'**********************************************************************
'**
'** Rule Change Auditing Script
'** Author: Jesse.Harris@Gmail.com
'** Date: 11/29/05
'** Notes: This script runs once every hour a day and creates events
'** for all rules
'** that have been changed in the last hour. It is intended to
'** be run from the MOM Mgmt server.
'**
'** Revision History:
'**
'** Date Author Comment
'
' COMMENT: This script audits changes in MOM rules and rule groups.
'
' Key Variables: SQL_DSN = The name of your MOM Database Server
' POLL_INTERVAL_IN_HOURS = number of hours to check (last 1 hr by default)
'
'**********************************************************************
'on Error Resume Next
'Probably could be parameters but aren't
Const MOM_SCRIPT_EVENT_ID = 5000
Const POLL_INTERVAL_IN_HOURS = -1 '***Note: This must be a negative number as
it's going back in time!!!
Const SQL_DSN = "Your_MOM_Svr_Here"
Const EVENT_TYPE_SUCCESS = 0
Const EVENT_TYPE_ERROR = 1
Const EVENT_TYPE_WARNING = 2
Const EVENTLOG_INFORMATION_TYPE = 4
Const EVENTLOG_AUDIT_SUCCESS = 8
Const EVENTLOG_AUDIT_FAILURE = 16
Const SCRIPT_FAILURE_EVENT = 91001
Dim cn
Dim rs
Dim strSQLQuery
Dim UTCTime
InitSQL()
getUTCTime()
getRuleChanges()
if err.number <> 0 Then
LogEvent SCRIPT_FAILURE_EVENT,EVENT_TYPE_ERROR,"MOM Admin Script Error: " &
vbcrlf & "err.number: " & err.number & vbcrlf & "err.description: " &
err.description
end If
set cn = Nothing
set rs = nothing
'***********************************************
'InitSQL() Create connection
'***********************************************
Sub InitSQL()
Set cn = CreateObject("ADODB.Connection")
Set rs = CreateObject("ADODB.Recordset")
cn.Open "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial
Catalog=OnePoint;Data Source=" & SQL_DSN & ""
End Sub
'***********************************************
'getUTCTime() Gets UTC time difference (-6 or -5)
'***********************************************
sub getUTCTime()
strSQLQuery = "select DateDiff(hh,getutcdate(),getdate()) as UTCTime"
rs.Open strSQLQuery,cn,1,1
UTCTime = cstr(rs("UTCTime"))
end sub
'***********************************************
'getRuleChanges Get the SQL Server for the given mgmt group
'**********************************************
sub getRuleChanges()
strSQLQuery = "select idprocessrule, name, lastmodified, lastmodifiedby,
IsRuleGroup from OnePoint..processrule where lastmodified > dateadd(hh," &
POLL_INTERVAL_IN_HOURS & ",getUTCdate()) order by lastmodified"
' wscript.echo strSQLQuery
Set rs = cn.execute(strSQLQuery)
If RS.EOF Then
LogEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_SUCCESS,"No Rule Changes were made
within the last " & abs(POLL_INTERVAL_IN_HOURS) & " hours."
exit Sub
end if
While not rs.eof
sIDProcessRule = rs("idprocessrule")
sName = rs("name")
sLastModified = DateAdd("H",UTCTime,rs("lastmodified"))
sLastModifiedBy = rs("lastmodifiedby")
sIsRuleGroup = rs("IsRuleGroup")
if isnull(sLastModifiedby) Then
sLastModifiedBy = "nullValue"
end if
if sIsRuleGroup = 0 Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following rule has
changed in the last " & abs(POLL_INTERVAL_IN_HOURS) & " Hours: " & vbcrlf &
"Rule Name: " & sName & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf &
"Changed on: " & sLastModified, sidprocessrule, sname, slastmodified,
slastmodifiedby, sIsRuleGroup
Else
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Rule Group
has changed in the last " & abs(POLL_INTERVAL_IN_HOURS) & " Hours: " & vbcrlf &
"Rule Group: " & sName & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf &
"Changed on: " & sLastModified, sidprocessrule, sname, slastmodified,
slastmodifiedby, sIsRuleGroup
end if
rs.MoveNext
Wend
end sub
Sub LogChangeEvent(lEventID, lEventType, lEventMessage, lParam1, lParam2,
lParam3, lParam4, lParam5)
'On Error Resume Next
Set oEvent = ScriptContext.CreateEvent
oEvent.EventNumber = lEventID
oEvent.EventType = lEventType
oEvent.Message = lEventMessage
oEvent.SetEventParameter(lParam1)
oEvent.SetEventParameter(lParam2)
oEvent.SetEventParameter(lParam3)
oEvent.SetEventParameter(lParam4)
oEvent.SetEventParameter(lParam5)
ScriptContext.Submit oEvent
Set oEvent = Nothing
Set objShell = CreateObject("WScript.Shell")
objShell.LogEvent 4, "MOM Script: " & ScriptContext.Name & " MOMEventID: " &
lEventID & " MOMEventType: " & lEventType & " MOMEventMsg: " & lEventMessage & "
lParam1: " & lParam1 & " lParam2: " & lParam2 & " lParam3: " & lParam3 & "
lParam4: " & lParam4 & " lParam5: " & lParam5
set objShell = nothing
end sub
Sub LogEvent(lEventID, lEventType, lEventMessage)
Dim oEvent
'On Error Resume Next
Set oEvent = ScriptContext.CreateEvent
oEvent.EventNumber = lEventID
oEvent.EventType = lEventType
oEvent.Message = lEventMessage
ScriptContext.Submit oEvent
Set oEvent = Nothing
Set objShell = CreateObject("WScript.Shell")
objShell.LogEvent 4, "MOM Script: " & ScriptContext.Name & " MOMEventID: " &
lEventID & " MOMEventType: " & lEventType & " MOMEventMsg: " & lEventMessage
Set objShell = nothing
End Sub