Getting event log contents by email on an event log trigger on Windows Server 2008 R2 box running TMG 2010

Here's an example of the in-box functionality vs. a simple bit of bolt-on customization. In this e.g., we'll use Event 20274 for RemoteAccess on a Windows Server 2008 R2 box running TMG 2010. This particular event is logged when an inbound VPN connection is established, and the body of the message says who connected, on […]

Here's an example of the in-box functionality vs. a simple bit of bolt-on customization. In this e.g., we'll use Event 20274 for RemoteAccess on a Windows Server 2008 R2 box running TMG 2010. This particular event is logged when an inbound VPN connection is established, and the body of the message says who connected, on what port, and what IP address they've been allocated.

First, inbox functionality. Establish VPN, and find event in the event log. Down in bottom right, choose "Attach Task To This Event…." and walk through the wizard. On first screen, give it an appropriate name such as "A user connected through VPN". On action page, select send an email. On Send an email page, fill in appropriate information for From/To/Subject/Text and SMTP Server. What you'll notice is that there's nowhere to specify what goes in the body. But you can include a static attachment, but that doesn't serve our needs. Finish the wizard, and connect again through VPN to see what email comes through. Not particularly useful. Not yet, anyway.

Here's a command that'll do that (note all on one line): wevtutil qe System "/q:*[System [(EventID=20274)]]" /f:text /rd:true /c:1

More Info: Getting event log contents by email on an event log trigger