Scenario: We need to get an email when an event occurs and logged in the event viewer. The mail should contain the contents of the event log entry.

In this example, I am using Event ID 137 on a Windows Server 2008 R2 while taking Backups.

First, find the event in the event log.

Click “Attach Task To This Event…” in the right side task pane and proceed with the wizard. We can give a name for the task “the event name in the server”. On the Action page, select send an email. On the send an email page, provide From/To/Subject/Text and SMTP server. So we can’t specify what comes in the body of the email. But we can include a specific attachment, which is not our requirement.

Now go to task scheduler, Task Scheduler Library and then to Event Viewer Tasks, we can find a new item. There is no way to include the text of the event log in the message.

So to get the last instance of event 137 logging in the System event log use the command wevtutil. Run the below command to see all the event details on one line.

wevtutil qe System “/q:*[System [(EventID=20274)]]” /f:text /rd:true /c:1

So create a batch file, query.cmd and saved it on my desktop which will get all event details.

del %temp%\query.txt
wevtutil qe System “/q:*[System [(EventID=20274)]]” /f:text /rd:true /c:1 > %temp%\query.txt

Now go to the properties of the task and click Actions tab. Add an item to run this batch file and place it on top of the list.

Now go to the properties of the “Send an e-mail” option. Find there is an “Attachment” setting and now we have a file which contains the information at %temp%\query.txt. Simply put “C:\Users\admin\AppData\Local\Temp\query.txt” in that box. (Replace the username/location as appropriate). So if the event happens and logged in the event viewer we get the email like what we wanted! Hope this helps many of us…