SharePoint 2016/2013 : Event Log Monitoring by PowerShell Automation

This article is based on the requirement I recently encounter where I was required to monitor a specific exception type and if it occurs the Admins should be notified at the same time.

In this demo I am considering a scenario that if ever we have encountered an Event ID “1101” that would mean the SharePoint Site or any related service is down and in that case the Administrators will get Email Notifications automatically.


In order to accomplish this let start with writing a PowerShell function “Monitor-Event-Logs” as shown in Step 1

In Step 2 we are making use of “Get-EventLog” commandlet by instructing it to get the top 1 latest Application Log where the Event ID = “1101”

We can check for Event Object for null and if it returns the data  we prepare the Email Content comprising of relevant data in as shown in Step 3

In Step 4 we are sending Email Notification to the Administrators by using another generic function “Send-Email”


There is an external function “Execute-Process” that will call the “Monitor-Event-Logs” function by passing required Event ID as shown in Step 5

In Step 6 we are initializing the required variables pointing to the email ids of the respective contact persons

Finally in Step 7 we will call the “Execute-Process” function that will drive the whole mechanics.


Once the function gets executed we can see the email arrived notifying the error to the administrators as shown below:


To make this process more intuitive I got this script scheduled using Windows Task Scheduler to run on a specific time intervals and scan the logs for specific Event IDs.

In my actual implementation I design the “Monitor-Event-Logs” function to accept an array of Event IDs to be monitored so you can try it that way depending on your requirements.

Hope you find it helpful.




2 thoughts on “SharePoint 2016/2013 : Event Log Monitoring by PowerShell Automation

  1. Any organization of any size has monitoring tools in place for the entire data center. These tools do what you describe and a lot more. Why not ask the back-office infrastructure team to add this exception to the alert list? And if you don’t have some sort of monitoring tool in place for things like DNS service down, SQL server down, Internet down, etc., you have a lot bigger problems.

    • Thanks for your view on this. Yes you are correct most companies have monitoring tools in place to look after applications & network resources.

      But think of a scenarios where you need event tracking for the application specific events, or could be another scenario of Tool Orchestration where multiple tools working in conjunction with each other and raising events. Also consider a scenario where you are working on a Web Service, RESP API wrappers and want to handle event supported by integration Notification Engines.

      I have implemented all these scenarios in one or the other assignments and there i got the inspiration to develop a centralized Event Tracking & Notification Engine that could be used in all of the above scenarios.

      Hope this clears you the notion behind this implementation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s