Code snippet from old archives. It shows how to import Windows event log entries to database. Important is to setup database and table accordingly, so it contains apropriate columns.

Set objConn = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")
objConn.Open "DSN=EventLogs;"
objRS.CursorLocation = 3
objRS.Open "SELECT * FROM tblEventLog" , objConn, 3, 3
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colRetrievedEvents = objWMIService.ExecQuery _
("Select Category, CategoryString, ComputerName, Data, EventCode, _
EventIdentifier, EventType, LogFile, Message, RecordNumber, SourceName, _
TimeGenerated, TimeWritten, Type, User from Win32_NTLogEvent")
For Each objEvent in colRetrievedEvents
objRS.AddNew
objRS("el_Category") = objEvent.Category
objRS("el_CategoryString") = objEvent.CategoryString
objRS("el_ComputerName") = objEvent.ComputerName
objRS("el_Data") = objEvent.Data
objRS("el_EventCode") = objEvent.EventCode
objRS("el_EventIdentifier") = objEvent.EventIdentifier
objRS("el_EventType") = objEvent.EventType
objRS("el_LogFile") = objEvent.LogFile
objRS("el_Message") = objEvent.Message
objRS("el_RecordNumber") = objEvent.RecordNumber
objRS("el_SourceName") = objEvent.SourceName
objRS("el_TimeGenerated") = objEvent.TimeGenerated
objRS("el_TimeWritten") = objEvent.TimeWritten
objRS("el_Type") = objEvent.Type
objRS("el_User") = objEvent.User
objRS.Update
Next
objRS.Close
objConn.Close

To remove Event Log Source use this:

Remove-EventLog -Source "Desktop Window Manager"

To list all Event Logs and sources associated with them use:

Get-EventLog -LogName * |ForEach-Object {$LogName = $_.Log;Get-EventLog -LogName $LogName -ErrorAction SilentlyContinue |Select-Object @{Name= "Log Name";Expression = {$LogName}}, Source -Unique}

Many times there is a need to publish multiple websites from internal network, but there is only one public IP address available.

How this can be done easy way? HAProxy can help us with it.

In example configuration I have 2 URLs registered to same public IP address:

• first.laboratory.net
• second.laboratory.net
• third.laboratory.net

Here is how HAProxy configuration for given example looks like…

(more…)

If you need to watch IIS application pool and start it once goes down and want to use PowerShell for that here is simple script for that.

Script includes also logging all restarts in log file which is created in same folder as script.

# AppPool to monitor
$AppPoolName = "AppPoolName"

# Log Destination
$LogToScreen = 1
$LogToFile = 1

# Determine script location for PowerShell
$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path

# Output log
$OutputLogPath = $ScriptDir + "\AppPoolRestart.csv"

#Check if file exists and create if it doesn't
If(!(Test-Path -Path $OutputLogPath)){
#Create file and start logging
New-Item -Path $OutputLogPath -ItemType File
}

###
# Function: LogMessage
###
function LogMessage($Msg, $ToScreen, $ToFile)
{
if ($ToScreen -eq 1)
{
Write-Host $Message
}

If ($ToFile -eq 1)
{
Add-Content -Path $OutputLogPath -Value $Message
}
}
###
# End Function: LogMessage
###

While (1 -eq 1){

Clear-Host

$AppPoolStatus = Get-WebAppPoolState -Name $AppPoolName

$DateTime = Get-Date

If ($AppPoolStatus.Value -eq "Stopped"){
Write-Host "Not Working"
Start-WebAppPool -Name $AppPoolName
$Message = "App Pool $AppPoolName restarted at $DateTime"
LogMessage $Message $LogToScreen $LogToFile
}Else{
Write-Host "Working"
}

Sleep 5
}

Many times you think how to extract some information from memory.dmp generated by Windows once it crashes. Let’s have a look into quick process, which might be very helpful in many cases during troubleshooting unexpected BSODs on client computers.

Before we start we need tool, WinDbg, which is available on Microsoft.com. In order to download WinDbg go to WDK and WinDbg downloads on Microsoft. On that page locate section Standalone Debugging Tools for Windows (WinDbg).

Once you download and install WinDbg we are ready to start.

So, let’s see what’s in memory.dmp…

(more…)