My boss is wanting to capture certain Windows Event Viewer events from desktops as they happen. Obviously, this means putting something on each machine that would monitor & aggregate desired events to a single database. I'm sure there are tools out there to do this, be he isn't really that interested in buying more "stuff".
I already know how I would do it, but I was interested in seeing how others might accomplish the same task.
I should make clear that I want to continuously monitor the event logs remotely
I would prefer a push-option over a pull-option.
you do not need to install anything in the client machines.
Have a look at the event log classes of the .NET Framework, when you open an event log you can pass the remote machine name to the constructor; in this way you can see the events of all machines from a centralized location (server) where you need to deploy only one copy of your application.
Related
I am developing a C# application. I am looking for a way to monitor different events in 3rd party applications.
Example 1: Calculator is running, and I want to know when the user has clicked on "=" button.
Example 2: Skype is running and I want to monitor when the user hits the "Call" button.
Example 3: Word is running and I want to monitor when the user opens the "Font" drop down list.
I am not looking for simple Mouse or Keyboard events.
Take a look at EventSpy, Both of those seams to do what you need.
http://www.codeproject.com/Articles/11918/EventSpy
http://eventspy.codeplex.com/
You basically need to tap into the "Windows Messaging" loop. In order to properly filter the GAZILLION messages that come flying through you'll also need to be able to periodically scan through all of the active windows to see which ones (if any) are relevant to you.
Be aware that this whole subsystem of windows is a GIANT security hole. (I have not worked with it much since NT4 / W95/W98 days so they might have tried attempts to "secure" it since then so it might be even harder to get to than it used to be.
You're going to need a good ide / 3rd party tools to help you get started on your way to have some idea of what you're looking for.
In a "previous" life we used this basic technique to get ~4,000 workstations to install their own software, updates, patches, etc through monitoring for existence of certain windows, controls, etc and "injecting" messages into the Windows Messaging loop to control Application Setup Programs, configuration changes that were not stored in the registry, etc, etc...
I have to run my C# application that I wrote it recently on several computers with window 7 operating system. Here is a big challenge with it, Application must run on startup and user must not be able to work with anything else such as windows hotkeys, other applications, some directories and etc.
Considering I don’t want to kill any process or service as less as possible, Please give me the best solution.
Thanks and waiting
Maybe A little more information will help
did you see Devices like ATMs or Medical devices that window is running on? Those devices don't allow user to manipulate with desktop or anywhere else, I want their solution. . . my Application Will run as a device handler(A Medical Device in Operating room).
You probably shouldn't write such an application in the first place (nagware?).
Anyway. I think what you are looking for is actually "kiosk" software. Here is blog entry that describes how to lock down the computer to effectively run in "kiosk mode".
Note however, that not every application can (or should) be used in that mode. Either because it has loopholes that still allow you to do thing (for example the file open/save dialog still allows you to create directories or navigate the file system), or because they were simply not designed with that goal in mind.
This sounds actually like a (very) bad idea to me...
You could probably hook every Keyboard event so you disable OS shortcut (Windows + D, Windows + E...). See here.
Also hide the Windows taskbar.
Make sure your application starts with Windows.
This sounds a bit hacky to me...
A program with the properties you mention is called a (very restrictive flavour of) shell. So you need to register your program as a shell (instead of explorer.exe) for the poor, poor user you want to restrict.
You might look into using a local group policy to enforce this restriction. Check this out.
I'm developing a commercial Windows 7 desktop application (somewhat shrink wrap, but not quite). The application has both Windows Service and a WPF User Interface components. In the event that our application fails at a customer site we want to be able to capture information about the runtime environmnent, including a crash dump of our processes to a dump location. That information could then be forwared to our support personnel upon request for further investigation. We also want to turn off any Windows Error Reporting and Send To Microsoft dialogs that might popup as a result of the failure.
The important thing is that we only want this to affect our application processes. We don't want to affect some global setting that will change the way all other applications on the customers desktop report fatal errors.
I'm looking for some suggestions and best practices for doing this sort of thing in a shrink wrap application.
The best way I know how to do this is by subscribing to the AppDomain.CurrentDomain.UnhandledException event. There you will be able to use the Win32 API function MiniDumpWriteDump to create your own minidump file. Check out this blog post to see a good example. Also, there is the ClrDump library.
Before you exit from your UnhandledException handler, call Environment.Exit() and you shouldn't see any more Windows error dialogs.
I have not actually used these minidump libraries myself yet, but I will soon. Hopefully this answer will at least give you a few keywords that you can plug into Google.
This is in regards to applications that run in the taskbar but should be applicable to standard apps, Winforms, WPF, etc.
Question: I am after some method (preferably via managed code) to be notified when a user either has their screen "locked" while my app is running and/or know when they log back in.
GMail Notifier does this sort of thing for example, if my PC is locked for a while when I log in again it shows a list of emails that arrived since locking the PC. I'm looking to replicate that kind of functionality.
Does anyone have any ideas on how to accomplish this?
You want to hook into the System Event Notification Service and subscribe to the ISensLogon DisplayLock/DisplayUnlock events.
The question mentioned by Mike Daniels has answers:
Checking for workstation lock/unlock change with c#
The one I prefer is using is SessionSwitchReason:
http://msdn.microsoft.com/en-us/library/microsoft.win32.sessionswitchreason.aspx
I am using the Windows Update API to update a bunch of VM's. With Windows Update comes the inevitable reboots. Can anyone think of a way that I could tell from a remote server if the windows box has indeed finished its reboot? All ideas or thoughts would appreciated.
EDIT:
Because the VM's are in Lab Manager and using a fenced configuration, WMI will not work, and although I thought about using the VM to send a signal when it was back up. There would have been no way to reliably know who to notify as the app waiting for the machine could be on any number of machines so it just didn't seem reasonable. However time is not essential (and even though I know this will bite me sometime when a Service Pack comes down) I have had good success with the PING and then wait 5 minutes so far, so I am going to use that for now. If I run into exceptions I will then try to implement the VM notfiying the world when it comes back up. Thanks to all.
Just wait for it to respond to a ping.
In light of your comments:
1 - Use this script
2 - If you get any errors with that script, follow these instructions.
Check for this event in the event log:
Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 7/27/2007
Time: 12:56:24 PM
User: N/A
Computer: IWSDEV
Description:
The Event log service was started.
A more general version of this question is How do I know if a system has powered on?
The reality is that you can't know when it is done booting. The boot process is pretty asynchronous and so whatever criteria you use to determine that it is done "booting" could happen before something else completes.
What I would recommend is determine what you actually want to know. What specifically is it you are waiting for? Find a way to determine whether this has taken place and forget worrying about "booting".
If you just need to know that the machine is back up but maybe hasn't completed all of the post-boot loading, put something in the startup sequence or a service that signals your code. When this signal takes place, take whatever action you need to.
You could install a startup program or service on the machine to send an email or some type of network based posting everytime it restarts.
Windows is done rebooting only slightly before it'll need rebooting again :-)
If you're specifically looking to query the status of VMs then you should check out these links which deal with the API for Virtual Server 2005:
The IVMVirtualMachine Interface...
http://msdn.microsoft.com/en-us/library/aa368465(VS.85).aspx
... has a property called State...
IVMVirtualMachine::State Property
http://msdn.microsoft.com/en-us/library/aa368637(VS.85).aspx
... which will return a value from the VMVMState Enumeration...
http://msdn.microsoft.com/en-us/library/aa368922(VS.85).aspx
At a more general level, you should probably define how much of Windows you want up and running. Do you consider network stack ready to be "rebooted" or do you need IIS/SQL or some other application level service up?
I'd probably write an app that checks the "heart-beat" of your servers - that app could well be the same one that's invoking the Windows Update stuff. You'd then get yourself a nice "console" showing you the status of your servers. The heart-beat app could ping a server, hit a static html page, hit the remote event log, use WMI or whatever you define as enough to consider your server rebooted.