Event Log Alert (ELAlert) V2.1.1
ELAlert monitors one or more NT event logs and creates alerts from new log entries. Alerts are sent as alphanumeric pages via the standard TAP protocol or by running an external program that receives the alert information as command-line arguments. To send alphanumeric pages, a modem is required in the machine running ELAlert. One NT workstation running ELAlert can monitor up to 32 machines on a domain and page to several pager PINs simultaneously.
ELAlert runs from a command prompt or as a service using the SRVANY.EXE utility in the NT Resource Kit. If running as a service, use the /L option to log ELAlert activity.
|
Usage: ELAlert |
[/Mn machine_name] [/SYS][/APP][/SEC] [/S EWISF] [/SK skip_file] |
||
|
|
[/C COMx,baud,bits,parity,stop] [/PH phone#] [/Pn pager_pin] |
||
|
|
[/MAX pages/secs] [/R program] [/Bn start_hour-end_hour] |
||
|
|
[/L log_file] [/D] |
||
|
|
|
||
|
|
/Mn |
List of computers to monitor. Specify multiple where n=0 to 31 |
|
|
|
/SYS |
Monitor System log |
|
|
|
/APP |
Monitor Application log |
|
|
|
/SEC |
Monitor Security log |
|
|
|
/S |
Event severities (error, warning, information, success, failure) |
|
|
|
/SK |
Skip file. Each line lists Event ID and Source of event to skip |
|
|
|
/C |
Com port parameters for paging modem |
|
|
|
/PH |
Phone number of paging terminal |
|
|
|
/Pn |
Pager pin number. Specify multiple where n=0 to n |
|
|
|
/MAX |
Maximum page rate to prevent pager terminal overload (default 5/60) |
|
|
|
/R |
Program to run for each alert (parms: 1-event time, 2-message) |
|
|
|
/Bn |
Blackout periods(hours 0 to 23). Specify multiple where n=0 to n |
|
|
|
/L |
Log file |
|
|
|
/D |
Output TAP protocol debug info |
|
Example
ELAlert /M0 Larry /M1 Moe /M2 Curly /SYS /APP /S EW /SK skip.txt /C com2,2400,7,e,1 /PH 123-4567 /P0 12345 /P1 67890 /R importel.cmd /B0 23-06 /B1 12-13 /L elalert.log
This example monitors the security and application logs for errors and warnings on the computers Larry, Moe and Curly. Events listed in skip.txt do not generate alerts. Alerts are sent as pages to the pager PINs 12345 and 67890 by dialing the pager service at 123-4567 through the modem on COM2. Each alert also spawns program importel.cmd, which imports the event to a SQL database. Alert blackouts are set for 11PM to 6AM and 12PM to 1PM. Events occurring during a blackout period are held until after the blackout expires. All alert activity is logged to elalert.log.
Sample skip file:
|
8001 NTBackup |
|
|
1001 SNMP |
|
|
7024 Service Control Manager |
------------------
Version History
V 2.1.1 02/04/99 - option validation bug fixes
V 2.1.0 01/08/99 - Added skip file (/SK) option
V 2.0.1 12/8/98 - Added blackout period (/B) and external program (/R) options. Improved logging.
V1.0.10 04/6/98 - release.
V1.0.10 beta2 04/01/98 - support for differences in TAP implementation.
V1.0.10 beta1 03/17/98 - added retry on TAP protocol start sequence.
V1.0.9 02/02/98 - added maximum page rate option: /MAX. Some pager systems cannot handle a large quantity of pager messages in quick succession. This could happen when the event log is filled with a steady stream of duplicate events. /MAX controls the rate that pages are output to the pager system.
V1.0.8 12/20/97 - added TAP protocol debug option: /D
------------------