 Custom Search Guy recommends: A free desktop tool that monitors, or restarts, your VMware virtual machines. Download your free VM Console Guy’s Best Practice & Litmus Tests Ezine #25 – EventTriggersContents for Ezine #25EventTriggersEventTriggers is a program that you can execute from the Windows 2003 command line. The story with this executable is that it featured in an XP exam question, and I doubted it’s existence. I was convinced that the examiner was trying to pull the wool over my eyes, but no, there it was, to prove it just type eventtriggers in your ‘dos box’. I became curious and this is what my research unearthed. Think of this scenario, let us assume that your server is playing up, a fact confirmed by lots of red dots in the Event Viewer. As a top techie, you want to track down what could be happening. However, being a busy person, you cannot just hang around the server, so you cunningly create a trigger. With EventTriggers, you can automatically fire off a batch file or vbs script which captures useful information. Another idea is ‘self heal’, where your script cures the problem and stops it reoccurring. As with many of these command line programs, EventTrigger’s syntax can be viscous so tune into the rhythm of its many switches. Below is an example which creates a trigger that fires when a Win32 Time error occurs (EID 26). The next paragraph has the full EventTriggers command. Assumptions e:\ log\time.vbs exists, also that you have a user called guyt with a password of s$ll1w0rd. Action: adjust script to a path and user on your system. EventTriggers /create /TR "Guy Trigger" /l system /eid 26 /RU guyt /RP s$ll1w0rd /tk e:\ log\time.bat EventTriggers /create – This is going to create a Trigger (not query or delete a trigger) /TR "Guy Trigger" – What do you want to call your Trigger? /l – (Lower case L) the name of your Event Log to look for the trigger e.g. Application, Security or System /EID – Means event number which acts as the trigger. Check with Event Viewer, Event column /RU – Assumes a user called guyt and /RP s$ll1w0rd sets the password. Note a potential security threat by exposing the password, make sure its a low key account who can perform the operation. (Note change user and password in your Eventtriggers) /TK – This is the business end, what do you want to happen when the event occurs? Which .bat or .vbs file should you execute? In my example I use time.bat to run the command: net time /setsntp:servername. Do try .vbs files if you prefer. Other ideas for triggers. Collect information. For Example, in your batch, pipe information from a program called tasklist to a file in the e drive. Tasklist >> e:\ log\guy.txt Browse through the Event viewer searching for suitable EID (Event Ids) It seems to me that in Windows Server 2003 (and XP) there are more and more executables just lying around waiting for you to double click or ‘Run’. Here are three such programs. Cluadmin is a utility that you will need – one day. EventTriggers is my challenge for you to test and master. Diskpart is there but I never use it because I prefer the GUI equivalent. Guy Recommends: The Free IP Address Tracker (IPAT) |
