Creating Event ID’s Manually

If you have ever needed to test a monitoring system like Overseer that monitors Event ID’s in the system log then this article is for you.

Say for example you set up a monitoring system to look for low disk space, or attacks on your  database. These kinds of alters might be hard to set up since you would need the event to actually occur before it will show up in the event viewer. So how can you test low disk space without actually causing your fileserver to come to a griding halt?

Issue – I need to create a event ID  without  actually creating an the issue that would normally generate the ID.

Solution – Open up a new command line (Start > CMD).
Then type the following text into the command line, dont worry Ill explain it in a seconds just dont hit eneter yet.

EventCreate /S HOSTNAME /ID 18456 /L Application /SO TestHacker /T Information /D “The quick brown fox jumps over the lazy dog”

Ok now lets take a look and see what we have here.
EventCreate – this is the windows function we are calling.
/S – this tells the command that we want to create a event on a remote computer, if you want to create the event on the computer your logged onto right friggin now, dont put this in.
HOSTNAME – this is going to be the server name or IP address that you want the event created on.
/ID 18456 – fill in the EventID number you want to create.
Application – this states that the event will be created by an application not the system.
/SO TestHacker – this is the source name
/T Information– This is the type of the event, there are 4 levels Warning, Error, Information,
Success.
/D – This is the text that the event ID will contain.

And there you have it!

Leave a Reply

Your email address will not be published. Required fields are marked *