I found a command today that proved to be very useful that I’d like to share.
· /query - Displays the event triggers currently configured on a specified system.
· /create - is used to create an event trigger,
· /delete - used to delete the trigger
· /tr - is the name you would like to give to the event trigger
· /ru - is the user name to run under
· /rp - is the user password
· /tk - is the action you would like performed when triggered
The switches below cannot be used in conjunction together. You may use any one of these, but only one at a time may be used.
· /eid - is the event id number you wish to track
· /t – can be used to specify event type (Error, Information, Warning, Successaudit, Failureaudit)
· /so – used to specify source
Essentially this command will create a job that is always running. Anytime the event id specified is seen, it will perform the given action. Used in combination with other commands or batch files to perform desired fixes or alerts this becomes a powerful tool.
First I’ll show a few examples and then some commands that I used in conjunction with this.
Create a new task
eventtriggers /create /eid 540 /tr Event540 /ru user@domain.com /rp mypwd /tk cmdorfiletorun.bat
See tasks that have been created
eventtriggers /query
Remove tasks
eventtriggers /delete /tid 1
Below are a couple commands I used to add some functionality, granted the options are limitless as to what you could create.
MAILSEND – download here
There are many similar tools that can be used to send mail from cmd, this is just but one of those. This command can be used in many ways. If you type MAILSEND alone it can be used in an interactive mode. You can enter the parameters for the whole message in one line as shown below or you can pass the message parameters from a text file.
MAILSEND – download here
There are many similar tools that can be used to send mail from cmd, this is just but one of those. This command can be used in many ways. If you type MAILSEND alone it can be used in an interactive mode. You can enter the parameters for the whole message in one line as shown below or you can pass the message parameters from a text file.
MAILSEND -d mydomain.com -smtp 192.168.0.200 -t me@mydomain.com -f you@yourdomain.com -sub "test" -m msg.txt
Example sending a message with the information defined in a text file
MAILSEND < send.txt
Content of send.txt:
192.168.0.200
mydomain.com
me@mydomain.com
you@yourdomain.com
Mail body starts here.
- The first line is the SMTP server address or IP address.
- The second line is the domain used in SMTP HELO.
- The third line is the From address.
- The fourth line the To address/es. They can be command separated.
- Right after the To the mail body starts.
Back to the eventriggers command above, I created a batch file using the mailsend command so that when an event was triggered it would send me an email to notify me. The only issue I had with this was that eventtriggers only looked at the event ID and not any other information, at least not at the same time. The event I was interested in sometimes came from another source for which was not of any importance, so in order to make things more precise in my alerts I moved to the next command below, psloglist.
PSLOGLIST:
This is a part of the PSTools package formerly by sysinternals. These are a great set of commands and if you’ve not worked with them before you should give them a look.
PSLOGLIST:
This is a part of the PSTools package formerly by sysinternals. These are a great set of commands and if you’ve not worked with them before you should give them a look.
Psloglist allows you to dump and parse logs from Event Viewer or from other specified log files.
You can do a lot with this command so feel free to review the link above to see all the options. Here I’m simply going to describe an example that benefited me while building out my eventtriggers action.
As mentioned, I was looking for a specific event but I was also looking for it to come from a specific source as well. I was only concerned with the last occurrence of the event because this command would be run each time the event was seen so only the last occurrence was of importance. The command I used was something like this:
psloglist –I 108 –n > event.txt
Because I planned to email the output of I wanted to add a small reminder message about why this alert was going out. So after the psloglist command I simply used echo to add my message.
echo. >> event.txt
echo this is my message >> event.txt
If you’ve been following along we have the makings of a pretty useful solution coming along. There was one last step in my process left and that was simply the find statement which is a native command so I won’t go into do much detail.
FIND:
Putting it all together
FIND:
Putting it all together
Hopefully you have followed along so far, let’s put it all together so it makes since.
1. Generate the eventtriggers task. This command looks for event ID 108, it names the task Event108, then when detected executes alert.bat
eventtriggers /create /eid 108 /tr Event108 /ru user@domain.org /rp **pwd** /tk c:\alert.bat
2. Create the batch file. Here is where the creativity comes in. You could create a script to run any task your heart can program. The one here is fairly simple. Psloglist looks for the last occurrence of event id 108 in the application log and outputs the info to a text file. I added a small note after this information to remind the recipient as to why they got the alert. Next I look in the text file for a particular string to ensure the event came from the source I’m concerned with. Below I used the example “Magic”. If the string is present I will send an alert using the mailsend command, including the contents of the eventid.txt as the body. If the string is not present the file exits and is complete.
@echo off
psloglist -i 108 -n 1 application > c:\eventid.txt
echo. >> c:\eventid.txt
echo May need to restart Service >> c:\eventid.txt
find "Magic" c:\eventid.txt>NUL 2>&1 &&GOTO MailAlert
exit
:MailAlert
mailsend -sub "Server - Alert" -m c:\eventid.txt < c:\send.txt
exit
In the commands above I alluded to needing to restart a service. I could do this manually of course but if I desired I could take it a step further and have the bat file not only send the email alert but I could have it restart the service for me using net stop and net start. I’ve now created an alert and instant correction for a problematic service. One of many potential uses!
As always I hope you’ve enjoyed reading my blog and perhaps I’ve been able to help inspire you to find a new solution for another perplexing problem!
Good ԁаy! I just wish tο offer you a big thumbs up foг thе great
ReplyDeleteinfoгmatіon you've got right herе on this ρоst.
I am rеturning to yοur websitе foг more soon.
Herе iѕ my ρage; merchant services