PowerShell – event ID email monitor

Short little script that will email you all EventIDs (in this case 7040 and 1501) for the last 24 hours

#List Event IDs that you want monitored
$EventId = 7040,1501

#Sepcify time frame, and log file
$StartTime = (Get-Date).AddDays(-1)
$events = Get-WinEvent -FilterHashtable @{Logname="System"; ID = $EventId; StartTime=$StartTime}

#Specify To, From, Subject and email server
$EmailFrom = "eventID@alerts.com"
$EmailTo = "user@domain.com"
$Subject ="Alert From $MachineName"
$emailServer = A.B.C.D

$result = @()
foreach ($A in $events) {

$Message = $A.Message
$EventID = $A.Id
$MachineName = $A.MachineName
$Source = $A.ProviderName

	$result += New-Object psobject -Property @{
			EventID = $EventId
            Source = $Source
            MachineName = $MachineName
            Message = $Message
            }
     
}
Send-MailMessage -From $EmailFrom -To $EmailTo -subject $Subject -Body ($result | fl | out-string ) -smtpServer $emailServer -port 25

Wireshark – how to capture relevant data

  1. Clear ARP cache
  2. Clear NETBIOS name cache (nbtstat -R)
  3. Clear DNS resolver cache (ipconfig /flushdns)
  4. Close open sockets relating to the application in question:
    netstat -ano | find "port number"
    taskkill -PID "PID"
    then kill the process (identified by the PID column) in task manager or taskkill command:

    C:\Users\Administrator>netstat -ano | find "55060"
      TCP    127.0.0.1:55059        127.0.0.1:55060        ESTABLISHED     16176
      TCP    127.0.0.1:55060        127.0.0.1:55059        ESTABLISHED     16176
    C:\Users\Administrator>taskkill -PID 16176
    
  5. Clear the browser cache (if the issue is related to a web browser)