Set-PefCaptureFilter
Applies To: Windows Server 2012 R2 Preview
Set-PefCaptureFilter
Adds a Trace Filter to a PEF Trace Session.
Syntax
Parameter Set: Default
Set-PefCaptureFilter [-Session] <IPpkCaptureSession> [[-Filter] <String> ] [-Trigger <Trigger[]> ] [ <CommonParameters>]
Detailed Description
The Set-PefCaptureFilter cmdlet creates an action that adds a Trace Filter to a Protocol Engineering Framework (PEF) Trace Session.
Parameters
-Filter<String>
Specifies a string that acts as a Trace Filter. A Trace Filter defines what messages a Trace Session retrieves according to the specified filtering criteria. To learn more about Trace Filters, see the Message Analyzer Operating Guide
Aliases |
none |
Required? |
false |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Session<IPpkCaptureSession>
Specifies an object that contains a Trace Session. To create a Trace Session, use the New-PefCaptureSession cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
-Trigger<Trigger[]>
Specifies an array of Trigger objects.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Add a Trace Filter to a Trace Session that closes with a stop trigger
This example adds a Trace Filter to a PEF Trace Session that stops after a 150 second interval expires.
The first command uses the New-PefCaptureSession cmdlet to create a Trace Session object and stores it in the $TraceSession01 variable. This command includes the SaveOnStop parameter and specifies a file path, IcmpTrace.matu in the current directory, for the saved Trace Session.
The second command uses the New-PefTimeSpanTrigger cmdlet to create a trigger with a TimeSpan value of 150 seconds. For information about how to use the New-TimeSpan cmdlet to specify a TimeSpan value, type Get-Help New-TimeSpan.
The third command sets a Trace Filter with the string value “icmp” for the Trace Session stored in the $TraceSession01 variable. Note that this filter takes effect immediately when the Trace Session starts.
The fourth command uses the Add-PefMessageProvider cmdlet to specify a provider for the Trace Session stored in the $TraceSession01 variable.
The fifth command uses the Stop-PefCaptureSession cmdlet to create a stop action for the trigger stored in the $Trigger02 variable, and associates that action with the Trace Session stored in the $TraceSession01 variable.
The sixth command uses the Start-PefCaptureSession cmdlet to start the Trace Session stored in the $TraceSession01 variable.
PS C:\> $TraceSession01 = New-PefCaptureSession -Mode Circular -Path ".\IcmpTrace.matu" -SaveOnStop
PS C:\> $Trigger02 = New-PefTimeSpanTrigger -TimeSpan (New-TimeSpan -Seconds 150)
PS C:\> Set-PefCaptureFilter -Session $TraceSession01 -Filter "icmp"
PS C:\> Add-PefMessageProvider -Session $TraceSession01 –Provider "Microsoft-PEF-NDIS-PacketCapture"
PS C:\> Stop-PefCaptureSession –Session $TraceSession01 -Trigger $Trigger02
PS C:\> Start-PefCaptureSession –Session $TraceSession01