Check Windows event log for backup events

bmekler · Post by **bmekler** » Sun May 20, 2012 3:29 am

I want to monitor the state of backups performed by Vembu StoreGrid clients. Backup jobs can write events into Windows event log, where event ID for a successful job is 103, and event text looks like this:

jobname@clientID: Backup completed successfully.

Or:

jobname@clientid: No new/modified files for backup

Or, with event ID 102:

jobname@clientid: Backup Completed Partially(File(s) Skipped).

Looking through these forums, I found a solution where I check for event IDs 102 and 103 with job name in description, then set it to reverse alert. However, if either HostMonitor or RMA restarts between the event generation and the test, it does not detect the event as "new", and raises an alert.

Is there a way to set HostMonitor to search for specific events in a specific time period, for example 24 hours, and only raise alerts if they're not detected in that time period? I tried creating a custom view filtered by last 24 hours, but HostMonitor does not seem to be aware of custom views, even in Vista+ mode.[/url]

KS-Soft Europe · Post by **KS-Soft Europe** » Mon May 21, 2012 8:10 am

Looking through these forums, I found a solution where I check for event IDs 102 and 103 with job name in description, then set it to reverse alert. However, if either HostMonitor or RMA restarts between the event generation and the test, it does not detect the event as "new", and raises an alert.

That is how NT Event Log test works.
When HostMonitor/RMA agent starts, NT Event Log test will not detect "old" records, that were made before HostMonitor/RMA start.

Is there a way to set HostMonitor to search for specific events in a specific time period, for example 24 hours, and only raise alerts if they're not detected in that time period? I tried creating a custom view filtered by last 24 hours, but HostMonitor does not seem to be aware of custom views, even in Vista+ mode.

NT Event Log test can only detect NT Event records, added between two checks.

bmekler · Post by **bmekler** » Mon May 21, 2012 9:44 am

That's too bad. I ended up solving it via a PowerShell script.

Code: Select all

$statusAlive       = "ScriptRes:Host is alive:"
$statusDead        = "ScriptRes:No answer:"
$statusUnknown     = "ScriptRes:Unknown:"
$statusNotResolved = "ScriptRes:Unknown host:"
$statusOk          = "ScriptRes:Ok:"
$statusBad         = "ScriptRes:Bad:"
$statusBadContents = "ScriptRes:Bad contents:"

if (!$args[0]) 
{
  echo  $statusUnknown"Threshold parameter is not specified" 
  exit
}

$JobName = $args[0]
$DaysToLook = $args[1]
$TargetSystem = $args[2]

$JobStatus = Get-EventLog -ComputerName $TargetSystem DataCare -After (Get-Date).AddDays(-$DaysToLook) -Message "*$JobName*" -newest 3 | Where-Object {$_.EventId -eq 103 -or $_.EventId -eq 102}

if ($JobStatus -eq $null) 
{
   echo $statusBad
} 
else 
{
   echo $statusOk
}

It's less convenient than direct test, as I have to set up powershell on each host where I run it, but more reliable.