randymiller
asked on
Kill A Process Based on Event Log
I have a service that is hanging. I can identify a event log entry that shows the error exists. I need an eventlog montior that can kill a process and then start a service when the event arrises. I would also like to be able to recycle an application pool on a different error. It should also send an email when the event happens.
It is only going to run on one server and it seems that all of the program are designed to consolidate hundreds of logs and make them readable. I haven't been able to get past that marketing hype to find a program that does what I want.
Is there a program that will do this?
Thanks
It is only going to run on one server and it seems that all of the program are designed to consolidate hundreds of logs and make them readable. I haven't been able to get past that marketing hype to find a program that does what I want.
Is there a program that will do this?
Thanks
ashutosh_kumar
I don't think any such application exist. :(
You could write a batch file...
use psloglist to watch the event log (say poll every 5 mins for the last 5mins of events)
then use pskill to kill the process
the net start the service
use psloglist to watch the event log (say poll every 5 mins for the last 5mins of events)
then use pskill to kill the process
the net start the service
You can try to use the "Recover" tab in the service's properties to start a batch file that will kill the process in question with taskkill.exe (default in XP and W2k3) and restart the service:
@echo off
taskkill /im "TheProcess.exe"
net start "TheService"
If the SCM doesn't notice that the service hangs (you didn't say what event is logged), and the above doesn't work (note that you can *not* test the Recover function by stopping the service; the service actually has to fail!), you can use eventtriggers.exe to define an event that fires the batch file on the certain event.
You can use eventtriggers.exe as well for the other problem, but you'll have to figure out a way to recycle the application pool form the command line.
blat.exe can be used to send an email from the command line.
@echo off
<Recycle Application Pool with whatever command>
blat.exe -server Your.Mail.Server -f eventalert@your.domain.com
Taskkill
http://technet.microsoft.com/en-us/library/bb491009.aspx
Eventtriggers
http://technet2.microsoft.com/windowsserver/en/library/e33bcf4c-dece-4b47-9bb7-31ecfcbc76d51033.mspx?mfr=true
Blat
http://www.blat.net/
@echo off
taskkill /im "TheProcess.exe"
net start "TheService"
If the SCM doesn't notice that the service hangs (you didn't say what event is logged), and the above doesn't work (note that you can *not* test the Recover function by stopping the service; the service actually has to fail!), you can use eventtriggers.exe to define an event that fires the batch file on the certain event.
You can use eventtriggers.exe as well for the other problem, but you'll have to figure out a way to recycle the application pool form the command line.
blat.exe can be used to send an email from the command line.
@echo off
<Recycle Application Pool with whatever command>
blat.exe -server Your.Mail.Server -f eventalert@your.domain.com
Taskkill
http://technet.microsoft.com/en-us/library/bb491009.aspx
Eventtriggers
http://technet2.microsoft.com/windowsserver/en/library/e33bcf4c-dece-4b47-9bb7-31ecfcbc76d51033.mspx?mfr=true
Blat
http://www.blat.net/
ASKER
So far the EventTrigger seems to be working and the batch files are able to kill the process and reset the application pool without problem.
The EventTrigger is too agressive however. I have it setup to trigger on a 1309 event with a description. It is triggering on all 1309 events. I used a batch file to create the eventtriggers. Here is the line.
eventtriggers /create /tr ResetTGAppPool /l Application /eid 1309 /d "Exception message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." /tk c:\batch\ResetTGAppPool.ba
As you see I am using the /d syntax. I was afraid that since the message body is much bigger that the text provided and has date and time information it wouldn't match, but it seems to be ignoring it. Do you have any experience with using the /d syntax?
Also here is the line to reset an application pool incase anybody needs it.
@Echo Off
cscript c:\windows\system32\iisapp
EventCreate /l Application /t INFORMATION /id 1 /d "Application Pool Recycled"
Thanks
Randy
PS: Even though it is too agressive, the extra resets are causing less problems then not enough.
The EventTrigger is too agressive however. I have it setup to trigger on a 1309 event with a description. It is triggering on all 1309 events. I used a batch file to create the eventtriggers. Here is the line.
eventtriggers /create /tr ResetTGAppPool /l Application /eid 1309 /d "Exception message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." /tk c:\batch\ResetTGAppPool.ba
As you see I am using the /d syntax. I was afraid that since the message body is much bigger that the text provided and has date and time information it wouldn't match, but it seems to be ignoring it. Do you have any experience with using the /d syntax?
Also here is the line to reset an application pool incase anybody needs it.
@Echo Off
cscript c:\windows\system32\iisapp
EventCreate /l Application /t INFORMATION /id 1 /d "Application Pool Recycled"
Thanks
Randy
PS: Even though it is too agressive, the extra resets are causing less problems then not enough.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help. I was hoping to be able to filter the event a little better, but it seams that windows doesn't allow that.
Thanks for the direction
Randy
Thanks for the direction
Randy