New-PefEventLogTrigger

New-PefEventLogTrigger

Creates a trigger that signals when an event log logs an entry.

構文

Parameter Set: Default
New-PefEventLogTrigger [-LogName] <String> [-CheckTimerPeriodMs <Int32> ] [-EventId <Int32> ] [-EventSourceName <String> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-MachineName <String> ] [-Repeat] [ <CommonParameters>]

詳細説明

The New-PefEventLogTrigger cmdlet creates a trigger that signals when a specified entry is logged in an event log. An event log trigger waits for a specific event from the System log, Application log, or Security log. You can monitor a remote computer or the local computer. The trigger becomes active when you associate it to a Protocol Engineering Framework (PEF) action.

パラメーター

-CheckTimerPeriodMs<Int32>

Specifies how often, in milliseconds, to check for an event. The trigger checks whether the specified log contains the event. The default value is 2000 ms.

-EventId<Int32>

Specifies the event ID of the event to wait for. If you do not specify an ID, the trigger waits for an event with any ID.

-EventSourceName<String>

Specifies the source name of the event to wait for. If you do not specify a name, the trigger waits for an event with any source name.

-InformationAction<System.Management.Automation.ActionPreference>

Specifies how this cmdlet responds to an information event. このパラメーターに対して使用できる値:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

-InformationVariable<System.String>

Specifies a variable in which to store an information event message.

-LogName<String>

Specifies the name of the event log to check. このパラメーターに対して使用できる値:

-- Application
-- Security
-- System

-MachineName<String>

Specifies the name of the computer to monitor for the event. The default value is the local computer.

-Repeat

Indicates that the trigger runs on each occurrence of the event. If you do not specify this parameter, the trigger runs only once.

<CommonParameters>

このコマンドレットは次の共通パラメーターをサポートします。-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer、-OutVariable.詳細については、以下を参照してください。 about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216)。

入力

入力型は、コマンドレットにパイプできるオブジェクトの型です。

出力

出力型は、コマンドレットによって生成されるオブジェクトの型です。

例

Example 1: Create an event log trigger that stops a trace session

This example creates an event log trigger, and then associates it to a Trace Session. The Trace Session stops when the trigger finds the specific event in the Application log.

The first command creates a trigger object for an Application log event from the PEFTestSource source, and then stores it in the $Trigger01 variable.

The second command uses the New-PefTraceSession cmdlet to create a Trace Session object, and then stores it in the $TraceSession01 variable.

The third command uses the Add-PefMessageSource cmdlet to specify a provider for the session that is stored in the $TraceSession01 variable.

The fourth command uses the Stop-PefTraceSession cmdlet to create a stop action for the event log trigger that is stored in the $Trigger01 variable, and associates that action with the session that is stored in the $TraceSession01 variable.

The final command uses the Start-PefTraceSession cmdlet to start the Trace Session that is stored in the $TraceSession01 variable.

PS C:\> $Trigger01 = New-PefEventLogTrigger -LogName "Application" -EventSourceName "PEFTestSource" -EventID 1234
PS C:\> $TraceSession01 = New-PefTraceSession -Mode Circular -Force -Path "C:\Traces\EventLog" -TotalSize 50 -SaveOnStop 
PS C:\> Add-PefMessageSource -PEFSession $TraceSession01 -Source "Microsoft-Pef-WFP-MessageProvider"
PS C:\> Stop-PefTraceSession -PEFSession $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefTraceSession -PEFSession $TraceSession01

関連トピック

Add-PefMessageSource

New-PefTraceSession

New-PefWin32EventTrigger

Start-PefTraceSession

Stop-PefTraceSession