Re: PHP in Windows. Can I read from the Event Log?

Hi Mike, thanks for your response.
The reason I wanted a purely PHP is because I have done it before in
ASP.NET and find it EXTREMELY useful for me and the sysadmins in my
company.
You can check the ASP.NET solution I developed over here: http://
www.codeproject.com/aspnet/EventLogRss.asp

So, in the end it spits out RSS, then I can read it using a browser or
RSS reader. I can also re-syndicate and merge a whole group of servers
into a single RSS feed. Having a feed like that is all I need to enjoy
notifications and reporting straight from the RSS reader, no more code
needed from me.

Some developers approached me asking for a PHP version and I'm trying
to help them out.

Thanks
- Sergio


On Feb 16, 2:09 pm, "Mike Russell" <RE-MOVEm...@xxxxxxxxxxxxxxxxxxx
MOVE> wrote:
"sergio-p" <sergio...@xxxxxxxxx> wrote in message

news:1171649920.765438.152110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I'm trying to create an
intranet page that lists errors from the server event log.... I'd
prefer a pure PHP solution, but I'd be happy to try other alternatives
that involve call outs to non-PHP code.

The big advantage, it seems to me, of a web based event log viewer would be
that a web interface could be routed over IP to remote locations. If all
you need is local viewing capability over the local intranet, perhaps you
can get by with using the event log viewer to view your remote systems.
Since you need direct RPC access to each system, this would be inherently
more secure than using a web browser, where you might need to specifically
intercept local systems in the router, or use a non-routable IP address such
as 192.168.xxx.xxx. BTW, the account you use for viewing does not need to
be in the admin group, but it will require the "auditing and security log"
permissions on each system whose log will be viewed.

The callouts themselves are not that hard to implement, though it's been a
while since I've done so. Google first for the terms IIS ISAPI Event Log to
see if someone else has already done this. Maybe you'll luck out. Then
pick your language - generally VB, or C++ - and build an isapi dll with the
calls you need. Install that dll on a particular server to export those
functions to php, (or any server side script). That server can then be used
to access all the other servers via the remote capability of the event log
api, or you can run a server on each system you want to monitor. There is
one kicker, though. The text message associated with each event log entry
is normally embedded, as a string table resource, in the DLL that generated
the error, so you must have a copy of the DLL's you care about on the same
system - the IIS server - that you are decoding the events on.

If your software is hard to use or install, you'll find that people won't
use it, and will just walk over to the system they are wondering about. Do
have some way of filtering events by severity and date range. It is tedious
using the event viewer to look through the event logs of several systems on
a regular basis, and even more so using a web interface with a relatively
primitive viewing interface.

So a third solution would be to price out a third party utility for
interpreting and filtering remote event logs, and generating a notification
when a serious error or security breach happens. There are many such
products out there, and I imagine these are in the several hundred to
thousand dollar range. This may turn out to be your best bet in the end,
depending on how busy you are, how much you want to learn, and how much your
time is worth to your boss. If nothing else, download a trial version of
one of these products to get an idea of what features you'll want to
implement. Here's one to get you started:http://www.gfi.com/lanselm/?adv=52&loc=6&adclickid=10739086
--
Mike Russellwww.curvemeister.com/forum/


.

Relevant Pages

  • Re: Event ID: 4000
    ... Based on the text of your event log, it appears that DNS is working fine. ... The problem may happen when your server attempts to connect to the remote ...
    (microsoft.public.exchange2000.protocols)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... Microsoft Windows Small Business Server 2003 Best Practices Analyzer ... After that, please post any event log errors, just the EventID# and Source names, not the whole error message. ... error 15100 Win32 Error 15100. ... One is indicating it can't retrieve info about the System log. ...
    (microsoft.public.windows.server.sbs)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... test network connectivity to local domain controllers. ... Directory Server Diagnosis ... Verifying that the local machine ALPHA, ... The File Replication Service Event log test ...
    (microsoft.public.windows.server.sbs)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... Microsoft Windows Small Business Server 2003 Best Practices Analyzer ... After that, please post any event log errors, just the EventID# and Source names, not the whole error message. ... (Event String (event log = Directory Service) ...
    (microsoft.public.windows.server.sbs)
  • Re: Server2003 2008 error !!
    ... Remove the x.x.1.x form the NIC of the DCs and configure it as a FORWARDER or use directly the ISPs DNS server as Forwarders in the DNS server properties in the DNS management console. ... On the 2008 make sure the internal firewall is not blocking AD replication, by default the firewall is enabled ion 2008. ... The event log File Replication Service on server ... EventID: 0x000003EE ...
    (microsoft.public.windows.server.active_directory)