Hmm, I am not doing CSV of event log, I am doing dump (default is tab delimited but it is configurable) of all registered event messages on a given machine (remote or local).
So for instance, when your monitoring person comes to you and says, what events do you want to be alerted on on machine X and you sit and think, well what events are there for machine X? You have a way to get an answer. Also I am trying to ascertain the severity of the messages as well which I haven't seen done anywhere based on the message ids. It isn't guaranteed to be set and even if it is it isn't guaranteed to be accurate once it hits the event log but at least it is a start. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Tuesday, June 07, 2005 9:15 PM To: [email protected] Subject: RE: [ActiveDir] Q about Site Link Bridging I was very very close to adding that (CSV of event log) to repadmin ... after /csv for /showrepl we were pretty much sold ... It's funny, when I read CSV, I think excel? Cheers, Brett Shirley posting "AS IS" ... On Tue, 7 Jun 2005, joe wrote: > LOL. > > I'll work on tools you can pay for. :o) > > At the moment I am working on a tool to dump all registered event log > IDs and messages of a given machine. Trying to decide if it should be > a freebie or a for pay. As you may guess I have been working on some > monitoring type apps and when I decided I wanted a nice CSV listing of > all messageids and severity levels I found a dearth of tools to do it. > At the moment I can dump all event messages on a local machine in > about 1.5 seconds, remote machines are slower depending on network speeds and number of messages. > > Output looks something like this (Tab delimited) at the moment > > Internal_ID Event_ID Severity Message Resource_File > Source(s) > "2147811364" "36" "WARN" "An inconsistency in the state information > for disk set %2 was fixed." "e:\windows\system32\drivers\ftdisk.sys" > "System\ftdisk" > "2147811367" "39" "WARN" "Disk %2 has FT disk information that is > being superseded by FT registry information." > "e:\windows\system32\drivers\ftdisk.sys" "System\ftdisk" > "3221553153" "1" "ERROR" "An unrecoverable bad sector failure > occurred on disk set %2.\nData is still readable on the redundant copy." > "e:\windows\system32\drivers\ftdisk.sys" "System\ftdisk" > "3221553158" "6" "ERROR" "One of the devices that is part of disk set > %2 has failed and will no\nlonger be used." > "e:\windows\system32\drivers\ftdisk.sys" "System\ftdisk" > "3221553159" "7" "ERROR" "Disk set %2 is disabled because one or more > of its members are missing\nor invalid." > "e:\windows\system32\drivers\ftdisk.sys" "System\ftdisk" > "3221553162" "10" "ERROR" "An unrecoverable sector failure occurred on > accesses to both copies of the\ndata on disk set %2." > "e:\windows\system32\drivers\ftdisk.sys" "System\ftdisk" > > It has been a hoot, been finding silly "mistakes" all over, have a > blog entry on it in fact. > > Also I am finalizing work on a tool for safely managing the ACL on the > deleted objects container. > > Anyway, I will look at building an update monitoring tool for the > joeware site. > > I am trying to figure out what it will take for Quest to buy me out > for 10+ million, they are buying everything else. :o) > > joe > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, June 07, 2005 8:15 PM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > Sooooo.... The real question is when are you going to have the > functionality available as a joeware tool? > > Remember - I've offered money before for your utils - offer still > stands [1]. But, I'm not quite equipped to be the sole benefactor of > your first 7-digit accumulation, old buddy. ;o) > > Rick > > [1] In other words - Get Crackin'! > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Tuesday, June 07, 2005 5:11 PM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > Yep, I like it myself. Starting writing the first version of it about > 2 weeks after I loaded my first domain controller back in like > 1999/2000. I got sick of doing windiff of two manual dumps right quick. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, June 07, 2005 5:08 PM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > Sorry I wasn't more clear, joe. Yep, I meant the tool. I knew what > you were changing - that wasn't a real mystery. But the tool that > showed the cause and effect is really quite cool. > > Nice little bit of a 'before and after'. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Tuesday, June 07, 2005 3:23 PM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > Err for what in particular? > > If you mean the little process below that watched the changes to the > directory and dumped them to the screen. That version of the tool I > can't share, I actually wrote that specific version on the corporate > dime. It is a a nicely cleaned up version of something else I wrote to > do this stuff previously though. I will think about writing up another > tool on my dime to do it that can be publicly available. I won't > release the original tool as it is a train wreck for usability, I > found myself looking at the source more often than not trying to > remember how to do things with it and I don't need those email > headache questions for a tool that isn't designed to be user friendly. > :o) > > Overall though, it is extremely useful functionality and I have used > that functionality multiple times the last 5 years to find issues and > bugs with AD based programs. :o) Basically it simply implements > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad > /polli > ng_for_changes_using_usnchanged.asp > > For those that work for the same company that I work work for that are > interested, there will be a KB available shortly concerning this tool. > > > If you mean, how do you set that value from the command line, you can > use admod with a simple update command but the tricky part is the fact > that it isn't an absolute value, it is a bit flag and you should be > aware of what is already set before overwriting it. I have a change I > am working on for a future version of admod that will help with that, > but it is a ways out still. > > joe > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, June 07, 2005 2:33 AM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > joe, > > Toss a command line out there for this. Some might be interested in > how you collected this - now that we kno what flags we're looking for! > > Thx! > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Monday, June 06, 2005 11:53 PM > To: [email protected] > Subject: RE: [ActiveDir] Q about Site Link Bridging > > When you right click IP and select Properties and UNCHECK "Bridge all > site links", the attribute options gets bit 1 (value=2^1=2) set on the > object CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,<root DN>. > > If you CHECK that checkbox, bit 1 gets cleared. > > Basically Bit 1 is for bridge all site links. Default is cleared bit 1 > meaning Bridge all. Set bit 1 means don't bridge. > > > Bit 0 (2^0=1) is for Ignore schedules. Default is cleared bit 0 > meaning don't ignore. Set bit 0 to ignore. > > > > Clearing checkbox > ================== > > Updates between Tue Jun 7 00:45:00 2005 - Tue Jun 7 00:45:02 2005 > Retrieving CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=joe,DC=com...OK... > > UPDATE: CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=joe,DC=com > <GUID=65c6193a130e4245ad7d09b0a2fbb11c> > UPD options: (0) -> (2) > UPD uSNChanged: (2501219) -> (2501221) > UPD whenChanged: (20050607044358.0Z) -> (20050607044501.0Z) > > ------------------------------------------------- > > > > Setting checkbox > ================ > > Searching for Updates: 2501222/2501222...OK... > Pushing DN (<GUID=65c6193a130e4245ad7d09b0a2fbb11c>) into list to > retrieve updates... > Retrieving 1 updated DN(s)... > ------------------------------------------------- > Updates between Tue Jun 7 00:45:08 2005 - Tue Jun 7 00:45:09 2005 > Retrieving CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=joe,DC=com...OK... > > UPDATE: CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=joe,DC=com > <GUID=65c6193a130e4245ad7d09b0a2fbb11c> > UPD options: (2) -> (0) > UPD uSNChanged: (2501221) -> (2501222) > UPD whenChanged: (20050607044501.0Z) -> (20050607044509.0Z) > > ------------------------------------------------- > Get highestCommittedUSN...OK...(2501222)...Sleeping 1..(Tue Jun 7 > 00:45:12 2005).. > > > joe > > > > > Copyright 2005 joe :o) > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer > Sent: Tuesday, June 07, 2005 12:27 AM > To: [email protected] > Subject: [ActiveDir] Q about Site Link Bridging > > Hi guys, > > When, in AD Sites and Services MMC Snapin, one unchecks the "bridge > all site links" checkbox, what gets updated in the directory? > > >>From what I can tell, this is stored in the Options attribute of: > cn=NTDS Settings,cn=<site name>,cn=sites,cn=configuration,dc=<domain > name> and we do an: <existing options> OR &H10 to disable automatic > generation of inter-site links. We'd need to do this for each site. Is > this correct? Or is there some global attribute that gets set instead > that I'm missing in my research? > > TIA! > > Cheers > Ken > > -- > IIS Stuff: www.adOpenStatic.com/cs/blogs/ken/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
