Re: VBScript Writting to the Event log by Eric
Eric
Fri Jul 14 06:11:02 CDT 2006
Michael,
Thanks agian for your reply.
These events are generated to let us know when there is a problem with a
paticualr application on a server. We use Microsoft Operations Manager to
monitor the event logs for certain message (like the one I am trying to
create) and when MOM finds one, it will send a notfication to us that there
is a problem. When the MOM rule is setup to do this it will copy the details
of the event and pass that along in the email as well as all the header
fields. It uses some of the header fields (including the computer field) as
the subject line in the email. Since the computer field is not correct
(because it shows the source computer instead of the computer the event was
generated on) it appears the wrong server has the problem. Now the body of
the email message will show the correct infomration (the details of the
event) but since we send the important alerts to a cell phone there is
limited text available and you do not get to see all of the body of the
message, this is why it is crucial the subject line is formatted correctly
(giving us the real server with the problem).
I did find a way around this paticular issue (see below)
Leaving the way I write the event to the app log alone, I decided to write a
quick script in MOM and set it as the responce to the MOM event. This
responce script is fired off when it sees the certain event in the app log
on a server. The internal MOM scriptcontext gives us more values to work
with. Two fields we can use is the "Source Comptuer" and "Logging Computer"
On is the computer the event was found on and the other field is the
computer that generated the event. I simply take this source computer (where
the event was found) and generate an Internal MOM alert and pass this value
to it. Now when the notification is sent, it appears to be coming from the
correct computer and the subject line is formated as correctlly.
Below is the script
Dim objAlert
Dim objEvent
Const ALERT_ERROR = 40
If (ScriptContext.IsEvent()) Then
Set objEvent = ScriptContext.Event
Set objAlert = ScriptContext.CreateAlert()
objAlert.Name = "Script detected a problem"
objAlert.AlertLevel = ALERT_ERROR
objAlert.Computer = objEvent.SourceComputer
objAlert.AlertSource = objEvent.SourceComputer
objAlert.ComputerDomain = objEvent.SourceDomain
objAlert.Description = objEvent.EventParameter(1)
ScriptContext.Submit objAlert
Set objAlert = Nothing
Else
Set objAlert = Nothing
End If
Set objEvent = Nothing
"Michael Harris (MVP)" <mikhar at mvps dot org> wrote in message
news:OD0ovdtpGHA.1796@TK2MSFTNGP03.phx.gbl...
> Eric Payne wrote:
>> Michael,
>>
>> Thank you for your reply.
>>
>> Sorry I should have been more clear, I am familiar with strTarget,
>> but this is not what I need.
>> The strTarget is what computer to put the event on, it is NOT the
>> computer field in the event.
>> I would like to set the computer field itself which I can't seem to
>> find how.
>>
>> Give it a try once and you will see what I mean.
>> From ComputerA create an event on ComputerB, then look in event
>> viewer on ComputerB.
>> In the header of the event the COMPUTER field will show ComputerA, not
>> ComputerB.
>> This is the FIELD that I would like to set.
>>
>> Let me know if there is a way to set this field.
>>
>
>
> Why would you want it to reflect some arbitrary value other than the true
> computer source of the event logging?
>
> I doubt that the underlying Windows API behind the LogEvent method (or any
> other similar tool) would even let you repurpose what that field is
> apparently intended to reflect. Don't you think that would fall into the
> category of spoofing?
>
>
>
>> Thanks
>>
>> Eric
>>
>> "Michael Harris (MVP)" <mikhar at mvps dot org> wrote in message
>> news:OzjRi1ipGHA.1600@TK2MSFTNGP04.phx.gbl...
>>> Eric Payne wrote:
>>>> Is there a way to write to the event log but be able to specify the
>>>> "Computer" field?
>>>> Using the Shell.LogEvent we only have type and description available
>>>> to us to use and the eventcreate command line utility does not have
>>>> this field either.
>>>>
>>>> This problem comes in when you write an event to a remote computer,
>>>> The "Computer" field will show up as the souce computer and not the
>>>> remote computer.
>>>
>>> ??? Right from the LogEvent method documentation...
>>>
>>> Adds an event entry to a log file.
>>>
>>>
>>> object.LogEvent(intType, strMessage [,strTarget])
>>>
>>>
>>> Arguments
>>> object
>>> WshShell object.
>>>
>>> intType
>>> Integer value representing the event type.
>>>
>>> strMessage
>>> String value containing the log entry text.
>>>
>>> strTarget
>>> Optional. String value indicating the name of the computer system
>>> where the event log is stored (the default is the local computer
>>> system). Applies to Windows NT/2000 only.
>>>
>>>
>>>
>>>
>>> --
>>> Michael Harris
>>> Microsoft MVP Scripting
>
> --
> Michael Harris
> Microsoft MVP Scripting
>
>