In this example I will show you how to send an email when the Account Locked out event is occurred.
First we have to create a batch file to retrieve the event log contents to text file.
We can use wevtutil to do this simply. (Microsoft Technet article – Using wevtutil)
wevtutil qe Security “/q:*[System [(EventID=4625)]]” /f:text /rd:true /c:1 > C:\query.txt
By modifying above command line we can extract any event content from event viewer.
The command will save the contents of 4625 event content on C:\query.txt.
For getting the last event every time, we have to delete previous text file before executing this command. So we have to delete previous text file by using del command.
del /q /f c:\query.txt
Now we have to attach a task to this event.
Go to event viewer and click on relevant Event and click Attach Task to this event from right pane.
Enter Name and Description for the task.
Follow the wizard..
Now go to Task Scheduler
On Event Viewer Tasks, right click created event task and click Properties
On Action tab click New…
Then browse for the created batch file.
Move the start a program action to the top of the list..
Click OK.
Thats it..
Lets make an event happen. Email will send as we planned..
Leave a Reply