110 lines
2.5 KiB
Plaintext
110 lines
2.5 KiB
Plaintext
//
|
|
|
|
// Copyright (c) 1997-2001 Microsoft Corporation, All Rights Reserved
|
|
//
|
|
#pragma namespace ("\\\\.\\root")
|
|
|
|
instance of __Namespace
|
|
{
|
|
Name="sampler";
|
|
};
|
|
|
|
// Get to root/sampler namespace
|
|
#pragma namespace ("\\\\.\\root\\sampler")
|
|
|
|
/////////////////////////////////////////////////////////////
|
|
// Sampler Event & Registration
|
|
|
|
class Smpl_Incident:__ExtrinsicEvent
|
|
{
|
|
object TheEvent;
|
|
string IncidentType;
|
|
string TimeOfIncident;
|
|
string ServerNamespace;
|
|
};
|
|
|
|
class Smpl_Observation
|
|
{
|
|
[key]
|
|
string ConnectNamespace;
|
|
};
|
|
|
|
class Smpl_MSARegistration
|
|
{
|
|
[key]
|
|
string TargetNamespace;
|
|
};
|
|
|
|
///////////////////////////////////////////////
|
|
// MSA Watch Registration
|
|
///////////////////////////////////////////////
|
|
|
|
instance of Smpl_Observation
|
|
{
|
|
ConnectNamespace="\\\\.\\root\\cimv2";
|
|
};
|
|
|
|
///////////////////////////////////////////////
|
|
// MSA Distribution Registration
|
|
///////////////////////////////////////////////
|
|
|
|
instance of Smpl_MSARegistration
|
|
{
|
|
TargetNamespace="\\\\.\\root\\sampler";
|
|
};
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////
|
|
// Get to root/cimv2 namespace
|
|
///////////////////////////////////////////////////////////////////////////////////
|
|
#pragma namespace ("\\\\.\\root\\cimv2")
|
|
|
|
class SamplerConsumer
|
|
{
|
|
[key]
|
|
string IncidentType;
|
|
string Query;
|
|
};
|
|
|
|
class Smpl_Incident:__ExtrinsicEvent
|
|
{
|
|
object TheEvent;
|
|
string IncidentType;
|
|
string TimeOfIncident;
|
|
string ServerNamespace;
|
|
};
|
|
|
|
///////////////////////////////////////////////
|
|
// Event Registration
|
|
///////////////////////////////////////////////
|
|
|
|
// CimWin32 consumers
|
|
|
|
instance of SamplerConsumer
|
|
{
|
|
IncidentType="process-creation";
|
|
Query="select * from __InstanceCreationEvent within 30 where TargetInstance isa \"Win32_Process\"";
|
|
};
|
|
|
|
instance of SamplerConsumer
|
|
{
|
|
IncidentType="process-deletion";
|
|
Query="select * from __InstanceDeletionEvent within 30 where TargetInstance isa \"Win32_Process\"";
|
|
};
|
|
|
|
instance of SamplerConsumer
|
|
{
|
|
IncidentType="memoryConfig";
|
|
Query="select * from __InstanceOperationEvent within 30 where TargetInstance isa \"Win32_LogicalMemoryConfiguration\"";
|
|
};
|
|
|
|
instance of SamplerConsumer
|
|
{
|
|
IncidentType="service";
|
|
Query="select * from __InstanceOperationEvent within 10 where TargetInstance isa \"Win32_Service\"";
|
|
};
|
|
|
|
instance of SamplerConsumer
|
|
{
|
|
IncidentType="networkConnection";
|
|
Query="select * from __InstanceOperationEvent within 90 where TargetInstance isa \"Win32_NetworkConnection\"";
|
|
}; |