This is the built-in help made by Microsoft for the command 'Register-WmiEvent', in PowerShell version 2 - as retrieved from
Windows version 'Microsoft® Windows Vista™ Ultimate ' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Subscribes to a Windows Management Instrumentation (WMI) event.
Register-WmiEvent [-Class] <string> [[-SourceIdentifier] <string>] [[-Action] <scriptblock>] [-ComputerName <string>] [-Credential <PSCredential>
] [-Forward] [-MessageData <psobject>] [-Namespace <string>] [-SupportEvent] [-Timeout <Int64>] [<CommonParameters>]
Register-WmiEvent [-Query] <string> [[-SourceIdentifier] <string>] [[-Action] <scriptblock>] [-ComputerName <string>] [-Credential <PSCredential>
] [-Forward] [-MessageData <psobject>] [-Namespace <string>] [-SupportEvent] [-Timeout <Int64>] [<CommonParameters>]
The Register-WmiEvent cmdlet subscribes to WMI events on the local computer or on a remote computer.
When the subscribed WMI event is raised, it is added to the event queue in your local session even if the event occurs on a remote computer. To g
et events in the event queue, use the Get-Event cmdlet.
You can use the parameters of Register-WmiEvent to subscribe to events on remote computers and to specify the property values of the events that
can help you to identify the event in the queue. You can also use the Action parameter to specify actions to take when a subscribed event is rais
ed.
When you subscribe to an event, an event subscriber is added to your session. To get the event subscribers in the session, use the Get-EventSubsc
riber cmdlet. To cancel the subscription, use the Unregister-Event cmdlet, which deletes the event subscriber from the session.
<
Online version: http://go.microsoft.com/fwlink/?LinkID=135245
Register-ObjectEvent
Register-EngineEvent
Unregister-Event
Get-Event
New-Event
Remove-Event
Wait-Event
<
-------------------------- EXAMPLE 1 --------------------------
C:\PS>register-wmiEvent -class 'Win32_ProcessStartTrace' -sourceIdentifier "ProcessStarted"
Description
-----------
This command subscribes to the events generated by the Win32_ProcessStartTrace class. This class raises an event whenever a process starts.
-------------------------- EXAMPLE 2 --------------------------
C:\PS>register-wmiEvent -query "select * from __instancecreationevent within 5 where targetinstance isa 'win32_process'" -sourceIdentifier "WMIPr
ocess" -messageData "Test 01" -timeout 500
Description
-----------
This command uses a query to subscribe to Win32_process instance creation events.
-------------------------- EXAMPLE 3 --------------------------
C:\PS>$action = { get-history | where { $_.commandline -like "*start-process*" } | export-cliXml "commandHistory.clixml" }
C:\PS> register-wmiEvent -class 'Win32_ProcessStartTrace' -sourceIdentifier "ProcessStarted" -action $action
Id Name State HasMoreData Location Command
-- ---- ----- ----------- -------- -------
1 ProcessStarted NotStarted False get-history | where {...
Description
-----------
This example shows how to use an action to respond to an event. In this case, when a process starts, any Start-Process commands in the current se
ssion are written to an XML file.
When you use the Action parameter, Register-WmiEvent returns a background job that represents the event action. You can use the Job cmdlets, such
as Get-Job and Receive-Job, to manage the event job.
For more information, see about_Jobs.
-------------------------- EXAMPLE 4 --------------------------
C:\PS>register-wmiEvent -class 'Win32_ProcessStartTrace' -sourceIdentifier "Start" -computername Server01
C:\PS> get-event -sourceIdentifier "Start"
Description
-----------
This example registers for events on the Server01 remote computer.
WMI returns the events to the local computer and stores them in the event queue in the current session. To retrieve the events, run a local Get-E
vent command.