EVENTMONITOR |
Purpose: | Monitor event logs |
Format: | EVENTMONITOR [/C [name]] |
EVENTMONITOR server name /S"source" /T"type" /D"description" n command
server | UNC name of the machine with the log file |
name | log name |
n | Number of repetitions (or FOREVER) |
command | Command to execute when condition is triggered |
Usage:
If you don't enter any arguments, EVENTMONITOR will display the events it is currently monitoring.
The command line will be parsed and expanded before EVENTMONITOR is executed, so if you want to pass redirection characters or variables to command you will need to protect them (by enclosing in single back quotes, doubling the %'s, or using command grouping).
If the last argument on the line is a single (, it is interpreted as the beginning of a command group. EVENTMONITOR will append the following lines (in a batch file) or prompt you for more input (at the command line) until it gets a closing ).
You can specify multiple /D, /S, and /T arguments. If you want to monitor multiple events in a log, put them into a single EVENTMONITOR command. EVENTMONITOR creates a separate thread for each EVENTMONITOR command, so if you have multiple commands you will be wasting CPU time, RAM, and risk having command executed simultaneously in different threads.
The monitoring runs asynchronously in a separate thread. When the condition is triggered, the command will be executed immediately. This may cause problems if you try to write to the display or access files while the main TCC-RT thread is also performing I/O. You may need to use START or DETACH in command to avoid conflicts.
EVENTMONITOR creates environment variables when an event is triggered that can be queried by command. The variables are deleted after command is executed.
_eventcomputer | The name of the computer than generated the event |
_eventcount | The number of times the condition has been triggered |
_eventdesc | The event description |
_eventlog | The name of the event log |
_eventsource | The name of the source that wrote the event |
_eventtype | The event type (see /T below) |
Options:
/D | Description for the event to be monitored. Only events with a matching description will set the trigger. The description may contain regular expressions. |
/S | Source for the event to be monitored. Only events with a matching source will set the trigger. The source may contain regular expressions. |
/T | Type of event to be monitored. Only events with a matching type will set the trigger. The types of events are: |
Success
Error
Warning
Information
Audit_Success
Audit_Failure