This rule generates an alert if a line logged to the Virtual Host's error log matches the defined regular expression.
This rule monitors the Error Log for an Apache Virtual Host and generates alerts if newlines matching the defined Regular Expression are found.
Investigate the cause of the fault described by the error message.
This rule is disabled by default. Use overrides to enable the rule and define the regular expression to match for generating alerts.
Default Configuration
Parameter | Default Value |
Enabled | false |
RegExpFilter | error |
Overrides can be used to change the parameter values defined above for all instances or for specific instances or groups.
Target | Microsoft.ApacheHTTPServer.VirtualHost.Unix | ||
Category | EventCollection | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Information | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Unix.SCXLog.Privileged.Datasource | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.ApacheHTTPServer.VirtualHost.Unix.ErrorLog.Alert" Target="Microsoft.ApacheHTTPServer.VirtualHost.Unix" Enabled="false" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Unix!Microsoft.Unix.SCXLog.Privileged.Datasource">
<Host>$Target/Host/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host>
<LogFile>$Target/Property[Type="Microsoft.ApacheHTTPServer.VirtualHost"]/ErrorLog$</LogFile>
<RegExpFilter>error</RegExpFilter>
<IndividualAlerts>false</IndividualAlerts>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>0</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.ApacheHTTPServer.VirtualHost.Unix.ErrorLog.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>