In first part of this article I cover how to edit the existing Task to send Event Details but I will skip basics of Task creation.
I had a situation to trigger an alert for any error logged by FailoverCluster. I had no option to use SCOM, Sitescope or any other monitoring tools. Decided to create a custom monitor!
First option is SQL job or Scheduled task which monitors for specific errors in event viewer once every 10 minutes and send a mail but the challenge is the delay and very frequent event viewer scans.
I have chosen an option to trigger a Scheduled task when a specific event occurred (Log=System, Source=FailoverClustering). Now the bigger challenge is to include the error message in mail!
This feature is not enabled through UI but this can be achieved with some simple steps. Export the job, editing XML file, add
<ValueQueries><Value name="EventData">Event/EventData/Data</Value> </ValueQueries> in <EventTrigger></EventTrigger>
import the job again and use $(EventData) while sending the Email!
For detailed process, refer to http://myitforum.com/cs2/blogs/jmassardo/archive/2011/05/26/event-log-triggers.aspx
If you need to edit the criteria when the event should be triggered, refer to http://blogs.msdn.com/b/davethompson/archive/2011/10/25/running-a-scheduled-task-after-another.aspx
How to include event information in scheduled task (On an Event)