Recipe 8.13. Triggering an Action When an Event Occurs
ProblemYou want to kick off a program or script when a particular event occurs. For example, you may want to send yourself an email when the event occurs or write another event to the event log. SolutionUsing a graphical user interfaceEvent Viewer doesn't support creating triggers. Using a command-line interfaceWindows Server 2003 comes with a new tool called eventtriggers that allows you to configure event log triggers. > eventtriggers /Create /TR "<TriggerName>" /L <LogName> /EID <EventID> /TK <Command> For example: > eventtriggers /Create /TR "Email Trigger" /L Application /EID 177 /TK "cscript c:\scripts\email.vbs" To view the list of event log triggers configured on a server, run this command: > eventtriggers /query /s <ServerName> To delete a trigger with ID 1, run this command: > eventtriggers /delete /s <ServerName> /TID 1 To get a list of configured triggers, run this command: > eventtriggers /query /s <ServerName> Using VBScriptSee Recipe 8.14 for an example of how to monitor events as they occur via a script. DiscussionThe eventtriggers utility is a powerful new tool that can run on a Windows XP or Windows Server 2003 computer and that runs a command when a specific event occurs. It has three main options for managing event triggers: /Create, /Delete, and /Query. Here is the syntax for the eventtriggers /Create option: Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /TR triggername Specifies a friendly name to associate with the Event Trigger. /L log Specifies the NT Event Log(s) to monitor events from. Valid types include Application, System, Security, DNS Server Log, and Directory Log. The wildcard "*" may be used and the default value is "*". /EID id Specifies a specific Event ID the Event Trigger should monitor. /T type Specifies an Event Type that the trigger should monitor. Valid values include "ERROR", "INFORMATION", "WARNING", "SUCCESSAUDIT", and "FAILUREAUDIT". /SO source Specifies a specific Event Source the Event Trigger should monitor. /D description Specifies the description of the Event Trigger. /TK taskname Specifies the task to execute when the Event Trigger conditions are met. /RU username Specifies the user account (user context) under which the task runs. For the system account value must be "". /RP password Specifies the password for the user. To prompt for the password, the value must be either "*" or none. Password will have no effect for the "SYSTEM" account. |