由于证书吊销列表 (CRL) 无效或丢失,客户端证书被吊销
Microsoft.Forefront.TMG.The_client_certificate_was_revoked_due_to_an_invalid_or_missing_Certificate_Revocation_List_CRL.Rule (Rule)
如果由于证书吊销列表 (CRL) 无效或丢失而导致客户端证书被吊销,此规则将生成警报
Element properties:
Member Modules:
Source Code:
<Rule ID="Microsoft.Forefront.TMG.The_client_certificate_was_revoked_due_to_an_invalid_or_missing_Certificate_Revocation_List_CRL.Rule" Enabled="true" Target="Microsoft.Forefront.TMG.WebProxy.ServerComponent" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(21198)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Forefront TMG Web Proxy</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.Forefront.TMG.The_client_certificate_was_revoked_due_to_an_invalid_or_missing_Certificate_Revocation_List_CRL.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>2</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>