Hey guys,
I need to be able to alert when a certain windows event log ID 139 is produced and alert when another ID 149 is produced it cancels the alert.
Is there a proper way to monitor these 2 event logs like this?i though about while loop but it was not successful
Please show what you have so far and share your code and why it was not sucessful and the error messages you might have got. I’m pretty sure we can find a solution together.
(When you post code or error messages please format it as code using the preformatted text button </>. Simply place your cursor on an empty line, click the button and paste your code)
Hey,
Thanks for the welcome.
I’m stuck with this code, trying it with if/else this time.
-I’m retrieving the latest event of each of the event IDs
-As it sometimes resumes automatically I gave it a time buffer of 5 minutes and measured it so I won’t get CRITICAL status if it recovered.
-I’m trying to figure a way to set status to CRITIAL if only event 139 is displayed AND event 149 is not present.
I wouldn’t use Get-Eventlog anymore as it is deprecated. Use Get-WinEvent instead.
When you run this in a loop and there is one loop iteration without an event 149 the variable will exist and probably be filled in from an earlier loop iteration. So you should remove the variable for each loop iteration. … maybe like this:
(I don’t know what provider produces the events you’re after so I used System to show how it works)