locked
Event Log scheduling RRS feed

  • Question

  • I am trying to find a way to not necessarily monitor customers' machines (at their requests... business customers), but keep track of system stability remotely and automatically. 

    The kind of information I'm looking for could be found by filtering the event logs to show only errors, warnings and shutdown information (I figure I could probably use the security auditing log to show restarts).  Is there a way to run something like this via command line?  If I could just have a batch file that uploaded this kind of thing to our server regularly by setting up a scheduled task on each PC in a customer's organization, that would work, and then I could just have them imported daily into an Access database for querying.  Unfortunately, I know all of the commands for Task Scheduler to do this, but I have no idea regarding Event Logger.  Also, would the same thing work in Vista, or is it a different set of commands?

    Monday, March 23, 2009 3:34 PM

Answers

  • If you are interested, there is an open source program that will monitor everything, including temperature in your server room.  It is hard to configure, but once you have it up and running, it works great.  It will also send a text message to your cell phone and alert you if something is wrong.  The program is called Nagios.

    http://www.nagios.org/



    Heather Watson
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Wednesday, May 13, 2009 2:46 PM
  • There is a free tool called Log Parser which allows you to extract event log information from the command line.

    http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx

    May be of use.
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Wednesday, April 1, 2009 8:59 AM
  • As Andrei mentions, "MOM" (Now System Center Operations Manager 2007, or SCOM) is a product that can do what you're looking for.

    But if you want a free option, there are some pretty wild things you can do with Windows PowerShell against WMI, polling local and/or remote machines.

    Check out the Win32_ReliabilityStabilityMetrics and Win32_ReliabilityRecords classes (in the ROOT/CIMV2 namespace).

    Here are some PowerShell examples using the Get-WMIObject cmdlet:
    (Note - these are defaulting to target the local machine.  the Get_WMIObject also has a -computer parameter that lets you target a remote machine as well)

    # Get The latest stability index
    get-wmiobject Win32_ReliabilityStabilityMetrics | select -First 1 __SERVER,SystemStabilityIndex

    # Get the last 5 reliability event messages on the local computer
    get-wmiobject Win32_ReliabilityRecords | select -First 5 Message  | format-list * | out-default

    # Breakdown of reliability events - the output is grouped by the Source.
    get-wmiobject Win32_ReliabilityRecords -property @("SourceName", "EventIdentifier") |   group-object -property SourceName,EventIdentifier -noelement |   sort-object -descending Count |   select-object Count,Name |  format-table * | out-default

    -Kevin

    Kevin Remde US IT Evangelism - Microsoft Corporation http://blogs.technet.com/kevinremde
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Monday, April 6, 2009 1:12 PM
  • You can also use psloglist tool that is part of a pstools package form sysinternals. It's a good tool I use it to extract some events of ineterest from event logs of company machines. It's a command line tools so you can easily make a batch script.
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Friday, May 29, 2009 1:59 PM

All replies

  • Hi ,

        We used Hyperic and it proved to be a solid product. But i think Microsoft has a solution Called MOM. I have not had a chance to test it yet but i heard good things about it.

    Regard,

        Andrei C.
    Andrei Cerchia
    Tuesday, March 24, 2009 8:27 PM
  • There is a free tool called Log Parser which allows you to extract event log information from the command line.

    http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx

    May be of use.
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Wednesday, April 1, 2009 8:59 AM
  • As Andrei mentions, "MOM" (Now System Center Operations Manager 2007, or SCOM) is a product that can do what you're looking for.

    But if you want a free option, there are some pretty wild things you can do with Windows PowerShell against WMI, polling local and/or remote machines.

    Check out the Win32_ReliabilityStabilityMetrics and Win32_ReliabilityRecords classes (in the ROOT/CIMV2 namespace).

    Here are some PowerShell examples using the Get-WMIObject cmdlet:
    (Note - these are defaulting to target the local machine.  the Get_WMIObject also has a -computer parameter that lets you target a remote machine as well)

    # Get The latest stability index
    get-wmiobject Win32_ReliabilityStabilityMetrics | select -First 1 __SERVER,SystemStabilityIndex

    # Get the last 5 reliability event messages on the local computer
    get-wmiobject Win32_ReliabilityRecords | select -First 5 Message  | format-list * | out-default

    # Breakdown of reliability events - the output is grouped by the Source.
    get-wmiobject Win32_ReliabilityRecords -property @("SourceName", "EventIdentifier") |   group-object -property SourceName,EventIdentifier -noelement |   sort-object -descending Count |   select-object Count,Name |  format-table * | out-default

    -Kevin

    Kevin Remde US IT Evangelism - Microsoft Corporation http://blogs.technet.com/kevinremde
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Monday, April 6, 2009 1:12 PM
  • If you are interested, there is an open source program that will monitor everything, including temperature in your server room.  It is hard to configure, but once you have it up and running, it works great.  It will also send a text message to your cell phone and alert you if something is wrong.  The program is called Nagios.

    http://www.nagios.org/



    Heather Watson
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Wednesday, May 13, 2009 2:46 PM
  • You can also use psloglist tool that is part of a pstools package form sysinternals. It's a good tool I use it to extract some events of ineterest from event logs of company machines. It's a command line tools so you can easily make a batch script.
    • Marked as answer by Kevin Remde Sunday, May 23, 2010 1:40 PM
    Friday, May 29, 2009 1:59 PM