Solved

WindowsOS Defrag Start Event Id's needed

Posted on 2013-12-03
5
637 Views
Last Modified: 2014-04-16
Hello

I am creating a monitor in a 3rd party application, It needs to trigger on Any Windows Operating system when a defrag is started so i can alert myself for further action.

I have found Event ID: 258 Source: Microsoft-Windows-Defrag and have searched for other ID's with that source but have found none that are useful.

This ID just shows analysis.

Any one know?



Source: Microsoft-Windows-Defrag
Type: Information
Description:
The disk defragmenter successfully completed analysis on (C:)
0
Comment
Question by:beltonnz
  • 2
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39694496
You can use task scheduler to trigger an application when an event occurs

To setup these tasks within the Task Scheduler, the actions are much easier. You simply right-click on the Event Viewer Tasks node, then select either “Create Basic Task” or “Create Task”. Both options will associate tasks to the Event Viewer. It is clear that the Basic Task is much easier, but the standard Task provides ultimate control over what you want to pivot upon.

Please refer :http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Attaching-Tasks-Event-Viewer-Logs-Events.html
0
 
LVL 1

Author Comment

by:beltonnz
ID: 39696526
This solution will not get the desired result.

What i need is, when some one starts a defrag on example a server or even a defrag kicks of automatically. I need to be able to capture this event.

Is there an Event Id when a Windows defrag is started?

I have the below setup.
3rd Party Monitoring Software runs on a Server, It can create monitors on Event Id's, performance counters etc.

Once the monitor captures the Event Id for the start of a defrag, i can get it to alert me.

Problem is i cannot find a Event ID when a defrag is started.

There might be another way apart from Event Id i can use? See Picture attached.
Capture.JPG
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39696690
Simply use task scheduler and locate the defrag task and modify it so that it won't only do a defrag but also inform you.
0
 
LVL 1

Author Comment

by:beltonnz
ID: 39704626
That defrag task is for scheduled defrags.

I need to be alerted when some one manually tries to do a defrag.

And i don't want to be alerted via task scheduler, i want to be alerted through my monitoring software installed on the server so i need an event id or performance monitor relating to the manual start of a defrag.
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 39741754
...back from vacation...

Hi. You could setup ntfs-auditing for dfrgui.exe which is used for interactive defrags. That way, an event would be created and you could attach a mailing action to that event - mission accomplished.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now