Help with Script that send email about Event Log

Previous Post
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_25581528.html#a28943260

i have been getting help setting up a script that will send me an email based on eventtrigges and scripts.
The eventtrigger is set for event id 632 and the script will send an email to my account with the information of the event.
In the previous email i was given help on how to make the script send if the" target account Id" was a specific account else it would just stop the script and not send the email.
The script appeared  to work, but my testing was flawed the service that the eventtriggers rides was not started. Now that the service is up and running I receive email on all events 632 on the security log.
Another thing i would like to work on, and i can post another question if needed for the points. I would like it to send information on just the event that triggered eventtriggers.

Here is the code i have so far
const cdoSendUsingPort = 2 
const cdoAnonymous = 0 
set msg = CreateObject("CDO.Message") 
set config = CreateObject("CDO.Configuration") 
set msg.Configuration = config 
txt = "" 
 
strComputer = "." 
Set objWMIService = GetObject("winmgmts:" _ 
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
Set colLoggedEvents = objWMIService.ExecQuery _ 
        ("Select * From Win32_NTLogEvent Where Logfile = 'Security' AND EventCode = 632 ") 
For Each objEvent in colLoggedEvents 
        txt = txt & objEvent.TimeWritten & vbCRLF & objEvent.ComputerName & vbCRLF & objEvent.Type & vbCRLF & _ 
        objEvent.EventCode & vbCRLF & objEvent.Message & "http://eventid.net/display.asp?eventid" & _ 
                vbCRLF & objEvent.User & vbCRLF & vbCRLF 
Next

if txt <> "" Then
        If InStr(LCase(txt), LCase("Domain Admins")) > 0 Or InStr(LCase(txt), LCase("Enterprise Admins")) > 0 Or InStr(LCase(txt), LCase("Schema Admins")) > 0 Or InStr(LCase(txt), LCase("CS3 Admin Techs")) > 0 Then
                txt = "The Following Security Errors Have Occurred on COMPUTERNAME: " & vbcrlf & vbCRLF & txt 
        
                With msg 
                        .to = "some@mail.com" 
                        .from = "someone" 
                        .subject = "Security: Possible Group Admin Added From Account" 
                        .textbody = txt 
                End with 
         
                prefix = "http://schemas.microsoft.com/cdo/configuration/" 
         
                With config.fields 
                        .item(prefix & "sendusing") = cdoSendUsingPort 
                        .item(prefix & "smtpserver") = "cvn69ucsex01" 
                        .item(prefix & "smtpauthenticate") = cdoAnonymous 
                        .update 
                End With 
        
                on error resume next 
                msg.send 
                send_error = error.number 
                on error goto 0 
         
                if send_error <> 0 then 
                        wscript.echo "Error Sending Your Message" 
                        wscript.quit 0 
                end If
        End If
else 
        Wscript.Quit(0) 
end if

Open in new window

LVL 1
dh061Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jostranderCommented:
Here's a new script with some significant changes.  

It works in my testing, hope it works for you!
Joe
ON ERROR RESUME NEXT

'--------------------------------------------------------------------
'	User Variables
'--------------------------------------------------------------------
'Server to monitor
strServer = "DC1" 

intPollSeconds=10

'Choose from:  
'Error,Warning,Information,Audit Success,Audit Failure
strTargetInstanceType="Audit Success"	

'Choose from:  
'APPLICATION,SYSTEM,SECURITY,DNS SERVER,FILE REPLICATION SERVICE,DIRECTORY SERVICE
strLogFile="SECURITY"

strEventCode="632"

strEmailSMTPserver="yoursmtpserver"
strEmailTo="you@there.com" 
strEmailFrom="""SERVER X"" <someone@somewhere.com>"
strEmailSubject="Security: Possible Group Admin Added From Account" 
'--------------------------------------------------------------------


Set objWMIService = GetObject("winmgmts:" _ 
        & "{impersonationLevel=impersonate}!\\" & strServer & "\root\cimv2") 

strQuery="Select * from __InstanceCreationEvent WITHIN " & intPollSeconds &_
	" where TargetInstance ISA 'Win32_NTLogEvent' AND TargetInstance.Type='" & strTargetInstanceType & "' AND " & _
	"TargetInstance.Logfile='" & strLogFile & "' AND TargetInstance.EventCode='" & strEventCode & "'"

Set colMonitoredEvents = objWMIService.ExecNotificationQuery(strQuery) 



Do 
	txt=""
	
	Set objEvent = colMonitoredEvents.NextEvent()
	Set objTargetInst = objEvent.TargetInstance
	
	strTimeWritten= objTargetInst.Properties_("TimeWritten") & ""
	Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime")
	objSWbemDateTime.Value=strTimeWritten
	strDate=objSWbemDateTime.GetVarDate(True)	'True=Use OS Timezone
	
	
	strComputerName = objTargetInst.Properties_("ComputerName") & ""
	strType = objTargetInst.Properties_("Type") & ""
	strEventCode = objTargetInst.Properties_("EventCode") & ""
	strMessage= objTargetInst.Properties_("Message") & ""
	strUser = objTargetInst.Properties_("User") & ""
	If strUser<> "" then strUser="User:  " & strUser

	
	txt = txt & "Time Written:  " & strDate & vbCrLf & "Host:  " & strComputerName & vbCrLf & _
		"Event Code:  " & strEventCode & vbCrLf & _
		strUser & vbCrLf & vbCrLf & _ 
        strMessage & vbCrLf & vbCrLf & _
			"http://eventid.net/display.asp?eventid=" & strEventCode

	If InStr(LCase(txt), LCase("Domain Admins")) > 0 Or InStr(LCase(txt), LCase("Enterprise Admins")) > 0 Or InStr(LCase(txt), LCase("Schema Admins")) > 0 Or InStr(LCase(txt), LCase("CS3 Admin Techs")) > 0 Then
		txt = "The following " & strLogFile & " events have occurred on host: " & strComputerName & vbCrLf & vbCrLf & txt 
		SendMail txt
	End If


	Set objEvent = Nothing
	Set objTargetInst = Nothing
	strTimeWritten= ""
	strDate=""
	strComputerName = ""
	strType = ""
	strEventCode = ""
	strMessage=""
	strUser = ""
	
Loop


Sub SendMail(txt)
	ON ERROR RESUME NEXT
	
	if txt <> "" Then

		CONST cdoSendUsingPort = 2 
		CONST cdoAnonymous = 0 
		set msg = CreateObject("CDO.Message") 
		set config = CreateObject("CDO.Configuration") 
		set msg.Configuration = config 

		With msg 
				.to = strEmailTo
				.from = strEmailFrom 
				.subject = strEmailSubject
				.textbody = txt 
		End with 
 
		prefix = "http://schemas.microsoft.com/cdo/configuration/" 
 
		With config.fields 
				.item(prefix & "sendusing") = cdoSendUsingPort 
				.item(prefix & "smtpserver") = strEmailSMTPserver 
				.item(prefix & "smtpauthenticate") = cdoAnonymous 
				.update 
		End With 

		msg.send 

		if err.number <> 0 then
			WshShell.LogEvent 1,"Error Sending Your Message" & vbCrLf & vbCrLf & _
				"Email to:  " & strEmailTo & vbCrLf & _
				"Email From:  " & strEmailFrom & vbCrLf & _
				"Email Subject:  " & strEmailSubject & vbCrLf & _
				"Email SMTP Server:  " & strEmailSMTPserver & vbCrLf & _
				"Email Body:  " & txt 
			
		End If
	End If

End Sub

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dh061Author Commented:
Testing it now, will get back shortly with answer. Thanks in advance.
0
dh061Author Commented:
Works and well above my expectations. thank you very much
0
jostranderCommented:
Awesome, glad it worked for you.  Thanks for the grade!
Joe
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.