locked
Event ID Power shell Script mail notification with Event description RRS feed

  • General discussion

  • Hi Scripters

    I have one liner script that does good job and currently looks like this

    if ((Get-EventLog -LogName Application -After (Get-Date).AddMinutes(-90) | Where-Object {$_.EventID -eq 3}))  {

    Write-Host 'connection closed.' -ForegroundColor Red

    So if event ID 3 shows up and it is not older than 90 minutes and it is application I will get an alert which is what i nned

    This works good but I have application that fires up many EVENT ID 3 and not all of them are important

    IN Event Viewer there is general description of the error and key words are  "connection forcibly closed by client"

    Just wondering if there is any way to put this general description words as an parameter. Of course application puts much more description but these words show up when there is an error with the application

    Not sure if Get-EventLog would be able to also put this so I can filter that only when EVENT ID 3 shows up it is not older than 90 minutes and has these words "connection forcibly closed by client" only then it sends me an alert via mail

    Thanks a lot


    Dalibor Bosic


    • Edited by cer113 Friday, June 3, 2016 6:22 PM
    • Changed type Bill_Stewart Monday, July 11, 2016 3:10 PM
    • Moved by Bill_Stewart Monday, July 11, 2016 3:11 PM This is not "scripts on demand"
    Friday, June 3, 2016 6:20 PM

All replies

  • Ask the person who gave you the original command to help you extend it.

    -- Bill Stewart [Bill_Stewart]

    Friday, June 3, 2016 6:52 PM
  • Post the full XML of the event.


    \_(ツ)_/

    Friday, June 3, 2016 6:57 PM
  • nobody gave me command i took this from internet but it couldnt find anything about description

    Dalibor Bosic

    Friday, June 3, 2016 7:31 PM