我目前正在大量使用 Exchange 服务器,并希望确保它们不会产生背压。现在我有一个 powershell 脚本每 4 小时运行一次来检查事件日志:
$username = "Administrator"
$password = cat C:\securestring.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$server = "hubextserver"
$body = @()
#Event ID 15004: Increase in the utilization level for any resource (eg from Normal to Medium)
$15004 = Get-EventLog -ComputerName $server -LogName Application -After (Get-Date).AddDays(-1) | where {$_.EventID -eq "15004"}
if ($15004) {$time04 = $15004.TimeGenerated.ToString()
$message04 = $15004.Message.ToString()
$body = $body + $time04
$body = $body + $message04}
#Event ID 15005: Decrease in the utilization level for any resource (eg from High to Medium)
$15005 = Get-EventLog -ComputerName $server -LogName Application -After (Get-Date).AddDays(-1) | where {$_.EventID -eq "15005"}
if ($15005) {$time05 = $15005.TimeGenerated.ToString()
$message05 = $15005.Message.ToString()
$body = $body + $time05
$body = $body + $message05}
#Event ID 15006: High utilization for disk space (ie critically low free disk space)
$15006 = Get-EventLog -ComputerName $server -LogName Application -After (Get-Date).AddDays(-1) | where {$_.EventID -eq "15006"}
if ($15006) {$time06 = $15006.TimeGenerated.ToString()
$message06 = $15006.Message.ToString()
$body = $body + $time06
$body = $body + $message06}
#Event ID 15007: High utilization for memory (ie critically low available memory)
$15007 = Get-EventLog -ComputerName $server -LogName Application -After (Get-Date).AddDays(-1) | where {$_.EventID -eq "15007"}
if ($15007) {$time07 = $15007.TimeGenerated.ToString()
$message07 = $15007.Message.ToString()
$body = $body + $time07
$body = $body + $message07}
$noerror = "No errors!"
if ($body) {
Send-MailMessage -To Recipient -Subject "Backpressureerror at $server" -body "$body" -SmtpServer smtpserver -Credential $cred -from sender}
else {
Send-MailMessage -To Recipient -Subject "Backpressure Test at $server - No errors" -body "$noerror" -SmtpServer smtpserver -Credential $cred -from sender}
但是,我的目标是找到一种方法,可以立即获得信息,或者在背压增大时几分钟内获得信息。Eventlog 似乎不是最有效的方法。有没有更好的方法?
提前致谢!
答案1
我们使用 PRTG 监控应用程序(如果您想尝试,可以免费获得 100 个传感器),如果达到我们定制的限制,我们会收到短信通知,我们还会在屏幕上绘制某些关键统计数据的实时图表,以便我们的核心团队技术人员不断使用大的绿色 - 橙色 - 红色块来检查警告。
答案2
您可能想要使用实时事件日志监控解决方案,当今市场上有大量可用的选项,包括许多免费和开源选项。
如果您正在寻找免费且易于安装的产品,我建议您使用我们的监控产品 EventSentry 的免费版本“EventSentry Light”。它是为 Windows 开发的,可实时监控事件日志,下载时无需注册,安装快速简便。它也没有任何 .NET 等系统要求。
您可以访问以下网址查看并下载http://www.eventsentry.com。