Step1 – Export event details to a txt file
You can use the wevtutil command to export the specified event ID log into a file.
The following command exports event ID 4648 or 4729 from Security event to a Security_Event.txt file.
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System[Provider[@Name='Microsoft-Windows-SecurityAuditing'] and (EventID=4648 or EventID=4729)]]" >C:\Security_Event.txt
Security_Event.txt
Setp2 – Email Alert     
The second step is to email this file as an attachment.  You can use the following procedure to generate an email alert: (Attach Task To This Event)
http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html
wevtutil Command Reference:
http://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx








 
  







 
 

 
 
0 comments:
Post a Comment