Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

script to get nofified when certain Event ID occurs in the Event log

Status
Not open for further replies.
scriptnewbie

scriptnewbie

IS-IT--Management
Jul 22, 2005
16
US
Hi,
I was wondering if it was possible to write a script to send out a notification (via email) when certain event ID occurs with the computers in the network. Any response would be much appreciated.
 
Sort by date Sort by votes
Hi,

The following script will listen to your local system and then send a mail when eventid 0 occurs.

Change strComputer = "." to strComputer = "MyHost" to listen to a remote machine.

Change TargetInstance.EventIdentifier = '0' to the number of the EventID you wish to trap.

Also you will need the IP address of an available SMTP mail server to use this script - enter this in the correct place in the script.

Cheers - S

***********************************************************

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" & _
strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("Select * from __InstanceCreationEvent within 5 where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventIdentifier = '0'")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Message = Message & chr(13) & "Record No.: " & objLatestEvent.TargetInstance.RecordNumber
Message = Message & chr(13) & "Event ID: " & objLatestEvent.TargetInstance.EventCode
Message = Message & chr(13) & "Time: " & objLatestEvent.TargetInstance.TimeWritten
Message = Message & chr(13) & "Source: " & objLatestEvent.TargetInstance.SourceName
Message = Message & chr(13) & "Category: " & objLatestEvent.TargetInstance.CategoryString
Message = Message & chr(13) & "Event Type: " & objLatestEvent.TargetInstance.Type
Message = Message & chr(13) & "Computer: " & objLatestEvent.TargetInstance.ComputerName
Message = Message & chr(13) & "User: " & objLatestEvent.TargetInstance.User
Message = Message & chr(13) & "Text: " & objLatestEvent.TargetInstance.Message

Set objEmail = CreateObject("CDO.Message")
objEmail.From = "MyFromAddress@Somewhere.com"
objEmail.Replyto = "MyFromAddress@Somewhere.com"
objEmail.To = "sendtoyou@mail.com"
objEmail.Subject = "Event Log"
objEmail.Textbody = Message
objEmail.Configuration.Fields.Item (" = 2
objEmail.Configuration.Fields.Item (" = "<ip address of SMTP server>"
objEmail.Configuration.Fields.Item (" = 25
objEmail.Configuration.Fields.Update
objEmail.Send
Loop
 
Upvote 0 Downvote
Hi Sunny4ever,

I changed the following then ran the script to capture this event ID 1. I created this event ID 1 on the remote system. when I run the script, a windows with error message "the remote procedure call failed" at line 8 character 3.
Here is my changed script:

EventIdentifier =1 (since I want to test trapping this event ID)
Strcomputer ="Blue"
Ip address =my SMTP server ip address
I also changed
objEmail.From = "myemail@mydomain.com"
objEmail.Replyto = "myemail@mydomain.com"
objEmail.To = "myemail@mydomain.com"

Thanks

 
Upvote 0 Downvote
scriptnewbie, post your entire script if you want help troubleshooting it.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
My first question would be what OS and Service Pack are you running on the remote machine?

Secondly are you running the script under an account with Admin rights on the remote machine?
 
Upvote 0 Downvote
To Markdmac,
I used entire script provided by Sunny4ever in his first reply. I just changed those entries according to his suggestions.
strComputer = "blue"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" & _
strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("Select * from __InstanceCreationEvent within 5 where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventIdentifier = '1'")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Message = Message & chr(13) & "Record No.: " & objLatestEvent.TargetInstance.RecordNumber
Message = Message & chr(13) & "Event ID: " & objLatestEvent.TargetInstance.EventCode
Message = Message & chr(13) & "Time: " & objLatestEvent.TargetInstance.TimeWritten
Message = Message & chr(13) & "Source: " & objLatestEvent.TargetInstance.SourceName
Message = Message & chr(13) & "Category: " & objLatestEvent.TargetInstance.CategoryString
Message = Message & chr(13) & "Event Type: " & objLatestEvent.TargetInstance.Type
Message = Message & chr(13) & "Computer: " & objLatestEvent.TargetInstance.ComputerName
Message = Message & chr(13) & "User: " & objLatestEvent.TargetInstance.User
Message = Message & chr(13) & "Text: " & objLatestEvent.TargetInstance.Message

Set objEmail = CreateObject("CDO.Message")
Ip address =my SMTP server ip address
objEmail.From = "myemail@mydomain.com"
objEmail.Replyto = "myemail@mydomain.com"
objEmail.To = "myemail@mydomain.com"
objEmail.Subject = "Event Log"
objEmail.Textbody = Message
objEmail.Configuration.Fields.Item = 2
objEmail.Configuration.Fields.Item = "<my SMTP server IP address>"
objEmail.Configuration.Fields.Item = 25
objEmail.Configuration.Fields.Update
objEmail.Send
Loop


To Sunny4ever,
All my PCs have XP pro SP2. I ran the script with Admin account. I am not sure if I had to run the script on the remote machine or my local machine. "Secondly are you running the script under an account with Admin rights on the remote machine?". I ran the script on my local machine and it did not work.

Thanks a lot for input.

 
Upvote 0 Downvote
OK, so if it is failing on line 8 that is:
Set objLatestEvent = colMonitoredEvents.NextEvent

Take a look above that line and you will see that you need to put an "&" before the line starting with ("Select.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Sorry markdmac but that is not the problem. Aside from having put a space in the ipaddress variable which will cause this to fail I think it may be something to do with XP SP2.

Do you have the firewall enabled?
 
Upvote 0 Downvote
I know (100%) my firewall is not an issue because I am able to run many different script/batch files successfully.
To reenfored Sunny's point, I placed a (&) in front of ("SELECT...) and it complained about that. That is not a solution. But thanks though Markdmac!
 
Upvote 0 Downvote
[1]
[tt]>objEmail.Configuration.Fields.Item = 2
>objEmail.Configuration.Fields.Item = "<my SMTP server IP address>"
>objEmail.Configuration.Fields.Item = 25[/tt]
Do you see the difference with what originally suggested? You cannot spare the apprently strange " etc namespace things. Literally stick to them and then modified only the right-hand-side of the equal sign as needed.

[2]
>line 8 character 3.
What is line 8?

[3]
> I am not sure if I had to run the script on the remote machine or my local machine
You have to run from a machine binding to a (remote/local) machine named "blue" as you specified in the strComputer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

S
  • Question
Need to submit page when clicking a checkbox
Replies
0
Views
83
shbr5413
S
bdwilcox
  • Locked
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
580
bdwilcox
bdwilcox
bdwilcox
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
866
SoftwareRT
SoftwareRT
Don Child
  • Locked
  • Question
Oracle connection works while debugging in VBSEdit, but not when run from the command line. 1
Replies
2
Views
184
Don Child
Don Child
Alexvb6
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
148
Alexvb6
Alexvb6

Part and Inventory Search

Sponsor

Back
Top