Home
  •  

重置计算机写入操作的日志文件监控

Microsoft.Unix.ResetLogFileMonitoring.WriteAction (WriteActionModuleType)

Element properties:

TypeWriteActionModuleType
IsolationAny
AccessibilityPublic
RunAsDefault
InputTypeSystem.BaseData
OutputTypeSystem.BaseData

Member Modules:

ID Module Type TypeId RunAs 
InvokeAction WriteAction Microsoft.Unix.WSMan.Invoke.VarPriv.WriteAction Default
InvokePriv WriteAction Microsoft.Unix.WSMan.Invoke.VarPriv.WriteAction Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
ResetOnReadbool$Config/ResetOnRead$在下次读取时重置若设置为 false,则对于潜在警报,将不处理日志文件的上次扫描和本次扫描之间的任何日志文件事件。
若设置为 true,则对于潜在警报,将不处理上一次日志文件扫描和下次日志监控扫描之间的任何日志文件事件。
如果恰在停用维护模式前运行此任务,则将该值设为 False。如果在维护模式开始时运行此任务,则将值设为 True。

Source Code:

<WriteActionModuleType ID="Microsoft.Unix.ResetLogFileMonitoring.WriteAction" Accessibility="Public">

  <Configuration>

    <xsd:element name="TargetSystem" type="xsd:string"/>

    <xsd:element name="ResetOnRead" type="xsd:boolean" minOccurs="0" default="false"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="ResetOnRead" ParameterType="bool" Selector="$Config/ResetOnRead$"/>

  </OverrideableParameters>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <WriteAction ID="InvokePriv" TypeID="Microsoft.Unix.WSMan.Invoke.VarPriv.WriteAction">

          <TargetSystem>$Config/TargetSystem$</TargetSystem>

          <UserName>$RunAs[Name="Microsoft.Unix.PrivilegedAccount"]/UserName$</UserName>

          <Password>$RunAs[Name="Microsoft.Unix.PrivilegedAccount"]/Password$</Password>

          <Uri>http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx</Uri>

          <Selector/>

          <InvokeAction>ExecuteCommand</InvokeAction>

          <Input>&lt;p:ExecuteCommand_INPUT xmlns:p="http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem"&gt;&lt;p:command&gt;/opt/microsoft/scx/bin/scxlogfilereader -g $Config/ResetOnRead$ &lt;/p:command&gt;&lt;p:timeout&gt;60&lt;/p:timeout&gt;&lt;/p:ExecuteCommand_INPUT&gt;</Input>

          <TimeOutInMS>600000</TimeOutInMS>

        </WriteAction>

        <WriteAction ID="InvokeAction" TypeID="Microsoft.Unix.WSMan.Invoke.VarPriv.WriteAction">

          <TargetSystem>$Config/TargetSystem$</TargetSystem>

          <UserName>$RunAs[Name="Microsoft.Unix.ActionAccount"]/UserName$</UserName>

          <Password>$RunAs[Name="Microsoft.Unix.ActionAccount"]/Password$</Password>

          <Uri>http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx</Uri>

          <Selector/>

          <InvokeAction>ExecuteCommand</InvokeAction>

          <Input>&lt;p:ExecuteCommand_INPUT xmlns:p="http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem"&gt;&lt;p:command&gt;/opt/microsoft/scx/bin/scxlogfilereader -g $Config/ResetOnRead$ &lt;/p:command&gt;&lt;p:timeout&gt;60&lt;/p:timeout&gt;&lt;/p:ExecuteCommand_INPUT&gt;</Input>

          <TimeOutInMS>600000</TimeOutInMS>

        </WriteAction>

      </MemberModules>

      <Composition>

        <Node ID="InvokePriv">

          <Node ID="InvokeAction"/>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.BaseData</OutputType>

  <InputType>System!System.BaseData</InputType>

</WriteActionModuleType>