Running a task when a specific event is logged in Windows Event Log can be very useful when monitoring critical events. For example, you can run a task that sends out an email when an event is logged related to network interface is down. Of course, this will only be useful if the machine is multi-homed. Anyway, hopefully you get the idea.
Scenario:
Run a task when a message “Hello world” is logged to 8thstring log location and the source is 8thsource. It might make sense to see this blog for reference.
Steps:
Open Task Scheduler (taskschd.msc /s)
Create a task
Name it like TestRunTask
Under Triggers tab, select New...
In the New Trigger window, select On an event for Begin the task, then select Custom and finally click on New Event Filter...
In the New Event Filter window, select XML tab then enable Edit query manually
You can use the XML fragment below as reference
<QueryList>
<Query Id="0" Path="8thstring">
<Select Path="8thstring">
*[System[Provider[@Name='8thsource']]]
and
*[EventData[(Data='Hello world')]]
</Select>
</Query>
</QueryList>
In the Actions tab click on New...
In the New Action window, type notepad in Program/script: and click on OK
Finally, click on OK on the main dialog to save it.
To test this run the following in PowerShell - again, assuming you have done this.
Write-EventLog -LogName 8thstring -Source 8thSource -Message "Hello world" -EventId 0 -EntryType information
You should observe that a new instance of Notepad.exe runs on the current session.
No comments:
Post a Comment