Allow Proxy on Event Based Rules

Spread the love

I thought I ran into this before but I couldn’t find a post with any concise details.

 

As noted in the below MSDN reference you can use the AllowProxying tag to enable you alerting and collection rules to fire on events that were not written from the local machine.  These include but are not limited to events you would get if you specified the computer name in the PowerShell write-eventLog cmdlet.

 

Just place <AllowProxying>true</AllowProxying> between the LogName and the Expression XML tags when authoring and you should be ready to rock.

 

<ComputerName>$Target/Property[Type=”Windows!Microsoft.Windows.Computer”]/NetworkName$</ComputerName>

  <LogName>UserLogonScripts</LogName>

  <AllowProxying>true</AllowProxying>

  <Expression>

    <And>

      <Expression>

 

 

MSDN Reference: http://msdn.microsoft.com/en-us/library/ee809339.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.