ncooper09 ncooper09 - 3 months ago 23
PowerShell Question

How to use the "run this command" (-rc) option with logman

I'm trying to set up some performance monitors. I also want to do some stuff with the data (csv), including analyzing the data with some PS scripting upon collection segmentation. Here is my PS command to create the logman entry:

logman create counter -n NetLog -f csv -si 00:00:30 `
-cnf 00:01:00 -c "\Network Interface(*)\Bytes Total/sec" -r -v mmddhhmm `
-b 00:00:00 -e 23:59:59 -rc C:\PerfLogs\Admin\NetLogConfig\hello.cmd


Note that the details like segment length and sample interval are only that low for testing purposes. Production will be much different, though undecided as of yet, but I digress. Now, this works great:

logman create counter -n NetLog -f csv -si 00:00:30 `
-cnf 00:01:00 -c "\Network Interface(*)\Bytes Total/sec" -r -v mmddhhmm `
-b 00:00:00 -e 23:59:59


But for some reason, as soon as I add
-rc C:\PerfLogs\Admin\NetLogConfig\hello.cmd
, the counter stops upon segmentation of the collection period instead of segmenting and continuing. Note that the command to create the counter succeeds, and the counter will start successfully, but the collector set is halted when the file is closed for segmentation. It also does not run the command at all. I have also tried a file type of .bat instead of .cmd, and I have also tried typing a command directly into the -rc parameter (eg
-rc echo "Hello World!"
). .bat makes no difference, and enetering a command directly will get me a nice error message about it not being an acceptable paramater. Inside the file is a place-holder command that right now goes:

echo "Hello World!"
pause


So how do I get a command to run upon segmentation/file close? I will consider work-arounds, but this seems by far the cleanest solution.

Answer

Read newest logman create counter reference:

-[-]rc <task>           Run the command specified each time the log is closed.

Note that -rc switch parameter is -rc <task> (in an older Technet document is -rc FileName). So what <task> stands for? Read Data Collector Set Properties and/or run perfmon.exe, see image below:

Task - You can run a Windows Management Instrumentation (WMI) task upon completion
       of the Data Collector Set collection by entering the command in the
       Run this task when the data collector set stops box.
       Refer to WMI task documentation for options.

And finally, from WMI task documentation I have recognized that <task> in -rc <task> should be a name of a scheduled task. Next modification of your attempt might give a proof (a new instance of cmd window flashes every minute and output files are filled as expected):

erase d:\bat\SO\38859079.txt
erase C:\PerfLogs\Admin\NetLog*.csv
logman delete NetLog
logman create counter -n NetLog -f csv -si 00:00:15 -cnf 00:01:00 ^
  -rf 00:05:00 -c "\Network Interface(*)\Bytes Total/sec" -r -v mmddhhmm ^
  -b 00:00:00 -e 23:59:59 -rc 38859079
logman start NetLog
timeout /T 360 /Nobreak
logman stop NetLog
dir /B /S C:\PerfLogs\Admin\NetLog*.csv
type d:\bat\SO\38859079.txt
Schtasks /Query /FO LIST /V /TN 38859079 | findstr /I /C:"Task To" /C:"Type"

Output:

==> D:\bat\SO\38859079.bat

==> erase d:\bat\SO\38859079.txt

==> erase C:\PerfLogs\Admin\NetLog*.csv

==> logman delete NetLog
The command completed successfully.

==> logman create counter -n NetLog -f csv -si 00:00:15 -cnf 00:01:00  -rf 00:05:00 -c "\
Network Interface(*)\Bytes Total/sec" -r -v mmddhhmm   -b 00:00:00 -e 23:59:59 -rc 388590
79
The command completed successfully.

==> logman start NetLog
The command completed successfully.

==> timeout /T 360 /Nobreak

Waiting for   0 seconds, press CTRL+C to quit ...

==> logman stop NetLog

Error:
Data Collector Set is not running.

==> dir /B /S C:\PerfLogs\Admin\NetLog*.csv
C:\PerfLogs\Admin\NetLog_08101250.csv
C:\PerfLogs\Admin\NetLog_08101251.csv
C:\PerfLogs\Admin\NetLog_08101252.csv
C:\PerfLogs\Admin\NetLog_08101253.csv
C:\PerfLogs\Admin\NetLog_08101254.csv

==> type d:\bat\SO\38859079.txt
10.08.2016 12:51:47,99
10.08.2016 12:52:49,04
10.08.2016 12:53:50,06
10.08.2016 12:54:51,07
10.08.2016 12:55:48,00

==> Schtasks /Query /FO LIST /V /TN 38859079   | findstr /I /C:"Task To" /C:"Type"
Task To Run:                          cmd /c >>d:\bat\SO\38859079.txt echo %date% %time%
Schedule Type:                        On demand only

==>

Please note than your question has nothing to do with powershell (IMHO wrong tag); in my example is scheduled task to run cmd however it should work for powershell as well.

perfmon/netlog