You can use the Event Log Scan tool (Evtscan.exe) to monitor servers for specific events. When a specified event is detected, the Event Log Scan tool can be configured to:
To run the Event Log Scan tool
Create a configuration file with a .cfg extension specifying the events and actions required. The format is as follows:
EventID;Source;Action;Alert list;Mail list;Command line;Comment string;
Following is a list of each configuration entry and a description for the type of event.
Configuration Entry | Description |
Event ID | The numerical event ID (see the Windows NT Event Viewer). |
Source | The source name for the service to monitor. |
Action | The action to take; can be Restart or Stop. |
Alert list | A comma-separated list of computers to send network pop-up messages to when the event is detected. |
Mail list | A comma-separated list of e-mail aliases to notify when the event is detected. |
Command line | Command line with parameters (can be up to 256 characters in length). |
Comment string | A comment that is included in the alert pop-up message and e-mail message when the event occurs. |
Run Evtscan.exe by using the following command-line format:
Evtscan -f <config_file> -u <profile_name> [-p <password>]
[-t <delay_in_seconds>] server_list
where config_file is the name of the configuration file created in step 1, delay_in_seconds is the time the tool waits between scans (for example, typing -t 15 sets the tool to scan for events every 15 seconds), profile is the name of the exchange profile to be used, password is the password for the profile, and server_list is a comma-separated list of the servers to monitor for the events.
Following is an example of typical syntax usage for the Event Log Scan tool: Evtscan -f test.cfg -u scan -t 15 server1,server2,server3
Leave Evtscan running on your computer desktop. You may want to minimize the command prompt window.
The following is a sample configuration file.
;sample config file. ;Event ID;Source;Action;Alert List;Mail List;Command;Comment String 9277;MSExchangeMTA;restart; monitorwks1; johncole;winbeep.exe;Event 9277 9278;MSExchangeMTA;stop; monitorwks1;;notify.bat;Event 9278 9279;MSExchangeMTA;; monitorwks1; Aron Mecsi;;Event 9279 9299;MSExchangeMTA;;monitorwks1,monitorwks2;ChbierZ,EtueD;;Shutdown Complete