Eventlog and Powershell

Search the eventlog in powershell (the engine is somewhat slow..)

get-eventlog -LogName System -newest 1 -entrytype "error" |fl

Create a script to send you the logs you need by email

# -------------------------------------
# Powershell script to send an e-mail through the Event Viewer
# -------------------------------------
#
# To test this script you can use Powershell to write your own test error log entry in the following way:
# -------------------------------------
# New-EventLog –LogName Application –Source "Test"
# Write-EventLog –LogName Application –Source "Test" –EntryType Error –EventID 1 –Message "This is a test message."
 
$event = get-eventlog -LogName System -newest 1
#get-help get-eventlog will show there are a handful of other options available for selecting the log entry you want.
#example: -source "your-source"
 
# "Error" - send only error
if ($event.EntryType -eq "Error")
{
    $PCName = $env:COMPUTERNAME
    $EmailBody = $event | format-list -property * | out-string
    $EmailFrom = "$PCName <test@test.no>"
    $EmailTo = "test@test.no" 
    $EmailSubject = "New Event Log [System]"
    $SMTPServer = "server.mail.protection.outlook.com"
    Write-host "Sending Email"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body $EmailBody -SmtpServer $SMTPServer -UseSsl -Port 25
}
else
{
    write-host "No error found"
    write-host "Here is the log entry that was inspected:"
    $event
}

Schedule the script

The featured image in this article was computer generated using Dall-E

“DALL·E 2 is a new AI system that can create realistic images and art from a description in natural language”

Check it out at https://openai.com/dall-e-2/

More articles

Optional features

Check available optional features: DISM /Online /Get-Capabilities Install an optional feature: DISM /Online /Add-capability /capabilityname:Media.MediaFeaturePack~~~~0.0.1.0

Read More »

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »