• Facebook
  • RSS Feed
  • Instagram
  • LinkedIn
  • Twitter
Dec 212009

A few days ago I was working on an issue with Support, and we came up with a neat way of doing “things” based on what happens in the event log on a server.  This article describes how you can use a Windows XP / Windows 2003 tool called eventtriggers to do a simple script when a particular event is logged in the Symantec Enterprise Vault event log.

Event Triggers – what is it?

EventTriggers is a Windows XP, and Windows 2003 command line utility built into the Operating System which can monitor an event log (or all event logs) for a particular event id/category combination and then perform a command (run a script, etc) when that event appears.

The Trigger I want

I want to run a bit of SQL every time the provisioning task completes.  The provisioning task finished with the following event id :

Event Type: Information
Event Source: Enterprise Vault
Event Category: Exchange Provisioning Task
Event ID: 41104
Date: 15710/2009
Time: 16:29:14
User: N/A
Computer: EVSERVER01
The Exchange mailbox provisioning task has completed.
Task: Exchange Provisioning Task for home.local
Domain: ev.local

The bit of SQL I want to run is simply

USE EnterpriseVaultDirectory

UPDATE ExchangeMailboxEntry set LegacyMbxDN=upper(LegacyMbxDN)

How to add the trigger

The best way to do this is build up the process in parts.  First of all in many test labs (mine included) SQL is on the same server as EV.. so the process is very straight forward, I just need to run the bit of SQL above.   eg

eventtriggers /create  /TR “SQL Upper Case” /l “Symantec Enterprise Vault” /eid 41104 /t Information /tk “c:toolsuppercase.cmd”

Uppercase.cmd contains :

CD “C:Program FilesMicrosoft SQL Server90ToolsBinn”

sqlcmd -i c:uc.sql

uc.sql contains

USE EnterpriseVaultDirectory

UPDATE ExchangeMailboxEntry set LegacyMbxDN=upper(LegacyMbxDN)

If the SQL server is remote, it’s still pretty straight forward. We just use PSEXEC the SysInternals (now Microsoft) tool to remotely run the SQL above as follows :

eventtriggers /create  /TR “SQL Upper Case” /l “Symantec Enterprise Vault” /eid 41104 /t Information /tk “c:toolsuppercase.cmd”

C:Toolsuppercase.cmd contains :

psexec \SQL_Server_Name c:uppercase.cmd

In this case uppercase.cmd contains the same as above, as does uc.sql, but the file is on the SQL server in the c: folder (or anywhere else you want to put it)

How to test it

For this scenario you would simply run the provisioning task.  Check the event log correctly has the 41104 event logged in it, and lastly check that the SQL has run by doing a query on the LegacyMbxDN in the ExchangeMailboxEntry table.


It should be possible to see from the example above that the use of Event Triggers in this way could be quite powerful…  For example if a particular event id is logged perform a service restart, or notify an administrator via email and so on.







Thanks go to Mark Barefoot and Benoit Lionnet for input into this article.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

  One Response to “Using Event Triggers”

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>