|
100% Developed & Supported in the state of Washington, U.S.A. |
|
|
January 9, 2007 Volume 2, Number 5 |
|
|
In This Issue · Want Notification for the Presence of a File? · Want Notification When a Folder Has Grown to Contain Too Many Files? · Start the New Year with Fresh Copies of ELM pdf Guides Check us out! Popular TNT Links
Read more… "I don't see how anyone can run Windows machines without ELM. It's like watching TV without TIVO." See how companies worldwide are using ELM to proactively manage their environments Contact Us 2001
Main Street
Phone: 360.546.0878 Fax: 360.546.5017 Toll-Free: 877.546.0878 |
New Stuff at TNT SoftwareGetting ready for ELM 5.0 -
...and more! Want Notification for the Presence of a File?Create a WMI Monitor Item which runs the following query (This is an example query. You must change the values for the drive, path and extension variables to suit your installation and requirements.): Select Name from CIM_LogicalFile WHERE drive='c:' and path='\\Temp\\' and extension='txt' This example will find any .txt files under C:\temp. The WMI Monitor Item is triggered only when the query results are different from the last time it checked. It should always return a Warning with Event ID 5537. Example: If there is a file called foo.txt the first time, it will return that. If that file is deleted and replaced by bar.txt, depending upon the Scheduled Interval and how quickly the file is replaced, the WMI Monitor default Action message will give the following results: WMI Monitor detected a change in the WMI Query on MONITORED-COMPUTER Message: <-> CIM_DataFile.Name="c:\\temp\\foo.txt" <-> Name = c:\temp\foo.txt <+> CIM_DataFile.Name="c:\\temp\\bar.txt" <+> Name = c:\temp\bar.txt root\cimv2 Select Name from CIM_LogicalFile WHERE drive='c:' and path='\\Temp\\' and extension='txt' CIM_DataFile.Name="c:\\temp\\bar.txt" Name = c:\temp\bar.txt Item Name: WMI Monitor List Files Computer: MONITORED-COMPUTER The "<->" indicates "foo" is now missing from the query results, and "bar" has been added, when compared with the prior query results. If the Interval is faster than the file replacement, then you'd see 2 Alerts, one for "<-> foo" and one for "<+> bar." To receive notification, create an associated Event Filter and Notification Method on the ELM Server. A primer for WMI scripting can be found here. Want Notification When a Folder Has Grown to Contain Too Many Files?Create a WMI Monitor Item which runs the following query: Select SystemUpTime from Win32_PerfFormattedData_PerfOS_System This returns the uptime in seconds. Since this value is always changing, even across reboots, the WMI Monitor will trigger the Action at every Scheduled Interval. On the Actions tab, enable only the Run Command action and enter the following cscript: ======== Start of Script ========
' This script is intended for use in an ELM WMI Monitor Item Run Action.
' It counts the number of files in the specified directory,
' compares the count with the configured threshold, and if
' the count exceeds the threshold, writes a WSH error event to
' the local Windows Event Log.
'
' October 2006 - TNT Software.
'
' Based on the following Microsoft Scripting Example:
' microsoft.com/technet/scriptcenter/resources/qanda/oct05/hey1020.mspx
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Edit the next 2 constants
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
strDirectory = "C:\Program Files\Common Files\Microsoft Shared\MSSEARCH\BIN"
intFileQty = 5
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Avoid editing below this line.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colFileList = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_Directory.Name='" _
& strDirectory & "'} Where ResultClass = CIM_DataFile")
If colFileList.Count > intFileQty Then
set objWshShell = WScript.CreateObject("WScript.Shell")
objWshShell.LogEvent 1, "Threshold is " & intFileQty _
& " files, but found " & colFileList.Count _
& " files in: " & vbCRLF & strDirectory
End If
======== End of Script ========
Edit the target directory (strDirectory) and the file count threshold (intFileQty), and assign the script to a Service Agent local to the directory in question. Since the script writes a local Windows Event Log Record, the Service Agent should also be running an Event Collector. The event will look like the following: Event Type: Error Event Source: WSH Event Category: None Event ID: 1 Date: 10/3/2006 Time: 11:59:31 AM User: N/A Computer: MONITORED-COMPUTER Description: Threshold is 5 files, but found 46 files in: C:\Program Files\Common Files\Microsoft Shared\MSSEARCH\BIN On the ELM Server, an appropriate Filter and Notification Method will alert you to high file count. Note: Since the script runs at every Scheduled Interval, once the file count is high, an event will be created at every Interval until the file count is again low. So you may want to use a relatively long Scheduled Interval, for example once every hour. Start the New Year with Fresh Copies of ELM PDF GuidesDid you know that you can get PDFcopies of the ELM User and Administrator Guides? Well, here they are! (The Administrator Guide is presented in five PDF documents.)
NOT Strictly Business
January 9th in History
|
