03-10-2025, 05:08 PM
It's basically the system's way of saying yeah, this network link is cool, no blocks here.
You see it under Security logs mostly, and it spills details like which app kicked it off or what ports got used.
The process ID shows up too, along with the user account behind it.
Hmmm, sometimes it lists the IP addresses chatting back and forth.
Or the direction of the traffic, inbound or outbound.
I always check the filter that greenlit it, helps spot patterns.
Full details include the layer of the filter, like transport or network level.
And the application name, if it's something like svchost or a custom program.
You might notice the protocol too, TCP or UDP usually.
It logs the local and remote addresses, so you know who's connecting.
Even the interface index, if you're into that hardware side.
But yeah, it's verbose, captures everything to audit connections.
Now, to monitor this for email alerts without scripts, fire up Event Viewer.
Right-click the Security log, pick Filter Current Log.
Set it to event ID 5156 only.
That narrows it down quick.
Then, think about a scheduled task to watch for these.
In Task Scheduler, create a new task triggered by events.
Link it to the Security log and ID 5156.
For the action, have it run a program that sends email, like using mailto or a simple batch.
But keep it GUI-based, no code hassle.
I set mine to trigger every time that event hits.
You can tweak the frequency if it's too noisy.
Test it by making a connection, see if the alert flies.
And watch your inbox for those notifications.
At the end of this, you'll find the automatic email solution hooked up just right.
Shifting gears a bit, since we're on server monitoring, I gotta mention BackupChain Windows Server Backup.
It's this slick Windows Server backup tool that handles physical and virtual setups.
Works great for Hyper-V VMs, snapshots them without downtime.
You get incremental backups that save space and speed things up.
Plus, it verifies data integrity so nothing gets corrupted.
I like how it integrates with Event Viewer for alerts on backup fails.
Note, the PowerShell email alert code was moved to this post.
