JSI Tip 7297. The Windows XP and Windows Server 2003 EventTriggers utility.

When you use the Windows XP CMD help., or Windows Server 2003 CMD help, and press Eventtriggers on the New command-line tools page, you see:

Eventtriggers

Displays and configures event triggers on local or remote machines.

eventtriggers create

Creates a new event trigger that monitors and acts upon the occurrence of log events of given criteria.

Syntax

eventtriggers\[.exe\]/create\[/s Computer \[/u Domain\User \[/p Password\]\]\]/tr TriggerName\[/l \[APPLICATION\] \[SYSTEM\] \[SECURITY\] \["DNS Server"\] \[LOG\] \[DirectoryLogName\] \[*\] \]\{\[/eid ID\] | \[/t \{ERROR | INFORMATION | WARNING | SUCCESSAUDIT | FAILUREAUDIT\}\] | \[/so Source\]\}\[/d Description\]/tk TaskName

Parameters

/s Computer
Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/u Domain\User
Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
/p Password
Specifies the password of the user account that is specified in the /u parameter.
/tr TriggerName
Specifies a friendly name to associate with the event trigger.
/l \[APPLICATION\] \[SYSTEM\] \[SECURITY\] \["DNS Server"\] \[LOG\] \[DirectoryLogName\] \[*\] \]
Specifies the event log(s) to monitor. Valid types include: Application, System, Security, DNS server, Log, and Directory log. The wildcard (*) can be used and is the default value.
/eid ID
Specifies a specific event ID for which the event trigger should monitor. Valid values are any valid integer.
/t \{ERROR | INFORMATION | WARNING | SUCCESSAUDIT | FAILUREAUDIT\}
Specifies an event type for which the event trigger should monitor. Valid values include: ERROR, INFORMATION, WARNING, SUCCESSAUDIT, and FAILUREAUDIT. Cannot be used in conjunction with the /id or /so parameters.
/so Source
Specifies an event source for which the event trigger should monitor. Valid values are any string. Cannot be used in conjunction with the /id or /type parameters.
/d Description
Specifies a detailed description of the event trigger. Valid values are any string.
/tk TaskName
Specifies the task/command/line to execute when the event trigger conditions are met.
/?
Displays help at the command prompt.

Remarks

  • When using the parameters /eid, /t and /so together, a log event must match the criteria specified by all three parameters for the event trigger to be created.

Examples

The following examples show how you can use the eventtriggers /create command:

eventtriggers /create /tr "Disk Cleanup" /l system /t error /tk c:\windows\system32\cleanmgr.exe
eventtriggers /create /s srvmain /u maindom\hiropln /p [email protected] /tr "Low Disk Space" /eid 4133 /t warning /tk \\server\share\diskcleanup.cmd
eventtriggers /create /s srvmain /user maindom\hiropln /p [email protected] /tr "Disk Backup" /eid 4133 /l system /t error /tk \\server\share\ntbackup.exe

eventtriggers delete

Deletes an event trigger from a system by event trigger ID.

Syntax

eventtriggers\[.exe\]/delete\[/s Computer \[/u Domain\User \[/p Password\]\]\]/tid \{ID | *\}

Parameters

/s Computer
Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/u Domain\User
Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
/p Password
Specifies the password of the user account that is specified in the /u parameter.
/tid \{ID | *\}
Specifies the event trigger(s) to be deleted by "Event Trigger ID". The (*) wildcard can be used.
/?
Displays help at the command prompt.

Examples

The following examples show how you can use the eventtriggers /delete command:

eventtriggers /delete /tid 1 /tid 2 /tid 4 /tid 6
eventtriggers /delete /s srvmain /u maindom\hiropln /p [email protected] /tid *
eventtriggers /delete /s srvmain /u maindom\hiropln /p [email protected] /tid 1

eventtriggers query

Queries and displays a system's event trigger properties and settings.

Syntax

eventtriggers\[.exe\]/query\[/s Computer \[/u Domain\User \[/p Password\]\]\]\[/fo \{TABLE | LIST | CSV\}\]\[/nh\]\[/v\]

Parameters

/s Computer
Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/u Domain\User
Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
/p Password
Specifies the password of the user account that is specified in the /u parameter.
/fo \{TABLE | LIST | CSV\}
Specifies the format to use for the query output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.
/nh
Suppresses column header in the output. Valid when the /fo parameter is set to TABLE or CSV.
/v
Specifies that detailed information be displayed in the output.
/?
Displays help at the command prompt.

Examples

The following examples show how you can use the eventtriggers /query command:

eventtriggers /query
eventtriggers /query /s srvmain
eventtriggers /query /s srvmain /u maindom\hiropln /p [email protected] /fo list

Remarks

  • When specified without an operation, eventtriggers returns a list of event triggers. To see a list of event triggers, type:

    eventtriggers

    Output similar to the following appears:

    Trigger ID Event Trigger Name         Task
    ========== ========================== ==============================================
             1 Disk Cleanup               c:\windows\system32\cleanmgr.exe
  • In the case that an event fails to execute, eventtriggers creates a log file called TriggerConsumer.log in the \windows\system32\wbem\logs directory containing a message that the event failed to trigger.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish