To help reveal Denial of Service (DoS) attacks, I want to send realtime alerts to the Windows NT administrator's desktop machine when critical servers (e.g., file servers, Web servers) are running out of disk space. Does NT Server provide such an alert, or do I have to install a third-party solution?
You can use NT's built-in Messenger service and Performance Monitor tool. The Messenger service sends messages between NT machines. On a default NT installation, this service starts automatically. You can check its status from the Control Panel Service applet.
You can use the Performance Monitor's Alert View to send alerts to the specified administrator's machine. To set up alerts that will warn the administrator when the servers are running out of disk space, define a performance counter alert for the LogicalDisk object's % Free Space counter. Set the alert to go off when the % Free Space counter goes below 10 percent on logical disks D, J, F, and K. For example, if you have a logical disk of 10GB, an alert would go off when the free space on that disk drops below 1GB.
To set up this alert, open Performance Monitor and select Alert View. Click + or the Add to Alert option under the Edit menu. After you select the appropriate computer in the Computer field, select LogicalDisk from the Object drop-down list and select % Free Disk in the Counter field. Next, select the correct LogicalDisk Instance from the Instance field and set the Alert if field to 10. Finally, click Add to add the alert.
To make sure that the alert goes to the correct machine, select Alert under the Options menu. In the Network Alert section, select the Send network message check box and fill in the NetBIOS name of the administrator's machine. Click OK to apply the change. If you configured the alert correctly, your administrator should receive the alert from the Messenger service.
The Messenger service isn't always dependable, so sending an email message might be more efficient. You can send email alerts if you have access to Mapisend, a tool that lets you send an email message from the command line. Mapisend comes with the Microsoft Exchange 2000 Server Resource Kit and the Microsoft Exchange Server 5.5 Resource Kit. To set up an email notification system, create a batch file that calls mapisend.exe with the appropriate parameters. You can find information about the tool's parameters in the resource kits' documentation. In Performance Monitor's Add to Alert dialog box, select the Every Time check box and specify the name of the batch file in the Run Program on Alert text box.
