One of the Events inserted into the System Event Log for Windows 2003 (and Windows 2000 for that matter) when a System is Started is Event ID 6009. In this example I will create a MOM 2005 SP1 Rule Group to place Rules specific to Server (System) Reboots, then create an Event Rule specifically for parsing System Event Log data for Event ID 6009. We could use this same process for parsing (pulling) any other System Event Log Event ID of interest.
Lynn LunikIndependent Security ConsultantWindows(R) PlatformIT Pro Secure Corporationandexchangesummit.nethttp://itprosecure.com and http://www.exchangesummit.net blog <at> itprosecure.com