- VOX
- VOX Knowledge Base
- Insights Knowledge Base
- Articles
- Monitoring Event Logs via VBS
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-28-2010 07:52 AM
If you have been reading these blogs for Enterprise Vault, you have seen an excellent article regarding monitoring the MSMQ by Wayne Humphreys
https://www-secure.symantec.com/connect/blogs/monitoring-msmq-vbs
For me though, being an Admin of a 12 site / 90 server environment, it is hard to keep track of what servers are behaving correctly and whats not.
Anyone who has spent time with Enterprise Vault knows that it is one of the loudest applications out there, even when Enterrise Vault is operating nominally, you still get warnings and errors, some which can be ignored, and some which can't
To this end i decided to write a VBS Script to log the amount of errors and warnings per server in a 24 hour period.
A simple table set up is used
Table Name = Event Logs
EVLogDate = DateTime
EVLogServer = varchar(50)
EVLogWarnings = int
EVLogErrors = int
Then I use the following script called EVLogs.vbs which is executed at 6AM on each server:
-----------------------------------------------------------------------------------------------------------------------------
dim sqlConn, oConn, oRS
sqlConn="Driver={SQL Server};Server=YourDBServer; Database=YourDBName;Trusted_Connection=yes;"
'Get the Date from 2 days ago
dDate = Now - 2
y = Year(dDate)
m = Right("0" & Month(dDate),2)
d = Right("0" & Day(dDate), 2)
fromDate = y & m & d
'Get the date from 1 day ago
dDate = Now - 1
y = Year(dDate)
m = Right("0" & Month(dDate),2)
d = Right("0" & Day(dDate), 2)
toDate = y & m & d
'Connect to the local WMI object
Set objWMIService = GetObject("winmgmts:root\cimv2")
'Select all errors between 2 days ago and 1 day ago
Set events = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='Symantec Enterprise Vault' and type = 'error' and timewritten >= '" & fromDate & "000000.000000-360' and timewritten < '" & toDate & "000000.000000-360'")
'Count up the errors
errors = 0
For Each evt In events
errors = errors + 1
Next
'Select all warnings between 2 days ago and 1 day ago
Set events = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='Symantec Enterprise Vault' and type = 'warning' and timewritten >= '" & fromDate & "000000.000000-360' and timewritten < '" & toDate & "000000.000000-360'")
'Count up the warnings
warnings = 0
For Each evt In events
warnings = warnings + 1
Next
Set oConn = CreateObject("ADODB.Connection")
oConn.Open sqlConn
Set oRS =CreateObject("ADODB.Recordset")
sSQL="INSERT INTO EventLogs(EVLogDate,EVLogServer,EVLogWarnings,EVLogErrors) values(getDate()-1, 'yourEVServer', " & warnings & "," & errors & ")"
ors.open sSQL, oconn
------------------------------------------------------------------------------------------------------------------------------
The good thing to note about this is that to connect to the Event Viewer, you use WMI which then can select items just like you would using SQL
A modification to the code can monitor for things such as 3305 and 3310 which means that the task has effectively stopped processing for 5 minutes (3305) or 10 minutes (3310)
So you could do this
Select * from Win32_NTLogEvent Where LogFile='Symantec Enterprise Vault' and type = 'error' and eventid='3305'
For this we run the VBS every hour and if any results are found then it emails an admin.For most admins and most environments I truly hope this is overkill, but for environments like ours tools like this become essential
