Monitor Enterprise Random Password Manager and Management Pack's Non Informational Event.
Any time an non information event is logged in the application event log related to ERPM or its management pack, this alert will be generated.
Look at the alert context for detail information regarding whether / how to fix the problem.
Target | Microsoft.Windows.Server.Computer | ||
Category | Custom | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | LiebermanSoftware.ERPMMP.EventDataSourceModuleType | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="LiebermanSoftware.ERPMMP.RPMNonInformationEventRule" Enabled="false" Target="Windows!Microsoft.Windows.Server.Computer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="DS" TypeID="LiebermanSoftware.ERPMMP.EventDataSourceModuleType">
<PublisherName>^Enterprise Random Password Manager.*</PublisherName>
<EventLevel>4</EventLevel>
<LogName>Application</LogName>
<ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<EventLevelExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventLevel</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="Integer">4</Value>
</ValueExpression>
</SimpleExpression>
</EventLevelExpression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="LiebermanSoftware.ERPMMP.RPMNonInformationEventRule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
<AlertParameter2>$Data/EventDisplayNumber$</AlertParameter2>
<AlertParameter3>$Data/EventLevel$</AlertParameter3>
<AlertParameter4>$Data/PublisherName$</AlertParameter4>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
</Suppression>
<Custom1/>
<Custom2/>
<Custom3/>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>