Solved

How to set up email notification for Windows event log error?

Posted on 2012-03-30
15
1,344 Views
Last Modified: 2012-04-06
I have Windows 2008 server. I want to set up an automatic email notification when an error alert occurred and posted in Windows event. How to set up this? Do you have a tutorial or screenshot to show how to do that
0
Comment
Question by:wasabi3689
  • 9
  • 4
  • 2
15 Comments
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 75 total points
ID: 37788021
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 50 total points
ID: 37788038
eventvwr.msc -> select a specific event -> right click and select Attach Task to this Event -> Action (send an email)
0
 

Author Comment

by:wasabi3689
ID: 37788081
I want all kind of error events to send email AUTOMATICALLY. If I select a specific event then set it up, does it mean I only receive email for this kind error???
0
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 75 total points
ID: 37788098
actually all this puts command and you can play with this. use wildcard instead of specific eventid and you will get all event id's

wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 50 total points
ID: 37788102
You will be receiving a spam attack with a configuration like that. Look into event log forwarding instead.
0
 

Author Comment

by:wasabi3689
ID: 37788190
@Anuroopsundd

Where to put to your
wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1

Can you attach a screenshot? I want once an error occurs, the email is fired automatically. If no error, no email fired

@motnahp00
How this work? I don't find where event log forwarding is. Can you attach a screenshot?
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37788207
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:wasabi3689
ID: 37788300
Hi,

I don't understand this following

1.
>>Perfect, so that’s what I want emailed to me. So let’s create a quick batch file which will >>get the above information and put it in a file. I just called it query.cmd and saved it on >>my desktop for convenience (again, the wevtutil command is all on one line).

What should I put in to query.cmd?

2.
>>del %temp%\query.txt
>>wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1 > >>%temp%\query.txt

Use command line to run above?

3. how to use wildcard to replace "(EventID=20274"
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 75 total points
ID: 37788349
wevtutil qe System "/q:*[System]" /f:text /rd:true /c:1 >%temp%\query.txt

above query will bring the last entry from system logs.

if you change /c:100 you will get last 100 entries.
0
 

Author Comment

by:wasabi3689
ID: 37789214
Actually, I just need alert fired to my email once the error posted to event log. That means, if no error posted today, no need to send email, and if already sent out email alert for this instance, no need to send again. How to do that? I don't want to schedule the task to fire email everyday. I want to fire email only when error posted to event log. How to do that?
0
 

Author Comment

by:wasabi3689
ID: 37789250
Also, in the subject line, I want to pick up the source name with event ID

For example, Event 1009, DistributedCOM

How to do that?
0
 

Author Comment

by:wasabi3689
ID: 37789422
It sounds your command line only catches system log, I want to catch also application log and security log

wevtutil qe System "/q:*[System]" /f:text /rd:true /c:1 >%temp%\query.txt

When I catch System to Application, the email did not attach any thing, why?

wevtutil qe Application "/q:*[Application]" /f:text /rd:true /c:1 >%temp%\query.txt
0
 

Author Comment

by:wasabi3689
ID: 37803486
any comments for my questions?
0
 

Author Comment

by:wasabi3689
ID: 37808160
Hi,

I modified the script and I am able to capture both error thrown out from system and application.

Here is the script

Application error
del %temp%\application.txt
wevtutil qe Application "/q:*[System[(Level=1) or (Level=2)]]" /f:text /rd:true /c:1 >%temp%\application.txt

System Error
del %temp%\system.txt
wevtutil qe System "/q:*[System[(Level=1) or (Level=2)]]" /f:text /rd:true /c:1 >%temp%\system.txt

But, I still have an issue. The error email notification fired every night. Actually, I want them to fire only there error occurs. If no error occurs, no email fired. If error notification already fired, don't fire again.

How to do this and change the code.
0
 

Author Closing Comment

by:wasabi3689
ID: 37816653
All ideas are very helpful here
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now