Re: How to get an event (asynchronously and with out using looping mechanism) when a process is stopped.
- From: "Dominic Johnson" <johnsondominic@xxxxxxxxxxx>
- Date: 22 Sep 2005 06:17:12 -0700
Hi Koti,
a permanent event subscription in WMI may give you what you are looking
for. The event subscription consists of a an event filter and an event
consumer. Events matching the filter criteria are delivered to an event
consumer for action. The filter and consumer are registered and bound
in WMI so there isn't a requirement for a continuously running script
and there should be little or no impact on the CPU usage.
There is some information about permanent event subscriptions here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/receiving_events_at_all_times.asp
Probably the simplest way to setup a permanent event subscription is to
create a Managed Object Format (mof) file that describes the event
filter and consumer actions (there is a built in SMTP consumer).
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/managed_object_format.asp
The mof file is then compiled into the relevant WMI namespace using the
mofcomp utility (e.g. mofcomp myfile.mof):
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/mofcomp.asp
The examples below are for a mof file to setup event subscriptions for
the termination of a process and for the possible failure of a service.
The process termination example:
#pragma namespace ("\\\\.\\root\\subscription")
// for Windows 2000 use #pragma namespace ("\\\\.\\root\\cimv2")
instance of __EventFilter as $FILTER
{
Name = "Process End";
// Windows Server 2003 and Windows XP only not required in Windows
2000
EventNamespace = "root\\cimv2";
Query = "SELECT * FROM __InstanceDeletionEvent WITHIN 10 "
"WHERE TargetInstance ISA \"Win32_Process\" "
"AND TargetInstance.Name = \"notepad.exe\" ";
QueryLanguage = "WQL";
};
instance of SMTPEventConsumer as $CONSUMER
{
Name = "Process Stopped";
ToLine = "user.name@xxxxxxxxxx";
SMTPServer = "smtpserver.domain.com";
Subject = "The %TargetInstance.Name% process has stopped ";
};
instance of __FilterToConsumerBinding
{
Consumer = $CONSUMER ;
Filter = $FILTER ;
};
and for the service status:
#pragma namespace ("\\\\.\\root\\subscription")
// for Windows 2000 use #pragma namespace ("\\\\.\\root\\cimv2")
instance of __EventFilter as $FILTER
{
Name = "Service Stopped Filter";
// Windows Server 2003 and Windows XP only
EventNamespace = "root\\cimv2";
Query = "SELECT * FROM __InstanceModificationEvent WITHIN 10 "
"WHERE TargetInstance ISA \"Win32_Service\" AND "
"TargetInstance.Name = \"Browser\" "
"AND TargetInstance.Status <> \"Running\" ";
QueryLanguage = "WQL";
};
instance of SMTPEventConsumer as $CONSUMER
{
Name = "Service Stopped";
ToLine = "user.name@xxxxxxxxxx";
SMTPServer = "smtpserver.domain.com";
Subject = "WARNING: Service %TargetInstance.Name% on "
"%TargetInstance.SystemName% is
%TargetInstance.State%";
Message = "WARNING: The service %TargetInstance.Name% "
"on %TargetInstance.SystemName% has changed state."
"The new state is %TargetInstance.State%";
};
instance of __FilterToConsumerBinding
{
Consumer = $CONSUMER ;
Filter = $FILTER ;
};
You can also create, view, modify and delete filter and consumer
instances using Event Registration in WMI Administrative Tools.
Hope that helps
Dominic
.
- Follow-Ups:
- References:
- Prev by Date: Win32_IP4PersistedRouteTable returns nothing
- Next by Date: How to configure DCOM settings in a network?
- Previous by thread: How to get an event (asynchronously and with out using looping mechanism) when a process is stopped.
- Next by thread: Re: How to get an event (asynchronously and with out using looping mechanism) when a process is stopped.
- Index(es):
Relevant Pages
|
