I was thinking about working on this this week but figured I would share in case anyone else was interested and wanted to try.
Windows provides event log triggers(xp,2003+) for when certain event id's occur.
I thought of this as a quick monitoring solution. 1) Event triggers are created through GPO or whatever other method. 2) When the event trigger is kicked off do to an event id specified. It will run audittrigger.vbs locally or on the network. Event Triggers will pass the event id and the description to the vbs. 3) VBS will simply format the passed information and upload it using msxml to the openaudit server.
Then create a front page query that actively shows the information based on latest to oldest. And wham you have monitoring.
_________________ 1400 Servers Audited (1 hour interval) Applied via a local scheduler, deployed via GPO. Running OA on IIS6 Web Server 90% Windows 2k3 Server (std,ent) 5% Windows XP 5% Windows 2000
|