Windows Service startup time - windows-xp

Is there a way to programmatically retrieve start-up time/duration for all the Windows Services that have started during boot in Windows XP?
That is, the time the service was initialized to getting to the "started" state.
Thank you in advance!
P.S. I'm not asking for software recommendation.

I would start with looking at the logs in event viewer, check if that information you want is there.
If it is, then use Microsofts EventLog class to get the log you want.
For example if you're interested in the System log use -
EventLog systemLog = new EventLog("System");
systemLog contains a collection of all entries in the System log. Should be easy from there.

Related

How to restart an exe when it is exits in windows 10?

I have a process in windows which i am running in startup. Now i need to make it if somehow that process get killed or stopped i need to restart it again in Windows 10?
Is there any way. Process is a HTTP server which if somehow stopped in windows i need to restart it. I have tried of writing a power-shell in which I'll check task-list status of process and then if not found I'll restart but that is not a good way. Please suggest some good way to do it.
I have a golang exe; under a particular scenario my process got killed or stopped i need to start it up again automatically. This has to be done imediately after the exe got killed. What is the best way to achieve this?
I will give you a brief rundown. You can enable Audit Process Termination in local group policy of the machine as shown below. In your case, success audits would be enough. Please note that the pic is for Windows 7. It may change with OS.
Now every time a process gets terminated, a success event will be generated and written to the security eventlog.
This will allow you to create a task scheduler that triggers on the generation of this event that calls a script that would run the process again. Simple right?
Well, you might have some trouble setting that task up especially when you want to pass details about the generating event to the script. This should help you get through that.
You can user Task scheduler for this purpose. There is a option of "restart on failure" which can be selected and whenever your process get failed it will restart again.
Reference :- https://social.technet.microsoft.com/Forums/windowsserver/en-US/4545361c-cc1f-4505-a0a1-c2dcc094109a/restarting-scheduled-task-that-has-failed?forum=winserverManagement

Create Event Log source and write to it without administrative privileges

I'm running a Powershell logon script which sets users' Outlook signatures.
For debugging purposes, I'd like to log information in the client's Windows event log.
Using the New-Eventlog -LogName "Application" -Source $ParentScript command gives me a security error, "Access denied".
The users don't have administrative privileges so PowerShell is struggling to create a new source. I don't really understand this because most techy guides for the Event Log appear to indicate that any level of user can write to the Application log. Perhaps any user can write to this log, just not create a source within it?
I've looked online and one author appeared to suggest (unless I have misinterpreted) that creating an event log in registry could be an option: https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/00a043ae-9ea1-4a55-8b7c-d088a4b08f09/how-do-i-create-an-event-log-source-under-vista?forum=windowsgeneraldevelopmentissues
Unfortunately the code is not in PowerShell and I'm struggling to follow it.
My three-questions-in-one therefore are:
Can I create a new EventLog source in the registry using PowerShell?
If so, what commands should I be looking at and are permissions relevant (e.g. do I need to create a registry key then add perms to it?)
If so, can I write to this source in PowerShell without administrative privileges?
You can create a new Event Log souce with with the built-in cmelt New-EventLog something like there is a nice (even if somehow dated) post here
Full documentation for the cmdlet can be found here
Generally speaking yes you, well your user, should be able to write to the event log if memory serves a non local admin user should already be able to do so but I cannot test it right now anyhow you can red more here or read on server fault
Hope this can help a bit.

SCOM 2016 monitor log file dynamically?

I have a requirement to monitor a particular java string in a logfile whose name changes with date, for ex. D:\Logs\logfile-DDMMYYYY.log. I want to get a alert if this string is detected in the log. Can someone help me that?
Regards,
Script is your best way for accomplish that, if it is an linux machine you can wrote a perl\bash script. if you need to monitor Windows machine you can use VBScript.
If you prefer not dealing with scripts, you can use NiCE Excellnet & Free Log File Monitoring MP: http://www.nice.de/log-file-monitoring-scom-nice-logfile-mp/ But i don't sure if theirs mp supports monitoring wildcards log file names.
SCOM can monitor log files dynamically. You should monitor log directory D:\Logs with log file pattern logfile-????????.log.

How do I read the setup eventlog on windows 7

I have some C++ code which reads the Application, Security or System eventlogs quite happily using OpenEventLog and ReadEventLog API calls.
I want to read the Setup eventlog on Windows 7 so I pass "Setup" as the log name into OpenEventLog but I just get back the contents of the Application log (which is the documented behaviour for unknown logs).
How do I read the Setup eventlog?
I have solved this.
Because the setup eventlog is a new format log it can only be opened using the new API calls EvtQuery, EvtNext etc., the old OpenEventLog/ReadEventLog functions do not work on it.

Aggregation of IIS logs

We have an IIS .Net application deployed across several machines. We use IIS log information to do reporting of performance of the web application and navigation by the user. Currently the reporting is only required infrequently (once a day, for the previous day), so we just roll the logs every 24 hours, and move the old logs to our reporting server.
We have a new requirement that means we need much faster turnaround on the IIS log information, say every minute for the sake of the discussion.
There exist Apache tools like Facebook's Scribe to scalably move Apache web server logs across a network of servers.
Are there any similar tools available for IIS?
Is this the right question to ask?
Should we be doing something different, if the timing requirements have changed so much?
I've looked at this question and the answers, and the only one that seems to come close is this one.
Pointers appreciated!
Snare is a little old but worth mentioning.
Snare Agent for IIS Servers
http://www.intersectalliance.com/projects/SnareIIS/index.html
I used this old version a long time ago and it worked well by forwarding/sending/replicating IIS logs over a network via syslog.
Today, they have a newer version called Snare Epilog
http://www.intersectalliance.com/projects/EpilogWindows/index.html
The code is also open source; perhaps you might find it useful.
You might also want to try ...
http://nxlog.org
http://www.syslogserver.com/syslogagent.html
I tend to write a .bat file in conjunction with LOG Parser 2.2. The .Bat file will determine the appropriate file dates and pull the corresponding logs from multiple IIS server log locations into a single local directory. Once the files are across I then run a Log Parser command to query the log content over all log files and then produce a single output file in .csv format. Finally, I run an SSIS job to import the new .csv file into a running log table which I can then query on an ongoing basis.