SCEP Log File Real-time Protection State Change Data Source

Microsoft.SCEP.Linux.SCXLog.RTPEvent.DS (DataSourceModuleType)

Element properties:

Show References:
- Unit Monitor Types (2)

Type	DataSourceModuleType
Isolation	Any
Accessibility	Public
RunAs	Default
OutputType	System.PropertyBagData

Member Modules:

ID	Module Type	TypeId	RunAs
SCXlog	DataSource	Microsoft.Unix.SCXLog.Privileged.Datasource	Default
Parser	ProbeAction	Microsoft.Windows.PowerShellPropertyBagProbe	Default
ErrorFilter	ConditionDetection	System.ExpressionFilter	Default

Overrideable Parameters:

ID	ParameterType	Selector	Display Name	Description
LogFilePath	string	$Config/LogFile$	SCEP Log File Path

Source Code:

<DataSourceModuleType ID="Microsoft.SCEP.Linux.SCXLog.RTPEvent.DS" Accessibility="Public" Batching="false">

  <Configuration>

    <xsd:element minOccurs="1" name="Host" type="xsd:string"/>

    <xsd:element minOccurs="1" name="LogFile" type="xsd:string"/>

    <xsd:element minOccurs="1" name="RegExpFilter" type="xsd:string"/>

    <xsd:element minOccurs="1" name="WildcardFalse" type="xsd:string"/>

    <xsd:element minOccurs="1" name="WildcardTrue" type="xsd:string"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="LogFilePath" Selector="$Config/LogFile$" ParameterType="string"/>

  </OverrideableParameters>

  <ModuleImplementation Isolation="Any">

    <Composite>

      <MemberModules>

        <DataSource ID="SCXlog" TypeID="Unix!Microsoft.Unix.SCXLog.Privileged.Datasource">

          <Host>$Config/Host$</Host>

          <LogFile>$Config/LogFile$</LogFile>

          <RegExpFilter>$Config/RegExpFilter$</RegExpFilter>

        </DataSource>

        <ProbeAction ID="Parser" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagProbe">

          <ScriptName>RTPStatusChangeMonitor.ps1</ScriptName>

          <ScriptBody><Script>

  param([string]$CmdOutput, [string]$WildcardTrue, [string]$WildcardFalse)

  

  $api = new-object -comObject 'MOM.ScriptAPI'

  $oBag = $api.CreatePropertyBag()

  $Status = -1

  if ($CmdOutput)

  {

	[array]$varList = $CmdOutput.split(";")

    $varList | ForEach-Object -process {

				

		if ($CmdOutput -like $WildcardTrue) {

			$Status = 1

		}

		else {

			if ($CmdOutput -like $WildcardFalse) {

				$Status = 0

			}

		}

	}

  }	

  $oBag.AddValue("Status", $Status)

  $oBag.AddValue("OutData", $CmdOutput)

  $oBag

  Remove-variable api

  Remove-variable oBag

  </Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>CmdOutput</Name>

              <Value>$Data/EventData$</Value>

            </Parameter>

            <Parameter>

              <Name>WildcardTrue</Name>

              <Value>$Config/WildcardTrue$</Value>

            </Parameter>

            <Parameter>

              <Name>WildcardFalse</Name>

              <Value>$Config/WildcardFalse$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>600</TimeoutSeconds>

        </ProbeAction>

        <ConditionDetection ID="ErrorFilter" TypeID="System!System.ExpressionFilter">

          <Expression>

            <Not>

              <Expression>

                <Exists>

                  <ValueExpression>

                    <XPathQuery Type="String">WsManData/ErrorCode</XPathQuery>

                  </ValueExpression>

                </Exists>

              </Expression>

            </Not>

          </Expression>

        </ConditionDetection>

      </MemberModules>

      <Composition>

        <Node ID="Parser">

          <Node ID="ErrorFilter">

            <Node ID="SCXlog"/>

          </Node>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.PropertyBagData</OutputType>

</DataSourceModuleType>