Eventtriggers to the rescue

  • Article

You know those occasions where there is a simple answer but you almost always invent a complex way of doing it…well that’s what happened to me this week. I had a dodgy service running on my system (my fault for beta testing), the problem was that the service often failed, and correctly said so in the event log. However in the meantime if I accessed that service then the whole machine would lock up for 5-10mins or sometimes forever…if you enabled the service after it failed, and before you accessed it again then things were good to go. This obviously isn’t a perfect situation but re-enabling a service that fails once or twice a day isn’t a problem whilst testing. My solution was to monitor the running processes and services via a script (WSH/WMI), it was whilst testing this I remembered eventriggers. The beauty of this solution is that it doesn’t need a script and uses a built-in Windows function (Windows Server 2003 + Windows XP).

From a command prompt to get help and syntax information type EVENTRIGGERS /? or take a look online here

For my example I wanted to re-start the service when it stopped, capture some diagnostics and send a message, so I used the /TK switch to enable me to run a batch file when the event occurred. Note: I also added the user and password combo that I was logged on with (this was needed to make it work as otherwise the localsystem account is used).

This is my syntax:

C:\>eventtriggers /create /TR "My service" /L SYSTEM /EID 7036 /RU clive /RP mypassword /TK c:\temp\cw.cmd

The syntax is broken down in this way, I told eventtriggers to /CREATE a new trigger, I gave it a friendly name of “My service”, the SYSTEM eventlog was selected and the EventID (EID) choosen.

Now when the service stops, eventtriggers gets me going again. In this example I don’t select a specific service so if another on the system fails or starts then the script would also run. In my case I run a script to setup the eventtrigger before I start testing and another to remove the eventtrigger when I stop testing, so that isn’t a problem. This may not be the best example of an eventtrigger but may give you some ideas (or remind you it exists)