System.ApplicationLog.SysLog.EventProvider
Applies To: System Center 2012 - Operations Manager, System Center 2012 R2 Operations Manager, System Center 2012 SP1 - Operations Manager
The System.ApplicationLog.SysLog.EventProvider data source module type is used to provide syslog UDP packets as event data items. This module returns System.Event.Data data.
Usage
Use the module to map syslog UDP packets to event data within a workflow.
Type Definition
<DataSourceModuleType ID="System.ApplicationLog.SysLog.EventProvider" Accessibility="Public">
<Configuration>
<xsd:element name="Port" type="xsd:unsignedInt" minOccurs="0" maxOccurs="1" />
</Configuration>
<ModuleImplementation>
<Composite>
<MemberModules>
<DataSource TypeID="System.ApplicationLog.SysLogReader" ID="DataSource">
<Port>$Config/Port$</Port>
</DataSource>
<ConditionDetection TypeID="System!System.Event.GenericDataMapper" ID="Mapper">
<EventOriginId>$Target/Id$</EventOriginId>
<PublisherId>$MPElement$</PublisherId>
<PublisherName>SysLog</PublisherName>
<Channel>SysLog</Channel>
<LoggingComputer />
<EventNumber>0</EventNumber>
<EventCategory>3</EventCategory>
<EventLevel>0</EventLevel>
<UserName />
<Params />
</ConditionDetection>
</MemberModules>
<Composition>
<Node ID="Mapper">
<Node ID="DataSource" />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>System!System.Event.Data</OutputType>
</DataSourceModuleType>
Parameters
The System.ApplicationLog.SysLog.EventProvider module supports the configuration parameters described in the following table.
Parameter | Type | Overrideable | Description |
---|---|---|---|
Port |
Unsigned Integer |
False |
Required parameter. Defines the port on which to listen for UDP syslog packets. Usually, the port is 514. |
Remarks
For remarks, see System.ApplicationLog.SysLogReader.
Composition
The System.ApplicationLog.SysLog.EventProvider module is a composite module that contains the member modules described in the following table.
Workflow Run Order | Module Type | Usage |
---|---|---|
1 |
Reads syslog UDP packets on the specified port. |
|
2 |
Maps the syslog data to event data. |
Related Modules
None.
External Module References
None.
Sample
The following sample illustrates a rule that listens for UDP syslog packets on Port 514 and writes them as event data to the Operations Manager databases.
<Rule ID="Microsoft.Samples.ReadSysLog" Target="Windows!Microsoft.Windows.Computer" Enabled="true" ConfirmDelivery="true">
<Category>Custom</Category>
<DataSources>
<DataSource ID="SR" TypeID="AppLog!System.ApplicationLog.SysLog.EventProvider">
<Port>514</Port>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SCLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>
The output of the System.ApplicationLog.SysLog.EventProvider module would be something like the following:
<DataItem type="System.Event.Data" time="2008-03-11T03:08:55.0343534-08:00" sourceHealthServiceId="0A0800A0-A802-E90B-6045-D961D516CA78">
<EventOriginId>513C3E6D-374A-47d1-94B6-920EB54F9A27</EventOriginId>
<PublisherId>513C3E6D-374A-47d1-94B6-920EB54F9A27</PublisherId>
<PublisherName>SysLog</PublisherName>
<Channel>SysLog</Channel>
<LoggingComputer />
<EventNumber>0</EventNumber>
<EventCategory>3</EventCategory>
<EventLevel>0</EventLevel>
<UserName />
<Params />
<EventData>
<DataItem type="System.ApplicationLog.SysLogData" time="2008-03-11T03:08:55.0343534-08:00" sourceHealthServiceId="0A0800A0-A802-E90B-6045-D961D516CA78">
<Facility>0</Facility>
<Severity>0</Severity>
<Priority>1</Priority>
<PriorityName></PriorityName>
<TimeStamp>Time</Timestamp>
<HostName>Name of Host</HostName>
<Message>Some message.</Message>
</DataItem>
</EventData>
</DataItem>
Information
Module Type |
|
Input Type |
None |
Output Type |
|
Implementation |
Composite |
Library |
System.ApplicationLog.Library |