Unix/Linux ログ ファイル
Microsoft.Unix.LogFile.Template (Template)
このテンプレートを使用すると、特定のログ エントリについて Unix/Linux ログ ファイル を監視できます。
Source Code:
<Template ID="Microsoft.Unix.LogFile.Template">
<Configuration>
<xsd:element name="Namespace" type="xsd:string"/>
<xsd:element name="TypeName" type="xsd:string"/>
<xsd:element name="SelectedGUID" type="xsd:string"/>
<xsd:element name="ComputerName" type="xsd:string"/>
<xsd:element name="ComputerGUID" type="xsd:string"/>
<xsd:element name="ComputerGroupName" type="xsd:string"/>
<xsd:element name="ComputerGroupGUID" type="xsd:string"/>
<xsd:element name="LogFileName" type="xsd:string"/>
<xsd:element name="FilterType" type="xsd:string"/>
<xsd:element name="Expression" type="xsd:string"/>
<xsd:element name="LocaleId" type="xsd:string"/>
<xsd:element name="TypeDisplayName" type="xsd:string"/>
<xsd:element name="TypeDescription" type="xsd:string"/>
</Configuration>
<References>
<Reference ID="System"/>
<Reference ID="SC"/>
<Reference ID="Windows"/>
<Reference ID="Self"/>
<Reference ID="Health"/>
<Reference ID="Unix"/>
</References>
<Implementation>
<TypeDefinitions>
<EntityTypes>
<ClassTypes/>
<RelationshipTypes/>
</EntityTypes>
<ModuleTypes/>
<MonitorTypes/>
</TypeDefinitions>
<Monitoring>
<Rules>
<Rule ID="$TemplateConfig/TypeName$.Alert" Target="Unix!Microsoft.Unix.Computer" Enabled="false" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Unix!Microsoft.Unix.SCXLog.Datasource">
<Host>$Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host>
<LogFile>$TemplateConfig/LogFileName$</LogFile>
<RegExpFilter>$TemplateConfig/Expression$</RegExpFilter>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertName>Log File Alert: $TemplateConfig/TypeDisplayName$</AlertName>
<AlertDescription>$Data/EventDescription$</AlertDescription>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>
</Rules>
<Overrides>
<RulePropertyOverride ID="$TemplateConfig/TypeName$.AlertRuleOverride" Context="Unix!Microsoft.Unix.Computer" ContextInstance="$TemplateConfig/SelectedGUID$" Enforced="false" Rule="$TemplateConfig/TypeName$.Alert" Property="Enabled">
<Value>true</Value>
</RulePropertyOverride>
</Overrides>
</Monitoring>
<PresentationTypes/>
<Presentation>
<ImageReferences/>
</Presentation>
<LanguagePacks>
<LanguagePack ID="$TemplateConfig/LocaleId$" IsDefault="true">
<DisplayStrings>
<DisplayString ElementID="$TemplateConfig/TypeName$.Alert">
<Name>LogFile Template: $TemplateConfig/LogFileName$ Logfile, $TemplateConfig/Expression$ Expression</Name>
</DisplayString>
</DisplayStrings>
<KnowledgeArticles>
<KnowledgeArticle ElementID="$TemplateConfig/TypeName$.Alert">
<MamlContent>
<maml:section xmlns:maml="http://schemas.microsoft.com/maml/2004/10">
<maml:title>Summary</maml:title>
<maml:para>The following alert message was detected in the $TemplateConfig/LogFileName$ logfile:</maml:para>
<maml:para/>
<maml:para>Log File Template: $TemplateConfig/TypeDisplayName$</maml:para>
<maml:para>Refer to the Alert Description for the Event entry that triggered this Alert.</maml:para>
<maml:para/>
<maml:para>Note: This Alert was generated via rules created with the LogFile Management Pack Template.</maml:para>
</maml:section>
</MamlContent>
</KnowledgeArticle>
</KnowledgeArticles>
</LanguagePack>
</LanguagePacks>
</Implementation>
</Template>
Home
JPN