How to receive Windows log notifications

During a typical Windows session, thousands of events occur on your system. Most of them are not that relevant, but some are better to keep an eye on. Rather than checking those events yourself every time, you can also set Windows log messages.

In this article we look at the Windows tool that is ideally suited to keep track of various system events in a structured way: the event viewer or the module Logs†

You can start it by Windows key+R pressing and eventvwr.msc to be carried out. We assume that you are already somewhat familiar with this tool and that you know, for example, how to apply filters (Filter current log) or how to create your own log views (Create custom view†

Log Notifications

Windows closely keeps track of all system events, but it’s not useful if you have to consult them yourself every time. A possible solution is to right-click in Logs on the event to be monitored and the option Link task to this event so that the wizard Create basic tasks of the Task Scheduler appears. Name the task and press Next one (2x).

Unfortunately, as an action you can only use the option Start a program as two previous notification options (via email or pop-up) have been deprecated by Microsoft. With a detour via PowerShell it is still possible to show a pop-up notification as soon as such an event is registered.

Choose the option for this Start a program and fill powershell.exe in at Program/script† Bee Add parameters enter the following script:

-WindowStyle hidden -Command “& {[System.Reflection.Assembly]::LoadWithPartialName(‘System.Windows.Forms’); [System.Windows.Forms.MessageBox]::Show(notification,’title’)}”

Of course replace your notification and title with the actual text. Press Next one and put a check in Open this task’s properties window […] to set any additional options.

PowerShell scripts

You can also attach other PowerShell scripts to a task yourself. In the Task Scheduler module (which you will find in the start menu), click on the option Create task and click on the tab trigger on the button New† Choose from the drop-down menu Start this task select On event option and fill in the fields Logbook, Source and Event ID in, or select Amended and click New event filter†

On the tab Actions press again New where you powershell.exe fill in at Program/script† Bee parameters add the path to your PowerShell script (a file with the extension .ps1), preceded by -ExecutionPolicy Bypass to prevent execution blocking.

Remote Logs

In principle, to view the logs of other Windows computers, you only need to click on the right in the Logs module Logs (local) to click, Connect to another computer to choose and possibly Connect as another user to select. In practice, however, such a connection rarely succeeds, since Windows does not just accept such remote requests.

Depending on the Windows configuration on the clients, this requires several actions at the registry, firewall and/or services level. Fortunately, there is a tool that takes care of everything at once. You must have the free program Axence netTools for download and install it on any PC. In the subfoldernetTools5 from the installation folder you will find the file wmienable.exe† Copy this file to a USB stick and run it as administrator on the target PC. From now on, the connection should work.

Through http://kwikr.nl/axwmi you can read exactly what this tool performs and what to do if the connection unexpectedly fails. This tool also enables external links through the applications listed in the following paragraphs.

Alternative applications

The Logs application is not the only tool for viewing Windows system events. There is NirSoft FullEventLogView, which brings together almost all information in one window, including the event descriptions. You can also select specific events and save them in various formats.

The tool can also be controlled from the Command Prompt. You enter parameters here yourself or you get them from a suitable configuration file (supplied by default) with:

FullEventLogView.exe /cfg ““

Be even more powerful Event Log Explorer and Event Sentry Lightboth of which are also available for free in a slimmed-down or limited version.

EventSentry

We briefly show you how you can get started with EventSentry Light to have you sent an email notification for certain events. During installation, indicate that you want to enable email notifications and enter the requested information, including the SMTP server and port, email addresses and any authentication ID. Check the connection with the Test-knob. You will also have the opportunity to enable additional services from EventSentry.

After a while, the management console appears with information about the local PC, including the Event logs† Open the menu Tools and choose Add hosts to EventSentry / Network Scan to scan for PCs (for example, using the CIDR subnet 192.168.1.0/24† Add the desired PCs. Through Deploy agent to remote hosts you can now also install the EventSentry agent on those PCs.

Let’s say you want to receive an email notification for a specific event. Then open the menu Packages in the admin console and right-click Event Logs. Choose Add Package and name this. Right click here, choose Add filter using wizard and indicate in a few steps which events you want to filter. You can also set a time frame within which the software should check for this event. Bee Action Selection select you Default Email† Enter a filter name and complete with Complete†

Finally, right click on your package and choose Assignafter which you indicate which computers you want to check.