UNIX/Linux modülü için ACS'yi Güvenlik Olay Günlüğü iletisine yazma hatası için Uyarı Kuralı.
Yönetim sunucusu Güvenli Olay Günlüğüne yazamadı.
Tüm Yönetim Sunucularının Güvenli Olay Günlüğüne yazma izni olması gerekir.
Lütfen İşlemler Yönetim Sunucusunu Yönetici olarak yürütün.
Target | Microsoft.SystemCenter.ManagementServer | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 258 | ||
Event Source | Cross Platform ACS | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Operations Manager |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.ACS.Unix.SecurityEventLogWriteFail.Alert" Enabled="true" Target="SC!Microsoft.SystemCenter.ManagementServer" ConfirmDelivery="true" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Cross Platform ACS</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>258</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.ACS.Unix.SecurityEventLogWriteFail.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>