At present I check the Event Viewer logs on our Server 2008 box every morning. Review any warnings or errors and take action as required. Is there a way to set up a task which would automatically send me a daily email containing the contents of the specific logs that I review. Note - I will only want to have warnings and errors on the email report. Cheers

You can use Powershell to do this very effectively. Powershell has the Get-Eventlog cmdlet, and the Send-MailMessage cmdlet, so almost anything is possible! For example, the following code gets the Error events from the Application log for the last 24 hours: $start=(Get-Date).AddDays(-1) $end=Get-Date Get-Eventlog -log application -after $start -before $end -EntryType Error If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

Hi, You might find this article helpful! http://blogs.technet.com/b/jhoward/archive/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger.aspx Martin If you find my information useful, please rate it. :-)

Cheers. I did read the article on your link Martin earlier before posting - it would be perfect although it's just for when individual event id's occur.

Hi, No problem. Teddy's solution is probably best in this case. You can essentially generate a batch file to grab the current event logs and set up a task to email them (this would be a scheduled event) I guess what you are after is to get a mail as the event log is populated with critical events. Some environment monitoring solutions offer solutions for this which are very effective. Martin If you find my information useful, please rate it. :-)

Hi, Kamal's solution does work, Just tested it here. Cheers Kamal, you learn something new everyday :-) Martin If you find my information useful, please rate it. :-)

I've just tried it and whilst it does send an email there are two - No information is included in the email (I just get a blank email) - I need just Errors and Warnings on the email notifications (I don't want general info updates)

How did you get information on the event to appear in the body of the email? I just get a blank email.

Hi, The information just appeared after I purposely generated some events. Have you tried generating events that fall within your view? Martin If you find my information useful, please rate it. :-)

To receive forwarded events on a computer, you must set up one or more event subscriptions. Before setting up a subscription, you must configure both the computer that will receive the forwarded events, and the computer or computers that will forward the events. To learn how to configure the computers, see Configure Computers to Forward and Collect Events. Once you have configured the computers, you create a subscription to specify which events to collect. To create a new subscription On the collector computer, run Event Viewer as an administrator. Click Subscriptions in the console tree. Note If the Windows Event Collector service is not started, you will be prompted to confirm that you want to start it. This service must be started to create subscriptions and collect events. You must be a member of the Administrators group to start this service. On the Actions menu, click Create Subscription. In the Subscription Name box, type a name for the subscription. In the Description box, enter an optional description. In the Destination Log box, select the log file where collected events are to be stored. By default, collected events are stored in the ForwardedEvents log. Click Add and select the computers from which events are to be collected. Note After adding a computer, you can test connectivity between it and the local computer by selecting the computer and clicking Test. Click Select Events to display the Query Filter dialog box. Use the controls in the Query Filter dialog box to specify the criteria that events must meet to be collected. Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane and, if the operation was successful, the Status of the subscription will be Active. Events raised on the forwarder computers that meet the criteria of the subscription will be copied to the collector computer log specified in step 6. Additional Considerations You cannot use Event Viewer to create a subscription while it is connected to a remote computer. You can use the filter from a previously defined Custom View by choosing Copy from existing Custom View. Additionally, you can paste an XPATH query into the text box on the XML tab of the Query Filter dialog box. If a newly created subscription does not activate, you can open the Subscription Properties dialog box and select individual source computers to view the status for each of them. Additional Resources Configure Computers to Forward and Collect Events Configure Advanced Subscription Settings If you find my information useful, please rate it. :-)

Yep. It's running the task based on updates to the custom view but the email contains no body text.

Hi, Let me test on a clean VM. I also have monitoring software on the machine I tested on earlier. MartinIf you find my information useful, please rate it. :-)

That will do nicely. Tried out the command line but get a parameter cannot be found that matches parameter name 'entrytype' Also just tried get-eventlog -logname System -EntryType Error but get "a parameter cannot be found that matches parameter name 'EntryType'" Any ideas why these commands are not recognised?

Strange, it works on my system. What version of Powerhell are you using? You can test this by checking the value (true or false) of $isV2, as such: $isV2 = test-path variable:\psversiontable $isV2

Try this command: Get-EventLog -LogName application | where { ($_.entrytype -eq "Error") -or ($_.entrytype -eq "Warning")} If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

re. the version command, after entering the second $isV2 command it displays FALSE The second Get-EventLog command does show the correct details from the event log. Is it possible to get this emailed daily?

Ok, no big deal, you're running Powershell V.1. You can install PS V.2, and the original script will work, or we can modify the script to work in PS 1.0. Replace the first line of the script with this: Get-EventLog -LogName application -after ((get-date).addDays(-1)) | where { ($_.entrytype -eq "Error") -or ($_.entrytype -eq "Warning")} | export-csv "C:\scripts\appevents.csv" But, seriously, I really recommend installing PS V.2. See this link: http://support.microsoft.com/kb/968929 The modified script that I've posted here won't run as quickly as the original one, especially if querying remote machines. If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

that command says "a parameter cannot be found that matches parameter name 'after'.

Yep, you really need to move up to PS V.2. Most of the examples you will see in Powershell assume you're running PS V.2. This code can be modified, as such: $yesterday = ((get-date).addDays(-1)) Get-EventLog -LogName application | where { (($_.entrytype -eq "Error") -or ($_.entrytype -eq "Warning")) -and ($_.timewritten -ge $yesterday)} | export-csv "C:\scripts\appevents.csv" But I stress again, this will run even slower because your are first retrieving the whole log, and then filtering it, instead of filtering it at the source. That is why the Powershell 2 code is better: It is more efficient.

BadBoyHouse, thanks for the idea! I liked it so much, I implemented it as a scheduled task, and I've just received my first emails from the server, with cute csv attachments with all the warnings and errors for the last 24 hours. My only problem now, is that I don't really want to see what's in them!!!If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

Arthur_Li, I don't know why you marked this as an answer. The OP clearly showed preference for my method of using Powershell to send a summary of events for the last 24 hours. At no stage did the OP indicate that attaching a task to an event answered his needs. In fact he said: "Cheers. I did read the article on your link Martin earlier before posting - it would be perfect although it's just for when individual event id's occur." At which point, Martin said: "No problem. Teddy's solution is probably best in this case." When I posted the code, the OP said: "That will do nicely." So by what logic do you get to that Santhosh's reply was the answer? It is clearly not what the OP wanted. In any case, it was Martin who first put forward the idea of attaching a task to events. If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

You can do it but u have to go through Task Scheduler. --> Create Task tab Triggers ---> New Begin the task: Choose On an event. Settings choose custom. --> New Event filter. Logged choose 1 Hour. Event level choose Error (Or smth else u need) By log choose which one or By source or both . than go to XML and change 3600000 to 10000 (its 1 hour change to 10 seconds.). Than go to actions --> New --Action: Send an email.. And check other setting. but this is what u asked for!

@Martin - Very helpful article but for some reason it does not work for me. What am I missing? Running Windows 2008 R2 Standard: wevtutil qe Application "/q:*[Application [(EventID=28673)]]" /f:text /rd:true /c:1 (produces no text to screen)wevtutil qe Application "/q:*[Application [(EventID=28673)]]" /f:text /rd:true /c:1 > E:\DupPIN.txt (produces empty file) EventID and output location are both valid. I could turn to our SCCM/SCOM team but would rather create email alerts as needed on the fly. - Left scratching a hole in my head.