SharePoint 2016/2013: Event Log Monitoring By PowerShell Automation
This article is based on the requirement we recently encounter where I was required to monitor a specific exception type and if it occurs the Admins should be notified at the same time.
In this demo, we are considering a scenario that if ever we have encountered an Event ID “1101” that would mean the SharePoint Site or any related service is down and in that case the Administrators will get Email Notifications automatically.
https://howtodowithsharepoint.files.wordpress.com/2016/11/1.png?w=800
In order to accomplish this let start with writing a PowerShell function “Monitor-Event-Logs” as shown in Step 1.
In Step 2 we are making use of “Get-EventLog” cmdlet by instructing it to get the top 1 latest Application Log where the Event ID = “1101”
We can check for Event Object for null and if it returns the data we prepare the Email Content comprising of relevant data in as shown in Step 3
In Step 4 we are sending Email Notification to the Administrators by using another generic function “Send-Email”
https://howtodowithsharepoint.files.wordpress.com/2016/11/2.png?w=800https://howtodowithsharepoint.files.wordpress.com/2016/11/3.png?w=800
There is an external function “Execute-Process” that will call the “Monitor-Event-Logs” function by passing required Event ID as shown in Step 5
In Step 6 we are initializing the required variables pointing to the email ids of the respective contact persons
Finally, in Step 7 we will call the “Execute-Process” function that will drive the whole mechanics.
https://howtodowithsharepoint.files.wordpress.com/2016/11/4.png?w=800
Once the function gets executed we can see the email arrived notifying the error to the administrators as shown below:
https://howtodowithsharepoint.files.wordpress.com/2016/11/5.png?w=800https://howtodowithsharepoint.files.wordpress.com/2016/11/6.png?w=800
To make this process more intuitive we got this script scheduled using Windows Task Scheduler to run at a specific time intervals and scan the logs for specific Event IDs.
In my actual implementation, we design the “Monitor-Event-Logs” function to accept an array of Event IDs to be monitored so you can try it that way depending on your requirements.