Monitoraggio AD Validate Server Trust

AD_Validate_Server_Trust_Event.Monitortype (UnitMonitorType)

Element properties:

Member Modules:

Overrideable Parameters:

Source Code:

<UnitMonitorType ID="AD_Validate_Server_Trust_Event.Monitortype" Accessibility="Internal">

  <MonitorTypeStates>

    <MonitorTypeState ID="ValidateServerTrustOK" NoDetection="false"/>

    <MonitorTypeState ID="ValidateServerTrustError" NoDetection="false"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element name="TargetComputerName" type="xsd:string"/>

    <xsd:element name="LogSuccessEvent" type="xsd:boolean"/>

    <xsd:element name="TimeoutSeconds" type="xsd:int"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="LogSuccessEvent" Selector="$Config/LogSuccessEvent$" ParameterType="string"/>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">

        <ComputerName>$Config/TargetComputerName$</ComputerName>

        <LogName>System</LogName>

        <Expression>

          <And>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery>PublisherName</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value>Netlogon</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <RegExExpression>

                <ValueExpression>

                  <XPathQuery>EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>MatchesMOM2005RegularExpression</Operator>

                <Pattern>^5723$</Pattern>

              </RegExExpression>

            </Expression>

          </And>

        </Expression>

      </DataSource>

      <ProbeAction ID="EventProbe" TypeID="AD_Validate_Server_Trust_Event.ProbeAction">

        <TargetComputerName>$Config/TargetComputerName$</TargetComputerName>

        <LogSuccessEvent>$Config/LogSuccessEvent$</LogSuccessEvent>

        <ComputerAccount>$Data/Params/Param[2]$</ComputerAccount>

        <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

      </ProbeAction>

      <ConditionDetection ID="FilterOK" TypeID="System!System.ExpressionFilter">

        <Expression>

          <RegExExpression>

            <ValueExpression>

              <XPathQuery>State</XPathQuery>

            </ValueExpression>

            <Operator>ContainsSubstring</Operator>

            <Pattern>GOOD</Pattern>

          </RegExExpression>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="FilterNotOK" TypeID="System!System.ExpressionFilter">

        <Expression>

          <RegExExpression>

            <ValueExpression>

              <XPathQuery>State</XPathQuery>

            </ValueExpression>

            <Operator>ContainsSubstring</Operator>

            <Pattern>BAD</Pattern>

          </RegExExpression>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="ValidateServerTrustOK">

        <Node ID="FilterOK">

          <Node ID="EventProbe">

            <Node ID="EventDS"/>

          </Node>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="ValidateServerTrustError">

        <Node ID="FilterNotOK">

          <Node ID="EventProbe">

            <Node ID="EventDS"/>

          </Node>

        </Node>

      </RegularDetection>

    </RegularDetections>

  </MonitorImplementation>

</UnitMonitorType>