Home
  •  

Eventos de información de servicios web de Active Directory

Microsoft.Windows.Server.2016.AD.ActiveDirectoryWebServices.Information.EventCollection (Rule)

Knowledge Base article:

Resumen

Recopila todos los eventos de información en el registro de Servicios web de Active Directory en el controlador de dominio.

Esta regla está deshabilitada de forma predeterminada. Si desea agregar eventos informativos, use una invalidación para habilitar esta regla.

Element properties:

TargetMicrosoft.Windows.Server.2016.AD.DomainControllerRole
CategoryEventCollection
EnabledFalse
Alert GenerateFalse
RemotableFalse
Event LogActive Directory Web Services

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default
WriteToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="Microsoft.Windows.Server.2016.AD.ActiveDirectoryWebServices.Information.EventCollection" Enabled="false" Target="AD2016Core!Microsoft.Windows.Server.2016.AD.DomainControllerRole" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Active Directory Web Services</LogName>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="Integer">EventLevel</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="Integer">3</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>