Monitor Everything with Monitis – And do it easily with PowerShell – Part 12

Monitoring Event Logs and Using Monitis Notifications

The last several articles have talked a lot about custom monitors and about using WMI with PowerShell, but we’ve largely been doing the same scenario over and over again:

–        Creating a custom monitor in monitis

–        Querying WMI

–        Updating the monitor with text

So far, we haven’t shown any of the other really cool things you can get to in PowerShell, and we haven’t shown how you can use the data in Monitis.

In the next few articles, we’ll walk thru several other areas of PowerShell, and we will build a monitor with a notification rule.

That’s right:  not only can you monitor anything with Monitis and PowerShell, you can easily notify your personnel when critical events happen.

One quick example of this is using the event log to tell us about all of the application failures, and notify someone when something happens.

We’re going to learn 3 new commands to do this:


Add-MonitisContact  takes a first name, last name, account, and account type.  You can notify people by Email, Phone, SMS, Jabber, or ICQ.  We’ll walk thru building this script step by step.

First, we’ll import the module and connect to monitis


This would set up a notification contact for John Doe

Add-MonitisContact -FirstName John -LastName Doe -Account -AccountType Email

Then we’d store the contact in a variable, by using Get-MonitisContact to retrieve it.

$contact= Get-MonitisContact -Name "John Doe"

The custom monitor code should look pretty familiar at this point, but there’s a new twist.  Instead of just adding parameters, we also add parameter types.  This is so that the monitis notification rule can compare the values.

Add-MonitisCustomMonitor -Name ImportantEventLogEntries -Parameter "EventId", "Message" -Type ([int], [string])

We use Get-MonitisCustomMonitor to get our new test and store it in a variable.

$test = Get-MonitisCustomMonitor ImportantEventLogEntries

To add a notification rule, we use the command Add-MonitisNotificationRule.  It takes a test ID (which is in the MonitisTestId property our custom monitor), and one or more ContactIds (which is stored in $contact ‘s ContactId property).  The only other two things it needs are a Trigger Parameter, in this case, EventID, and a TriggerValue.  In our case, we’re triggering the event

Add-MonitisNotificationRule -TestId $test.MonitisTestId -ContactId $contact.ContactId -TriggerParameter EventId -TriggerValue 1001

To identify all of the event logs, we’ll use the Get-EventLog cmdlet.  Get-EventLog handles the Pre-Vista event logs, Application, Security, Setup, and System.  If you need to look thru any of rich event logs introduced after Vista, you can use Get-WinEvent.

The event ID that happens whenever there is a crash is 1001 (in Application), and it’s very simple to get every time this happened:

Get-EventLog -LogName Application -InstanceId 1001

By piping this into a built in PowerShell command, Foreach-Object, you can push this information up into Monitis:

Get-EventLog -LogName Application -InstanceId 1001 |
    ForEach-Object {
        $eventLog = $_
        $test | Update-MonitisCustomMonitor  -value @{
            EventId = $EventLog.InstanceId
            Message = $eventLog.Message
            ComputerName = $env:ComputerName


That’s it.  Every crash will trigger a notification.  Unfortunately, the event log, by its design, isn’t something you can clear item by item, so event logs and notification rules might not be the best of all pairings unless you have very specific events that are likely to be very rare.

Next time, we’ll take a look at something that is more likely to need a notification: monitoring performance counters with Monitis.

See also:

Monitor Everything with Monitis – And do it easily with PowerShell – Part 1

Part 2: Managing External Monitors with Monitis and PowerShell

Part 3: Mining External Monitor Results with Monitis and PowerShell

Part 4: Monitoring Web Applications with Monitis

Part 5: Testing Web Content with Monitis, Excel, and PowerShell

Part 6: Monitoring Anything with a Custom Monitor

Part 7:  Hardware Inventory with Monitis Custom Monitors

Part 8: Monitoring Logons with Monitis

Part 9: Monitoring Connections to Shared Folders with Monitis and Custom Monitors

Part 10: Inventory Windows Installations with Monitis and PowerShell

Part 11: Monitoring Removable Disks on Many Computers with Monitis and PowerShell