Windows Server 2008 Event Subscriptions and Lego Blocks
Confused by the title? No problem. Most of my titles are confusing, even to me, and I write them. I've often said that Microsoft has led the way on making platform plumbing that works. Sure, there's no shortage of platform API's for Linux, UNIX, wenix, theynix, henix, shenix and even OSX. But nobody has laid the foundations like Microsoft has. WMI/WBEM, ADSI, the registry, COM, .NET, and one of the unsung heroes of plumbing: The event log system.
When I mentioned Lego Blocks in the title, it should have started to make sense near the end of the first paragraph. But that's essentially "it" really. Microsoft has made the operating system, and indeed most of their applications and services, into building blocks that we as consumers or developers can assemble into our own little constructs to solve our unique needs. Better yet, they give you two options in most cases: Off-the-shelf, or build-your-own. The off-the-shelf stuff consists of System Center mostly, but it goes beyond that. I've seen people build their own identity and account management systems, but Microsoft also has ILM. So no matter what you prefer, they have it pretty much covered. Perfect? No. Nice? Absolutely.
Case in point: Monitoring Event Logs in a WAN environment.
So, you have some irritating SOX auditor sniveling down your neck about why you're not collecting and analyzing event logs from all your 10,000,000 servers in production. You look around and think "I know, I'll implement SCOM and then beat that sniveling turd over the head with the box when I'm ton!" But then the finance guy reminds you that due to economic "constraints" there is no budget. Most of your infrastructure improvement/optimization plans are going to be pushed back to 2010 unless your department gets its own stimulus package ahead of schedule. Fear not. It can still be done, and for next-to-zero cost. I don't say "free" because nothing is really "free", but there's no need to buy anything more than you already have. Well, that is IF you have either Windows Server 2008 and Vista machines -OR- the Windows WS-Management system installed on Windows Server 2003 or XP.
Rather than try to one-up another how-to for setting this up, I'll point you to one of the best tutorials I've seen yet. Simple. Straightforward. To the point.
That article will at first appear to be more complicated than it really is. Once you read through it and actually do it once, you'll realize how easy it is to make this work in your environment. Just keep in mind the footnotes throughout. Especially the ones that describe dealing with hierarchy and using WECUTIL. I was going to write my own how-to on this very same topic until I ran across that article and, well, nevermind. I'm not bummed out. I'm actually glad someone did it already and did such a great job on it.
Taking this a step further, you will soon see how flexible the Task Scheduler is within Vista and WS08 and how you can fire all sorts of tasks based upon a desired event occurring. You can fire scripts that open database connections and write entries into tables, or send e-mail messages or shut things down or disable accounts for people you don't like (just kidding, but I know that it's very easy to do. heh heh). So, essentially, you can build your own SCOM-ish solution with nothing more than what comes in Windows (or available as a free download) and a little time. Pretty cool. Is this as far as you can go? Not at all! You could keep going and push the envelope as far as you want. You could build a system that automatically performs corrective action tasks based upon detecting events. Or finds incorrect settings and runs scripts to correct them. Or shuts down a system that begins doing bad things. The possibilities are endless.
I've searched for something parallel to this capability on Linux and OSX but you end up piecing things together on your own a LOT more. A HECK OF A LOT MORE. As in, you will be compiling things in many cases. Or you will be scouring web sites for shareware and retail products to fill the void. This is what I mean by how nice it is that Microsoft gives us a free Lego building block kit with every Windows installation. And they give you the glue to put things together (Vbscript, JScript, BAT/CMD, COM API's, .NET, etc.) Yes, I know that Lego's don't need glue, but just go with it.