You can use the file distribution mechanism in InTrust rules to copy files to agent computers. Take the following steps:
You can adapt this procedure to your specific needs: for example, add actions besides file copying or parameterize the file destination path, and so on.
Automatically enable tracing on specific computers.
Distribute the adctracer.ini file (see InTrust Server Tracing), which has been edited to enable tracing.
This procedure is based on the generic steps described above, so refer to them for more information.
Data sources are InTrust's representations of the event logs it works with. One of the InTrust data source types is the Script Event Provider.
This data source is actually a scripting component that InTrust executes periodically for auditing and real-time monitoring purposes. Scripts are meant to return one or more event records with filled-in fields. However, the initial information that the scripts get does not exist in event format.
The format your script works with is up to you. For example, the script can analyze text files.
See the following topics for details:
If you want to create your custom data source from scratch, InTrust provides two starting points for convenience, depending on what you want the data source to do:
Analyze text logs or other text files
Perform arbitrary tasks that go beyond text file analysis
File-processing scripts are state-based. Such a script checks whether a file is present, or periodically parses a file and reconstructs events from the file changes it detects.
One of the data source types is the general-purpose custom text log data source. It is implemented as a script that processes specified files for auditing purposes.
You cannot specify the desired script directly. You must first create an outline for the data source in either Basic or Advanced mode. For more information about text log data source creation modes, see Auditing Custom Logs.
Data sources completed in Raw mode give you the advantage of easy flow control. Unlike Advanced mode, you do not have to rely on consecutive regular expressions and their order. You can introduce conditional jumps and eliminate regular expressions altogether. This makes Raw mode more suitable for many situations, including markup parsing.
Automatic data source creation gives you a starting point and spares you the effort of outlining the script structure manually. After you have created the initial data source, do the following:
Open the properties of the data source.
On the Settings tab, click Convert to and select Raw.
Edit the resulting script using the code editor.
InTrust requires the functionality of the Windows Script Host (WSH) object model on all computers that it monitors. If Windows Script Host is installed on a monitored computer, its objects can be used by InTrust.
If WSH is not installed (for example, on a Linux computer), then the scripting component can provide basic WSH functionality (available through ECMAScript) and ensure that InTrust scripts have access to the necessary objects.
The object model is defined by the scripting language you select in the properties of the data source.
To create a scripted data source
Expand the Configuration node in the InTrust Manager snap-in.
Right-click Data Sources and select New Data Source to start the New Data Source wizard.
Select the Script Event Provider type and complete the wizard.
The wizard prompts you for the following information:
You can write your script in JScript, VBScript or ECMAScript. The choice of language is up to you and should depend on the platform and available objects. You can use JScript or VBScript if the script is going to work on Windows computers. However, if the data source represents a log on a platform such as Linux, you should use ECMAScript, which is a cross-platform language.
The script itself
Supply a script that meets the requirements described earlier.
How often the script executes
Frequent launches are suitable for real-time monitoring uses. For data collection, the script does not have to run very frequently.
Parameters are values that can be set externally without modifying the script. They are set in the user interface, and the values are stored in script variables. Script parameters are meant for easy access to the script's configurable portions.