Home
  •  

Log File VarPriv Datasource

Microsoft.Unix.SCXLog.VarPriv.DataSource (DataSourceModuleType)

This Datasource filters out rows from a log file that match a regular expression, accepting variable privileges.

Element properties:

TypeDataSourceModuleType
IsolationAny
AccessibilityPublic
RunAsDefault
OutputTypeSystem.BaseData

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Unix.SCXLog.Native.DataSource Default
Mapper ConditionDetection System.Event.GenericDataMapper Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
Hoststring$Config/Host$HostHost where log file resides.
LogFilestring$Config/LogFile$LogFilePath to log file.
RegExpFilterstring$Config/RegExpFilter$RegExpFilterRegular expression to use for filtering log file records.
IndividualAlertsbool$Config/IndividualAlerts$IndividualAlertsThe default behavior of this data source module is to search the UNIX/Linux log file for lines matching a rule, and present all matches as a single alert. If the ‘Individual Alert’ property is set to ‘true’, then the module will generate an individual alert for each line in the log file that matches the rule.

Source Code:

<DataSourceModuleType ID="Microsoft.Unix.SCXLog.VarPriv.DataSource" Accessibility="Public" Batching="true">

  <Configuration>

    <xsd:element name="Host" type="xsd:string"/>

    <xsd:element name="LogFile" type="xsd:string"/>

    <xsd:element name="UserName" type="xsd:string"/>

    <xsd:element name="Password" type="xsd:string"/>

    <xsd:element name="RegExpFilter" type="xsd:string" minOccurs="0"/>

    <xsd:element name="IndividualAlerts" type="xsd:boolean" minOccurs="0"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="Host" ParameterType="string" Selector="$Config/Host$"/>

    <OverrideableParameter ID="LogFile" ParameterType="string" Selector="$Config/LogFile$"/>

    <OverrideableParameter ID="RegExpFilter" ParameterType="string" Selector="$Config/RegExpFilter$"/>

    <OverrideableParameter ID="IndividualAlerts" ParameterType="bool" Selector="$Config/IndividualAlerts$"/>

  </OverrideableParameters>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <DataSource TypeID="Microsoft.Unix.SCXLog.Native.DataSource" ID="DS">

          <Protocol>https</Protocol>

          <Host>$Config/Host$</Host>

          <UserName>$Config/UserName$</UserName>

          <Password>$Config/Password$</Password>

          <LogFile>$Config/LogFile$</LogFile>

          <RegExpFilter>$Config/RegExpFilter$</RegExpFilter>

          <IndividualAlerts>$Config/IndividualAlerts$</IndividualAlerts>

          <QId>$Target/ManagementGroup/Name$</QId>

          <IntervalSeconds>300</IntervalSeconds>

          <SkipCACheck>false</SkipCACheck>

          <SkipCNCheck>false</SkipCNCheck>

        </DataSource>

        <ConditionDetection TypeID="System!System.Event.GenericDataMapper" ID="Mapper">

          <EventOriginId>$Target/Id$</EventOriginId>

          <PublisherId>$MPElement$</PublisherId>

          <PublisherName>WSManEventProvider</PublisherName>

          <Channel>WSManEventProvider</Channel>

          <LoggingComputer/>

          <EventNumber>0</EventNumber>

          <EventCategory>3</EventCategory>

          <EventLevel>0</EventLevel>

          <UserName/>

          <Description>Detected Entry:  $Data///row$</Description>

          <Params/>

        </ConditionDetection>

      </MemberModules>

      <Composition>

        <Node ID="Mapper">

          <Node ID="DS"/>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.BaseData</OutputType>

</DataSourceModuleType>