Skip to main content

Run a task when specific event is logged in Windows Event Log

By

Running a task when a specific event is logged in Windows Event Log can be very useful when monitoring critical events. For example, you can run a task that sends out an email when an event is logged related to network interface is down. Of course, this will only be useful if the machine is multi-homed. Anyway, hopefully you get the idea. 


Scenario:

Run a task when a message “Hello world” is logged to 8thstring log location and the source is 8thsource. It might make sense to see this blog for reference. 


Steps:

  1. Open Task Scheduler (taskschd.msc /s)

  2. Create a task

  1. Name it like TestRunTask

  1. Under Triggers tab, select New...

  1. In the New Trigger window, select On an event for Begin the task, then select Custom and finally click on New Event Filter...

  1. In the New Event Filter window, select XML tab then enable Edit query manually

You can use the XML fragment below as reference

<QueryList>

  <Query Id="0" Path="8thstring">

    <Select Path="8thstring">

        *[System[Provider[@Name='8thsource']]]

        and

        *[EventData[(Data='Hello world')]]

    </Select>

  </Query>

</QueryList>


  1. In the Actions tab click on New...

  1. In the New Action window, type notepad in Program/script: and click on OK

  1. Finally, click on OK on the main dialog to save it.

  2. To test this run the following in PowerShell - again, assuming you have done this.

Write-EventLog -LogName 8thstring -Source 8thSource -Message "Hello world" -EventId 0 -EntryType information


You should observe that a new instance of Notepad.exe runs on the current session.


Labels:

Comments

Post a Comment

Popular posts from this blog

Error! Could not locate dkms.conf file install VirtualBox 4.1.8 on Ubuntu 11.10

By
Tried to update my Ubuntu host today and it did pickup that new version of VirtualBox is available (4.1.8). All other packages installed properly except that VirtualBox installation was complaining about missing dkms.conf file, see error message below. $: sudo /etc/init.d/vboxdrv setup * Stopping VirtualBox kernel modules [ OK ] * Uninstalling old VirtualBox DKMS kernel modules Error! Could not locate dkms.conf file. File: does not exist. [ OK ] * Trying to register the VirtualBox kernel modules using DKMS [ OK ] * Starting VirtualBox kernel modules [ OK ] Though it looks like installation was fine but I am concerned about its effects to VirtualBox functionality. To fix this, do: $: cd /var/lib/dkms/vboxhost $: sudo rm -r 4.1.4 $: sudo /etc/init.d/vboxdrv setup Of course you have to re
11 comments
Read more

The following add-ins could not be started MonoDevelop.GnomePlatform

By
Installing MonoDevelop in OpenSUSE 12.2 from its repository was very easy. When running it for the first time though I got the message: The following add-ins could not be started: The root of the trace shows MonoDevelop.GnomePlatform,2.8 A quick search shows that MonoDevelop depends on libgnomeui . This should have been part of dependencies when installing the application but well.... Below is the screen shot of the error message. References: http://software.1713.n2.nabble.com/MonoDevelop-and-openSUSE-12-1-td7462957.html [2013/04/09] - Same issue observed in OpenSUSE 12.3 and also the same fix. [2014/11/02] - Same issue observed in OpenSUSE 13.3, mondevelop 3.0.6 and the same fix.
21 comments
Read more