If a trigger is not firing as expected, follow these steps to figure out why:

 
Wait a few minutes:

If the trigger is new, it may take a couple minutes to start working. While most triggers are fully enforceable within 30 seconds, allow a grace period of two minutes.


Double-check your trigger query:

When users find their triggers aren't firing as expected, the most common culprit is an invalid or inadequate trigger query. Make sure there are no extra spaces, commas, or unintended characters in the input field. If the query references a specific server, make sure the server name is entered correctly (and corresponds with the server where you entered the command you expected to cause the trigger to fire).

The article Trigger best practices and examples provides some detailed examples of how to improve inadequate trigger queries. For more information about CQL values and boolean operators, see Understanding CQL values.


Ensure that the trigger and server are in the same project:

If your Cmd account includes multiple projects, make sure the trigger is in the same project as the server where you attempt to test it. If you created the trigger within Project ABC, it won't fire for activity on servers in Project DEF.

Make sure the agent is online:

When the Cmd agent is offline, it doesn't monitor commands (and therefore triggers cannot fire). There are two reasons why the agent could be offline: the server is down; or the agent cannot connect to the collector. 

To verify the status of the agent on a particular server, go to the 'Sessions' page, then click Manage servers, and look at the server's 'Agent Status'. If it is 'Reconnecting', 'Normal shutdown', or 'Uninstalled', triggers won't fire, and you may want to read the Cmd troubleshooting guide.

Reach out to the Cmd team:

If you're confident that none of the above reasons explain why your trigger isn't firing, please contact support to help you investigate.