Create Windows Event Log Notification System - Guide
Leveraging Windows Event Logs for Proactive System Management
Windows Event Logs represent a valuable asset for system administrators. They are instrumental not only in diagnosing existing system malfunctions but also in identifying indicators of potential issues before they escalate.
Maintaining vigilance over the events recorded by your system is therefore crucial for ensuring optimal performance and stability.
However, manually reviewing Event Logs or constructing custom views can be a time-consuming and complex undertaking.
Automating Event Log Analysis and Reporting
Fortunately, a streamlined solution exists to facilitate the export and filtering of Windows Event Log entries. This allows for subsequent delivery via email and/or storage in text file format.
By integrating this process into a scheduled task, you can automate the receipt of critical alerts.
For instance, warning and error messages can be automatically emailed to designated personnel, enabling prompt response and preventative action.
This proactive approach minimizes downtime and contributes to a more resilient IT infrastructure.
- Automated monitoring reduces manual effort.
- Early warning signs prevent major disruptions.
- Efficient troubleshooting is enabled by detailed logs.
Understanding the Process
The functionality of our system relies on a freely available tool, MyEventViewer, created by Nirsoft. This utility facilitates the straightforward export of Windows Event Logs into a comma-separated value (CSV) file.
We've then engineered a readily configurable batch script that processes this exported data. It filters the event log entries based on user-defined criteria.
Following the filtering process, the script is capable of both emailing the refined results and saving them to a file.
Data Handling and Flexibility
The output is formatted as a CSV file, ensuring compatibility with programs like Microsoft Excel or any preferred CSV reader.
This allows for additional sorting and filtering of the data directly within these applications, providing enhanced analytical capabilities.
The system’s design prioritizes ease of use and adaptability to various monitoring needs.
Configuration Details
The script's configuration settings and available options are detailed within the code as inline comments. However, a more comprehensive explanation of several key settings is provided here.
Event Log Identification
When defining the Event Logs from which events should be collected, it’s crucial to utilize the system’s full name for each log. This name may differ from what is displayed in the standard Event Viewer log list.
For instance, to monitor events originating from the "Microsoft Office Alerts" log, access the log’s Properties dialog.
Locate the "Full Name" value; in this instance, it is "OAlerts". This specific value should be entered into the script’s configuration settings.
Defining Event Types
The values assigned to Event Types correspond directly to the text found in the "Level" column when viewing Event Logs. These are commonly Information, Warning, or Error, though specific logs may include additional levels.
Scheduled Task Implementation
This script is typically intended for use within an automated workflow. To prevent conflicts between event capture intervals and process execution, a complementary Windows Scheduled Task should be established.
For example, if the configuration is set to capture events from the preceding day, the scheduled task should be configured to run once daily. Conversely, a configuration set to capture events from the last hour should correspond to a scheduled task execution every hour.
Furthermore, to ensure the MyEventViewer application has the necessary access to required information, the associated scheduled task must be executed with administrator privileges on the target machine.
Event Log Monitoring Configurations
The following configurations detail how to email and save event log data. These examples utilize specific settings to target particular logs, event types, and timeframes, delivering notifications to my@email.com and storing output in designated folders.
Configuration Example 1: Daily Error and Warning Notifications
This setup will send both Errors and Warnings from the System and Application Event Logs, covering the last 24 hours, to the email address my@email.com. The generated output will also be saved to the C:\EventNotices directory.
- EmailResults=1
- EmailTo=my@email.com
- SaveResults=1
- SaveTo=C:\EventNotices
- TimeInterval=3
- TimeValue=1
- Logs=System,Application
- Types=Error,Warning
- A Scheduled Task should be configured to run this daily.
Configuration Example 2: Hourly Error Notifications
This configuration is designed to email only Error events from the System Event Log. The timeframe considered is the past hour, with notifications sent to my@email.com.
- EmailResults=1
- EmailTo=my@email.com
- SaveResults=0
- TimeInterval=2
- TimeValue=1
- Logs=System
- Types=Error
- A Scheduled Task should be set to execute this every hour.
Configuration Example 3: Weekly Error and Warning Saving
This setup focuses on saving Error and Warning events exclusively from the Application Event Log. The data covers the preceding week and is saved to the desktop of the user JFaulkner, specifically at C:\Users\jfaulkner\Desktop (for Windows 7 systems).
- EmailResults=0
- SaveResults=1
- SaveTo=C:\Users\jfaulkner\Desktop
- TimeInterval=3
- TimeValue=7
- Logs=Application
- Types=Error,Warning
- A Scheduled Task should be scheduled to run weekly.
Event Log Notifier scripts can be downloaded from How-To Geek.
MyEventViewer is available for download from Nirsoft.
Blat, a command-line email utility, can be obtained from Sourceforge.