From Microsoft MSDN, The Get-WinEvent data from event logs that are generated by the Windows Event Log technology introduced in Windows Vista.And, events in log files generated by Event Tracing for Windows (ETW).By default, Get-WinEvent returns event information in the order of newest to oldest.
Get-winevent : Gets events from event logs and event tracing log files on local and remote computers. The Get-WinEvent cmdlet uses the LogName parameter to specify the Windows PowerShell event log. The event objects are stored in the $Event variable.
This script reads the event log “Microsoft-Windows-TerminalServices-LocalSessionManager/Operational” from servers and outputs the human-readable results to Mail. The -MaxEvents 1 Specifies the maximum number of events that are returned. Enter an integer such as 100. The default is to return all the events in the logs or files.
################################################################# #Project : How to Use PowerShell to Detect Logins and Alert Through Email using SendGrid #Developer : Thiyagu S (dotnet-helpers.com) #Tools : PowerShell 5.1.15063.1155 #E-Mail : mail2thiyaguji@gmail.com ################################################################## $Timestamp = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId((Get-Date), 'India Standard Time') $Text = "Timelines in IST" $EmailBody = get-winevent -filterhashtable @{logname='Microsoft-Windows-TerminalServices-LocalSessionManager/Operational';id=21} -MaxEvents 1 | Format-List -Property TimeCreated,Message $EmailFrom = "servermonitor@dotnet-helpers.com" $EmailTo = "dotnet-helpers@accenture.com mail2thiyaguji@gmail.com" $EmailSubject = "Server Login Notification" $SMTPServer = "smtp.sendgrid.net" [string][ValidateNotNullOrEmpty()] $Username = "azure_ad8e8e784erf789.com" [string][ValidateNotNullOrEmpty()] $pwd = "xxxxxxxxxxx" $pwd1 = ConvertTo-SecureString -String $pwd -AsPlainText -Force $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username, $pwd1 $SMTPPort = 587 Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body ($EmailBody + "($Text)" + "($Timestamp)" | Out-String) -SmtpServer $SMTPServer -Port $SMTPPort -Credential $cred
The Windows Task Scheduler can automatically send email at a specific time or in response to a specific event. The below article will help to configure the script in Windows Scheduler Task
Here i setting this script to execute the script if any user log in to the server, so it will intimate to the supervisor by triggering mail. Go to Triggers tab and add a new trigger. The trigger should be set to fire at log on, which can be selected from the drop down.