-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSurveillance DNS.xml
1 lines (1 loc) · 1.33 KB
/
Surveillance DNS.xml
1
<ViewerConfig><QueryConfig><QueryParams><Simple><Channel>Microsoft-Windows-DNS-Client/Operational,Microsoft-Windows-DNSServer/Audit</Channel><BySource>False</BySource><Source>Microsoft-Windows-DNS-Client,Microsoft-Windows-DNS-Client-DiagTrack,Microsoft-Windows-DNS-Server-Service</Source><RelativeTimeInfo>0</RelativeTimeInfo><EventId>2, 4, 409, 501, 502, 6001, 6002</EventId><Level>1,2,3,4,0</Level></Simple></QueryParams><QueryNode><Name>Surveillance DNS</Name><QueryList><Query Id="0" Path="Microsoft-Windows-DNS-Client/Operational"><Select Path="Microsoft-Windows-DNS-Client/Operational">*[System[Provider[@Name='Microsoft-Windows-DNS-Client' or @Name='Microsoft-Windows-DNS-Client-DiagTrack' or @Name='Microsoft-Windows-DNS-Server-Service'] and (Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=2 or EventID=4 or EventID=409 or EventID=501 or EventID=502 or EventID=6001 or EventID=6002)]]</Select><Select Path="Microsoft-Windows-DNSServer/Audit">*[System[Provider[@Name='Microsoft-Windows-DNS-Client' or @Name='Microsoft-Windows-DNS-Client-DiagTrack' or @Name='Microsoft-Windows-DNS-Server-Service'] and (Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=2 or EventID=4 or EventID=409 or EventID=501 or EventID=502 or EventID=6001 or EventID=6002)]]</Select></Query></QueryList></QueryNode></QueryConfig></ViewerConfig>