Microsoft ATA 1.8 网关 NetworkListener ETW 丢弃事件数/秒的性能监视器
ATA 网关每秒丢弃的流量。
应总是为零(极少数情况下短暂突发的下降是可以接受的)
| Target | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | ||
| Parent Monitor | System.Health.PerformanceState | ||
| Category | PerformanceHealth | ||
| Enabled | True | ||
| Instance Name | Microsoft ATA Gateway | ||
| Counter Name | NetworkListener ETW Dropped Events/Sec | ||
| Frequency | 60 | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | System.Performance.ConsecutiveSamplesThreshold | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home
CHS <UnitMonitor ID="Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEventsSec.PerformanceHealth" Accessibility="Public" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_8.Gateway" ParentMonitorID="Health!System.Health.PerformanceState" Remotable="true" Priority="Normal" TypeID="Perf!System.Performance.ConsecutiveSamplesThreshold" ConfirmDelivery="false">
<Category>PerformanceHealth</Category>
<AlertSettings AlertMessage="Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEventsSec.PerformanceHealth.Alert">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data[Default='']/Context/InstanceName$</AlertParameter1>
<AlertParameter2>$Data[Default='']/Context/ObjectName$</AlertParameter2>
<AlertParameter3>$Data[Default='']/Context/CounterName$</AlertParameter3>
<AlertParameter4>$Data[Default='']/Context/SampleValue$</AlertParameter4>
<AlertParameter5>$Data[Default='']/Context/TimeSampled$</AlertParameter5>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConditionFalse" MonitorTypeStateID="ConditionFalse" HealthState="Success"/>
<OperationalState ID="ConditionTrue" MonitorTypeStateID="ConditionTrue" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<CounterName>NetworkListener ETW Dropped Events/Sec</CounterName>
<ObjectName>Microsoft ATA Gateway</ObjectName>
<InstanceName>nt authority\system\microsoft.tri.gateway</InstanceName>
<AllInstances>false</AllInstances>
<Frequency>60</Frequency>
<Threshold>0</Threshold>
<Direction>greater</Direction>
<NumSamples>2</NumSamples>
</Configuration>
</UnitMonitor>