Here is a new script you will need to use in Windows 7/2008 together with "Windows Task Scheduler". The comments on the top of the script should be straightforward to understand how to get an email alert every time an application ERROR event is registered in the Event logs.
'''''''''''''''''''''''''''''''''''''''''''''''
'
' c:\scripts\events\sendEventErrorByEmail.vbs
'
' @Author: Nestor Urquiza
' @Created: 12/14/2011
'
'
' @Description: Alerts a Windows Admin there are errors in Event Viewer.
' It could be scheduled to run every maxMinutes but
' Using it as an action for a custom Scheduled Task with a trigger on event filters:
'
' Task Scheduler Library: Create Task | Triggers | New Trigger | Begin the Task On an Event | Settings Custom | New Event Filter | Event Level Error | By Log | Event Logs | Windows Logs | Application
'
'
'
'
'
'
' @Compatibility: Tested so far in WindowsXP, Vista, 7, 2000, 2003, 2008
'
'
' @Parameters
' 1. A prefix body message in case specific errors are to be sent
' (a combination of batch and eventtriggers will do the trick)
'
'
' @Filters: I am filtering only "Application" events. Change the SQL query if you want to apply a different filter or not filter at all
'
'
'
''''''''''''''''''''''''''''''''''''''''''''''''
'Constants
strSmartHost = "mail.sample.com"
strSmartPort = 25
maxMinutes = 1
strComputer = "."
emailFrom = "donotreply@nestorurquiza.com"
emailTo = "nurquiza@nestorurquiza.com"
'System config
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
Set objSWbemServices = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objSWbemServices.ExecQuery _
("SELECT * FROM Win32_TimeZone")
For Each objTimeZone in colTimeZone
offset = objTimeZone.Bias
Next
'Parameters
Dim strBody
If (Wscript.Arguments.Count > 0) Then
strBody = Wscript.Arguments(0)
End If
'Start date to look for events
dtmDate = DateAdd("n",-maxMinutes,Now())
dateToWMIDateString = Year(dtmDate) & padZeros(Month(dtmDate)) & padZeros(Day(dtmDate)) & padZeros(Hour(dtmDate)) & padZeros(Minute(dtmDate)) & padZeros(Second(dtmDate)) & ".000000" & offset
'Get events matching the query
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}//" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent " _
& "Where Logfile='Application' and Type='Error' and TimeGenerated > '" & dateToWMIDateString & "'" )
'Accumulate all events dates and details
For Each objLogFile in colLogFiles
dtmInstallDate = objLogFile.TimeGenerated
WMIDateStringToDate = CDate(Mid(dtmInstallDate, 5, 2) & "/" & _
Mid(dtmInstallDate, 7, 2) & "/" & Left(dtmInstallDate, 4) _
& " " & Mid (dtmInstallDate, 9, 2) & ":" & _
Mid(dtmInstallDate, 11, 2) & ":" & Mid(dtmInstallDate, _
13, 2))
WMIDateStringToDate = DateAdd("n", offset, WMIDateStringToDate)
details = details & vbCrLf & WMIDateStringToDate & " - [" & _
objLogFile.Type & "] " & _
objLogFile.Message
'Wscript.Echo details
Next
'Send email with details about matching events
If (Not IsNull(details) And details <> "") Then
'Prepare email
Set objEmail = CreateObject("CDO.Message")
objEmail.From = emailFrom
objEmail.To = emailTo
objEmail.Subject = "[" & strComputerName & "] " & "Event Viewer Alert"
If (Not IsNull(strBody) And strBody <> "") Then
objEmail.Textbody = strBody & ". "
End If
objEmail.Textbody = objEmail.Textbody & details
'Custom server
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSmartHost
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = strSmartPort
objEmail.Configuration.Fields.Update
'Send it
objEmail.Send
End If
Function padZeros(dtmDate)
If Len(dtmDate) = 1 Then
padZeros = "0" & dtmDate
Else
padZeros = dtmDate
End If
End Function
BTW you will notice the Event filter contains the below which could give you some hints to research even more powerful ways to control different event alerts:
Here is how to get SSL authentication or TLS Authentication support.
No comments:
Post a Comment