3
responses

Say I wanted to run a PowerShell script on an interval using the im_exec module how would I do that?

<Input powershell>
    Module  im_exec
    Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    Arg     "script goes here"
    <Exec>
       $output = $raw_event;
    </Exec>
</Input>

I can make the interval work by creating pauses in the code but then it appears as though the script process would run forever which is undesirable for efficiency and stability reasons. Is there a way to run the code on a interval, say every fifteen minutes?

Thoughts?

Thanks in advance!!

AskedJanuary 16, 2020 - 5:46pm

Comments (1)

  • casey1234's picture

    What I finally got to work:

    <Input powershell>
        Module  im_exec
                Restart true
                Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                Arg     "$IP = Get-WmiObject  Win32_NetworkAdapterConfiguration | where {$_.IPEnabled};$IP.DefaultIPGateway;Start-Sleep 900"
        <Exec>
           $gateway = $raw_event;
        </Exec>
    </Input>
    

    This executes the script and then pauses for 15 minutes where the script will terminate. From there NXLog will detect that the script stopped and start it again, and so on. If anyone has a better idea feel free to post it.

    Hopefully this helps someone.

Answer (1)

Hi Casey!

Maybe what you want to use is the Schedule directive.

Please take a look to reference manual, section "2.3.2. Schedule":

<Input in>
  Module im_tcp
  Port 2345
  <Schedule>
  Every 1 sec
  First 2010-12-17 00:19:06
  Exec log_info("scheduled execution at " + now());
  </Schedule>
  <Schedule>
  When 1 */2 2-4 * *
  Exec log_info("scheduled execution at " + now());
  </Schedule>
</Input>

Comments (1)

  • casey1234's picture

    Hi Manuel!

    Funny you point that out because that's what I've been looking at. I just wasn't sure about how syntactically to execute the code itself. Would I just replace log_info with powershell?

    Thanks!!