Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Using Event Triggers

Created: 28 Oct 2009 • Updated: 28 Oct 2009 | 2 comments
Language Translations
Rob.Wilcox's picture
+4 4 Votes
Login to vote

A few days I was working on an issue with Support, and we came up with a neat way of doing "things" based on what happens in the event log on a server.  This article describes how you can use a Windows XP / Windows 2003 tool called eventtriggers to do a simple SQL script when a particular event is logged in the Symantec Enterprise Vault event log.

Event Triggers - what is it?

EventTriggers is a Windows XP, and Windows 2003 command line utility, built into the Operating System which can monitor an event log (or all event logs) for a particular event id/category combination and then perform a command (run a script etc, etc) when that event appears.

The trigger I want

I want to run a bit of SQL every time the provisioning task completes.  The provisioning task finishes with the following event id :

Event Type: Information
Event Source: Enterprise Vault

Event Category: Exchange Provisioning Task
Event ID: 41104
Date: 15710/2009
Time: 16:29:14
User: N/A
Computer: EVSERVER01
Description:
The Exchange mailbox provisioning task has completed.

Task: Exchange Provisioning Task for home.local

Domain: ev.local

The bit of SQL I want to run is simply :

USE EnterpriseVaultDirectory
UPDATE ExchangeMailboxEntry set LegacyMbxDN=upper(LegacyMbxDN)

How to add the trigger

The best way to do this is build up the process in parts.  First of all in many test labs (mine included) SQL is on the same server as EV.. so the process is very straight forward, I just need to run the bit of SQL above.   eg

eventtriggers /create  /TR "SQL Upper Case" /l "Symantec Enterprise Vault" /eid 41104 /t Information /tk "c:\tools\uppercase.cmd"

Uppercase.cmd contains :

CD "C:\Program Files\Microsoft SQL Server\90\Tools\Binn"
sqlcmd -i c:\uc.sql

uc.sql contains

USE EnterpriseVaultDirectory
UPDATE ExchangeMailboxEntry set LegacyMbxDN=upper(LegacyMbxDN)

If the SQL server is remote, it's still pretty straight forward. We just use PSEXEC the SysInternals (now Microsoft) tool to remotely run the SQL above as follows :

eventtriggers /create  /TR "SQL Upper Case" /l "Symantec Enterprise Vault" /eid 41104 /t Information /tk "c:\tools\uppercase.cmd"

C:\Tools\uppercase.cmd contains :

psexec \\SQL_Server_Name c:\uppercase.cmd

In this case uppercase.cmd contains the same as above, as does uc.sql, but the file is on the SQL server in the c:\ folder (or anywhere else you want to put it)

How to test it

For this scenario you would simply run the provisioning task.  Check the event log correctly has the 41104 event logged in it, and lastly check that the SQL has run by doing a query on the LegacyMbxDN in the ExchangeMailboxEntry table.

Summary

It should be possible to see from the example above that the use of Event Triggers in this way could be quite powerful...  For example if a particular event id is logged perform a service restart, or notify an administrator via email and so on.

References :

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/eventtriggers.mspx?mfr=true
http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.scripting/2006-03/msg00548.html
http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx
http://support.veritas.com/docs/335411

Thanks

Thanks go to Mark Barefoot and Benoit Lionnet for input into this article.

Comments 2 CommentsJump to latest comment

John Santana's picture

Cool, thanks Rob for sharing this knowledge, it is very useful not just for EV but some other things as well. !!

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Rob.Wilcox's picture
+1
Login to vote