New-PefMessageTrigger
New-PefMessageTrigger
Creates a trigger based on detecting a specified message type in a Trace session.
Syntax
Parameter Set: Default
New-PefMessageTrigger [-Session] <IPpkCaptureSession> [-Filter] <String> [-Repeat] [ <CommonParameters>]
Detailed Description
The New-PefMessageTrigger cmdlet creates a message trigger. You can use a message trigger to start, stop, save, and filter a Protocol Engineering Framework (PEF) Trace Session based on message types, for example, a protocol name such as ARP or ICMP. The server activates the trigger when you associate the trigger with the PEF action.
Parameters
-Filter<String>
A string that specifies a trace filter. You can use the Set-PefCaptureFilter cmdlet to create the trace filter that defines the type of message that stops the Trace Session.
Aliases |
none |
Required? |
true |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Repeat
Indicates that a trigger runs on each occurrence of a specified event.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Session<IPpkCaptureSession>
Specifies a Trace Session. To create a Trace Session, use the New-PefCaptureSession cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Stop a Trace Session based on a filtered message type
This example starts a Trace Session in linear capture mode. The Trace Session continues until ICMP traffic is detected or certain disk quotas are reached on the computer where the Trace Session is running.
The first command uses the New-PefCaptureSession cmdlet to create a Trace Session object and stores it in the $TraceSession01 variable. This cmdlet also uses the Name and Path parameters to specify a source file for data input and a save location for trace results, respectively.
The second command uses the Add-PefMessageProvider cmdlet to specify a provider for the Trace Session stored in the $TraceSession01 variable.
The third command uses the New-PefMessageTrigger cmdlet to create a new message trigger object and stores it in the $Trigger01 variable.
The fourth command uses the Stop-PefCaptureSession cmdlet to create a stop action for the trigger stored in the $Trigger01 variable and associates that action with the Trace Session stored in the $Trace Session01 variable.
The fifth command uses the Start-PefCaptureSession cmdlet to start the Trace Session stored in the $TraceSession01 variable. The SaveOnStop parameter in the New-PefCaptureSession cmdlet causes the Trace Session to be saved to the specified file location and format after the first ICMP protocol message is parsed.
PS C:\> $TraceSession01 = New-PefCaptureSession -Mode Linear -Name ".\myTrace.matu" -SaveOnStop –Path ".\Result.matu"
PS C:\> Add-PefMessageProvider -Session $TraceSession01 –Provider "Microsoft-PEF-NDIS-PacketCapture"
PS C:\> $Trigger01 = New-PefMessageTrigger -Filter "icmp"
PS C:\> Stop-PefCaptureSession -Session $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefCaptureSession -Session $TraceSession01