Collects all information events in the DNS Server log on the DC.
This rule is disabled by default, if you want to add informational events use an override to enable this rule.
Target | Microsoft.Windows.Server.2016.AD.DomainController.DNS |
Category | EventCollection |
Enabled | False |
Alert Generate | False |
Remotable | False |
Event Log | DNS Server |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
<Rule ID="Microsoft.Windows.Server.2016.AD.DNSServer.Information.EventCollection" Enabled="false" Target="AD2016Core!Microsoft.Windows.Server.2016.AD.DomainController.DNS" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="AD!Microsoft.Windows.Server.AD.Library.DomainControllerRole"]/Name$</ComputerName>
<LogName>DNS Server</LogName>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventLevel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="Integer">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>