Log transformation rules are defined as XML. The structure of a rule is shown in the example below, which contains all of the tags and parameters available.
<FieldInfo>
<Fields>
<Field FieldName = "TTF" DisplayName = "TTest Field" IsIndexed = "true"></Field>
<Field FieldName = "TTF2" DisplayName = "TTest Field 2" IsIndexed = "true"></Field>
</Fields>
<EventRules>
<Event EventID = "701">
<Field Name = "TTF" Index = "1"></Field>
<Field Name = "TTF2" Index = "3"></Field>
</Event>
</EventRules>
</FieldInfo>
Log events are matched by Event ID, and the Field tags specify how the original event fields are mapped to repository record fields. The Index parameter specifies the index of the target insertion string.
The following is a variation of the example above:
<FieldInfo>
<Fields>
<Field FieldName = "TTF" DisplayName = "TTest Field" IsIndexed = "true"></Field>
<Field FieldName = "TTF2" DisplayName = "TTest Field 2" IsIndexed = "true"></Field>
</Fields>
<EventRules>
<Field Name = "TTF" Index = "1"></Field>
<Field Name = "TTF2" Index = "3"></Field>
</EventRules>
</FieldInfo>
In this second snippet, the rule applies to all event IDs in a log.
enum CustomizableCredentialsType
{
CurrentCusomizableCredentials,
DefaultCustomizableCredentials,
CustomCustomizableCredentials
};
enum DomainEnumerationType
{
CurrentDomainEnumeration,
ComputerBrowserDomainEnumeration,
ComputerListDomainEnumeration
};
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center