Remote WMI Event Monitoring


I have been using an event log monitoring script that I developed nearly 15 years ago in VB... then JavaScript... finally Powershell... The current version is a temporary event consumer that runs in a Powershell script in a "while" loop. It worked for years until recently... A customer had an issue on a server and I needed to monitor the event log for the issue... I set up my Powershell script as a startup script in a GPO and then set script execution to asynchronous... For some reason on Server 2008 and Server 2012 the script hangs when the OS encounters it... This does not happen on workstations... Hummm...

That said, I wanted to attempt a more "modern" version... I found your PowerEvents module and it helped immensely... However, I have a question and a problem...

First, the problem... I have the PowerEvents module setup properly on both the server (2012) and the workstation (Win8) (although i suspect I only need it where I execute the script). I tested the script on the local workstation and it worked swimmingly... I test it locally on the server and it also works great... The one problem I am having is if I execute the script on the workstation to set up the event monitoring on the server... for some reason the "consumer" does not get created properly on the remote server... I have a filter and a binding, but the consumer is not listed under the SMTP Consumer window in the center of your WMIEventHelper.exe utility... This is an imperative for me... I need the ability to setup multiple server event monitoring situations... so I would like to pipe a list of servers that I want to monitor around my current working script... however, without this functionality i will have to execute each script locally... Can you assist?

I am using a WMI Event Log filter searching for a specific eventid and I have an SMTP consumer... As I said it works great locally, but remotely (i.e. add the -ComputerName argument) to all three lines of code and it fails to create the consumer... Any thoughts?

The other question is... Do you know if I can format the SMTP email body to be an HTML body?

Thanks in advance, and for your module...


pcgeek86 wrote Nov 25, 2013 at 12:26 PM

Hello there,

Thanks for posting your issue in such detail to the forum here. And also, sorry for the late response. I don't get any e-mail notifications about new postings, but I should probably look into that.

First off, I think that as a work-around to "executing it locally" on each system, you could set up the Windows Remote Management (WinRM) service on all of your systems (clients and servers), which would then allow you to use the Windows PowerShell Remoting feature to deploy the script, as if it were running locally.

Secondly, are you getting an actual error message when you try to create the consumer remotely, or is it just failing to create the consumer on the remote system? It's possible that there's a bug with the New-WmiEventConsumer script cmdlet, but I would have to look into that. Honestly, most of my testing was to create WMI event filters, consumers, and bindings on local systems, not remote ones, so that's my fault for not testing out that scenario extensively.

Let me know your thoughts on the above points.

Trevor Sullivan