Need to trigger e-mail when Event ID comes

venkata-kalyan · June 9, 2016, 5:22am

Hi,
I wrote a script in powershell which will trigger a mail, when it has an event ID:

Clear-Host

========================

Collection Data Section

========================

Function EventID-To-HTML($ComputerName = $env:COMPUTERNAME)
{
$EventResult = wevtutil.exe qe Security /rd:true /c:1 /f:renderedxml /q:“*[System[(EventID=1014)]]”
if ($EventResult -eq $null){exit}
$xmlEventResult = [xml]$EventResult

      $EventDate = $xmlEventResult.Event.System.TimeCreated.SystemTime
      $EventDate = Get-Date $EventDate -format ('MM-dd-yyyy hh:mm:ss')
      
      $htmlStart = "
                      
                         
                          body {background-color:rgb(238, 238, 238);}
                          body, table, td, th {font-family:Calibri; color:Black; Font-Size:11pt}
                                           th {font-weight:bold; background-color:rgb(78, 227, 48);}
                                           td {background-color:rgb(255, 190, 0);}
                        
                      
                    
                    Security Alert: A user account was created
                    This event occurred at: $EventDate on $ComputerName"
      $htmlEnd = ''
      $htmlStart

      $xmlEventResult.Event.EventData.Data | Select-Object Name, @{Label = "Value"; Expression={$_."#Text"}} | Group-Object -Property __Class | 
      ForEach-Object {$_.Group | Select-Object -Property * | ConvertTo-HTML -Body ('' -f "$_.Name")}
      
      $htmlStart = ''
      
      $htmlStart = $htmlStart + "This report has been generated by software Please DO NOT reply."
      $htmlStart
      
      $htmlEnd = ''
      $htmlEnd 
     }

======================

Sending Email Section

======================

$strFrom = “”
$strTo = “”
$strSubject = “*** Event ID- Exchange server down ***”
$strSMTPServer = “smtp.office365.com”

$objEmailMessage = New-Object system.net.mail.mailmessage
$objEmailMessage.From = ($strFrom)
$objEmailMessage.To.Add($strTo)
$objEmailMessage.Subject = $strSubject
$objEmailMessage.IsBodyHTML = $true
$objEmailMessage.Body = EventID-To-HTML

$objSMTP = New-Object Net.Mail.SmtpClient($strSMTPServer)
$objSMTP.Send($objEmailMessage)

But Iam getting error:
The term ‘wevtutil.exe’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Documents and Settings\Administrator\Desktop\cool\test.ps1:9 char:38

      $EventResult = wevtutil.exe &lt;&lt;&lt;&lt;  qe Security /rd:true /c:1 /f:rend

eredxml /q:"*[System[(EventID=1014)]]"
+ CategoryInfo : ObjectNotFound: (wevtutil.exe:String) , Comman
dNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Can someone please help me where exactly the error is?

Thanks,
Kalyan

jack-neff · June 9, 2016, 6:53am

Try adding the full path to wvetutil.exe

$EventResult = $env:SystemRoot\System32\wevtutil.exe qe Security /rd:true /c:1 /f:renderedxml /q:"*[System[(EventID=1014)]]"

dan-potter · June 9, 2016, 6:53am

scom does that?

venkata-kalyan · June 10, 2016, 12:00am

Hi,
I try that, but same error.
I had gone to c:\windows\system32 and could not find wevtutil.exe

-Kalyan

vin-watt · June 12, 2016, 11:24am

It is easier to Export event logs with Windows PowerShell when Windows Log Explorer used. Read this Exporting event logs with Windows PowerShell | Event Log Explorer blog

curtis-smith · June 12, 2016, 11:39pm

Hey Venkata,
Just wanted to offer some alternatives to the way you are trying to handle this today.

Attach a task that is triggered by the event, then use that task to send the email.
https://blogs.technet.microsoft.com/wincat/2011/08/25/trigger-a-powershell-script-from-a-windows-event/
Have your Powershell Register a WMI event to be alerted when the event is generated. A sample of this is below. Note that currently writes to an output file, but could be easily adapted to send an email alert.

# Define event Query
$query = "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' AND TargetInstance.EventCode = '5145'"

# Register for event - also specify an action that
# writes the event to the log when the event fires.
Register-WmiEvent -ComputerName server1-SourceIdentifier server1-5145 -Query $query -Action {
    $event.SourceEventArgs.NewEvent.TargetInstance | Out-File Log.txt -Append
}

You can see where you have Events Registered by using
Get-EventSubscriber

And you can unregister for events by:
Unregister-Event -SourceIdentifier server1-5145

venkata-kalyan · June 13, 2016, 12:13am

Hi All,
Thanks for the alternative solutions. Let me try.

-Kalyan

Topic		Replies	Views
Script to send email when an events appears PowerShell Help	0	165	December 31, 2011
powershell script triggered by email PowerShell Help	2	164	November 29, 2019
how to have this content become body of HTML email?? PowerShell Help	21	283	June 3, 2016
Help with a script PowerShell Help	1	183	March 21, 2019
Send SMTP Mail including Message ID in the mail body using Powershell PowerShell Help	1	151	September 24, 2021

Need to trigger e-mail when Event ID comes

========================

Collection Data Section

========================

======================

Sending Email Section

======================

Related Topics