This Knowledge Script has been supplanted by a Knowledge Script that is better designed to monitor Active Directory trust relationship errors: Section 3.14, EventLog (NetLogon).
Use this script to periodically scan the System Log for Active Directory trust relationship errors. If any Active Directory trust relationship errors are found, an event is raised.
During the first monitoring interval, the value you specify for the Start with events in past parameter determines how far back in the log to check for matching entries. As the script continues to run at subsequent intervals, it checks for any new entries created since the last time the log was checked.
You can further restrict the types of log entries that generate an event by using the Filter parameters:
Use the Event Type parameters to search only certain types of events, such as Warning events.
Use the Other parameters to search only for specific information, such as events associated with a specific user or computer name.
Each time this script runs, it checks the System log for entries matching your selection criteria and raises an event if matching entries are found. The event detail message returns the text of the log entries found. When this script is set to collect data, it returns the number of log entries found, and the data point detail message returns the text of the log entries.
Active Directory domain controller
The default interval for this script is Every 15 minutes.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
General Settings |
|
|
Raise event if job fails |
|
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the TrustEventLog job fails. The default is 35 (magenta event indicator). |
|
Event Notification |
|
|
Raise event if log entries found? |
Set to Yes to raise an event if the log entries are found. The default is Yes. |
|
Maximum number of entries per event message |
Specify the maximum number of entries to be recorded into each event's detail message. If this script finds more entries from the System Log than can be put into one event message, it will return multiple events to report all the outstanding entries in the log. The Message column on the Events tab in the Operator Console displays the number of events in each event report, the type of log the events are from, and the event report batch number. The batch number is the sequential number of the event report. Batch numbers start at 1 for each Knowledge Script iteration. The default is 1 entry. |
|
Event severity when log entries found |
Set the severity level, from 1 to 40, to indicate the importance of an event in which log entries are found. The default is 8 (red event indicator). |
|
Data Collection |
|
|
Collect data for number of new log entries? |
Set to Yes to collect data for charts and reports. If enabled, data collection returns the number of new System Log entries. Additional information is provided in the data detail message. The default is unchecked. |
|
Monitoring |
|
|
Start with events in past |
Set this parameter to control checking for the first interval, after which checking is incremental:
The default is 0. |
|
Filtering |
|
|
Event Types |
|
|
Error |
Set to Yes to monitor this type of event. The default is Yes. |
|
Warning |
Set to Yes to monitor this type of event. The default is Yes. |
|
Information |
Set to Yes to monitor this type of event. The default is Yes. |
|
Success Audit |
Set to Yes to monitor this type of event. The default is unchecked. |
|
Failure Audit |
Set to Yes to monitor this type of event. The default is unchecked. |
|
Other |
|
|
Filter -- Category |
To monitor events in a particular category, such as Server or Logon, enter an appropriate search string. This script looks for matching entries in the System Log’s Category field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Event ID |
To monitor particular event IDs, enter an appropriate search string or ID range, for example 100-2000. This script looks for matching entries in the System Log’s Event field. Multiple IDs and ranges can be entered separated by commas. For example: 1,2,10-15,202. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- User |
To monitor events associated with a particular user, enter an appropriate search string, for example, DomainName\UserName. This script looks for matching entries in the System Log’s User field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Computer |
To monitor events generated by a particular computer, enter an appropriate search string. This script looks for matching entries in the System Log’s Computer field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Description |
To monitor events with a particular detail description or containing keywords in the description, enter an appropriate search string. This script looks for matching entries in the System Log’s Description field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |