WindowsOS Defrag Start Event Id's needed

Hello

I am creating a monitor in a 3rd party application, It needs to trigger on Any Windows Operating system when a defrag is started so i can alert myself for further action.

I have found Event ID: 258 Source: Microsoft-Windows-Defrag and have searched for other ID's with that source but have found none that are useful.

This ID just shows analysis.

Any one know?



Source: Microsoft-Windows-Defrag
Type: Information
Description:
The disk defragmenter successfully completed analysis on (C:)
LVL 1
Thomas NZSystems EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ram BalachandranCommented:
You can use task scheduler to trigger an application when an event occurs

To setup these tasks within the Task Scheduler, the actions are much easier. You simply right-click on the Event Viewer Tasks node, then select either “Create Basic Task” or “Create Task”. Both options will associate tasks to the Event Viewer. It is clear that the Basic Task is much easier, but the standard Task provides ultimate control over what you want to pivot upon.

Please refer :http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Attaching-Tasks-Event-Viewer-Logs-Events.html
0
Thomas NZSystems EngineerAuthor Commented:
This solution will not get the desired result.

What i need is, when some one starts a defrag on example a server or even a defrag kicks of automatically. I need to be able to capture this event.

Is there an Event Id when a Windows defrag is started?

I have the below setup.
3rd Party Monitoring Software runs on a Server, It can create monitors on Event Id's, performance counters etc.

Once the monitor captures the Event Id for the start of a defrag, i can get it to alert me.

Problem is i cannot find a Event ID when a defrag is started.

There might be another way apart from Event Id i can use? See Picture attached.
Capture.JPG
0
McKnifeCommented:
Simply use task scheduler and locate the defrag task and modify it so that it won't only do a defrag but also inform you.
0
Thomas NZSystems EngineerAuthor Commented:
That defrag task is for scheduled defrags.

I need to be alerted when some one manually tries to do a defrag.

And i don't want to be alerted via task scheduler, i want to be alerted through my monitoring software installed on the server so i need an event id or performance monitor relating to the manual start of a defrag.
0
McKnifeCommented:
...back from vacation...

Hi. You could setup ntfs-auditing for dfrgui.exe which is used for interactive defrags. That way, an event would be created and you could attach a mailing action to that event - mission accomplished.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.