This is a PRTG 911 calls sensor script that I wrote a long time ago – it seems like there is quite some interest in it so I decided to write a blog post about it.
ShoreTel writes by default Windows Eventlog entries for 911 calls. The challenge we had is to inform HR / Human Resources and Facilities about such calls and let them know from which phone it was initiated.
While engaging PRTG we solved this while constantly checking for the specific Windows Eventlog EnventID 1319 in the Application log and raising an Error if the Event happened. We had to put a script in between and filter the event entry out to gather minimal data in the end for the event and notification that is send out to the specific HR and Facilities members.
First the script here:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | Param( $arg_Host=$args[0], $arg_Interval=$args[0] ) $str_Date = Get-Date $str_Date = $str_Date.AddMinutes(-$arg_Interval) $str_EventMsg = Get-EventLog -Computer "$arg_Host" -LogName "Application" -EntryType "Warning" -After $str_Date -OutVariable $str_EventMsg | Where-Object {$_.EventID -eq 1319} | fl Message | Out-String If ($str_EventMsg.Length -gt 0) { $str_EventMsg = $str_EventMsg.Replace("Message : ","") $str_EventMsg = $str_EventMsg.Replace(":"," ") $str_EventMsg = $str_EventMsg.Replace("'","") $str_EventMsg = $str_EventMsg.Replace("`r","") $str_EventMsg = $str_EventMsg.Replace("`n","") $str_EventMsg = $str_EventMsg.Replace("`t","") $str_EventMsg = $str_EventMsg.Replace(" ","") $str_EventMsg = $str_EventMsg.Replace("The description for Event ID 1319 in Source ShoreWare cannot be found.","") $str_EventMsg = $str_EventMsg.Replace("The local computer may not have the necessary registry information or","") $str_EventMsg = $str_EventMsg.Replace("message DLL files to display the message, or you may not have permission to access them.","") $str_EventMsg = $str_EventMsg.Replace("The following information is part of the event","") $str_EventMsg = $str_EventMsg.Trim() Write-Host $("1:")$($str_EventMsg) Exit 1 } else { Write-Host "0:No detected 911 calls" Exit 0 } |
Save the script in this path:
C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE
Now add a custom EXE sensor (not the advanced) to PRTG and select the script. The expected parameters are the SERVERNAME and an INTERVAL – suggestions: SHORETELSERVER and 2 – 2 as interval assuming you scan every minute / 60 seconds / this will look for entries in the logfile within the last 120 seconds while accounting for any slack and keeping the error state alive for 2 to 3 minutes in PRTG.
Set the channel upper limit to 0 – if the script detects the Windows event you will get a 1 one back that indicates the error.
Set the scan-interval to 1 minute respective 60 seconds
Further might you want to add a special e-mail notification with the format TEXT WITH CUSTOM CONTENT and a target email recipient group for whom it concerns. See the screenshots below for some examples…
The email message body looks like this (example):
1 # (Value) is above the error limit of 0.90 # in Value (Emergency Services Call to 911 on port 10.10.10.10 from user ADDRESSBOOK NAME at 1234 (Extenstion))