• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

Kill A Process Based on Event Log

I have a service that is hanging. I can identify a event log entry that shows the error exists. I need an eventlog montior that can kill a process and then start a service when the event arrises. I would also like to be able to recycle an application pool on a different error. It should also send an email when the event happens.

It is only going to run on one server and it seems that all of the program are designed to consolidate hundreds of logs and make them readable. I haven't been able to get past that marketing hype to find a program that does what I want.

Is there a program that will do this?

Thanks
0
randymiller
Asked:
randymiller
1 Solution
 
ashutosh_kumarCommented:
I don't think any such application exist. :(
0
 
Matthew MillersCommented:
You could write a batch file...

use psloglist to watch the event log (say poll every 5 mins for the last 5mins of events)
then use pskill to kill the process
the net start the service
0
 
oBdACommented:
You can try to use the "Recover" tab in the service's properties to start a batch file that will kill the process in question with taskkill.exe (default in XP and W2k3) and restart the service:

@echo off
taskkill /im "TheProcess.exe"
net start "TheService"

If the SCM doesn't notice that the service hangs (you didn't say what event is logged), and the above doesn't work (note that you can *not* test the Recover function by stopping the service; the service actually has to fail!), you can use eventtriggers.exe to define an event that fires the batch file on the certain event.
You can use eventtriggers.exe as well for the other problem, but you'll have to figure out a way to recycle the application pool form the command line.
blat.exe can be used to send an email from the command line.

@echo off
<Recycle Application Pool with whatever command>
blat.exe -server Your.Mail.Server -f eventalert@your.domain.com -t randymiller@your.domain.com -s "Some Event happened"

Taskkill
http://technet.microsoft.com/en-us/library/bb491009.aspx

Eventtriggers
http://technet2.microsoft.com/windowsserver/en/library/e33bcf4c-dece-4b47-9bb7-31ecfcbc76d51033.mspx?mfr=true

Blat
http://www.blat.net/
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
randymillerAuthor Commented:
So far the EventTrigger seems to be working and the batch files are able to kill the process and reset the application pool without problem.

The EventTrigger is too agressive however. I have it setup to trigger on a 1309 event with a description. It is triggering on all 1309 events. I used a batch file to create the eventtriggers. Here is the line.

eventtriggers /create /tr ResetTGAppPool /l Application /eid 1309 /d "Exception message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." /tk c:\batch\ResetTGAppPool.bat

As you see I am using the /d syntax. I was afraid that since the message body is much bigger that the text provided and has date and time information it wouldn't match, but it seems to be ignoring it. Do you have any experience with using the /d syntax?

Also here is the line to reset an application pool incase anybody needs it.

@Echo Off
cscript c:\windows\system32\iisapp.vbs /a "YourPoolName" /r
EventCreate /l Application /t INFORMATION /id 1 /d "Application Pool Recycled"

Thanks
Randy

PS: Even though it is too agressive, the extra resets are causing less problems then not enough.


0
 
oBdACommented:
The "/d" is only the description of the trigger itself, to make things easier for you; you can only use the /SO[urce] and /T[ype] arguments for further checks.
Is that your own application that's creating this message, that is, can it be changed?
Can you check in the script for the error condition?
0
 
randymillerAuthor Commented:
Thanks for your help. I was hoping to be able to filter the event a little better, but it seams that windows doesn't allow that.
Thanks for the direction
Randy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now