Using two third-party tools (tail.exe and blat.exe) it is possible to automatically be emailed contents of a log file when a certain event log entry (matching one of your filters) appears.
For example, when an Audit Failure appears in the security event log that points to an authentication failure reported by IIS, then you can automatically receive an email with the most recent 25 lines of the most current IIS log file.
You will need the following free executables for this example:
1. blat.exe: http://www.blat.net/
2. tail.exe: http://unxutils.sourceforge.net/ (download UnxUtils.zip)
1. Installing the files
Copy both blat.exe and tail.exe either to the system32 directory (e.g. c:\windows\system32) or to a directory for your choice (e.g. c:\batch).
2. Configure Blat
You will need to tell blat which SMTP server it can use before you can starting using it. Run the following command:
blat.exe -install 127.0.0.1 youremail@domain.net
127.0.0.1 is the host name or IP address of your SMTP server, and youremail@domain.net is the default email address used by blat when sending an email.
3. Creating a batch file
Create a batch file with content similar to the following:
@ECHO OFF
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%j%%k
set FILENAME=%SYSTEMROOT%\SYSTEM32\LOGFILES\W3SVC1\EX*%dt%.log
%SYSTEMROOT%\SYSTEM32\TAIL.EXE -n 25 %FILENAME% | %SYSTEMROOT%\SYSTEM32\BLAT.EXE - -to youremail@domain.net -subject "IIS LogFile"
In the above example we need to email an IIS log file which has the following format:
EXYYMMDD.log (YY = Year, MM = Month, DD = Day)
First we retrieve the system date and set the dt variable to the month and day. Then we set the FILENAME variable to the actual filename by using the dt variable we previously defined. The asterisk after EX will match any year, but this is necessary since we would need the year as a two-digit which is not supported by the date /t command.
Finally we pipe the output of the last 25 lines (-n 25) of the log file to blat and email ourselves the file.
4. Create a process notification target
Right-click the Notifications container, select "Add Target", specify a name and select the "Process" tab. Then point the process target to the batch file you previously created in step 3.
5. Setup a filter
Last but not least you will need to setup one or more filters that will trigger the notification you defined in step 4.
Again, you should be able to apply this example to almost any text-based log file by tweaking the batch file, but the possibilities are almost endless.