UNIX/Linux Log File Monitoring
Microsoft.Unix.LogFile.Template (Template)
This template allows you to monitor a UNIX/Linux log file for a specific log entry.
Source Code:
<Template ID="Microsoft.Unix.LogFile.Template">
<Configuration>
<xsd:element name="Namespace" type="xsd:string"/>
<xsd:element name="TypeName" type="xsd:string"/>
<xsd:element name="MonitoringTargetName" type="xsd:string"/>
<xsd:element name="SelectedGUID" type="xsd:string"/>
<xsd:element name="MonitoringTargetIsGroup" type="xsd:string"/>
<xsd:element name="LogFileName" type="xsd:string"/>
<xsd:element name="RunAsProfile" type="xsd:string"/>
<xsd:element name="AlertSeverity" type="xsd:string"/>
<xsd:element name="FilterType" type="xsd:string"/>
<xsd:element name="Expression" type="xsd:string"/>
<xsd:element name="LocaleId" type="xsd:string"/>
<xsd:element name="TypeDisplayName" type="xsd:string"/>
<xsd:element name="TypeDescription" type="xsd:string"/>
</Configuration>
<References>
<Reference ID="System"/>
<Reference ID="SC"/>
<Reference ID="Windows"/>
<Reference ID="Self"/>
<Reference ID="Health"/>
<Reference ID="Unix"/>
</References>
<Implementation>
<TypeDefinitions>
<EntityTypes>
<ClassTypes/>
<RelationshipTypes/>
</EntityTypes>
<ModuleTypes/>
<MonitorTypes/>
</TypeDefinitions>
<Monitoring>
<Rules>
<Rule ID="$TemplateConfig/TypeName$.Alert" Target="$Reference/Unix$Microsoft.Unix.Computer" Enabled="false" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="$Reference/Unix$Microsoft.Unix.SCXLog.VarPriv.DataSource">
<Host>$Target/Property[Type="$Reference/Unix$Microsoft.Unix.Computer"]/PrincipalName$</Host>
<LogFile>$TemplateConfig/LogFileName$</LogFile>
<UserName>$RunAs[Name="$Reference/Unix$$TemplateConfig/RunAsProfile$"]/UserName$</UserName>
<Password>$RunAs[Name="$Reference/Unix$$TemplateConfig/RunAsProfile$"]/Password$</Password>
<RegExpFilter>$TemplateConfig/Expression$</RegExpFilter>
<IndividualAlerts>false</IndividualAlerts>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="$Reference/Health$System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>$TemplateConfig/AlertSeverity$</Severity>
<AlertName>Log File Alert: $TemplateConfig/TypeDisplayName$</AlertName>
<AlertDescription>$Data/EventDescription$</AlertDescription>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>
</Rules>
<Overrides>
<RulePropertyOverride ID="$TemplateConfig/TypeName$.AlertRuleOverride" Context="$Reference/Unix$Microsoft.Unix.Computer" ContextInstance="$TemplateConfig/SelectedGUID$" Enforced="false" Rule="$TemplateConfig/TypeName$.Alert" Property="Enabled">
<Value>true</Value>
</RulePropertyOverride>
</Overrides>
</Monitoring>
<PresentationTypes/>
<Presentation>
<ImageReferences/>
</Presentation>
<LanguagePacks>
<LanguagePack ID="$TemplateConfig/LocaleId$" IsDefault="true">
<DisplayStrings>
<DisplayString ElementID="$TemplateConfig/TypeName$.Alert">
<Name>LogFile Template: $TemplateConfig/LogFileName$ Logfile, $TemplateConfig/Expression$ Expression</Name>
</DisplayString>
</DisplayStrings>
<KnowledgeArticles>
<KnowledgeArticle ElementID="$TemplateConfig/TypeName$.Alert">
<MamlContent>
<maml:section xmlns:maml="http://schemas.microsoft.com/maml/2004/10">
<maml:title>Summary</maml:title>
<maml:para>The following alert message was detected in the $TemplateConfig/LogFileName$ log file:</maml:para>
<maml:para/>
<maml:para>Log File Template: $TemplateConfig/TypeDisplayName$</maml:para>
<maml:para>Refer to the Alert Description for the Event entry that triggered this Alert.</maml:para>
<maml:para/>
<maml:para>Note: This Alert was generated via rules created with the Log File Management Pack Template.</maml:para>
</maml:section>
</MamlContent>
</KnowledgeArticle>
</KnowledgeArticles>
</LanguagePack>
</LanguagePacks>
</Implementation>
</Template>
Home
ENU