Règle de surveillance de la passerelle Microsoft ATA 1.7 - La passerelle ATA n'a pas pu s'authentifier auprès du centre
La passerelle ATA n'a pas pu s'authentifier auprès du centre ATA.
Vérifiez que l'heure de la passerelle ATA est synchronisée avec l'heure du centre ATA.
Target | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
ATALogFile | DataSource | Microsoft.AdvancedThreatAnalytics.LogFileProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToAuthenticateAgainstCenter" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_7.Gateway" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>AvailabilityHealth</Category>
<DataSources>
<DataSource ID="ATALogFile" TypeID="Microsoft.AdvancedThreatAnalytics.LogFileProvider">
<LogFileDirectory>$Target/Property[Type="Microsoft.AdvancedThreatAnalytics.1_7.Gateway"]/InstallationPath$\Logs</LogFileDirectory>
<LogFilePattern>Microsoft.Tri.Gateway-Errors.log</LogFilePattern>
<PublisherName>System.ServiceModel.FaultException</PublisherName>
<ErrorStringContains>An error occurred when verifying security for the message</ErrorStringContains>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToAuthenticateAgainstCenter.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventData/DataItem/LogFileName$</AlertParameter1>
<AlertParameter2>$Data/EventData/DataItem/LogFileDirectory$</AlertParameter2>
<AlertParameter3>$Data/PublisherName$</AlertParameter3>
<AlertParameter4>$Data/EventDescription$</AlertParameter4>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
<SuppressionValue>$Data/EventDescription$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>