Invoke-PefCustomAction

Invoke-PefCustomAction

Creates a PEF action that runs a script block.

Syntax

Parameter Set: Default
Invoke-PefCustomAction [-Script] <ScriptBlock> [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-Trigger <Trigger[]> ] [ <CommonParameters>]

Detailed Description

The Invoke-PefCustomAction cmdlet creates a Protocol Engineering Framework (PEF) action that runs a Microsoft PowerShell script block. Specify a script block to run and a trigger for the action.

Parameters

-InformationAction<System.Management.Automation.ActionPreference>

Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Aliases

infa

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationVariable<System.String>

Specifies a variable in which to store an information event message.

Aliases

iv

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Script<ScriptBlock>

Specifies a script block to invoke. For more information about script blocks, type Get-Help about_script_blocks.

Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Trigger<Trigger[]>

Specifies an array of Trigger objects. When one of these triggers runs, the action runs the script block specified by the Script parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Create an ICMP trigger actionn

This command creates a script block, stored in the variable $Sb, that Invoke-PefCustomAction runs when the trigger criteria matches. The New-PefMessageTrigger cmdlet defines the trigger by specifying a filter for ICMP. When the trigger matches, the script block runs, which displays the message ICMP found.

PS C:\>  $T = New-PefKeyDownTrigger -CtrlC
PS C:\> $Sb = { $Host.UI.WriteErrorLine("ICMP found") }
PS C:\> $S = New-PefTraceSession -Mode Linear -SaveOnStop -Path "C:\Traces\Simple" -Force -SaveAsParsed
PS C:\> Add-PefMessageSource -PEFSession $S -Source Microsoft-Pef-WFP-MessageProvider
PS C:\> $T2 = New-PefMessageTrigger  -PEFSession $S -Filter "ICMP" -Repeat
PS C:\> Invoke-PefCustomAction -Script $Sb -Trigger $T2
PS C:\> Stop-PefTraceSession -PEFSession $S -Trigger $T
PS C:\> Start-PefTraceSession -PEFSession $S 

New-PefDateTimeTrigger

New-PefKeyDownTrigger

New-PefMessageTrigger

New-PefProcessTrigger

New-PefTimeSpanTrigger