How to Use PowerShell and Windows Task Scheduler for a Quick Alerting Solution

March 27, 2019   //   Security,

Many administrators find themselves responsible for more and more systems as companies grow. Sometimes this growth is unplanned and requires the admin to take on responsibility for systems and applications they know little to nothing about. When you don’t know enough about an application to correct a systemic error, administrators are forced to take a reactive approach by fixing errors only after an issue arises – sometimes a critical issue that impacts the entire organization.

If you’re in a position where you’re managing one or more remote servers and experiencing an increasing number of unpredictable errors, you’re not alone. The constant assessment, implementation, and enablement of new technology in the workplace is fast becoming a challenge for most organizations to manage. It’s no surprise that many organizations today are exploring partnerships with a Managed Services Provider to help fill the gaps and expand coverage.

In the meantime, if you’re looking for a quick way to automate alerts and help your team get ahead of the issues, PowerShell and Windows Task Scheduler is an excellent solution.

How To Set Up Alerts with PowerShell and Windows Task Scheduler

Identify your error’s event:

This solution depends on filtered messages from the Windows Event Log. You must know the Source and the Event ID of the errors for which you want to receive alerts. You can find these by reviewing the Windows Event Log.

Event Viewer

Construct a PowerShell command to send an email with Event Log details:

Use this command:

Send-MailMessage -From <from email address> -To <to email address> -Subject <subject line> -SmtpServer <Name or IP of your SMTP server> -BodyAsHtml -Body (Get-EventLog -LogName Application -Source MSSQLServerOLAPService -EntryType Error -Newest 10 | select TimeGenerated, EventID, Message | ConvertTo-Html | Out-String)

The core of this command is PowerShell’s Send-MailMessage. Update the From, To, Subject, and SmtpServer arguments (including the brackets) for your environment. Note: This approach requires that the SmtpServer you specify is available and accepts anonymous relay.

The Body argument is a nested PowerShell command for Get-EventLog. This is where we pull the events from Windows and put them in our email. Update the LogName and Source. This example is pulling the last 10 errors from the application log for the MSSQLServerOLAPService.

Test your command with PowerShell:

Test your command in a PowerShell console to make sure you receive an email with Event Log data. The next and final step is to automate this command – if it does not work now, it will never work from the scheduler. Task Scheduler cannot execute PowerShell commands directly, so we need to call PowerShell.exe from our task and tell it to execute our command. We do this by wrapping the command you tested in step 3 in “&{ }” and passing it with the Command argument. A completed example that may be run from the command line looks like this:

PowerShell.exe -Command "&{ Send-MailMessage -From from@example.com -To to@example.com -Subject 'An error has occurred' -SmtpServer smtp.example.com -BodyAsHtml -Body (Get-EventLog -LogName Application -Source MSSQLServerOLAPService -EntryType Error -Newest 10 | select TimeGenerated, EventID, Message | ConvertTo-Html | Out-String) }"

Again, make sure you can run this command from a command prompt and receive an email before continuing to the next step.

Schedule your command:

 

 

Schedule your PowerShell command to run whenever an Event with the Event ID you identified in Step 1 is logged. On the server you want to monitor:

  1. Open Task Scheduler
  2. Click “Create Basic Task…”
  3. Enter a name and description
  4. For Trigger, select “When a specific event is logged”
  5. Enter the Log, Source, and Event ID you identified in Step 1
  6. For Action, select “Start a program”
  7. Enter “powershell” in the Program/Script box
  8. Copy and paste everything starting with “-Command” into the Arguments box
  9. Click Next and Finish

One more test:

Right-click on your new task and choose Run. This will execute your command and send you an email without waiting for the Event to be fired. If you get the email this time, you can be sure you will receive one the next time your error happens.
If you’d like to learn more about some of the latest technologies and strategies that are helping IT stay ahead of issues, contact us to discuss your unique environment and business requirements.

SWC Managed Defense