Hello everyone,
Attached is a script for scanning the Windows Event Log over a certain time frame for events containing specific Event ID, Source, Severity Level within the specified log. This is useful in the case of Blue Screen of Death (BSOD/BugCheck) events where the ITSM Agent may not correctly report a crash event.
This may be used either as a regular procedure or a Custom Monitor Procedure, the latter is recommended.
Variables:
- EventID: Event ID to be added to the file name to prevent collisions if multiple requests are run at once
- $EvtID: The Event ID to search for
- $EvtSrc: The specific Event Source to search for
- $EvtLog: The Event Log you wish to search (Application, Security, System)
- $EvtLvl: The severity of the event (Information, Warning, Error, Critical)
- $CombInterval: How long back in the log to search from the time of execution (should match monitor interval if used as a Custom Monitor Procedure).
20181015-Generate-an-alert-if-a-specific-event-has-been-logged.json (3.61 KB)