Here is a new script you will need to use in Windows 7/2008 together with "Windows Task Scheduler". The comments on the top of the script should be straightforward to understand how to get an email alert every time an application ERROR event is registered in the Event logs.
''''''''''''''''''''''''''''''''''''''''''''''' ' ' c:\scripts\events\sendEventErrorByEmail.vbs ' ' @Author: Nestor Urquiza ' @Created: 12/14/2011 ' ' ' @Description: Alerts a Windows Admin there are errors in Event Viewer. ' It could be scheduled to run every maxMinutes but ' Using it as an action for a custom Scheduled Task with a trigger on event filters: ' ' Task Scheduler Library: Create Task | Triggers | New Trigger | Begin the Task On an Event | Settings Custom | New Event Filter | Event Level Error | By Log | Event Logs | Windows Logs | Application ' ' ' ' ' ' ' @Compatibility: Tested so far in WindowsXP, Vista, 7, 2000, 2003, 2008 ' ' ' @Parameters ' 1. A prefix body message in case specific errors are to be sent ' (a combination of batch and eventtriggers will do the trick) ' ' ' @Filters: I am filtering only "Application" events. Change the SQL query if you want to apply a different filter or not filter at all ' ' ' '''''''''''''''''''''''''''''''''''''''''''''''' 'Constants strSmartHost = "mail.sample.com" strSmartPort = 25 maxMinutes = 1 strComputer = "." emailFrom = "donotreply@nestorurquiza.com" emailTo = "nurquiza@nestorurquiza.com" 'System config Set wshShell = WScript.CreateObject( "WScript.Shell" ) strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" ) Set objSWbemServices = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colTimeZone = objSWbemServices.ExecQuery _ ("SELECT * FROM Win32_TimeZone") For Each objTimeZone in colTimeZone offset = objTimeZone.Bias Next 'Parameters Dim strBody If (Wscript.Arguments.Count > 0) Then strBody = Wscript.Arguments(0) End If 'Start date to look for events dtmDate = DateAdd("n",-maxMinutes,Now()) dateToWMIDateString = Year(dtmDate) & padZeros(Month(dtmDate)) & padZeros(Day(dtmDate)) & padZeros(Hour(dtmDate)) & padZeros(Minute(dtmDate)) & padZeros(Second(dtmDate)) & ".000000" & offset 'Get events matching the query Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}//" & _ strComputer & "\root\cimv2") Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent " _ & "Where Logfile='Application' and Type='Error' and TimeGenerated > '" & dateToWMIDateString & "'" ) 'Accumulate all events dates and details For Each objLogFile in colLogFiles dtmInstallDate = objLogFile.TimeGenerated WMIDateStringToDate = CDate(Mid(dtmInstallDate, 5, 2) & "/" & _ Mid(dtmInstallDate, 7, 2) & "/" & Left(dtmInstallDate, 4) _ & " " & Mid (dtmInstallDate, 9, 2) & ":" & _ Mid(dtmInstallDate, 11, 2) & ":" & Mid(dtmInstallDate, _ 13, 2)) WMIDateStringToDate = DateAdd("n", offset, WMIDateStringToDate) details = details & vbCrLf & WMIDateStringToDate & " - [" & _ objLogFile.Type & "] " & _ objLogFile.Message 'Wscript.Echo details Next 'Send email with details about matching events If (Not IsNull(details) And details <> "") Then 'Prepare email Set objEmail = CreateObject("CDO.Message") objEmail.From = emailFrom objEmail.To = emailTo objEmail.Subject = "[" & strComputerName & "] " & "Event Viewer Alert" If (Not IsNull(strBody) And strBody <> "") Then objEmail.Textbody = strBody & ". " End If objEmail.Textbody = objEmail.Textbody & details 'Custom server objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSmartHost objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = strSmartPort objEmail.Configuration.Fields.Update 'Send it objEmail.Send End If Function padZeros(dtmDate) If Len(dtmDate) = 1 Then padZeros = "0" & dtmDate Else padZeros = dtmDate End If End Function
BTW you will notice the Event filter contains the below which could give you some hints to research even more powerful ways to control different event alerts:
Here is how to get SSL authentication or TLS Authentication support.
No comments:
Post a Comment