Ipswitch Forums Home    Search    Members    Calendar    Who's On

Welcome Guest ( Login | Register )       Recent Posts    Popular Topics

Home » Network Management » WhatsUp Gold » Alerting on Windows Shutdown

Alerting on Windows Shutdown Rate Topic Display Mode Topic Options Author Message curtishinson Posted 6/13/2009 2:53:58 PM Junior Member Group: Forum Members Last Login: 8/12/2009 3:48:02 PM Posts: 18, Visits: 64 I have a bunch of virtual servers running Win2K3, and I've stuck passive Windows Event monitors on them in WUG to alert me when they're being shut down or rebooting (Event ID = 1074). The idea is I'd like to see an email alert with the username performing the shutdown and the reason they have entered, it should all show up in the payload. The problem is, it doesn't work. I think it's because the VM's shutdown so fast, they can lose ping as little as 3 seconds after filling out the shutdown dialogue. A couple of ideas I had were 1. Snare to send it as a syslog event, it might be fast enough to beat the shutdown and 2. Have WUG pull the event from the box somehow after it finishes coming back up. The problem with 1 is it's inelegant to have to throw Snare on a bunch of VMs for that purpose alone, and it still might not work. 2 is only useful for reboots but won't help me if the box is shutdown. Anybody got helpful input, scripts, anything? Post #53970 curtishinson Posted 6/15/2009 6:21:45 PM Junior Member Group: Forum Members Last Login: 8/12/2009 3:48:02 PM Posts: 18, Visits: 64 Syslogging with Snare doesn't seem to do the trick either. I can get a report that the machine is shutting down out of the security log, but I can't get the 1074 from the system log that shows the username and reason which is what is needed. Post #54010 curtishinson Posted 6/17/2009 12:24:27 PM Junior Member Group: Forum Members Last Login: 8/12/2009 3:48:02 PM Posts: 18, Visits: 64 Any help out there? Surely I'm not the only one wanting to do this. Post #54061 curtishinson Posted 6/17/2009 11:38:10 PM Junior Member Group: Forum Members Last Login: 8/12/2009 3:48:02 PM Posts: 18, Visits: 64 Nevermind, it turns out my solution worked, I just had a flaw in the way I was testing it. When I reboot a server I get this: exchange.xyz.org is being rebooted or shutdown. Log follows: The process Explorer.EXE has initiated the restart of computer ACU-EXCHANGE on behalf of user XYZ\admin for the following reason: Other (Planned) Reason Code: 0x85000000 Shutdown Type: restart Comment: Rebooting Exchange to see if it helps the Blackberries. -- Curtis Post #54074 « Prev Topic | Next Topic »

Reading This Topic Active Users: 0 (0 guests, 0 members, 0 anonymous members) No members currently viewing this topic. Forum Moderators: Dave, Mark Singh, kevin r gillis, Jason Benton, Christian Lawson, Brandon Felger, Tripp Allen, Will Sansbury, Jason Williams, Hush, FTPplanet.com, Hugh Garber, WUP-PM, mmulryan@ipswitch.com, mswimm

Permissions You cannot post new topics. You cannot post topic replies. You cannot post new polls. You cannot post replies to polls. You cannot edit your own topics. You cannot delete your own topics. You cannot edit other topics. You cannot delete other topics. You cannot edit your own posts. You cannot edit other posts. You cannot delete your own posts. You cannot delete other posts. You cannot post events. You cannot edit your own events. You cannot edit other events. You cannot delete your own events. You cannot delete other events. You may send private messages. You may send emails. You may read topics. You may rate topics. You cannot vote within polls. You may upload attachments. You may download attachments. You cannot post HTML code. You cannot edit HTML code. You may post IFCode. You cannot post JavaScript. You may post EmotIcons. You may post and upload images.

Forum Jump...----------------Forum HomeSearchMembers ListCalendarWho's Online---------------- General Information  |-- Forum Information File Transfer  |-- WS_FTP Server  |-- WS_FTP Professional  |-- WS_FTP Professional Software Development Kit  |-- WS_FTP Home Messaging  |-- IMail Server  |-- Ipswitch Instant Messaging  |-- IMail Server v11.01 Technical Preview Network Management  |-- WhatsUp Gold (Redirect Forum)  |-- WhatsUp Gold NetFlow Monitor (Redirect Forum)  |-- WhatsUp Gold VoIP Monitor (Redirect Forum)  |-- WhatsConnected Plug-in (Redirect Forum) Technical Preview Programs  |-- WhatsConnected Plugin Technical Preview Program  |-- WhatsUp Gold NetFlow Monitor Technical Preview  |-- IMail v11 Technical Preview  |-- WhatsUp Gold 14 Technical Preview Program All times are GMT -5:00, Time now is 8:17am

Powered By InstantForum.NET v4.1.4 © 2010 Execution: 0.094. 8 queries. Compression Enabled.