script for monitoring specific events in the Windows Event Log

[Perrypackettracer]

Below is a simple PowerShell script for monitoring specific events in the Windows Event Log. This script checks for events in the System log with a specific Event ID and triggers an action when a match is found.

# Set the event parameters to monitor
$logName = "System"
$eventIDToMonitor = 6005  # Example Event ID, replace with your desired Event ID
$actionOnEvent = {
    # Define the action to be taken when the event is found
    # This example logs a message, but you can customize it based on your needs
    Write-Host "Event ID $eventIDToMonitor found in $logName log. Take appropriate action here."
}

# Function to continuously monitor the event log
function Monitor-EventLog {
    while ($true) {
        $events = Get-WinEvent -LogName $logName -FilterHashtable @{ ID = $eventIDToMonitor; Level = 'Information' } -MaxEvents 1

        if ($events) {
            # Trigger the defined action
            & $actionOnEvent
        }

        # Sleep for a specific interval before checking again
        Start-Sleep -Seconds 60  # Adjust the interval as needed
    }
}

# Start monitoring the event log
Write-Host "Starting event log monitoring for Event ID $eventIDToMonitor in $logName log..."
Monitor-EventLog

Instructions for customization:

1. Set the $logName variable to the name of the Event Log you want to monitor (e.g., "System", "Application").
2. Set the $eventIDToMonitor variable to the specific Event ID you want to monitor.
3. Customize the $actionOnEvent script block to define the action to be taken when the specified event is found. This could include sending notifications, logging, or other actions.

Save the script with a .ps1 extension, for example, EventLogMonitoringScript.ps1, and run it. Keep in mind that this script will run indefinitely, continuously monitoring the specified event in the event log. Adjust the sleep interval as needed based on your monitoring requirements.