EventMapperDS (DataSourceModuleType)

Element properties:

Member Modules:

Source Code:

<DataSourceModuleType ID="EventMapperDS" Accessibility="Internal" Batching="false">

  <Configuration/>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

          <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

          <LogName>Application</LogName>

          <Expression>

            <And>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery Type="String">PublisherName</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>GetEngineFiles</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

              <Expression>

                <SimpleExpression>

                  <ValueExpression>

                    <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

                  </ValueExpression>

                  <Operator>Equal</Operator>

                  <ValueExpression>

                    <Value>2012</Value>

                  </ValueExpression>

                </SimpleExpression>

              </Expression>

            </And>

          </Expression>

        </DataSource>

        <ProbeAction ID="ScriptPropertyBag" TypeID="WindowsLibrary!Microsoft.Windows.ScriptPropertyBagProbe">

          <ScriptName>test.vbs</ScriptName>

          <Arguments>$Data/Params/Param[1]$</Arguments>

          <ScriptBody><Script>

									Const REG_KEY = "SOFTWARE\Microsoft\Forefront Server Security\"

									Const REG_KEY_64 = "SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\"

									Const InstalledProduct = "Exchange Server"



									Dim oArgs

									Set oArgs = WScript.Arguments

									EngineName = oArgs(0)



									UpdateRegPath = REG_KEY &amp; InstalledProduct &amp; "\Scan Engines\" &amp; EngineName

									UpdateRegPath_64 = REG_KEY_64 &amp; InstalledProduct &amp; "\Scan Engines\" &amp; EngineName



									WScript.Sleep(10000)



									UpdateNumber = RetrieveRegValue (UpdateRegPath, "Update Version", 2)

									If IsNull(UpdateNumber) or UpdateNumber = "" Then

									UpdateNumber = RetrieveRegValue (UpdateRegPath_64, "Update Version", 2)

									'UpdateNumber = "5.91.0"

									end if



									Set oAPI = CreateObject("MOM.ScriptAPI")



									set bag= oAPI.CreatePropertyBag()



									call bag.AddValue("Engine", EngineName)

									call bag.AddValue("Version", UpdateNumber)



									call oAPI.Return(bag)



									'********************************************************************

									'*

									'* Function:           RetrieveRegValue

									'*

									'* Purpose: Retrieves String Value from Registry

									'*

									'********************************************************************



									Function RetrieveRegValue (Key, strValueName, intValueType)



									' intValueType 	-&gt; 1 = String Value

									'		-&gt; 2 = DWORD Value



									const HKEY_LOCAL_MACHINE = &amp;H80000002

									Dim strServerName

									Dim objReg

									Dim strRegValue





									On Error Resume Next

									Err.Clear

									Set objReg=GetObject("winmgmts:\root\default:StdRegProv")

									If Err.Number &lt;&gt; 0 Then

									Err.Clear

									strRegValue = NULL

									Else



									Select Case intValueType

									Case 1

									strErr = objReg.GetStringValue (HKEY_LOCAL_MACHINE, Key, strValueName, strRegValue)



									Case 2

									strErr = objReg.GetDWORDValue (HKEY_LOCAL_MACHINE, Key, strValueName, strRegValue)



									End Select



									' if reading the registry fails via wmi return error



									If strErr &lt;&gt; 0 then

									strRegValue = NULL

									End If

									End If



									Set objReg = Nothing



									RetrieveRegValue = strRegValue





									End Function



								</Script></ScriptBody>

          <TimeoutSeconds>60</TimeoutSeconds>

        </ProbeAction>

        <ConditionDetection ID="EventMapper" TypeID="SystemLibrary!System.Event.GenericDataMapper">

          <EventOriginId>$MPElement$</EventOriginId>

          <PublisherId>$MPElement$</PublisherId>

          <PublisherName>Forefront</PublisherName>

          <Channel>Forefront</Channel>

          <LoggingComputer>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</LoggingComputer>

          <EventNumber>9525</EventNumber>

          <EventCategory>0</EventCategory>

          <EventLevel>0</EventLevel>

          <UserName/>

          <Description>The engine has been successfully updated on Microsoft Forefront Security Server.</Description>

          <Params>

            <Param>$Data/Engine$</Param>

            <Param>$Data/Version$</Param>

          </Params>

        </ConditionDetection>

      </MemberModules>

      <Composition>

        <Node ID="EventMapper">

          <Node ID="ScriptPropertyBag">

            <Node ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_"/>

          </Node>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>SystemLibrary!System.Event.Data</OutputType>

</DataSourceModuleType>