Event Hooks for Post-Connection Scripts
How users can use CSE-generated events as hooks to run scripts for macOS and Windows devices
- Updated on
- Event Hooks Overview
- Event IDs
- Scheduling Tasks on Windows devices
- launchd QueueDirectories on macOS devices
- macOS paths
- Event Hooks use cases
Note: This feature is supported on Windows devices with desktop app version 4.10.0+ and on macOS devices with desktop app version 4.2.0+.
Event Hooks Overview
Events can be used as hooks to scripts that automate parts of your workflow as an admin. This doc lays out how to identify Events, how to set up Event Hooks for post-connection scripts on mac and Windows devices, and how to apply this feature to your own workflow.
Any time a user connects or disconnects from a Service Tunnel via CSE’s desktop app, the desktop app automatically generates an Event in devices’ OS Event Log, published under the CSE service. For each type of Event, there is a specific Event ID.
Event IDs
When the CSE desktop app Service Tunnel changes state (i.e., a user connects or disconnects to Service Tunnel), it writes the following events:
On Connecting to Service Tunnel
| Event Published | |
|---|---|
| Log | Application |
| Source | CSEService |
| Event ID | 9001 |
On Disconnecting from Service Tunnel
| Event Published | |
|---|---|
| Log | Application |
| Source | CSEService |
| Event ID | 9002 |
Scheduling Tasks on Windows devices
CSE’s desktop app (Windows version) writes a custom event to the Windows OS Event Log upon connection and disconnection to Service Tunnel. Admins can create a Scheduled Task to listen for an event and execute a script (or a sequence of scheduled tasks) once the event has been identified.
For instance, when the CSE service publishes an Event ID 9001, it means a user has connected to Service Tunnel, and the admin can schedule a sequence of tasks that run as a result of the user connecting to Service Tunnel.
launchd QueueDirectories on macOS devices
When a Service Tunnel connects or disconnects, CSE drops an empty file into a specific directory. CSE never runs scripts or commands itself.
macOS’s launchd system uses a feature called QueueDirectories to watch specified folders and, whenever a new file appears, automatically trigger a job defined in a .plist configuration file. Admins place that .plist in ~/Library/LaunchAgents/.
An admin writes a .plist that tells launchd to watch ~/Library/Application Support/sonicwallcse/Queues/connect/ (or the disconnect/ path). When CSE drops a trigger file, launchd detects it and runs whichever script the admin has configured. The timestamp in the filename (trigger_$(date +%s)) ensures each event creates a unique file, so launchd works reliably every time.
macOS paths
Connect
| Connect | |
|---|---|
| Trigger | On successful Service Tunnel connection. |
| Action | Create a unique, empty file. |
| Path | ` ~/Library/Application Support/sonicwallcse/Queues/connect/` |
| Example | touch ~/Library/Application\ Support/sonicwallcse/Queues/connect/trigger_$(date +%s) |
Disconnect
| Disconnect | |
|---|---|
| Trigger | On Service Tunnel disconnection. |
| Action | Create a unique, empty file. |
| Path | ` ~/Library/Application Support/sonicwallcse/Queues/disconnect/` |
| Example | touch ~/Library/Application\ Support/sonicwallcse/Queues/disconnect/trigger_$(date +%s) |
Event Hooks use cases
Auto-mapping network drives or file shares on connect
Users may want to map their local drive to a remote corporate drive, to enable file sharing on their network. Admins can hook a script to a CSE-generated Event so that a user who connects to their Service Tunnel can then automatically connect to a remote corporate file server to retrieve files.
Syncing Windows Active Directory group policies to local devices
Admins may want to have their group access policies synced each time users connect to their Service Tunnel. Using an event hook, admins can automate a script that syncs their Active Directory group policies each time a user connects to their Service Tunnel on their device.