Tuesday, June 8, 2010

Export and Email Event log Information

Step1 – Export event details to a txt file

You can use the wevtutil command to export the specified event ID log into a file. 

The following command exports event ID 4648 or 4729 from Security event to a Security_Event.txt file. 

wevtutil qe security /rd:true /f:text /c:1 /q:"*[System[Provider[@Name='Microsoft-Windows-SecurityAuditing'] and (EventID=4648 or EventID=4729)]]" >C:\Security_Event.txt


image 

Security_Event.txt

image

Setp2 – Email Alert
The second step is to email this file as an attachment.  You can use the following procedure to generate an email alert: (Attach Task To This Event)

http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html

wevtutil Command Reference:

http://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx

1 comments:

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More