From 4fc1afbb63c8d23bc190261ac913a6c68662eb0f Mon Sep 17 00:00:00 2001 From: Chris Mortimer <cm214@cam.ac.uk> Date: Fri, 27 Mar 2020 15:16:08 +0000 Subject: [PATCH] added collector subscriptions --- packages/win_event_col.xml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/packages/win_event_col.xml b/packages/win_event_col.xml index 7488ba2a..964e3d2e 100755 --- a/packages/win_event_col.xml +++ b/packages/win_event_col.xml @@ -1,23 +1,32 @@ <?xml version="1.0" encoding="UTF-8"?> <packages> -<!-- install the Event Viewer Subscriptions settings for the Event Log Collecter Server. Along with the GPO for the Collector Server the firewall needs tweeking, see below. This is all that is needed to make a Event Log Server. Another GPO is used for all of the clients, this tells them the name of the Server to send events to. --> +<!-- install the Event Viewer Subscriptions settings for the Event Log Collecter Server. Along with the GPO for the Collector Server the firewall needs tweaking, see below. This is all that is needed to make a Event Log Server. Another GPO is used for all of the clients, this tells them the name of the Server to send events to. --> <package id="win_event_col" name="Windows Event Collector Service" revision="%VERSION%" priority="50" reboot="false"> <variable name="VERSION" value="1" /> - <variable name="CONFIG" value="server_config.xml" /> + <variable name="CONFIG1" value="maths.cam.ac.uk domain collection" /> + <variable name="CONFIG2" value="power on-off-sleep" /> + <variable name="CONFIG3" value="RDS Servers" /> + <variable name="CONFIG4" value="Windows Defender" /> <check type='registry' condition='equals' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector\version' value="%version%"/> - <install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG%"' /> + <install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG1%.xml"' /> + <install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG2%.xml"' /> + <install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG3%.xml"' /> + <install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG4%.xml"' /> <install cmd='reg add HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /t reg_sz /v version /d %version% /f'/> <install cmd='cmd /c netsh http add urlacl url=http://+:5985/wsman/ sddl="D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)"' /> <upgrade include='remove' /> <upgrade include='install' /> - <remove cmd='cmd /c wecutil ds "maths.cam.ac.uk domain collection"' /> + <remove cmd='cmd /c wecutil ds "%CONFIG1%"' /> + <remove cmd='cmd /c wecutil ds "%CONFIG2%"' /> + <remove cmd='cmd /c wecutil ds "%CONFIG3%"' /> + <remove cmd='cmd /c wecutil ds "%CONFIG4%"' /> <remove cmd='reg delete HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /f'> <condition> <check type='registry' condition='exists' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector' /> -- GitLab