New-PefMessageTrigger

New-PefMessageTrigger

Creates a trigger based on detecting a filter match for a specific message in a PEF Trace Session.

구문

Parameter Set: Default
New-PefMessageTrigger [-PEFSession] <IPpkTraceSession> [-Filter] <String> [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-Repeat] [ <CommonParameters>]

자세한 설명

The New-PefMessageTrigger cmdlet creates a trigger based on detecting a filter match for a specific message in a PEF Trace Session. You can use a message trigger to start, stop, save, and filter a Protocol Engineering Framework (PEF) Trace Session based on any valid filter, for example, a protocol name such as ARP or ICMP. The trigger becomes active when you associate it to a PEF action.

매개 변수

-Filter<String>

Specifies a trace filter. You can use the Set-PefTraceFilter cmdlet to create the trace filter that defines the type of message that stops the Trace Session.

-InformationAction<System.Management.Automation.ActionPreference>

Specifies how this cmdlet responds to an information event. 이 매개 변수에 허용되는 값은 다음과 같습니다.

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

-InformationVariable<System.String>

Specifies a variable in which to store an information event message.

-PEFSession<IPpkTraceSession>

Specifies a PEF Trace Session. To create a Trace Session, use the New-PefTraceSession cmdlet.

-Repeat

Indicates that a trigger runs on each occurrence of a specified event. If you do not specify this parameter, the trigger runs only once.

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

예제

Example 1: Stop a Trace Session based on a filtered message type

This example starts a PEF Trace Session in linear capture mode. The Trace Session continues until ICMP traffic is detected or certain disk quotas are reached on the computer where the Trace Session is running.

The first command uses the New-PefTraceSession cmdlet to create a Trace Session object and stores it in the $TraceSession01 variable. This cmdlet also uses the Name and Path parameters to specify a source file for data input and a save location for trace results, respectively.

The second command uses the Add-PefMessageSource cmdlet to specify a provider for the Trace Session stored in $TraceSession01.

The third command uses the New-PefMessageTrigger cmdlet to create a new message trigger object and stores it in the $Trigger01 variable.

The fourth command uses the Stop-PefTraceSession cmdlet to create a stop action for the trigger stored in $Trigger01 and associates that action with the Trace Session stored in $Trace Session01.

The fifth command uses the Start-PefTraceSession cmdlet to start the Trace Session stored in $TraceSession01. The SaveOnStop parameter in the New-PefTraceSession cmdlet causes the Trace Session to be saved to the specified file location and format after the first ICMP protocol message is parsed.

PS C:\> $TraceSession01 = New-PefTraceSession -Mode Linear -Name ".\myTrace.matu" -SaveOnStop –Path "C:\Traces\Result.matu"
PS C:\> Add-PefMessageSource -PEFSession $TraceSession01 –Source "Microsoft-PEF-WFP-MessageProvider"
PS C:\> $Trigger01 = New-PefMessageTrigger -Filter "icmp"
PS C:\> Stop-PefTraceSession -PEFSession $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefTraceSession -PEFSession $TraceSession01

관련 항목

New-PefProcessTrigger

New-PefTimeSpanTrigger

New-PefDateTimeTrigger

New-PefKeyDownTrigger

Add-PefMessageSource

Stop-PefTraceSession

New-PefTraceSession