Email powershell log security information

Question

i'm looking for help for a following problem, i have a script, that every new event 4625, triggers an email to me, however, i need to enter the server, open the event viewer, and check the account name that was tried to log on. Here comes my problem, couldn't this email already contain this information? so I created a script with the little knowledge I have, and with something I already found here, it follows:

Script1:

$EmailTo = "[email protected]"
$Subject = " FALHA LOGON $env:ComputerName"

$Body = Get-EventLog -LogName 'Security' `
 -Newest 1 `
 -InstanceId 4625 |
 Select-Object @{
  Name='TargetUserName'
  Expression={$_.ReplacementStrings[5]}
 },
 @{
  Name='WorkstationName'
  Expression={$_.ReplacementStrings[1] -replace '\$$'}
 },
 @{
  Name='IpAddress'
  Expression={$_.ReplacementStrings[-2]}
 }
 
$smtpserver = "smtp.smtp.com.br"
$smtpclient = new-object net.mail.smtpclient($smtpserver, 587)
$smtpclient.credentials = new-object system.net.networkcredential("[email protected]","PASSWORD")
$smtpclient.send($emailfrom, $emailto, $subject, $body)    ````

And returns:


````    It is not possible to find an overhead for "send" and the argument count: "4".
No line: 24 characters: 1
+ $ smtpclient.send ($ emailfrom, $ emailto, $ subject, $ body)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~
    + CategoryInfo: NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId: MethodCountCouldNotFindBest    ````


Script2:



````    $EmailFrom = "[email protected]"
$EmailTo = "[email protected]"
$Subject = " LOGON $env:ComputerName"
$result = Get-EventLog -LogName Security -InstanceId 4624 -Newest 1 |
   ForEach-Object {
     [PSCustomObject]@{
     User = $_.ReplacementStrings[5]
     Access = $_.ReplacementStrings[10]
     }
   }
$result | Select-Object User, Access
$Body = $result | Select-Object User, Access

$smtpserver = "smtp.smtp.com.br"
$smtpclient = new-object net.mail.smtpclient($smtpserver, 587)
$smtpclient.credentials = new-object system.net.networkcredential("[email protected]","PASSWORD")
$smtpclient.send($emailfrom, $emailto, $subject, $body)    ````


And returns:

````    It is not possible to find an overhead for "send" and the argument count: "4".
No line: 17 characters: 1
+ $ smtpclient.send ($ emailfrom, $ emailto, $ subject, $ body)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~
    + CategoryInfo: NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId: MethodCountCouldNotFindBest    ````

What im doing wrong?

All four parameters in smtpclient.send need to be string. What's the type of Body? — OwlsSleeping, Aug 24 '20 at 18:31
You need to convert `$body` to a string eg. `$smtpclient.Send($EmailFrom,$EmailTo,$Subject,$($body |Out-String))`. But it would probably be easier to use [`Send-MailMessage`](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage) — Mathias R. Jessen, Aug 24 '20 at 18:32

Email powershell log security information

0 Answers0