Home
  •  

NT Event Log send to Advisor

Microsoft.IntelligencePacks.RuleTemplates.WindowsEventCollection (Template)

Collect Windows Events and uploads them to Advisor

Source Code:

<Template ID="Microsoft.IntelligencePacks.RuleTemplates.WindowsEventCollection" Purpose="RuleCreation">

  <Configuration>

    <IncludeSchemaTypes>

      <SchemaType>Windows!Microsoft.Windows.ComputerNameSchema</SchemaType>

      <SchemaType>System!System.ExpressionEvaluatorSchema</SchemaType>

    </IncludeSchemaTypes>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ID" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Name" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Enabled" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Description" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Target" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Category" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="LocaleId" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ComputerName" type="ComputerNameType" minOccurs="0" maxOccurs="1"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="LogName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Expression" type="ExpressionType"/>

  </Configuration>

  <References>

    <Reference ID="System"/>

    <Reference ID="Windows"/>

    <Reference ID="SC"/>

    <Reference ID="IPTypes"/>

    <Reference ID="RuleTemplates"/>

  </References>

  <Implementation>

    <Monitoring>

      <Rules>

        <Rule ID="$TemplateConfig/ID$" Target="$TemplateConfig/Target$" ConfirmDelivery="true" Enabled="$TemplateConfig/Enabled$">

          <Category>$TemplateConfig/Category$</Category>

          <DataSources>

            <DataSource ID="DS" TypeID="$Reference/Windows$Microsoft.Windows.EventCollector">

              <ComputerName>$TemplateConfig/ComputerName$</ComputerName>

              <LogName>$TemplateConfig/LogName$</LogName>

              <AllowProxying>false</AllowProxying>

              <Expression>$TemplateConfig/Expression$</Expression>

            </DataSource>

          </DataSources>

          <WriteActions>

            <WriteAction ID="HttpWA" TypeID="$Reference/IPTypes$Microsoft.SystemCenter.CollectCloudGenericEvent"/>

          </WriteActions>

        </Rule>

      </Rules>

    </Monitoring>

    <LanguagePacks>

      <LanguagePack ID="$TemplateConfig/LocaleId$" IsDefault="true">

        <DisplayStrings>

          <DisplayString ElementID="$TemplateConfig/ID$">

            <Name>$TemplateConfig/Name$</Name>

            <Description>$TemplateConfig/Description$</Description>

          </DisplayString>

        </DisplayStrings>

      </LanguagePack>

    </LanguagePacks>

  </Implementation>

</Template>