Monitor de rendimiento para el tamaño de bloque de LogonEvent de base de datos del Centro de Microsoft ATA 1.8
Cantidad de actividades de red de un tipo específico en cola para escribirse en la base de datos.
Debe ser inferior al valor máximo de -1 (valor máximo predeterminado: 50 000).
Target | Microsoft.AdvancedThreatAnalytics.1_8.Center | ||
Parent Monitor | System.Health.PerformanceState | ||
Category | PerformanceHealth | ||
Enabled | True | ||
Instance Name | Microsoft ATA Center | ||
Counter Name | Database LogonEvent Block Size | ||
Frequency | 60 | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | System.Performance.ConsecutiveSamplesThreshold | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLogonEventBlockSize.PerformanceHealth" Accessibility="Public" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_8.Center" ParentMonitorID="Health!System.Health.PerformanceState" Remotable="true" Priority="Normal" TypeID="Perf!System.Performance.ConsecutiveSamplesThreshold" ConfirmDelivery="false">
<Category>PerformanceHealth</Category>
<AlertSettings AlertMessage="Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLogonEventBlockSize.PerformanceHealth.Alert">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data[Default='']/Context/InstanceName$</AlertParameter1>
<AlertParameter2>$Data[Default='']/Context/ObjectName$</AlertParameter2>
<AlertParameter3>$Data[Default='']/Context/CounterName$</AlertParameter3>
<AlertParameter4>$Data[Default='']/Context/SampleValue$</AlertParameter4>
<AlertParameter5>$Data[Default='']/Context/TimeSampled$</AlertParameter5>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConditionFalse" MonitorTypeStateID="ConditionFalse" HealthState="Success"/>
<OperationalState ID="ConditionTrue" MonitorTypeStateID="ConditionTrue" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<CounterName>Database LogonEvent Block Size</CounterName>
<ObjectName>Microsoft ATA Center</ObjectName>
<InstanceName>nt authority\system\microsoft.tri.center</InstanceName>
<AllInstances>false</AllInstances>
<Frequency>60</Frequency>
<Threshold>50000</Threshold>
<Direction>greater</Direction>
<NumSamples>1</NumSamples>
</Configuration>
</UnitMonitor>