Home
  •  

ATA Gateway failed to establish connection to the ATA Center

Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToEstablishConnectionToCenter (Rule)

Rule to monitor Microsoft ATA 1.7 Gateway - ATA Gateway failed to establish connection to the ATA Center

Knowledge Base article:

Summary

The ATA Gateway failed to establish connection to the ATA Center.

Resolutions

Ensure that the network settings are correct and that the network connection between the ATA Gateway and the ATA Center is active

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_7.Gateway
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
ATA Gateway failed to establish connection to the ATA Center Alert

ATA Gateway failed to establish connection to the ATA Center
Log File: {0}
Log File Directory: {1}
Log Provider: {2}
Logged Row: {3}

Member Modules:

ID Module Type TypeId RunAs 
ATALogFile DataSource Microsoft.AdvancedThreatAnalytics.LogFileProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToEstablishConnectionToCenter" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_7.Gateway" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>AvailabilityHealth</Category>

  <DataSources>

    <DataSource ID="ATALogFile" TypeID="Microsoft.AdvancedThreatAnalytics.LogFileProvider">

      <LogFileDirectory>$Target/Property[Type="Microsoft.AdvancedThreatAnalytics.1_7.Gateway"]/InstallationPath$\Logs</LogFileDirectory>

      <LogFilePattern>Microsoft.Tri.Gateway-Errors.log</LogFilePattern>

      <PublisherName>System.ServiceModel.EndpointNotFoundException</PublisherName>

      <ErrorStringContains>Could not connect to net.tcp://</ErrorStringContains>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToEstablishConnectionToCenter.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventData/DataItem/LogFileName$</AlertParameter1>

        <AlertParameter2>$Data/EventData/DataItem/LogFileDirectory$</AlertParameter2>

        <AlertParameter3>$Data/PublisherName$</AlertParameter3>

        <AlertParameter4>$Data/EventDescription$</AlertParameter4>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

        <SuppressionValue>$Data/EventDescription$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>