Recopila todos los eventos de información en el registro de Servicios web de Active Directory en el controlador de dominio.
Esta regla está deshabilitada de forma predeterminada. Si desea agregar eventos informativos, use una invalidación para habilitar esta regla.
Target | Microsoft.Windows.Server.2016.AD.DomainControllerRole |
Category | EventCollection |
Enabled | False |
Alert Generate | False |
Remotable | False |
Event Log | Active Directory Web Services |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="Microsoft.Windows.Server.2016.AD.ActiveDirectoryWebServices.Information.EventCollection" Enabled="false" Target="AD2016Core!Microsoft.Windows.Server.2016.AD.DomainControllerRole" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Active Directory Web Services</LogName>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventLevel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="Integer">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>