LoriotPro NMS software Network Management Software

Newsletter | Forum | Contact Us | News |Downloads | Support | Partners

version française

Create Windows Event on Trap receipt

This How To explains the usage of the EVENTCREATE program from Microsoft with LoriotPro.

The goal of this How-To is to forward an incoming Trap or a LoriotPro Event to the Windows Event Logs

    Trap to Windows Event

To achieve this goal we will use the EventCreate program from Microsoft and define a Trap filter within LoriotPro.

The action in the Trap filter will trigger a call to EventCreate with the suitable parameters.

Using EventCreate

This command line tool enables an administrator to create  a custom event ID and message in a specified event log.

EventCreate Syntax

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventide  [/L logname] [/SO srcname] /T type /D description 

Parameter List:

    /S    system           Specifies the remote system to connect to.

    /U    [domain\]user    Specifies the user context under which the command should execute.

    /P    [password]       Specifies the password for the given user context. Prompts for input if omitted.

    /L    logname          Specifies the event log to create  an event in.

    /T    type             Specifies the type of event to create. Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

    /SO   source           Specifies the source to use for the event (if not specified, source will default to 'eventcreate'). A valid source can be any string and should represent the application or component that is generating the event.

    /ID   id               Specifies the event ID for the event. A valid custom message ID is in the range of 1 - 1000.

    /D    description      Specifies the description text for the new event.

    /?                     Displays this help message.

Examples:

    EVENTCREATE /T ERROR /ID 1000  /L APPLICATION /D "My custom error event for the application log"

    EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace"

    EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install"

    EVENTCREATE /S system /U user /P password /ID 1 /T ERROR  /L APPLICATION /D "User access failed due to invalid user credentials" 

Example in a command dialog box:

EVENTCREATE /T ERROR /ID 1000  /L APPLICATION /D "My custom error event for the application log"

What you get in the EventLog with the Event Viewer

Triggering an event on Trap receipt with LoriotPro

To forward a trap as a Windows Event to the Windows Event log it is necessary to define a Trap filter on the selected trap.

You can either create a Trap filter manually or use a received trap to create the filter (easiest way)

To create it manually, select the Filter dialog in LoriotPro and click New Trap Filter in the contextual menu.

If you have already received the type of Trap that you want to filter you can use the Trap Filter Wizard option to create the filter.

You can use our trap simulator service to simulate the expected Trap

Click Yes to start the Trap filter creation

You reach the dialog box with the filter parameter.

Read the Filter Trap documentation below for more explanation about all the options.

In our case we will select the Start Windows program option in the Action Wizard select drop down box.

In parameter we should define the exe to start and all its parameters.

The syntax that we can use is a little bit different form the syntax that we can use in a classical command line interface.

The differences come from the usage of LoriotPro parameters extracted from the incoming trap and the usage of %Q keyword  instead of double quote.

Here is an example of a Parameters command line within LoriotPro

EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO %h /D %QTrap received : Q%N $0:%0%Q

This one will create an event in the APPLICATION log file of Windows with the ID number 999 (It is up to you do define your own set of event number)

The source of the event will be the same as the source of the Trap because we use the %h variable after /SO

%QTrap received : Q%N $0:%0%Q is the text of the event including some Trap parameters, %N is the name of the trap %0 and $0 are the oid and value of the first varbind

In our exemple we get the value of the interface that is down.

At any time the settings of a trap filter action can be modified. Select in the Trap filter list the action to change and click the mouse right button, select properties. The properties dialog will pops up.

If we simulate a Trap with our trap simulator program we can check that the filter is satisfied and that the action is performed.

Here under the selection of the Trap linkDown and the IP source address. When selected click the Send button

Remark: The IP source of V2 trap cannot be simulated.

We can check after that we have well received the Trap in the Event Viewer of Microsoft in the APPLICATION logs.

Others Windows tools for Event management

Micorsoft provides tools to manipulate the Events and the Event logs

eventcreate

Enables an administrator to create a custom event in a specified event log.

eventquery

Lists the events and event properties from one or more event logs.

eventtriggers

Displays and configures event triggers on local or remote machines.

eventvwr.exe

With Event Viewer, you can monitor events recorded in event logs.

Wevtutil.exe

Wevtutil.exe lets you retrieve information about event logs and publishers;

 

 

Newsletter | Forum | Contact Us | News |Downloads | Support | Partners
   
google search button LoriotPro Site Map lexicon and terminology © LUTEUS SARL. All rights reserved