Email Notification for specific Windows Application Event ID

I wanted to get notified for specific Windows Application Event log ID would appears; As unfortunately the Application does have such of feature/mechanism.

Full script located here

Below the explanation for each part of the script.

To make this script be used, you would require to add task scheduler to your Event from the Windows Event logs.

– First part are some variables to generate the email:

######################

# LOCAL PATH OF THE SCRIPT
$dest = "C:\scripts"
# INTERNAL SMTP SERVER TO SEND NOTIFICATION
$smtp = "192.168.10.10"
# EMAIL FROM
$emailfrom = "sender@domain.com'
# EMAIL RECIPIENT
$recipient = "recipient@domain.com"
$sub = "This is a Notification from xxx"

#######################

– The Details of the Events (info from the Windows Event Log)
As for the arr variable, this is words/term as part of the event that you want the notification to trigger.

#######################

# VALUES TO TRIGGER EVENT

$id = "xxx"
$ProviderName = 'MyApplication'
$arr = @('word1','word2')

######################

– Some variables that does not require to be changed, additionally the email function

######################

$dateStamp = get-date -uformat "%Y-%m-%d@%H-%M-%S"
$htmlresults = "$dest\" + $dateStamp + "_results.html"

$date = (get-date -Format d)
$FQDN = (Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain

# EMAIL FUNCTION
 function sendMail{
     Write-Host "- Sending Email"
     $smtpServer = $smtp
     #Creating a Mail object
     $msg = new-object Net.Mail.MailMessage
     #Creating SMTP server object
     $smtp = new-object Net.Mail.SmtpClient($smtpServer)
     #Email structure
     $msg.IsBodyHTML = $true
     $msg.From = $emailfrom
     $msg.ReplyTo = "noreply@dlp.local"
     $msg.To.Add($recipient)
     $msg.subject = $subject
     $msg.body = Get-Content -Path $tosend | Out-String
     $msg.Attachments.Add($attachment)

     # SENDING EMAIL
     $smtp.Send($msg)
 
}
######################

– Below the Windows Event log query + Output file in html.

######################
# QUERYING THE WINDOWS APPLICATION LOGS FUNCTION

function query{
	$header = "

Server Log Report “+(get-date -f D) +” for “+ $FQDN +”

” $title = “Details” $rv | Select-Object Date,id, Details | Convertto-html -Title “Event Log Report” -head $header | out-file $htmlresults # filer the event logs Get-WinEvent @{logname=’application’; ProviderName=$ProviderName;id=$id;StartTime=$date} -MaxEvents 1 | ForEach-Object { $rv = New-Object PSObject | Select-Object Date, id, Action, Details $rv.Date = $_.TimeCreated $rv.id = $_.id $rv.Details = $_.message $body = ‘ #


 

$rv | Select-Object Date,id, Details | Convertto-html -body $body | out-file $htmlresults -Append } ###################### – Function to look for specific words + Sending function

######################
# LOOKING FOR SPECIFIC FUNCTION

forEach ($i in $arr)
{ 
if ((get-content $htmlresults | ? {$_ -match $i})) {
	
	write-host "- Found: $i"
	$ch = 1
	}

}
if ($ch) {
	$attachment = $htmlresults
	$tosend = $htmlresults
	$subject = $sub
	sendmail
	write-host ""
	}
}
######################

Leave a Reply

Your email address will not be published. Required fields are marked *