Eventtriggers

  • Article

Displays and configures event triggers on local or remote machines.

To view the command syntax, click a command:

eventtriggers create

Creates a new event trigger that monitors and acts upon the occurrence of log events of given criteria.

Syntax

eventtriggers[.exe/create [/s Computer [/u Domain\User [/p Password]]] /tr TriggerName [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS Server"] [LOG] [DirectoryLogName] [*] ] {[/eid ID]|[/t {ERROR|INFORMATION|WARNING|SUCCESSAUDIT|FAILUREAUDIT}]|[/so Source]} [/d Description/tk TaskName [/ru {[Domain\]User | "System"} [/rp Password]]

Parameters

/s   Computer   : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/u   Domain \ User   : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.

/p   Password   : Specifies the password of the user account that is specified in the /u parameter.

/tr   TriggerName   : Specifies a friendly name to associate with the event trigger.

/l [ APPLICATION ] [ SYSTEM ] [ SECURITY ] [" DNS Server "] [ LOG ] [ DirectoryLogName ] [ * ] ] : Specifies the event log(s) to monitor. Valid types include: Application, System, Security, DNS server, Log, and Directory log. The wildcard (*) can be used and is the default value.

/eid   ID   : Specifies a specific event ID for which the event trigger should monitor. Valid values are any valid integer. Cannot be used in conjunction with the /type or /so parameters.

/t { ERROR | INFORMATION | WARNING | SUCCESSAUDIT | FAILUREAUDIT } : Specifies an event type for which the event trigger should monitor. Valid values include: ERROR, INFORMATION, WARNING, SUCCESSAUDIT, and FAILUREAUDIT. Cannot be used in conjunction with the /id or /so parameters.

/so   Source   : Specifies an event source for which the event trigger should monitor. Valid values are any string. Cannot be used in conjunction with the /id or /type parameters.

/d   Description   : Specifies a detailed description of the event trigger. Valid values are any string.

/tk   TaskName   : Specifies the task/command/line to execute when the event trigger conditions are met.

/ru {[ Domain \] User | "System" } : Runs the tasks with the permission of the specified user account. By default, the task runs with the permissions of the user logged on to the computer running SchTasks.

Value

Description

[Domain\]User

Specifies a user account.

"System" or ""

Specifies the NT Authority\System account, which is used by the operating system.

/rp   Password   : Specifies the password of the user account that is specified in the /ru parameter. If you omit this parameter when specifying a user account, SchTasks.exe prompts you for the password and obscures the text you type. Tasks run with with permissions of the NT Authority\System account do not require a password and SchTasks.exe does not prompt for one.

/? : Displays help at the command prompt.

Examples

The following examples show how you can use the eventtriggers /create command:

eventtriggers /create /tr "Disk Cleanup" /l system /t error /tk c:\windows\system32\cleanmgr.exe
eventtriggers /create /s srvmain /u maindom\hiropln /p p@ssW23 /tr "Low Disk Space" /eid 4133 /t warning /tk \\server\share\diskcleanup.cmd
eventtriggers /create /s srvmain /user maindom\hiropln /p p@ssW23 /tr "Disk Backup" /eid 4133 /l system /t error /tk \\server\share\ntbackup.exe

eventtriggers delete

Deletes an event trigger from a system by event trigger ID.

Syntax

eventtriggers[.exe/delete [/s Computer [/u Domain\User [/p Password]]] /tid {ID|*}

Parameters

/s   Computer   : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/u   Domain \ User   : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.

/p   Password   : Specifies the password of the user account that is specified in the /u parameter.

/tid { ID | * }   : Specifies the event trigger(s) to be deleted by "Event Trigger ID". The (*) wildcard can be used.

/? : Displays help at the command prompt.

Examples

The following examples show how you can use the eventtriggers /delete command:

eventtriggers /delete /tid 1 /tid 2 /tid 4 /tid 6
eventtriggers /delete /s srvmain /u maindom\hiropln /p p@ssW23 /tid *
eventtriggers /delete /s srvmain /u maindom\hiropln /p p@ssW23 /tid 1

eventtriggers query

Queries and displays a system's event trigger properties and settings.

Syntax

eventtriggers[.exe/query [/s Computer [/u Domain\User [/p Password]]] [/fo {TABLE|LIST|CSV}] [/nh] [/v]

Parameters

/s   Computer   : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/u   Domain \ User   : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.

/p   Password   : Specifies the password of the user account that is specified in the /u parameter.

/fo { TABLE | LIST | CSV } : Specifies the format to use for the query output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.

/nh   : Suppresses column header in the output. Valid when the /fo parameter is set to TABLE or CSV.

/v   : Specifies that detailed information be displayed in the output.

/? : Displays help at the command prompt.

Examples

The following examples show how you can use the eventtriggers /query command:

eventtriggers /query
eventtriggers /query /s srvmain
eventtriggers /query /s srvmain /u maindom\hiropln /p p@ssW23 /fo list

Remarks

  • When specified without an operation, eventtriggers returns a list of event triggers. To see a list of event triggers, type:

    eventtriggers

    Output similar to the following appears:

    • 



Trigger ID Event Trigger Name         Task
========== ========================== ==============================================
1 Disk Cleanup               c:\windows\system32\cleanmgr.exe


    

  • In the case that an event fails to execute, eventtriggers creates a log file called TriggerConsumer.log in the \windows\system32\wbem\logs directory containing a message that the event failed to trigger.
    • 



Formatting legend











Format


Meaning








Italic


Information that the user must supply






Bold


Elements that the user must type exactly as shown






Ellipsis (...)


Parameter that can be repeated several times in a command line






Between brackets ([])


Optional items






Between braces ({}); choices separated by pipe (|). Example: {even|odd}


Set of choices from which the user must choose only one






Courier font


Code or program output







Command-line reference A-Z


Command-line reference