than these enterprise > management software currently do. But instead of being a C++ compiled > code, it is just simple WSH script that can be run as a Windows > Service (thanks to SRVANY.EXE from the RESKIT) which is acting like an > agent where the console becomes the email client. Not perfect as you > rely on the infrastructure you monitor to relay alerts (email queues). > This is why these enterprise management solutions often have their own > path and queues to reports alerts. However, the WMIWatcher script is a > foundation that can address some pin-point problems for some people. > Let's say it has the benefit to exist even though it is not a perfect solution. > > I recognize that WMI is not intuitive, but for people passing the > step, it is a very powerful technology to get data out of the system > from scripts or any other software consuming WMI. It offers things you > can't really do with other technologies like ADSI. The aim is of it is just different. > > For the SMTP consumer, you must create a WQL query selecting event log > entries + some typical SMTP parameters. You must also use MOFCOMP to > set it up in WMI. Of course, far from me to push for my business, > there are many literature on WMI in the wild but everything is > explained in my books. ;-) (same link bwloe) > > About the links, I rechecked them and all works fine for me. > > And no worries, I'm not offended. I know that emails don't always > allow to put all shades and colors we would like in the tone! :-) I've > been through this myself. > > HTH > /Alain > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > Sent: Saturday, March 19, 2005 8:47 AM > To: [email protected] > Subject: Re: [ActiveDir] Event Log > > Ops.... I appreciated Alain's input, I was depressed cause it didn't > work from where I am in the world. > I hope Alain is not offended by what I said, how ever if he is my deep > apology, I really appreciate his input. > > thanks. > r.c. > > On Sat, 19 Mar 2005 11:32:46 -0500, joe <[EMAIL PROTECTED]> wrote: > > It is requested by many people. > > > > So many people, in fact, many companies sell software along this > > concept called Event Log Scrapers or monitors. They tend to have an > > agent that picks up the events, ships them onto a console, the > > console then executes some process specified for the specific > > events. You can look at tools such as OpenView, Microsoft Operations > > Manager (MOM), HostMonitor (www.ks-soft.net), etc. There are most > > likely open source projects in the various repositories to do it as > > well. The reason it is a separate process like this is because not > > everyone would want it going to their email. What if the error is > > that email doesn't work like say the smtp queue is backing up? These > > products offer multiple paths to get the info to people or maybe > > just collects it and generates reports from it. Putting and > > configuring all of that logic on each individual server in an > > environment with say thousands or even hundreds or tens of machines > > would be a pain in the butt if feasible at all. That is where the > > beauty of dropping a simple agent on the machines that is the same > > across all machines which shoots the data all to a central place is > > so inviting. If you need to make changes to the > rules you don't have to go manually tweak each machine again. > > > > The OS doesn't really have to provide an exact mechanism to do this > > because it allows you to use something else to get it quite easily > > due to all of the programmatic mechanisms to access the information. > > On the overall scale of things I would like to see the developers of > > MS doing for the OS, built in event log notification emails or > > monitoring isn't really one of them. Lots of other rather large > > things I think that don't have any answers or possibility at the > > moment that I would like to see done because you can't write scripts or programs to do it. > > > > Finally, I think you were a bit rough on Alain. He was simply trying > > to help. I agree that WMI is less than intuitive and I personally > > dislike it and avoid it myself. However if you aren't someone who > > can write code to access the API or aren't a good perl scripter, WMI > > offers the mechansims to do some of the things you may want to do > > and in some cases the only programmatic way to accomplish what you > > want to do (say like reconnect Exchange mailboxes). Additionally > > both of the links Alain mentions below work just fine from where I > > am at in the world. Alain is actually the Microsoft PM for WMI, it > > is rather nice of him to take time out to respond at all. > > > > One item you might want to look at to help you with WMI is a tool > > called the scriptomatic which is a free download from Microsoft. > > > > > > joe > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > > Sent: Saturday, March 19, 2005 7:56 AM > > To: [email protected] > > Subject: Re: [ActiveDir] Event Log > > > > Thanks for your help > > > > am not a WMI girl and you made my life misreable and I couldn't even > > download the WMIWatcher.zip and when I googled for it couldn't find > > it either, and even the http://www.lissware.net was not accessible. > > I will try the SMTP Event Consumer and see how it goes (Since it was > > the only link I could reach). > > > > I thought it is a simple thing requested by many people, have the > > event viewer alarms (specific ones) delivered to thier mailboxes > > instead of checking the event viewer of the servers. > > > > Thanks again > > > > On Fri, 18 Mar 2005 07:21:44 -0800, Alain Lissoir > > <[EMAIL PROTECTED]> wrote: > > > Absolutely! WMI is a good way to do this. > > > The WMIWatcher script does this for you. > > > You can download the the script from > > > http://users.skynet.be/alain.lissoir/temp/WMIWatcher.zip > > > > > > You can find other script samples doing this at > > > http://www.lissware.net (Volume 1 samples): > > > Sample 6.13 - SynchronousEventConsumer.wsf to Sample 6.17 - > > > GenericEventAsyncConsumer.wsf show the basic mechanic to catch > > > events from WMI. > > > > > > and Sample 6.22 to 6.23 - EventLogTimeDiffMonitor.wsf to Sample > > > 6.25 to 6.27 - EventLogTimeDiffMonitorWithNonEvent.wsf show how to > > > catch events from the NT event log and calculate the time between > > > two events (or no event after a timeout). It also sends an email alert. > > > > > > However, you don't necessarily have to run a script to do this. > > > You can also leverage the SMTP Permanent Event Consumer Provider. > > > It requires a MOF file compilation. > > > You can find a sample at http://www.lissware.net (Volume 1 samples): > > > Sample 2.03 - SMTPConsumerInstanceReg.mof For non-WMI people, this > > > will be a bit more complex to setup, however. > > > It described in my WMI books but MSDN has also some information > > > about it at > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/w > > > mi > > > sd > > > k/wmi/ > > > smtpeventconsumer.asp > > > > > > This WMI provider consumes any WMI events and send an SMTP email > > > to a relay of your choice. > > > The WQL query you submit makes the WMI event selection. > > > > > > HTH > > > /Alain > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of joe > > > Sent: Friday, March 18, 2005 12:15 AM > > > To: [email protected] > > > Subject: RE: [ActiveDir] Event Log > > > > > > Just to be specific, event viewer is a simple client tool used to > > > view entries in the event log. It is like notepad reading a file. > > > > > > If you need to get alerts like that, you will need to use a third > > > party tool or script. WMI tends to be good in this space, take a > > > look at some of the WMI web sites or books. > > > > > > joe > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix > > > cube > > > Sent: Monday, March 14, 2005 5:08 AM > > > To: [email protected] > > > Subject: [ActiveDir] Event Log > > > > > > Please is there any way to make the event viewer trigger an email? > > > Thanks > > > r.c. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
