Home
  •  

ScanTransportAbortE

ScanTransportAbortE_3_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

This event occurs when the Transport Scan Job is aborted.

 
Causes

Scanning Timeout.

 
Resolutions

Recovery from a Transport Scan Abort is normally automatic, but we recommend you check that the system is functioning correctly.

 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.ForeFront.Exchange.Forefront_Security_for_Exchange_Server___Hub_Transport__Mailbox__Public_Folder_Installation
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityLow
RemotableTrue
Alert Message
ScanTransportAbortE

$Data/EventDescription$
CommentMom2005ID='{DECF5646-0C4E-49F1-91F6-F19C07211C49}';MOM2005ComputerGroupID={E5B12036-BF17-41E6-9649-E18D61E71190}

Member Modules:

ID Module Type TypeId RunAs 
_04B70447_389D_4DBE_B99E_A5ACC8636261_ DataSource System.Mom.BackwardCompatibility.GenericLogProvider2 Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="ScanTransportAbortE_3_Rule" Target="Microsoft.ForeFront.Exchange.Forefront_Security_for_Exchange_Server___Hub_Transport__Mailbox__Public_Folder_Installation" Enabled="true" ConfirmDelivery="false" Comment="Mom2005ID='{DECF5646-0C4E-49F1-91F6-F19C07211C49}';MOM2005ComputerGroupID={E5B12036-BF17-41E6-9649-E18D61E71190}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_04B70447_389D_4DBE_B99E_A5ACC8636261_" Comment="{04B70447-389D-4DBE-B99E-A5ACC8636261}" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.GenericLogProvider2">

      <PublisherName>Forefront ProgramLog</PublisherName>

      <DirectoryRecords>

        <DirectoryRecord>

          <Directory>%PROGRAMFILES%\Microsoft Forefront Security\Exchange Server\Data</Directory>

          <Patterns>

            <Pattern>ProgramLog.txt</Pattern>

          </Patterns>

        </DirectoryRecord>

      </DirectoryRecords>

      <Expression>

        <RegExExpression>

          <ValueExpression>

            <XPathQuery Type="String">EventDescription</XPathQuery>

          </ValueExpression>

          <Operator>ContainsSubstring</Operator>

          <Pattern>Transport scan aborted</Pattern>

        </RegExExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">

      <AlertGeneration>

        <GenerateAlert>true</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>30</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>ScanTransportAbortE</Name>

        <CustomFields>

          <CustomField>Microsoft Forefront Server Security</CustomField>

          <CustomField>Forefront Security For Exchange Server</CustomField>

          <CustomField>ScanJobFailure</CustomField>

          <CustomField/>

          <CustomField/>

        </CustomFields>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>