Posted by Mike Russell on 02/16/07 20:09

"sergio-p" <sergioafp@gmail.com> wrote in message
news:1171649920.765438.152110@t69g2000cwt.googlegroups.com...

>I'm trying to create an
>intranet page that lists errors from the server event log.... I'd
>prefer a pure PHP solution, but I'd be happy to try other alternatives
>that involve call outs to non-PHP code.

The big advantage, it seems to me, of a web based event log viewer would be
that a web interface could be routed over IP to remote locations. If all
you need is local viewing capability over the local intranet, perhaps you
can get by with using the event log viewer to view your remote systems.
Since you need direct RPC access to each system, this would be inherently
more secure than using a web browser, where you might need to specifically
intercept local systems in the router, or use a non-routable IP address such
as 192.168.xxx.xxx. BTW, the account you use for viewing does not need to
be in the admin group, but it will require the "auditing and security log"
permissions on each system whose log will be viewed.

The callouts themselves are not that hard to implement, though it's been a
while since I've done so. Google first for the terms IIS ISAPI Event Log to
see if someone else has already done this. Maybe you'll luck out. Then
pick your language - generally VB, or C++ - and build an isapi dll with the
calls you need. Install that dll on a particular server to export those
functions to php, (or any server side script). That server can then be used
to access all the other servers via the remote capability of the event log
api, or you can run a server on each system you want to monitor. There is
one kicker, though. The text message associated with each event log entry
is normally embedded, as a string table resource, in the DLL that generated
the error, so you must have a copy of the DLL's you care about on the same
system - the IIS server - that you are decoding the events on.

If your software is hard to use or install, you'll find that people won't
use it, and will just walk over to the system they are wondering about. Do
have some way of filtering events by severity and date range. It is tedious
using the event viewer to look through the event logs of several systems on
a regular basis, and even more so using a web interface with a relatively
primitive viewing interface.

So a third solution would be to price out a third party utility for
interpreting and filtering remote event logs, and generating a notification
when a serious error or security breach happens. There are many such
products out there, and I imagine these are in the several hundred to
thousand dollar range. This may turn out to be your best bet in the end,
depending on how busy you are, how much you want to learn, and how much your
time is worth to your boss. If nothing else, download a trial version of
one of these products to get an idea of what features you'll want to
implement. Here's one to get you started:
http://www.gfi.com/lanselm/?adv=52&loc=6&adclickid=10739086
--
Mike Russell
www.curvemeister.com/forum/

[Back to original message]