EventTriggers

EventTriggers

Overview

EventTriggers is a program that you can execute from the Windows 2003 command line.  Think of the following scenario, your server is playing up, a fact confirmed by lots of red dots in the Event Viewer.  As a top techie, you want to track down what could be happening.  However, being a busy person, you cannot just hang around the server, so you cunningly create a trigger. 

With EventTriggers, you can automatically fire off a batch file or vbs script which captures useful information.  Another idea is ‘self heal’, where your script cures the problem and stops it reoccurring.  As with many of these command line programs, EventTrigger’s syntax can be viscous so tune into the rhythm of its many switches.

Syntax

Below is an example which creates a trigger that fires when a Win32 Time error occurs (EID 26).

Consider this command
EventTriggers /create /TR "Guy Trigger" /l system /eid 26 /RU guyt /RP s@ll1w0rd /tk e:\ log\time.bat

Assumptions  e:\ log\time.vbs exists, also that you have a user called guyt with a password of s@ll1w0rd.  Action: adjust script to a path and user on your system.

EventTriggers /create – This is going to create a Trigger (not query or delete a trigger)

/TR "Guy Trigger"  – What do you want to call your Trigger?

/l – (Lower case L) the name of your Event Log to look for the trigger e.g. Application, Security or System

/EID –  Means event number which acts as the trigger.  Check with Event Viewer, Event column

/RU – Assumes a user called guyt and /RP s@ll1w0rd sets the password.  Note a potential security threat by exposing the password, make sure its a low key account who can perform the operation. (Note change user and password in your Eventtriggers command)

/TK – This is the business end, what do you want to happen when the event occurs?  Which .bat or .vbs file should you execute?

In my example I use time.bat to run the command: net time /setsntp:servername.   Do try .vbs files if you prefer.

Other ideas for triggers.

Collect information.  For Example, in your batch, pipe information from a program called tasklist to a file in the e drive.  Tasklist >> e:\ log\guy.txt

Browse through the Event viewer searching for suitable EID (Event Ids)

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Script kindly sent in by Shane Rudy

Shane’s notes.

Note 1: The script will produce a nicely formatted email.

Note 2: Make sure you use the /RU switch

 

const cdoSendUsingPort = 2
const cdoAnonymous = 0
set msg = CreateObject("CDO.Message")
set config = CreateObject("CDO.Configuration")
set msg.Configuration = config
txt = ""

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = ‘Application’ and " _
& "Type = ‘error’")
For Each objEvent in colLoggedEvents
txt = txt & objEvent.TimeWritten & vbCRLF & objEvent.ComputerName & vbCRLF & objEvent.Type & vbCRLF & _
objEvent.EventCode & vbCRLF & objEvent.Message & "http://eventid.net/display.asp?eventid" & _
vbCRLF & objEvent.User & vbCRLF & vbCRLF

Next

if txt <> "" then

txt = "The Following Application Errors Have Occurred on COMPUTERNAME: " & vbcrlf & vbCRLF & txt

else
Wscript.Quit(0)
end if

With msg
.to = """WhoEver""[email protected] "
.from = """WhoEver"" <whoever@whe

rever.com>"
.subject = "Application Errors on ComputerName"
.textbody = txt
End with

prefix = "http://schemas.microsoft.com/cdo/configuration/"

With config.fields
.item(prefix & "sendusing") = cdoSendUsingPort
.item(prefix & "smtpserver") = "SMTPServer"
.item(prefix & "smtpauthenticate") = cdoAnonymous
.update
End With

on error resume next
msg.send
send_error = error.number
on error goto 0

if send_error <> 0 then
wscript.echo "Error Sending Your Message"
wscript.quit 0

end if

If you like this page then please share it with your friends

 


See more VBScript examples:

VBScript create users   • VBScript create contact  • Create contact Exchange  • VBS PwdLastSet

VBScript create computer   • PowerShell create computer from spreadsheet  • Free Import Users Tool

VBScript change password  • VBScript to create group  • SolarWinds Free WMI Monitor