File Format
The ec-event-rules.xml and ec-probe.rules.xml share essentially the same format.
They are structured as follows:
- Channels determine where events are sent to, such as to the local log fie or the central Event Collector. They include rules that define what messages are included in that channel, and what message process is used. For example:
<channel name="default_localfile" target="LOCALFILE"> <rules> <rule name="BDSMessages_localfile" ruleOrder="800"> <filter> <component>BDS</component> </filter> <action> <!-- To enable local logging of the BDS Case Data Payload - change the following process to LocalLoggingProcess --> <messageProcess>LocalLoggingProcessNoManagedObjectDetails</messageProcess> </action> </rule> <rule name="BaseRule_locafile" ruleOrder="1000"> <filter> </filter> <action> <messageProcess>LocalLoggingProcess</messageProcess> </action> </rule> </rules> </channel>
- When the channel is processed the rules for that channel are executed in numerical order, based on the ruleOrder attribute of the rule. (The order in which they appear in the file makes no difference.) Only the first rule found to match an event will be processed.
- The
<messageProcessDefinitions section lists a number of
message process definitions. A message process defines how an event should be manipulated from the source before being sent to a given channel. This manipulation consists of defining the attributes which are included in or excluded from a propagated message. In the following example, the first process makes no change to the defaults while the second specifies that all primary attributes should be
included in the information sent to the channel:
<messageProcessDefinitions> <messageProcessDefinition name="LocalLogngProcess"> </messageProcessDefinition> <messageProcessDefinition name="CentralECAuditProcess"> <includedAttributesList> <allPrimaries>true</allPrimaries> </includedAttributesList> </messageProcessDefinition> </messageProcessDefinitions>
Copyright © Cloud Software Group, Inc. All rights reserved.