Friday, December 7, 2007

The Poor Man's Event Log Monitor

Weekly quickTIP: The Poor Man's Event Log Monitor Full-suite log monitoring tools offer gobs of info, but for those times when you just need a nibble, Vista's event log monitor delivers the goods.

By Greg Shields

I love tools that centralize and monitor Event Log data from multiple systems. Microsoft has its System Center Operations Manager http://tinyurl.com/23cm8q . TNT Software has ELM Enterprise Manager http://tinyurl.com/2gahnh . Dorian Software has its Total Event Log Management Solution http://www.doriansoft.com/ . Any of these systems can aggregate event log data from systems all across the network, analyze it, chew it up and spit it all back out with full reporting and rich alerting capabilities.

But sometimes you don't need a fully functional tool to solve the problem. Sometimes all you want is a quick-and-dirty way to set up an alert when a particular event log entry appears. For those times, Windows Vista's new event log provides a "poor man's" solution.

Open the event log in Windows Vista and right-click any event log entry in the middle pane. There you'll see a new context menu item called "Attach Task to this Event..." Click on this new entry to bring up the Create Basic Task wizard. This wizard pre-populates the Name, Log, Source and Event ID associated with the scheduled task. All you need to do is configure the action you want to occur when the event is logged. That action can be either the starting of a program, sending of an e-mail or the displaying of a message on the screen.

If you've got an available SMTP server on your network, configuring the sending of an e-mail allows you to specify the message characteristics right from within the Task Scheduler. Once the wizard is completed, the task appears in Task Scheduler under Event Viewer Tasks where even more configurations can be enabled.

I wouldn't discount the big players in the event log consolidation world like those I've talked about above. Their tools do so much more to make this process a lot easier -- especially across multiple machines with multiple logs. But sometimes when you've got a point problem, all you need is a point solution.

Comment: http://mcpmag.com/columns/article.asp?editorialsid=2405#post

Greg Shields, MCSE: Security, CCEA, is an independent author, instructor, and consultant based in Denver, Colo.

Posted by Isaac at 12/07/2007 10:29:00 AM

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)