Export (0) Print
Expand All

New-PefMessageTrigger

New-PefMessageTrigger

Creates a trigger based on detecting a specified message type in a Trace session.

Syntax

Parameter Set: Default
New-PefMessageTrigger [-Session] <IPpkCaptureSession> [-Filter] <String> [-Repeat] [ <CommonParameters>]




Detailed Description

The New-PefMessageTrigger cmdlet creates a message trigger. You can use a message trigger to start, stop, save, and filter a Protocol Engineering Framework (PEF) Trace Session based on message types, for example, a protocol name such as ARP or ICMP. The server activates the trigger when you associate the trigger with the PEF action.

Parameters

-Filter<String>

A string that specifies a trace filter. You can use the Set-PefCaptureFilter cmdlet to create the trace filter that defines the type of message that stops the Trace Session.


Aliases

none

Required?

true

Position?

2

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Repeat

Indicates that a trigger runs on each occurrence of a specified event.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Session<IPpkCaptureSession>

Specifies a Trace Session. To create a Trace Session, use the New-PefCaptureSession cmdlet.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

True (ByValue)

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Stop a Trace Session based on a filtered message type

This example starts a Trace Session in linear capture mode. The Trace Session continues until ICMP traffic is detected or certain disk quotas are reached on the computer where the Trace Session is running.

The first command uses the New-PefCaptureSession cmdlet to create a Trace Session object and stores it in the $TraceSession01 variable. This cmdlet also uses the Name and Path parameters to specify a source file for data input and a save location for trace results, respectively.

The second command uses the Add-PefMessageProvider cmdlet to specify a provider for the Trace Session stored in the $TraceSession01 variable.

The third command uses the New-PefMessageTrigger cmdlet to create a new message trigger object and stores it in the $Trigger01 variable.

The fourth command uses the Stop-PefCaptureSession cmdlet to create a stop action for the trigger stored in the $Trigger01 variable and associates that action with the Trace Session stored in the $Trace Session01 variable.

The fifth command uses the Start-PefCaptureSession cmdlet to start the Trace Session stored in the $TraceSession01 variable. The SaveOnStop parameter in the New-PefCaptureSession cmdlet causes the Trace Session to be saved to the specified file location and format after the first ICMP protocol message is parsed.


PS C:\> $TraceSession01 = New-PefCaptureSession -Mode Linear -Name ".\myTrace.matu" -SaveOnStop –Path ".\Result.matu"
PS C:\> Add-PefMessageProvider -Session $TraceSession01 –Provider "Microsoft-PEF-NDIS-PacketCapture"
PS C:\> $Trigger01 = New-PefMessageTrigger -Filter "icmp"
PS C:\> Stop-PefCaptureSession -Session $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefCaptureSession -Session $TraceSession01

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft