Home
  •  

安全事件日志写入操作(LogWriter)

Microsoft.ACS.Unix.SecureEventLogWriter (WriteActionModuleType)

用于写入安全事件日志的写入操作

Element properties:

TypeWriteActionModuleType
IsolationAny
AccessibilityPublic
RunAsDefault
InputTypeSystem.BaseData

Member Modules:

ID Module Type TypeId RunAs 
ACSWriteAction WriteAction Microsoft.ACS.Unix.SecureEventLogWriter.Base Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
RegExpstring$Config/RegExp$正则表达式用于从数据项中提取信息的正则表达式。
EventTypestring$Config/EventType$事件类型要在写入到安全事件日志时使用的事件类型。
EventIdstring$Config/EventId$事件 ID要在写入到安全事件日志时使用的事件 ID。
BackrefDefaultsstring$Config/BackrefDefaults$默认的向后引用值用于初始化正则表达式中的向后引用参数的名称/值对。
BackrefOverridesstring$Config/BackrefOverrides$向后引用值替代用于替代正则表达式中的向后引用参数的名称/值对。

Source Code:

<WriteActionModuleType ID="Microsoft.ACS.Unix.SecureEventLogWriter" Accessibility="Public" Batching="false">

  <Configuration>

    <xsd:element name="RegExp" type="xsd:string"/>

    <xsd:element name="EventType" type="xsd:string"/>

    <xsd:element name="EventId" type="xsd:string"/>

    <xsd:element name="BackrefDefaults" type="xsd:string" minOccurs="0"/>

    <xsd:element name="BackrefOverrides" type="xsd:string" minOccurs="0"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="RegExp" ParameterType="string" Selector="$Config/RegExp$"/>

    <OverrideableParameter ID="EventType" ParameterType="string" Selector="$Config/EventType$"/>

    <OverrideableParameter ID="EventId" ParameterType="string" Selector="$Config/EventId$"/>

    <OverrideableParameter ID="BackrefDefaults" ParameterType="string" Selector="$Config/BackrefDefaults$"/>

    <OverrideableParameter ID="BackrefOverrides" ParameterType="string" Selector="$Config/BackrefOverrides$"/>

  </OverrideableParameters>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <WriteAction ID="ACSWriteAction" TypeID="Microsoft.ACS.Unix.SecureEventLogWriter.Base">

          <AgentMachine>     $Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$   </AgentMachine>

          <RegExp>           $Config/RegExp$           </RegExp>

          <EventType>        $Config/EventType$        </EventType>

          <EventId>          $Config/EventId$          </EventId>

          <TimeZoneOffset>   $Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/TimeZoneOffset$ </TimeZoneOffset>

          <SELEventSource>   CrossPlatformSecurity     </SELEventSource>

          <BackrefDefaults>  $Config/BackrefDefaults$  </BackrefDefaults>

          <BackrefOverrides> $Config/BackrefOverrides$ </BackrefOverrides>

        </WriteAction>

      </MemberModules>

      <Composition>

        <Node ID="ACSWriteAction"/>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <InputType>System!System.BaseData</InputType>

</WriteActionModuleType>