Event log contents by email on an event log trigger

Scenario: You need to get an alert email for specific events occurred on the critical / production server.


Step 1:

Identify the event which you need to trigger






Step 2: Go to Task scheduler and select the Event viewer tasks & create a new task.







Step 3:  Name the task and select “Run whether user logged on or not” & “Run with highest privilges”








Step 4: Go to triggers and select the option begin the task “On an Event” & select the option as per screenshot







Go to actions and need to perform two actions

  1. Query a script which will create a copy of the required event in text and make an action in the scheduler.

Script to run : save the below as Query.cmd

del %temp%\Logonfailure.txt

wevtutil query-events Security /rd:true /format:text /q:”Event[System[(EventID=4625)]]” > %temp%\Logonfailure.txt








2. Create another action for sending email with the required recipient and attachment of the query log








Output will be









Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: