Home
  •  

Process Monitoring: Generate Alert Write Action

Microsoft.Windows.Server.10.0.GenerateAlertWriteAction (WriteActionModuleType)

Generate alert write action.

Element properties:

TypeWriteActionModuleType
IsolationAny
AccessibilityInternal
RunAsDefault
InputTypeSystem.BaseData

Member Modules:

ID Module Type TypeId RunAs 
CD ConditionDetection System.ExpressionFilter Default
WA WriteAction System.Health.GenerateAlert Default

Source Code:

<WriteActionModuleType ID="Microsoft.Windows.Server.10.0.GenerateAlertWriteAction" Accessibility="Internal" Batching="true">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="AlertMessageId" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="Threshold" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="Metric" type="xsd:string"/>

  </Configuration>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <ConditionDetection ID="CD" TypeID="System!System.ExpressionFilter">

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">$Config/Metric$</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">true</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </ConditionDetection>

        <WriteAction ID="WA" TypeID="Health!System.Health.GenerateAlert">

          <Priority>2</Priority>

          <Severity>2</Severity>

          <AlertMessageId>$Config/AlertMessageId$</AlertMessageId>

          <AlertParameters>

            <AlertParameter1>$Data/ProcessId$</AlertParameter1>

            <AlertParameter2>$Data/ProcessName$</AlertParameter2>

            <AlertParameter3>$Config/Threshold$</AlertParameter3>

          </AlertParameters>

          <Suppression>

            <SuppressionValue>$Data/ProcessId$ $Data/ProcessName$</SuppressionValue>

          </Suppression>

          <Custom1>$Data/ProcessName$</Custom1>

          <Custom2>$Data/ProcessId$</Custom2>

        </WriteAction>

      </MemberModules>

      <Composition>

        <Node ID="WA">

          <Node ID="CD"/>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <InputType>System!System.BaseData</InputType>

</WriteActionModuleType>