工作流运行时: 无法运行 WMI 事件的 WMI 查询
Microsoft.SystemCenter.WmiEventModule.FailedExecution.Alert (Rule)
WMI 事件模块遇到运行时失败时,此规则将生成警报。
Knowledge Base article:
Element properties:
Member Modules:
Source Code:
<Rule ID="Microsoft.SystemCenter.WmiEventModule.FailedExecution.Alert" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Health Service Modules</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Params/Param[1]</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">$Target/ManagementGroup/Name$</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">10353</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">10357</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">10359</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">10361</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">10363</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<ConditionDetection ID="Consolidator" TypeID="Microsoft.SystemCenter.Overridable.ConsolidatorCondition">
<ConsolidationProperties>
<PropertyXPathQuery>Params/Param[1]</PropertyXPathQuery>
<PropertyXPathQuery>Params/Param[2]</PropertyXPathQuery>
<PropertyXPathQuery>EventDisplayNumber</PropertyXPathQuery>
</ConsolidationProperties>
<IntervalSeconds>3600</IntervalSeconds>
<Count>3</Count>
</ConditionDetection>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.WmiEventModule.FailedExecution.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Context/DataItem/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$EventData/Data[2]$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>
Home
CHS