DOCUMENT:Q185007 11-APR-1999 [exchange] TITLE :XADM: Event Scan Tool Only Reports Application Log Events PRODUCT :Microsoft Exchange PROD/VER:WINDOWS:4.0,5.0,5.5 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, versions 4.0, 5.0, 5.5 ------------------------------------------------------------------------------- SUMMARY ======= The Event Scan utility, included in the Microsoft BackOffice Resource Kit, can be used to monitor specific events and notify a user by e-mail or a network message window to specific computers. The Event Scan utility only monitors the Windows NT Event Viewer Application Log. This behavior is by design. MORE INFORMATION ================ If the configuration file contain Event IDs or Sources that are generated in the Security or System log, the event will not be logged and the specified action, alert, or mailing will not occur. Sample .cfg file with Event and Source in Security Log ------------------------------------------------------ ;Format is EventID;Source;action;Alert list;mail list;comment string 531;Security;;johndoe;johndoe;Failed Login Attempt 528;Security;;johndoe;johndoe;Good Login 538;Security;;johndoe;johndoe;Good Login Sample Screen Output -------------------- Checking event log for server SERVER1 at: 9:01:35 AM Reported 0 events for server SERVER1. Sleeping for 300 seconds... Checking event log for server SERVER1 at: 9:05:35 AM Reported 0 events for server SERVER1. Sleeping for 300 seconds... Checking event log for server SERVER1 at: 9:10:35 AM Reported 0 events for server SERVER1. Sleeping for 300 seconds... Checking event log for server SERVER1 at: 9:15:35 AM Reported 0 events for server SERVER1. Sleeping for 300 seconds... Sample .cfg file with Event and Source in Application Log --------------------------------------------------------- 1016;MSExchangeIS Private;;;;user logged onto store Sample Screen Output -------------------- Checking event log for server SERVER1 at: 9:01:35 AM Reported 0 events for server SERVER1. Sleeping for 300 seconds... Checking event log for server SERVER1 at: 9:06:35 AM user logged onto store user logged onto store Additional query words: evtscan evtscan.exe ====================================================================== Keywords : Technology : kbExchangeSearch kbExchange500 kbExchange550 kbExchange400 kbZNotKeyword2 Version : WINDOWS:4.0,5.0,5.5 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1999.