You are here:
ActiveXperts.com > Support > ActiveXperts Network Monitor > Online > Event Log Monitoring
Quicklinks
- Download ActiveXperts Network Monitor 7.3 (20418 KB)
- Download Manual (359 KB)
- Screenshots - Product image gallery
Event Log Monitoring
With the built-in Event Log check, you can do basic Event Log monitoring. You can query a specific Event Log (e.g. Application Log, System Log, etc.) for specifc events. You can use the following filters:
- Type - Information / Warning / Error / Success Audit / Failure Audit;
- Event Source - The application that generated the event. This can be a standard Windows GUI application, a Windows service, a Windows device driver, etc.;
- Event ID - An ID that identifies the kind of problem. Software packages usually use a list of Event ID's. Each ID identifies the type of event (e.g. the reason for failure, the type of information, etc.);
- Event Category - This string value tells you where the event is related to. For example: 'Installation', 'System Startup', etc.;
- User - The security context under which the application generated the event.
If you need a more complex Event Log monitoring check, you can make use of the VBScript equivalent of the Event Log check.
You can create a VBScript-based Event Log check in the following way:
- Launch the Network Monitor Manager;
- Choose 'New Monitoring Check (VBScript)' from the 'Monitor' menu;
- Select 'EventLog.vbs' from the File selection box, and select 'CheckEventLog' from the Function selection box;
- To load a working sample, click on 'click here' in the Function Parameters group box.
Out of the box, this VBScript check does exactly the same a the built-in Event Log check. But feel free to modify this script to meet your requirements.
Let's demonstrate this with a small sample.
By default, the Event Log check reports only the number of events that matches the query. This information is also sent in email- and SMS alerts. However, some users want more detailed information in their notifications, for instance: the event message and the time the event was created.
To accomplish this, you need to open the EventLog.vbs file first:
- Select 'EventLog.vbs' (as described above), and press the 'Edit' button.
Add the lines marked in green to the script:
Function checkEventLogWMI( objWMIService, strComputer, strLogFile, strEventCode, strSourceName, bErrorWhenFound, BYREF strSysData, BYREF strSysExplanation )
Dim colLoggedEvents
Dim strQuery
Dim objEvent
checkEventLogWMI = retvalUnknown
strSysExplanation = ""
strSysData = ""
' strQuery = "Select * from Win32_NTLogEvent Where Logfile = '" & strLogFile & "' and " & "EventCode = '" & numEventCode & "' and SourceName='" & strSourceName & "'"
' strQuery = "Select * from Win32_NTLogEvent Where Logfile = '" & strLogFile & "' and " & "EventCode = '" & numEventCode & "'"
strQuery = "Select * from Win32_NTLogEvent Where Logfile = '" & strLogFile & "'"
If( strSourceName <> "" AND strSourceName <> "*" ) Then
strQuery = strQuery & " AND SourceName='" & strSourceName & "'"
End If
If( strEventCode <> "" AND strEventCode <> "*" ) Then
strQuery = strQuery & " AND EventCode = '" & strEventCode & "'"
End If
On Error Resume Next
Set colLoggedEvents = objWMIService.ExecQuery( strQuery )
If( Err.Number <> 0 ) Then
strSysData = ""
strSysExplanation = "Unable to query WMI on computer [" & strComputer & "]"
Exit Function
End If
If( colLoggedEvents.Count <= 0 ) Then
If( bErrorWhenFound ) Then
checkEventLogWMI = True
Else
checkEventLogWMI = False
End If
strSysData = 0
strSysExplanation = "Event Not Found"
Exit Function
End If
On Error Goto 0
If( bErrorWhenFound ) Then
checkEventLogWMI = False
Else
checkEventLogWMI = True
End If
strSysData = colLoggedEvents.Count
For each objEvent in colLoggedEvents
strSysExplanation = "Event Found: " & _
"EventCode=[" & objEvent.EventCode & "]; " & _
"EventType=[" & objEvent.EventType & "]; " & _
"SourceName=[" & objEvent.SourceName & "]; " & _
"Type=[" & objEvent.Type & "]; " & _
"Time=[" & Left( objEvent.TimeGenerated, 14 ) & "]; " & _
"Message=[" & Trim( Replace( Left( objEvent.Message, 100 ), vbCrLf, "" ) ) & "]"
Exit Function
Next
End Function