Create Events

Something that is handy for demos and testing systems is to create events in order to check that rules and monitors work and create alerts to order. Usually if you want an event to happen in the event log it never will. As soon as you turn your back thousands happen.

I was confronted with this recently as a customer wanted to do a functional test after installation and want to create events from some of the key MPs to ensure that they worked. Using MP Viewer I can look into the MPs, look at the rules and find out which event numbers with source and event log are in an MP and enabled. Normally for demos I use eventcreate.exe as it is part of the OS. Unfortunately this only does events up to 1000. So I looked around to see what I could find. It was difficult to search for as most searches tend to respond with tools to monitor and manipulate event logs. So there may be other tools out there.

1 Eventcreate.exe

Pros – included in Windows 2003, 2008, XP and Vista; can do remote to another server; can be used in a batch file.

Cons – only up to ID 1000, only Application and System logs

2 Logevent.exe

Pros – can be included in a batch file; can do all event IDs; can do remote.

Cons – Can only do Application log; was part of Windows 2000 Resource Kit but no longer shown in that download area.

3 VBScript

Pros – run from anything that can do VBscript

Cons – Incredibly limited; only one source – WSH; only Application log; event ID equals type of event (0 for info, 1 for warning etc).

4 PowerShell

Pros – Clever use of interactive PowerShell script from Stefan Strange with additions from Ken

Cons – interactive (would need extra work to take parameters to be used in a batch file); can only do local server (but could be extended with more code) and so needs PowerShell installed

5 Event Create (MOM 2005 Resource Kit)
http://technet.microsoft.com/en-us/opsmgr/bb498240.aspx
http://download.microsoft.com/download/d/4/b/d4bfc32c-d8d2-4541-8356-4c6359eecbb4/MOM2005ResKit.msi

Pros – GUI front end that can do remote; any event logs; all IDs

Cons – can not be used in batch file; msi needs .Net v1 to extract its files

6 OpsMgr Script

Pros – simple to create a timed script to run as at a regular interval; can use OpsMgr targeting; could be created as a VB script to run as batch file

Cons – can only log to Operations Manager log; can only use Health Service Script as a source; needs OpsMgr agent in order to work

Example showing how to ping.

Summary

If you need to create events and are happy with the limitations then eventcreate.exe is easy and is included in all the latest OSes. For a demo the Event Create GUI from the MOM 2005 Resource Kit is great. If you can get hold of it logevent can automate event creation (as long as it is the Application event log). Highly recommended is the PowerShell script from Stefan and Ken. With some more work it would be able to do everything.

Updated 26/8/08 – Changed references to logevent.exe as it is not included in MOM Resource Kit as I originally thought. It was in my 2005 VM but when I did a new install only the GUI version is there.

It would be nice to have a single tool like eventcreate.exe but without the limitation on event logs and event IDs. Anyone want to create a tool like that?

• Posted in: MOM 2005 ♦ PowerShell ♦ SCOM ♦ Script ♦ System Center Operations Manager 2007