We use VMware vCenter Configuration Manager at our site to monitor our Windows servers for signs of future problems by searching the Windows Event Logs for a predefined list of events. Every once in a while (especially after a while without alerts) you want to test and make sure that everything is indeed being monitored properly. To do this I needed to inject an event into the Event Log and see if we received an alert in VCM. The question was this: how do I impersonate an existing service? The built in eventcreate.exe will not let you add events for a source that already exists, which is exactly what I want to do… Ah, I love it when people have already coded an application to do something that I need to do and save me from having to write it myself.
Meet eventcreate2.exe: http://code.google.com/p/eventcreate2/
Eventcreate2.exe has one flaw, you cannot specify a remote machine; as opposed to the built in eventcreate.exe which does let you specify remote machines. Other than that it is awesome. Using a command like the below I was able to successfully inject events impersonating an existing service and verify that our alerting was indeed working as advertised.
eventcreate2.exe /L Application /T Warning /SO dmboot /ID 2 /D “This is a test Windows RAID Failure Alert”