Syslog
Microsoft.SystemCenter.RuleTemplates.SyslogCollection (Template)
Collect syslog entries forwarded to the Windows computer that match a specified expression
Source Code:
<Template ID="Microsoft.SystemCenter.RuleTemplates.SyslogCollection" Purpose="RuleCreation">
<Configuration>
<IncludeSchemaTypes>
<SchemaType>System!System.ExpressionEvaluatorSchema</SchemaType>
</IncludeSchemaTypes>
<xsd:element name="ID" type="xsd:string"/>
<xsd:element name="Name" type="xsd:string"/>
<xsd:element name="Enabled" type="xsd:string"/>
<xsd:element name="Description" type="xsd:string"/>
<xsd:element name="Target" type="xsd:string"/>
<xsd:element name="Category" type="xsd:string"/>
<xsd:element name="LocaleId" type="xsd:string"/>
<xsd:element name="Expression" type="ExpressionType"/>
</Configuration>
<References>
<Reference ID="System"/>
<Reference ID="AppLog"/>
<Reference ID="SC"/>
<Reference ID="SCDW"/>
</References>
<Implementation>
<Monitoring>
<Rules>
<Rule ID="$TemplateConfig/ID$" Target="$TemplateConfig/Target$" Enabled="$TemplateConfig/Enabled$">
<Category>$TemplateConfig/Category$</Category>
<DataSources>
<DataSource ID="SyslogDS" TypeID="$Reference/AppLog$System.ApplicationLog.SysLog.FilteredEventProvider">
<Port>514</Port>
<Expression>$TemplateConfig/Expression$</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="$Reference/SC$Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="$Reference/SCDW$Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>
</Rules>
</Monitoring>
<LanguagePacks>
<LanguagePack ID="$TemplateConfig/LocaleId$" IsDefault="true">
<DisplayStrings>
<DisplayString ElementID="$TemplateConfig/ID$">
<Name>$TemplateConfig/Name$</Name>
<Description>$TemplateConfig/Description$</Description>
</DisplayString>
</DisplayStrings>
</LanguagePack>
</LanguagePacks>
</Implementation>
</Template>
Home
ENU