New-PefEventLogTrigger
New-PefEventLogTrigger
Creates a trigger that signals when an event log logs an entry.
Sintaxe
Parameter Set: Default
New-PefEventLogTrigger [-LogName] <String> [-CheckTimerPeriodMs <Int32> ] [-EventId <Int32> ] [-EventSourceName <String> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-MachineName <String> ] [-Repeat] [ <CommonParameters>]
Descrição detalhada
The New-PefEventLogTrigger cmdlet creates a trigger that signals when a specified entry is logged in an event log. An event log trigger waits for a specific event from the System log, Application log, or Security log. You can monitor a remote computer or the local computer. The trigger becomes active when you associate it to a Protocol Engineering Framework (PEF) action.
Parâmetros
-CheckTimerPeriodMs<Int32>
Specifies how often, in milliseconds, to check for an event. The trigger checks whether the specified log contains the event. The default value is 2000 ms.
Aliases |
none |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-EventId<Int32>
Specifies the event ID of the event to wait for. If you do not specify an ID, the trigger waits for an event with any ID.
Aliases |
none |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-EventSourceName<String>
Specifies the source name of the event to wait for. If you do not specify a name, the trigger waits for an event with any source name.
Aliases |
none |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-InformationAction<System.Management.Automation.ActionPreference>
Specifies how this cmdlet responds to an information event. Os valores aceitáveis para este parâmetro são:
-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend
Aliases |
infa |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-InformationVariable<System.String>
Specifies a variable in which to store an information event message.
Aliases |
iv |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-LogName<String>
Specifies the name of the event log to check. Os valores aceitáveis para este parâmetro são:
-- Application
-- Security
-- System
Aliases |
none |
Necessário? |
true |
Posição? |
1 |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-MachineName<String>
Specifies the name of the computer to monitor for the event. The default value is the local computer.
Aliases |
none |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
-Repeat
Indicates that the trigger runs on each occurrence of the event. If you do not specify this parameter, the trigger runs only once.
Aliases |
none |
Necessário? |
false |
Posição? |
named |
Valor padrão |
none |
Aceitar entrada do pipeline? |
false |
Aceitar caracteres curinga? |
false |
<CommonParameters>
Esse cmdlet dá suporte a parâmetros comuns: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer e -OutVariable. Para obter mais informações, consulte about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Entradas
O tipo de entrada é o tipo dos objetos que você pode canalizar para o cmdlet.
Saídas
O tipo de saída é o tipo de objeto emitido pelo cmdlet.
Exemplos
Example 1: Create an event log trigger that stops a trace session
This example creates an event log trigger, and then associates it to a Trace Session. The Trace Session stops when the trigger finds the specific event in the Application log.
The first command creates a trigger object for an Application log event from the PEFTestSource source, and then stores it in the $Trigger01 variable.
The second command uses the New-PefTraceSession cmdlet to create a Trace Session object, and then stores it in the $TraceSession01 variable.
The third command uses the Add-PefMessageSource cmdlet to specify a provider for the session that is stored in the $TraceSession01 variable.
The fourth command uses the Stop-PefTraceSession cmdlet to create a stop action for the event log trigger that is stored in the $Trigger01 variable, and associates that action with the session that is stored in the $TraceSession01 variable.
The final command uses the Start-PefTraceSession cmdlet to start the Trace Session that is stored in the $TraceSession01 variable.
PS C:\> $Trigger01 = New-PefEventLogTrigger -LogName "Application" -EventSourceName "PEFTestSource" -EventID 1234
PS C:\> $TraceSession01 = New-PefTraceSession -Mode Circular -Force -Path "C:\Traces\EventLog" -TotalSize 50 -SaveOnStop
PS C:\> Add-PefMessageSource -PEFSession $TraceSession01 -Source "Microsoft-Pef-WFP-MessageProvider"
PS C:\> Stop-PefTraceSession -PEFSession $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefTraceSession -PEFSession $TraceSession01