Home
  •  

SPHA Security Rule Monitor

Microsoft.SharePoint.2016.SPHARuleMonitor.Security (UnitMonitor)

A critical state of this Monitor indicates that SharePoint Health Analyzer (SPHA) Security Rule failed.

Knowledge Base article:

Summary

To get the most current Knowledge Article from the Microsoft TechNet site, visit:

http://go.microsoft.com/fwlink/?LinkId=244979

Causes

View all current alerts from this object using this link:

View Alerts

Element properties:

TargetMicrosoft.SharePoint.2016.SPHARule.Security
Parent MonitorSystem.Health.SecurityState
CategorySecurityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SharePoint.2016.MonitorType.SPHARule
RemotableTrue
AccessibilityPublic
Alert Message
SharePoint: SPHA Security Rule Monitor Detects Failure

A critical incident has occurred where a SharePoint Health Analyzer (SPHA) Rule Monitor detected SPHA Security Rule failure.
FarmID: {0}
RuleName: {1}
FilterValue: {2}
Status: {3}
Explanation: {4}
Remedy: {5}
FailingServers: {6}
FailingServices: {7}
Link: {8}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SharePoint.2016.SPHARuleMonitor.Security" Accessibility="Public" Enabled="true" Target="MOSS16Core!Microsoft.SharePoint.2016.SPHARule.Security" ParentMonitorID="Health!System.Health.SecurityState" Priority="Normal" TypeID="Microsoft.SharePoint.2016.MonitorType.SPHARule">

  <Category>SecurityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.SharePoint.2016.SPHARuleMonitor.Security_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="MOSS!Microsoft.SharePoint.Library.SPHARule"]/FarmID$</AlertParameter1>

      <AlertParameter2>$Target/Property[Type="MOSS!Microsoft.SharePoint.Library.SPHARule"]/RuleName$</AlertParameter2>

      <AlertParameter3>$Data/Context/Property[@Name='FilterValue']$</AlertParameter3>

      <AlertParameter4>$Data/Context/Property[@Name='Status']$</AlertParameter4>

      <AlertParameter5>$Data/Context/Property[@Name='Explanation']$</AlertParameter5>

      <AlertParameter6>$Data/Context/Property[@Name='Remedy']$</AlertParameter6>

      <AlertParameter7>$Data/Context/Property[@Name='FailingServers']$</AlertParameter7>

      <AlertParameter8>$Data/Context/Property[@Name='FailingServices']$</AlertParameter8>

      <AlertParameter9>$Data/Context/Property[@Name='Link']$</AlertParameter9>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <IntervalSeconds>3600</IntervalSeconds>

    <SyncTime/>

    <TimeoutSeconds>300</TimeoutSeconds>

    <DebugTrace>false</DebugTrace>

    <FilterValue>$Target/Property[Type="MOSS!Microsoft.SharePoint.Library.SPHARule"]/RuleType$</FilterValue>

  </Configuration>

</UnitMonitor>