This article is based on the requirement I recently encountered where I was required to monitor a specific exception type and if it occurred, the admins needed to be notified at the same time.
In this demo, I am considering a scenario in which if we ever encounter an Event ID “1101”, that would mean the SharePoint Site or any related service is down and in that case, the administrators will get email notifications automatically.
![1]()
In order to accomplish this, let's start with writing a PowerShell function “Monitor-Event-Logs” as shown in Step 1 of the below image.
In Step 2, we are making use of “Get-EventLog” commandlet by instructing it to get the topmost of the latest application log where the Event ID = “1101”.
We can check for Event Object for null and if it returns the data, we prepare the Email Content consisting of relevant data in as shown in Step 3.
In Step 4, we are sending an email notification to the Administrators by using another generic function “Send-Email”.
![2]()
![3]()
There is an external function, “Execute-Process”, that will call the “Monitor-Event-Logs” function by passing the required Event ID as shown in Step 5.
In Step 6, we are initializing the required variables pointing to the email ids of the respective contact persons.
Finally, in Step 7, we will call the “Execute-Process” function that will drive the whole mechanics.
![4]()
Once the function gets executed, we can see the email arrived notifying the error to the administrators, as shown below.
![5]()
![6]()
To make this process more intuitive, I got this script scheduled using Windows Task Scheduler to run at specific time intervals and scan the logs for specific Event IDs.
In my actual implementation, I designed the “Monitor-Event-Logs” function to accept an array of Event IDs to be monitored; so you can try it that way depending on your requirements.
Hope you find it helpful.