I’d like to say a big Thank You to the guys at the Mind of Root Podcast for mentioning the site on the latest podcast (episode 44). It’s about 48 mins into the show if you want to hear them talking about it. It’s a great podcast really so don’t just listen to that bit, give the whole show a go.
Anyway, thanks guys, its great to hear your enthusiasm about the site and hopefully it will prompt a few listeners to add some useful info 
If anyone is interested, you can follow me on twitter @
http://www.twitter.com/MattBrowne
How is this done? How do I go about getting people to notice this thing?
The site is getting a little bit of traffic, but it’s will only work if there are people contributing to it, so I need to get eyeballs on it. I’ve emailed a few people about it, and the guys at Casting from the Server Room mentioned the site on the podcast which was awesome thanks guys. I don’t want to go spamming newsgroups and blog comments with an ‘Ad’. so how do I go about get the right eyeballs on the site.
I have spent a few $’s on Adwords but I’m not convinced it’s doing anything. The amount of click throughs is in single figures 
I suppose the main thing that’s going to help is more content on the site. I’m putting on anything I come across, but that’s only a limited amount, and I would really like it to be a community thing rather than just my notes etc.
If anyone has any suggestions, pleeeease feel free to comment!
Ok, I think I’ve got it! I’ve been looking for a way of getting email alerts of Event Log events, without having to buy lots of fancy (and expensive) monitoring software. I’ve edited a script from Paul van der Elst that should do the job. And it adds a link to the email for searching on eventidwiki.com which is handy
First things first, install the SMTP service on the server. (See Here).
Then create a directory called C:\Script. Paste the script below into a file called ’MailErrorEvent.vbs’.
Follow the instructions in the script and you should be done!
‘ MailErrorEvent.vbs
‘ Author: ing. P.J.M. van der Elst (c) 2004
‘ eMail: paul_van_der_elst@hotmail.com
‘
‘ Purpose: Main purpose of this script is to function as an Eventtrigger handler for the system Event log. From
‘ this script the most recent Error event from the System Eventlog is send as eMail message (through CDO).
‘ script notes:
‘ replace “YourEMailAddress@YourDomain” with an valid eMail address (see below)
‘ You must have the SMTP Virtual Server installed and correctly configured to allow CDO.Message to work. For internet
‘ connected systems: PLEASE set the SMTP Virtual Server Relay restrictions as secure as possible to avoid (spam) abuse.
‘
‘ Eventtrigger install command (from Command Prompt):
‘ eventtriggers /create /tr “eMail Error Event” /l * /t ERROR /tk “%SystemRoot%\System32\wscript.exe C:\Script\MailErrorEvent.vbs” /ru YourDomain\Administrator
‘ install command notes:
‘ replace “C:\Script\” with the path you’ve placed this script in
‘ replace “YourDomain\Administrator” with an appropriate privileged username. This script cannot run using the SYSTEM account.
‘ you will be prompted for the password.
‘
‘ general notes:
‘ The actual events that are triggered, depent upon what you specify with the /l switch (I use it for System events only)
‘ and the /t switch (I use it for ERRORs only). So with the above command, only ERROR events in the SYSTEM log will trigger
‘ starting the script. Further, in this script, explicitly ERRORs in the SYSTEM eventlog are queried. Please review the line:
‘ (”Select * from Win32_NTLogEvent Where Type = ‘error’ And Logfile = ‘System’
‘
‘ ===================
‘
Option Explicit
Dim dtmStart, SearchEventStart
Dim objWMIService, colEvents, objEvent, EventTime
Dim objMessage, eventCounted
‘
Const eMailAddress = “YourEMailAddress@YourDomain” ‘ must be a valid eMail address!!
Const MinutesToSearchWithin = -2 ‘ look for the event that triggered me within the last 2 minutes
‘
‘ ——————-
‘
Set objMessage = CreateObject(”CDO.Message”)
objMessage.Sender = eMailAddress
objMessage.To = eMailAddress
Set dtmStart = CreateObject(”WbemScripting.SWbemDateTime”)
SearchEventStart = DateAdd(”n”, MinutesToSearchWithin, Now())
dtmStart.SetVarDate SearchEventStart, True
Set objWMIService = GetObject(”winmgmts:” _
& “{impersonationLevel=impersonate}!\\.\root\cimv2″)
Set colEvents = objWMIService.ExecQuery _
(”Select * from Win32_NTLogEvent Where Type = ‘error’ And TimeWritten >= ‘” _
& dtmStart & “‘”)
‘ Because we go through all recent events, in case of multiple events within the last 2 minutes, we might mis
‘ events. That is: within multiple events that occur within the last 2 minutes, not for all these events an eMail message
‘ may be generated. This is a trade-off to avoid generating multiple eMail messages for one particular event within a
‘ series of events that occured within the last 2 minutes.
For each objEvent in colEvents
‘ On Error Resume Next ‘ Maybe you should uncomment this line…
objMessage.TextBody = “Category: ” & objEvent.Category
EventTime = Mid(objEvent.TimeWritten, 5, 2) & “/” & Mid(objEvent.TimeWritten, 7, 2) & “/” & _
Mid(objEvent.TimeWritten, 1, 4) & ” ” & Mid(objEvent.TimeWritten, 9, 2) & “:” & _
Mid(objEvent.TimeWritten, 11, 2) & “.” & Mid(objEvent.TimeWritten, 13, 2)
objMessage.TextBody = objMessage.TextBody & vbCrLf & “Time: ” & EventTime
objMessage.Subject = “Error Event in ” & objEvent.SourceName & ” on ” & objEvent.ComputerName & ” at ” & EventTime
objMessage.TextBody = objMessage.TextBody & vbCrLf & “EventCode: ” & objEvent.EventCode
objMessage.TextBody = objMessage.TextBody & vbCrLf & “Message: ” & objEvent.Message
objMessage.TextBody = objMessage.TextBody & vbCrLf & “RecordNumber: ” & objEvent.RecordNumber
objMessage.TextBody = objMessage.TextBody & vbCrLf & “SourceName: ” & objEvent.SourceName
objMessage.TextBody = objMessage.TextBody & vbCrLf & “Type: ” & objEvent.Type
objMessage.TextBody = objMessage.TextBody & vbCrLf & “User: ” & objEvent.User
objMessage.TextBody = objMessage.TextBody & vbCrLf & “http://www.eventidwiki.com/index.php?search=” & objEvent.EventCode
Next
objMessage.Send
One of my edits means that you get more than just the errors from the event log (not the informational events). If you want to restrict it to just the ‘error’ events etc, use the following line instead of my shortened version :
(”Select * from Win32_NTLogEvent Where Type = ‘error’ And Logfile = ‘System’ And TimeWritten >= ‘” _
& dtmStart & “‘”)
Thanks to Paul for the script
Well, I’ve come up with a basic organisation for this site, and it goes a little something like this….
For the front page, just put the event id number using the format :
[[Event ID : 1234]]
Then for the following page use the event id number followed by the ’source’. ie :
[[1234, DNS]]
This should create a page where we can list the details at the top and the ‘Possible Solutions’ as a section under that.
I’m not sure if this is the best was to organise the wiki, but it will do for a start. If you have any comment or suggestion, feel free to post
Thanks to the guys from Casting from the Server Room for mentioning the site on the latest podcast. It’s great to hear someone else being so enthusiastic about the idea, and setting it as an assignment was a bonus!
For those of you who don’t know, the podcast is by a bunch of sysadmin’s for a school district in the US. It’s really worth a listen if you haven’t already come across it, they have some great tips etc.
Ok, first things first, whats this thing about?
Well the idea is to create a wiki where people can post up details of Event Id’s that appear in the Windows event logs, and possible solutions they have found etc.
There are various different causes and solutions to the events that get logged, and the information in the event log is often pretty useless.
That’s about it really. So feel free to add pages and details etc. Oh and feel free to comment!