Event log contents by email on an event log trigger


Scenario: You need to get an alert email for specific events occurred on the critical / production server.

Solution:

Step 1:

Identify the event which you need to trigger

2

 

 

 

 

Step 2: Go to Task scheduler and select the Event viewer tasks & create a new task.

11

 

 

 

 

 

Step 3:  Name the task and select “Run whether user logged on or not” & “Run with highest privilges”

12

 

 

 

 

 

 

Step 4: Go to triggers and select the option begin the task “On an Event” & select the option as per screenshot

13

 

 

 

 

Step5:

Go to actions and need to perform two actions

  1. Query a script which will create a copy of the required event in text and make an action in the scheduler.

Script to run : save the below as Query.cmd

del %temp%\Logonfailure.txt

wevtutil query-events Security /rd:true /format:text /q:”Event[System[(EventID=4625)]]” > %temp%\Logonfailure.txt

14

 

 

 

 

 

 

2. Create another action for sending email with the required recipient and attachment of the query log

15

 

 

 

 

 

 

Output will be

 

 

 

 

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: