Ad Widget

Collapse

VB script to send specific eventlog entries

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • flexguy
    Junior Member
    • Sep 2008
    • 19
    #1

    VB script to send specific eventlog entries

    ' VB script to send specific eventlog entries to zabbix server
    ' edit Zabbix Server IP, Hostname and Keyname in commandstring to your needs
    '
    ' create item in zabbix:
    ' Type: ZABBIX trapper
    ' Key: new_event
    ' Type of information: Text
    '
    ' Default Logfiles: Application, Security, System, Internet Explorer
    ' EventTypes: 1 = Error, 2 = Warning, 3 = Information, 4 = Succes audit, 5 = Failure audit
    ' WMI info source: WMITools.exe
    '
    strComputer = "."

    Set objWMIService = GetObject("winmgmts:{(Security)}\\" & _
    strComputer & "\root\cimv2")

    Set colEvents = objWMIService.ExecNotificationQuery _
    ("Select * from __instancecreationevent where " _
    & "TargetInstance isa 'Win32_NTLogEvent' " _
    & "and TargetInstance.Logfile = 'System' " _
    & "and TargetInstance.EventType = '1' ")

    Do
    Set objEvent = colEvents.NextEvent
    SendString = Chr(34) & objEvent.TargetInstance.Logfile & "," & objEvent.TargetInstance.EventType & _
    "," & objEvent.TargetInstance.User & "," & objEvent.TargetInstance.ComputerName & _
    "," & objEvent.TargetInstance.Message & Chr(34)
    set WshShell = CreateObject("wscript.Shell")
    commandstring="c:\zabbix\zabbix_sender.exe -z 192.168.2.199 -s SERVER001 -k new_event -o " & SendString
    WshShell.Run commandstring,0
    Loop
    Tags: None
    • cjwallace
      Senior Member
      • Sep 2008
      • 126
      #2
      Thanks very much for posting this script as this is something i have been trying to get working for some time.

      The Zabbix event log monitoring has not been very reliable for me so this could be a great replacement.

      I can see from

      Set colEvents = objWMIService.ExecNotificationQuery _
      ("Select * from __instancecreationevent where " _
      & "TargetInstance isa 'Win32_NTLogEvent' " _
      & "and TargetInstance.Logfile = 'System' " _
      & "and TargetInstance.EventType = '1' ")

      that this is how you are telling the script with events to look for.

      But what if i want the script to check for the following

      Source = Security

      Type = Success Audit

      Category = Account Management

      Event ID = 633 & 632

      Any ideas or are you just pulling the information in to Zabbix and letting Zabbix filter from there?

      Thanks in advance for any help you may give

      Cheers

      Craig

        Comment

        • flexguy
          Junior Member
          • Sep 2008
          • 19
          #3
          adjustments

          Craig,

          You can place the selection criteria in the "event listener" or in the do-loop or in both. I've choosen to keep the do-loop as short as possible, performance-wise.

          No filtering is done after the text has entered Zabbix. One could make a script, that cuts up the event text, based on a trigger and executed through an action. If I find the time, I will post a howto on basic asset tracking (windows only, software&hardware) through Zabbix, which I wrote once. It works with splitting an item (text) and putting it in an extra table I added to the Zabbix database.

          Stay tuned,

            Comment

            Previous template Next
            Working...