New-PefEventLogTrigger

New-PefEventLogTrigger

Creates a trigger that signals when an event log logs an entry.

구문

Parameter Set: Default
New-PefEventLogTrigger [-LogName] <String> [-CheckTimerPeriodMs <Int32> ] [-EventId <Int32> ] [-EventSourceName <String> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-MachineName <String> ] [-Repeat] [ <CommonParameters>]

자세한 설명

The New-PefEventLogTrigger cmdlet creates a trigger that signals when a specified entry is logged in an event log. An event log trigger waits for a specific event from the System log, Application log, or Security log. You can monitor a remote computer or the local computer. The trigger becomes active when you associate it to a Protocol Engineering Framework (PEF) action.

매개 변수

-CheckTimerPeriodMs<Int32>

Specifies how often, in milliseconds, to check for an event. The trigger checks whether the specified log contains the event. The default value is 2000 ms.

-EventId<Int32>

Specifies the event ID of the event to wait for. If you do not specify an ID, the trigger waits for an event with any ID.

-EventSourceName<String>

Specifies the source name of the event to wait for. If you do not specify a name, the trigger waits for an event with any source name.

-InformationAction<System.Management.Automation.ActionPreference>

Specifies how this cmdlet responds to an information event. 이 매개 변수에 허용되는 값은 다음과 같습니다.

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

-InformationVariable<System.String>

Specifies a variable in which to store an information event message.

-LogName<String>

Specifies the name of the event log to check. 이 매개 변수에 허용되는 값은 다음과 같습니다.

-- Application
-- Security
-- System

-MachineName<String>

Specifies the name of the computer to monitor for the event. The default value is the local computer.

-Repeat

Indicates that the trigger runs on each occurrence of the event. If you do not specify this parameter, the trigger runs only once.

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

예제

Example 1: Create an event log trigger that stops a trace session

This example creates an event log trigger, and then associates it to a Trace Session. The Trace Session stops when the trigger finds the specific event in the Application log.

The first command creates a trigger object for an Application log event from the PEFTestSource source, and then stores it in the $Trigger01 variable.

The second command uses the New-PefTraceSession cmdlet to create a Trace Session object, and then stores it in the $TraceSession01 variable.

The third command uses the Add-PefMessageSource cmdlet to specify a provider for the session that is stored in the $TraceSession01 variable.

The fourth command uses the Stop-PefTraceSession cmdlet to create a stop action for the event log trigger that is stored in the $Trigger01 variable, and associates that action with the session that is stored in the $TraceSession01 variable.

The final command uses the Start-PefTraceSession cmdlet to start the Trace Session that is stored in the $TraceSession01 variable.

PS C:\> $Trigger01 = New-PefEventLogTrigger -LogName "Application" -EventSourceName "PEFTestSource" -EventID 1234
PS C:\> $TraceSession01 = New-PefTraceSession -Mode Circular -Force -Path "C:\Traces\EventLog" -TotalSize 50 -SaveOnStop 
PS C:\> Add-PefMessageSource -PEFSession $TraceSession01 -Source "Microsoft-Pef-WFP-MessageProvider"
PS C:\> Stop-PefTraceSession -PEFSession $TraceSession01 -Trigger $Trigger01
PS C:\> Start-PefTraceSession -PEFSession $TraceSession01

관련 항목

Add-PefMessageSource

New-PefTraceSession

New-PefWin32EventTrigger

Start-PefTraceSession

Stop-PefTraceSession