Management Pack | |||||||||
| |||||||||
© 1995-2001 Microsoft Corporation, all rights reserved. |
Target | Microsoft.Windows.Server.GroupPolicy.2003.Windows_2003_Servers_Installation | ||
Category | EventCollection | ||
Enabled | True | ||
Event Source | scecli | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Low | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application | ||
Comment | Mom2005ID='{62DF75D3-3E31-4691-A001-E8D8E06A5ED5}';MOM2005ComputerGroupID={5F37D1D6-F952-4B72-9CCA-6986A3B7B2E3} |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ | DataSource | Microsoft.Windows.EventProvider | Default |
CollectEventData | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
CollectEventDataWarehouse | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
GenerateAlert | WriteAction | System.Mom.BackwardCompatibility.AlertResponse | Default |
<Rule ID="Security_CSE_Processed_With_Errors_1_Rule" Comment="Mom2005ID='{62DF75D3-3E31-4691-A001-E8D8E06A5ED5}';MOM2005ComputerGroupID={5F37D1D6-F952-4B72-9CCA-6986A3B7B2E3}" Enabled="true" Target="Microsoft.Windows.Server.GroupPolicy.2003.Windows_2003_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005BooleanRegularExpression</Operator>
<Pattern>1001|1005</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>scecli</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">
<AlertGeneration>
<GenerateAlert>true</GenerateAlert>
<Owner/>
<Description>
$Data/EventDescription$
</Description>
<AlertLevel>40</AlertLevel>
<ResolutionState/>
<Source>
$Data/PublisherName$
</Source>
<Name>Security CSE Processed With Errors</Name>
</AlertGeneration>
<InvokerType>0</InvokerType>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>