Home
  •  

ScanRealtimeDisabledE

ScanRealtimeDisabledE_2_Rule (Rule)

Knowledge Base article:

Management Pack
Summary
Realtime Scan Job has gone into a disabled state. It is no longer submitting scan tasks for scanning.
 
Causes
Manually disabing the Realtime Scan Job in the Antigen Console or shutting down AntigenStore and Information Store services.
 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.Antigen.v9.Antigen_For_Exchange_Installation
CategoryEventCollection
EnabledTrue
Event_ID2001
Event SourceAntigenRealtime
Alert GenerateTrue
Alert SeverityInformation
Alert PriorityLow
RemotableTrue
Alert Message
ScanRealtimeDisabledE

$Data/EventDescription$
Event LogApplication
CommentMom2005ID='{902F83E2-8E72-4190-806C-88A432A11480}';MOM2005ComputerGroupID={A892AF5F-2434-4D1E-A72B-9E3CBE68B64C}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="ScanRealtimeDisabledE_2_Rule" Target="Microsoft.Antigen.v9.Antigen_For_Exchange_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{902F83E2-8E72-4190-806C-88A432A11480}';MOM2005ComputerGroupID={A892AF5F-2434-4D1E-A72B-9E3CBE68B64C}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>2001</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>AntigenRealtime</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">

      <AlertGeneration>

        <GenerateAlert>true</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>20</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>ScanRealtimeDisabledE</Name>

        <CustomFields>

          <CustomField>Microsoft Antigen</CustomField>

          <CustomField>Antigen For Exchange</CustomField>

          <CustomField/>

          <CustomField/>

          <CustomField/>

        </CustomFields>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>