Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
JSI Tip 7297. The Windows XP and Windows Server 2003 EventTriggers utility.
Jerold Schulman
October 7, 2003
5 Min Read
When you use the Windows XP CMD help., or Windows Server 2003 CMD help, and press Eventtriggers on the New command-line tools page, you see:
Eventtriggers
Displays and configures event triggers on local or remote machines.
eventtriggers create
Creates a new event trigger that monitors and acts upon the occurrence of log events of given criteria.
Syntax
eventtriggers[.exe] /create [/s Computer [/u DomainUser [/p Password]]] /tr TriggerName [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS Server"] [LOG] [DirectoryLogName] [*] ] {[/eid ID] | [/t {ERROR | INFORMATION | WARNING | SUCCESSAUDIT | FAILUREAUDIT}] | [/so Source]} [/d Description] /tk TaskName
Parameters
/s Computer Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u DomainUser Runs the command with the account permissions of the user specified by User or DomainUser. The default is the permissions of the current logged on user on the computer issuing the command. /p Password Specifies the password of the user account that is specified in the /u parameter. /tr TriggerName Specifies a friendly name to associate with the event trigger. /l [APPLICATION] [SYSTEM] [SECURITY] ["DNS Server"] [LOG] [DirectoryLogName] [*] ] Specifies the event log(s) to monitor. Valid types include: Application, System, Security, DNS server, Log, and Directory log. The wildcard (*) can be used and is the default value. /eid ID Specifies a specific event ID for which the event trigger should monitor. Valid values are any valid integer. /t {ERROR | INFORMATION | WARNING | SUCCESSAUDIT | FAILUREAUDIT} Specifies an event type for which the event trigger should monitor. Valid values include: ERROR, INFORMATION, WARNING, SUCCESSAUDIT, and FAILUREAUDIT. Cannot be used in conjunction with the /id or /so parameters. /so Source Specifies an event source for which the event trigger should monitor. Valid values are any string. Cannot be used in conjunction with the /id or /type parameters. /d Description Specifies a detailed description of the event trigger. Valid values are any string. /tk TaskName Specifies the task/command/line to execute when the event trigger conditions are met. /? Displays help at the command prompt.
Remarks
When using the parameters /eid, /t and /so together, a log event must match the criteria specified by all three parameters for the event trigger to be created.
Examples
The following examples show how you can use the eventtriggers /create command:
eventtriggers /create /tr "Disk Cleanup" /l system /t error /tk c:windowssystem32cleanmgr.exe
eventtriggers /create /s srvmain /u maindomhiropln /p p@ssW23 /tr "Low Disk Space" /eid 4133 /t warning /tk \serversharediskcleanup.cmd
eventtriggers /create /s srvmain /user maindomhiropln /p p@ssW23 /tr "Disk Backup" /eid 4133 /l system /t error /tk \serversharetbackup.exe
eventtriggers delete
Deletes an event trigger from a system by event trigger ID.
Syntax
eventtriggers[.exe] /delete [/s Computer [/u DomainUser [/p Password]]] /tid {ID | *}
Parameters
/s Computer Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u DomainUser Runs the command with the account permissions of the user specified by User or DomainUser. The default is the permissions of the current logged on user on the computer issuing the command. /p Password Specifies the password of the user account that is specified in the /u parameter. /tid {ID | *} Specifies the event trigger(s) to be deleted by "Event Trigger ID". The (*) wildcard can be used. /? Displays help at the command prompt.
Examples
The following examples show how you can use the eventtriggers /delete command:
eventtriggers /delete /tid 1 /tid 2 /tid 4 /tid 6
eventtriggers /delete /s srvmain /u maindomhiropln /p p@ssW23 /tid *
eventtriggers /delete /s srvmain /u maindomhiropln /p p@ssW23 /tid 1
eventtriggers query
Queries and displays a system's event trigger properties and settings.
Syntax
eventtriggers[.exe] /query [/s Computer [/u DomainUser [/p Password]]] [/fo {TABLE | LIST | CSV}] [/nh] [/v]
Parameters
/s Computer Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u DomainUser Runs the command with the account permissions of the user specified by User or DomainUser. The default is the permissions of the current logged on user on the computer issuing the command. /p Password Specifies the password of the user account that is specified in the /u parameter. /fo {TABLE | LIST | CSV} Specifies the format to use for the query output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE. /nh Suppresses column header in the output. Valid when the /fo parameter is set to TABLE or CSV. /v Specifies that detailed information be displayed in the output. /? Displays help at the command prompt.
Examples
The following examples show how you can use the eventtriggers /query command:
eventtriggers /query
eventtriggers /query /s srvmain
eventtriggers /query /s srvmain /u maindomhiropln /p p@ssW23 /fo list
Remarks
When specified without an operation, eventtriggers returns a list of event triggers. To see a list of event triggers, type:
eventtriggers
Output similar to the following appears:
Trigger ID Event Trigger Name Task========== ========================== ============================================== 1 Disk Cleanup c:windowssystem32cleanmgr.exeIn the case that an event fails to execute, eventtriggers creates a log file called TriggerConsumer.log in the windowssystem32wbemlogs directory containing a message that the event failed to trigger.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
