 ActiveXperts Network Monitor - Home page
 Download ActiveXperts Network Monitor 7.1 (7327 KB - .exe file)
Event Log Monitoring
With the built-in Event Log check, you can do basic Event Log monitoring. You can query a specific Event Log (e.g. Application Log, System Log, etc.) for specifc events.
You can use the following filters:
- Type - Information / Warning / Error / Success Audit / Failure Audit;
- Event Source - The application that generated the event. This can be a standard Windows GUI application, a Windows service, a Windows device driver, etc.;
- Event ID - An ID that identifies the kind of problem. Software packages usually use a list of Event ID's. Each ID identifies the type of event (e.g. the reason for failure, the type of information, etc.);
- Event Category - This string value tells you where the event is related to. For example: 'Installation', 'System Startup', etc.;
- User - The security context under which the application generated the event.
If you need a more complex Event Log monitoring check, you can make use of the VBScript equivalent of the Event Log check.
You can create a VBScript-based Event Log check in the following way:
- Launch the Network Monitor Manager;
- Choose 'New Monitoring Check (VBScript)' from the 'Monitor' menu;
- Select 'EventLog.vbs' from the File selection box, and select 'CheckEventLog' from the Function selection box;
- To load a working sample, click on 'click here' in the Function Parameters group box.
Out of the box, this VBScript check does exactly the same a the built-in Event Log check.
But feel free to modify this script to meet your requirements.
Let's demonstrate this with a small sample.
By default, the Event Log check reports only the number of events that matches the query. This information is also sent in email- and SMS alerts.
However, some users want more detailed information in their notifications, for instance: the event message and the time the event was created.
To accomplish this, you need to open the EventLog.vbs file first:
- Select 'EventLog.vbs' (as described above), and press the 'Edit' button.
Now, replace the checkEventLogWMI function by the following code (this only applies to Network Monitor v.7 scripts):
Function checkEventLogWMI( objWMIService, strLogFile, strEventCode, strSourceName, bErrorWhenFound, BYREF strSysData, BYREF strSysExplanation )
' On Error Resume Next
Dim colLoggedEvents
Dim strQuery
Dim objEvent
checkEventLogWMI = retvalUnknown
strSysExplanation = ""
strSysData = ""
strQuery = "Select * from Win32_NTLogEvent Where Logfile = '" & strLogFile & "'"
If( strSourceName <> "" AND strSourceName <> "*" ) Then
strQuery = strQuery & " AND SourceName='" & strSourceName & "'"
End If
If( strEventCode <> "" AND strEventCode <> "*" ) Then
strQuery = strQuery & " AND EventCode = '" & strEventCode & "'"
End If
Set colLoggedEvents = objWMIService.ExecQuery( strQuery )
If( colLoggedEvents.Count <= 0 ) Then
If( bErrorWhenFound ) Then
checkEventLogWMI = True
Else
checkEventLogWMI = False
End If
strSysData = 0
strSysExplanation = "Event Not Found"
Exit Function
End If
If( bErrorWhenFound ) Then
checkEventLogWMI = False
Else
checkEventLogWMI = True
End If
' Event properties are:
' Category
' CategoryString
' ComputerName
' Data
' EventCode
' EventIdentifier
' EventType
' InsertionStrings
' Logfile
' Message
' RecordNumber
' SourceName
' TimeGenerated
' TimeWritten
' objItem.Type
' objItem.User
For each objEvent in colLoggedEvents
strSysExplanation = "Event Found: " & _
"EventCode=[" & objEvent.EventCode & "]; " & _
"EventType=[" & objEvent.EventType & "]; " & _
"SourceName=[" & objEvent.SourceName & "]; " & _
"Type=[" & objEvent.Type & "]; " & _
"Time=[" & Left( objEvent.TimeGenerated, 14 ) & "]; " & _
"Message=[" & Trim( Replace( Left( objEvent.Message, 100 ), vbCrLf, "" ) ) & "]"
Exit Function
Next
End Function
|
