Hi, Using the Windows Event reset monitor (I am assuming that is the correct one) I want to see if a server has been restarted at least every 40 days. (i.e. if it is over 40 days since System Event 6005 has occurred, then pls alert). All looks good until I get to the part where I wish to put in 40 days. Comes back saying the max input is 28 days. Is there another way to do what I want, or a way to get around the 40 day limit? Thx, John Bradshaw

why don't you look at the uptime reports or just pick up this event and create your own custom (monthly) report. Rob Korving http://jama00.wordpress.com/

Hi Rob, I cannot make head nor tail of the availability reports. They certainly do not only reflect when a server is offline or when it has rebooted. What they show I am not exactly sure. How would u create a custom report that looks at the numer of times an Event has occurred and when it occurred? Thx, John Bradshaw

Hey John The availability report show the length of time a server is in a warning or critical state. In terms of how to report on a specific event you should have a look at Kevins useful SQL queries. http://blogs.technet.com/b/kevinholman/archive/2007/10/18/useful-operations-manager-2007-sql-queries.aspx and then how to create custom reports http://technet.microsoft.com/en-us/library/cc179609.aspx Paul Keely

Thx Paul, The queries were great for other problems I was having! Just wondering how you could use some to achieve the original goal of seeing if an Event has occurred in at least a 40 day interval? Thx, John Bradshaw

Hi. Perhaps you could run a timed script that queries win32_operatingsystem and evaluates if LastBootUpTime is > 40?Layne

Thx Layne.....I found some scripts, and I could use Task Scheduler to run the scripts. How could I modify the 1st script to say create and Event 100, if the return is >40 (or I guess 40x24 = 960 hours) ? strComputer = "." ' Local computer set objWMIDateTime = CreateObject("WbemScripting.SWbemDateTime") set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colOS = objWMI.InstancesOf("Win32_OperatingSystem") for each objOS in colOS objWMIDateTime.Value = objOS.LastBootUpTime Wscript.Echo "Last Boot Up Time: " & objWMIDateTime.GetVarDate & vbcrlf & _ "System Up Time: " & TimeSpan(objWMIDateTime.GetVarDate,Now) & _ " (hh:mm:ss)" next Function TimeSpan(dt1, dt2) ' Function to display the difference between ' 2 dates in hh:mm:ss format If (isDate(dt1) And IsDate(dt2)) = false Then TimeSpan = "00:00:00" Exit Function End If seconds = Abs(DateDiff("S", dt1, dt2)) minutes = seconds \ 60 hours = minutes \ 60 minutes = minutes mod 60 seconds = seconds mod 60 if len(hours) = 1 then hours = "0" & hours TimeSpan = hours & ":" & _ RIGHT("00" & minutes, 2) & ":" & _ RIGHT("00" & seconds, 2) End Function ======================================================== SET WshShell = WScript.CREATEOBJECT("WScript.Shell") strCommand = "eventcreate /T Error /ID 100 /L Scripts /D " & _ CHR(34) & "Test event." & CHR(34) WshShell.Run strcommand Cheers, JB

John, here is a script that you'd setup as a timed script RULE, and it returns uptime in hours and writes it to the Application Log under event id 2, source WSH, event level Warning. You could change what is written to the event log to something static like, "System Uptime is over 40 days", and then have an event rule look for that text in the description. <pre lang="x-vbnet">strComputer = "." set objShell = CreateObject("wscript.shell") Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem") For Each objOS in colOperatingSystems dtmBootup = objOS.LastBootUpTime dtmLastBootupTime = WMIDateStringToDate(dtmBootup) dtmSystemUptime = DateDiff("h", dtmLastBootUpTime, Now) 'Wscript.Echo dtmSystemUptime Next Function WMIDateStringToDate(dtmBootup) WMIDateStringToDate = CDate(Mid(dtmBootup, 5, 2) & "/" & _ Mid(dtmBootup, 7, 2) & "/" & Left(dtmBootup, 4) _ & " " & Mid (dtmBootup, 9, 2) & ":" & _ Mid(dtmBootup, 11, 2) & ":" & Mid(dtmBootup,13, 2)) End Function If dtmSystemUptime > 960 Then objShell.Logevent 2, "System Uptime is " & dtmSystemUptime & " hours." End If I'm not great with vbscript, but i quickly tested this and it seemed to work. ;-) Or you could rewrite it a bit to make it a monitor. Layne

Looking good...Thx Layne...Shall give it a try now. JB

Yep works great. Just changed the 1st line to: strComputer = "." Thx Layne Cheers, JB

FWIW, a colleague (who I did not know wrote VB code) also came up with the following: ----------------------------------------------------------------------------------------------------- ' Looks at local computer strComputer = "." Set objShell = CreateObject("wscript.shell") ' integorgate WMI for system uptime Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery _ ("Select * From Win32_PerfFormattedData_PerfOS_System") For Each objOS in colOperatingSystems ' converts to uptime from secs to days intSystemUptime = Int(objOS.SystemUpTime / 60 / 60 / 24) Wscript.Echo intSystemUptime & " days" Next ' checks if it is above 40 days if intSystemUptime >= 40 Then wscript.echo "The system has been up for longer than 40 days - Please ensure it is receiving it's WSUS updates" objShell.LogEvent 2, "System Uptime is " & intSystemUptime & " hours." else wscript.echo "The system has been rebooted within expected thresholds" End if