Sign in to follow this  
Followers 0
PeterGammage

Getting XP "Eventtriggers" to work

6 posts in this topic

Before I start using Autoit I thought I'd test out how I could trigger actions based upon events. I have tried using the Windows XP Eventtriggers command and while it sets up OK it doesn't seem to run when an appropriate event occurs.

The commands I have used aim to execute a batch file(which at the moment only does an ECHO to tell you the trigger has fired) when an error occurs and are listed below

eventtriggers /delete /tid *

eventtriggers /create /tr "System Error" /l system /t error /tk f:systemerror.bat

eventtriggers /create /tr "Security Error" /l security /t error /tk f:securityerror.bat

eventtriggers /create /tr "Application Error" /l application /t error /tk f:applicationerror.bat

The triggers all setup fine and I've checked the system/security/Application logs to see if errors are occuring (even used Eventcreate to creat some) - however the trigger does not seem to fire.

Can anyone help?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

The event's batch file is not executed in your current environment. Provide the full path the to the file:

eventtriggers /create /tr "System Error" /l system /t error /tk "f:\systemerror.bat"

;)

Edit: Typo.

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

PsaltyDS - thanks for the reply. The full path is provided - the batch file is in the root of a drive mapped to drive letter F, so I would have thought that /tk f:applicationerror.bat was correct.

Or are you saying it should be

/tk "f:/applicationerror.bat"

Share this post


Link to post
Share on other sites

Yes, mine was a typo with the F: and C:. But also, how do you know the F: mapping is available in the environment that runs the event task?

;)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Yes, mine was a typo with the F: and C:. But also, how do you know the F: mapping is available in the environment that runs the event task?

:)

I'm back to continue discussion as I still can't get it to work!!

I've tried using the C: Drive as below and I still can't get it to fire

eventtriggers /create /tr "System Error" /l SYSTEM /t ERROR /tk "C:\systemerror.bat"

Basically I just want a batch file to fire when any System errors occur. The eventcreate works, but when I create an event using the command below the above batch file doesn't fire and I don't know why

eventcreate /ID 999 /T ERROR /D Testing /L SYSTEM

BTW - the batch file is as below:

ECHO OFF

REM This batch file executes as part of an "eventtrigger" for severe events

REM

Echo ***********************************************************************

Echo * A System Error has occured *

Echo ***********************************************************************

Pause

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Here is what I used...

To create the eventtrigger for the system log:

@eventtriggers /create /tr SYSTEMERROR /l System /t Error /tk c:windowssystemeventssystemerrors.bat

What the systemerrors.bat file does:

@ECHO OFF
@echo Here are the last 4 error entries from SYSTEM log >systemerrors.msg
@eventquery /l system /r 4 /fi "Type eq Error" /v >>systemerrors.msg
@BMAIL.exe -s {smtpserver} -t {destination email address} -f [who it's from] -h -a "System Event Log Error Detected" -m systemerrors.msg -c >NUL

Your code looks ok, you may want to check your PATH to make sure the directories for eventtriggers and eventquery (in my case) are present. It may also be a permissions issue with the BATCH file or the eventtrigger itself.

I also noticed in your security eventtrigger line you must replace "error" with "failureaudit", it will never find "error" since that syntax isn't used in the Security Log.

Also, you may want to omit the quotes in your eventtrigger after the /tk declaration.

Edited by biggandyy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0