Home
  •  

Microsoft Dns Analytics Configuration Execution Rule

Microsoft.SystemCenter.CollectDnsEtwEvents.Scom (Rule)

Microsoft Dns Analytics Configuration collection rule

Element properties:

TargetMicrosoft.Windows.Computer
CategoryCustom
EnabledTrue
Alert GenerateFalse
RemotableTrue

Member Modules:

ID Module Type TypeId RunAs 
DnsDSScom DataSource Microsoft.EnterpriseManagement.Mom.Modules.EtwModules.EtwDataSource System.PrivilegedMonitoringAccount
WAScom WriteAction Microsoft.SystemCenter.CollectDnsEtwEvent Default

Source Code:

<Rule ID="Microsoft.SystemCenter.CollectDnsEtwEvents.Scom" Enabled="true" Target="Windows!Microsoft.Windows.Computer" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Custom</Category>

  <DataSources>

    <DataSource ID="DnsDSScom" RunAs="System!System.PrivilegedMonitoringAccount" TypeID="Etw!Microsoft.EnterpriseManagement.Mom.Modules.EtwModules.EtwDataSource">

      <SessionName>DnsAnalytic_ETW</SessionName>

      <RuleName>$MPElement/Name$</RuleName>

      <NotificationMethod>Pull</NotificationMethod>

      <MaxDataItemSizeKB>100</MaxDataItemSizeKB>

      <MaxDataItemQueueSize>100</MaxDataItemQueueSize>

      <DataItemBatchSize>10</DataItemBatchSize>

      <DataItemPostIntervalSeconds>2</DataItemPostIntervalSeconds>

      <Providers>

        <Provider>

          <Name>EB79061A-A566-4698-9119-3ED2807060E7</Name>

          <Level>Verbose</Level>

          <MatchAnyKeywords>6</MatchAnyKeywords>

        </Provider>

      </Providers>

      <EventPropertiesToKeepCSV>QNAME,QTYPE,RCODE,Zone,Destination,ResolvedIps,Computer,Timestamp</EventPropertiesToKeepCSV>

      <EventPropertyCustomHandlersCSV>DnsPacketDataHandler,DnsHighVolumeListHandler</EventPropertyCustomHandlersCSV>

      <CustomHandlerDataCSV>.ok,.cloudapp.net,.windows.net,.live.com,.ip6.arpa,.live.net,.google.com,.in-addr.arpa,.office365.com,.tellme.org,.msftncsi.com,.akamaihd.net,.doubleverify.com,.facebook.com,.bing.com,.gstatic.com,.hpclab.local,.xboxlive.com,.sharepoint.com,.yahoo.com,.doubleclick.net,.msn.com,.sqlazurelabs.com,.akamai.net,.microsoft.com,.akamaiedge.net,.akadns.net,.twitter.com,.outlook.com,.cloudfront.net,.phx.gbl,.1drv.com,.visualstudio.com,.dnsdemo4.com,.ubuntu.com,.aol.com,.amazonaws.com,.trafficmanager.net,.googleusercontent.com,.liverail.com,.adnxs.com,.windows.com,.livefilestore.com,.btrll.com,.apple.com,.fbcdn.net,.youtube.com,.advertising.com,.scorecardresearch.com,.imrworldwide.com,.2mdn.net,.googlesyndication.com,.go.com,.googleapis.com,.microsoftstore.com,.sys-sqlsvr.local,.adap.tv,.amazon.com,.cnn.com,.edgesuite.net,.pubmatic.com,.weibo.com,.fidelity.com,.betrad.com,.moatads.com,.hotmail.com,.skype.net,.disqus.com,.turn.com,.rubiconproject.com,.skype.com,.google-analytics.com,.nexac.com,.mathtag.com,.rfihub.com,.stackexchange.com,.adsafeprotected.com,.serving-sys.com,.casalemedia.com,.chartbeat.net,.pinterest.com,.baidu.com,.amazon-adsystem.com,.googlevideo.com,.rfihub.net,.addthis.com,.ebay.com,.chinatimes.com,.demdex.net,.twimg.com,.wikipedia.org,.microsoftstore.com,.microsoftonline.com,.ytimg.com,.revsci.net,.virtualearth.net,.dotomi.com,.vindicosuite.com,.wordpress.com</CustomHandlerDataCSV>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WAScom" TypeID="IPTypes!Microsoft.SystemCenter.CollectDnsEtwEvent"/>

  </WriteActions>

</Rule>