|
TechForum
Tech snippets
Monitoring and reacting to system events automatically
 Monitoring
system parameters is a common administrative task. Often, you are waiting for
some event to occur. As soon as it occurs, you need to either take action on
it or analyse it further. However, you can’t just be sitting around, waiting
till the event occurs.
There are many third-party tools that allow you to set parameters to monitor
behaviour and then send you an alert when the event occurs. However, there are
built-in tools which are very easy to use and very powerful. I will describe
two such methods.
 Once
a particular event happens, or when a parameter reaches abnormal conditions,
you may want various things to happen:
1. Just know about it. Notification. No further action.
2. Log this occurrence for future use and analysis.
3. Send an email / SMS / pager alert to system administrators.
4. Stop offending processes / programs.
5. Start batch files for performing specific corrective action.
6. Run a specific script to perform a custom action.
Alerts in System Monitor
System Monitor (earlier called Performance Monitor—perfmon.exe) is used
often for viewing and logging various performance counters. While troubleshooting,
the monitoring is done live, while an engineer actively views and analyses the
way various parameters fluctuate with respect to each other.
When you require long-term monitoring, especially when a
problem occurs erratically, it is not feasible to keep looking at the monitor
screen. Under such circumstances, the data is logged to a file. This file is
then replayed in the System Monitor and analysed.
 There
is another option in System Monitor called Alerts, which is not very widely
known and used.
Here is how you use alerts:
1. Analyse your requirement and choose the counters that
you want to monitor.
2. Create a new alert.
3. Add these counters to the alert.
4. For each counter, specify a condition which you are trying to track. Each
condition could be above or below a specified value. You can also specify the
frequency at which this sampling should be done.
5. Specify what should be done after this condition occurs. For example, specify
what action to take after processor utilisation goes above 90%.
6. Actions could be :
a. Log an entry into eventlog.
b. Send a message using NET SEND command.
c. Start logging parameters specified in a separate file.
d. Run a program.
7. Finally, you can specify when to start the scanning for this alert and when
to finish it. You can also continue scanning after the first alert occurs.
 Most administrators
use the logging, or network message and logging. But all these options are passive.
These only tell you that something happened.
If you want to perform some action, to correct the problem, you will have to
write some code. Most often we end up writing batch files. Batch files are easy
to write but have very limited functionality. You can hardly do any useful work
other than whatever NET commands and other command line tools can offer. If
you want to do something for which a command line tool is not available, then
you have a problem.
WMI script as Alert Action
This is when scripting and WMI (which I have covered in previous articles) comes
into picture. All that you have to write is a VBScript file containing all the
required code. Using this approach, you can do all types of work. You can talk
to databases, tweak registry, perform FTP, create an instance of any available
ActiveX controls or COM objects, manipulate services, change application settings
for WMI compliant applications, communicate with remote servers, call Web services
and so on.
 This opens
up great possibilities for not only trapping abnormal conditions but also taking
immediate, automatic corrective action. Administrators should consider this
approach for more refined troubleshooting and providing immediate respose to
critical issues.
Pure WMI way
Another way is to use WMI scripting itself to directly hook to system events
or performance counters and numerous other occurrences. This method does not
require the performance monitor at all. This is obviously a more powerful option
because you are not limited only to performance counters. This is a topic by
itself. I will cover that in some future article. In the meantime, you can also
explore the world of WMI on your own. Microsoft site has lot of
WMI content and examples for you (www.msdn.microsoft.com).
Find features in MS Word
 I am sure
all of you have used the ‘Find’ feature in MS Word. But believe me,
we have not even scratched the surface of the functionality it can offer. In
this section, I will show you some great stuff and then leave it to you to learn
it and use it by yourself.
As usual, apart from using it, you should also look at the way these features
are enriched and the UI is designed to make it simple to use. ‘Brilliant’
is the only word that describes it.
Let me show you a superb feaure first. Suppose you have a document contains
names of two companies (for example ‘Maestros’ and ‘Mediline’).
Let us say they are conducting a joint seminar. In the invitation document,
both names appear like this “We at Maestros and Mediline, take great pleasure
of inviting you…”.
Obviously the phrase “Maestros and Mediline” appears at many places
within the document. Now, these are two different companies. When Mediline wants
to invite its customers it wants to put it as “Mediline and Maestros”.
How do we manage that? Regular search replace wont work.
Here is how you do it.
1. Open the Find and Replace dialog.
2. In the ‘Find what’ textbox, type this:
(Maestros) and (Mediline)
3. In the ‘Replace with’ textbox type:
\2 and \1
4. Click the More button to expand the dialog and enable the ‘Use Wildcards’
checkbox.
5. Now choose Replace All and see the results!
What we did here is used what is called ‘expression search’. When
you enable the wildcard option, new functionality is enabled. Whatever is enclosed
in brackets becomes an expression. In the Replace dialog, you can refer to these
expressions by giving it a number from left to right. So ‘\1’ refers
to the first expression, that is ‘Maestros’.
So in the ‘Replace with’ dialog we just changed the order of the expressions,
retaining the word ‘and’ as normal text. That’s it. Powerful
yet easy. Are you not impressed? Not with me! With the great guys who thought
of this and implemented it!
Now that I have your attention, let us explore the ‘wildcard’ options
further.
How do you find all these options?
You don’t have to memorise these. The user interface itself provides it.
When you choose the Use Wildcard option, click on the Special button. It displays
all the wildcard options available. Please note where your cursor is. The list
is different for the ‘Find what’ textbox and ‘Replace with’
textbox.
This is just a small preview of what is possible. There is much more in there.
The bottomline is “Click on the More button and explore!”
| One character or multiple character |
? is for single character and * is for multiple characters.
As usual. |
| All words ending with an expression. For example
going, leaving, coming, dreaming, all words ending with 'ing'. |
Use the > signing> Similarly you can use < for words beginning
with an expression. <(d)*(ing)> will find all words starting with
d and ending with ing
|
| Multiple occurrences. For example if the data is
like this:
Column1,,,Column2
Column1,,,,,Column2
Column1,column2
And you want to find all the occurrences where comma occurs more than
once (and then replace it with single comma)
|
Use {min, max} occurrences
If you leave min blank, even one occurrence is considered.
If you leave max blank, any number of occurrences are found ,{2,}
This will find all instances where two or more commands are together!
Very good for cleaning up badly designed tab delimited or CSV files. Here
is one way Word can help hardcore developers!
|
If you want to find all words which start
with a number
Like 1st, 2nd and so on.One character or multiple character |
Square brackets are used to specify a
range of characters.
<[0-9]*> will find all words which begin with a number.
|
 |
About the Author:Dr Nitin
Paranjape is the Chairman and MD of Maestros (Mediline). He is a consultant
with many organisations, covering appropriate technology utilisation, business
application of relevant technology, application architecture and audit as
well as knowledge transfer. He has authored more than 650 articles on various
technology-related subjects. He can be contacted at nitin@mediline.co.in |
|
