From a9889855b93b8ce7621a95b688169d9995a25e93 Mon Sep 17 00:00:00 2001
From: Chris Mortimer <cm214@cam.ac.uk>
Date: Tue, 31 Mar 2020 09:32:08 +0100
Subject: [PATCH] changed subscription list

---
 packages/win_event_col.xml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/packages/win_event_col.xml b/packages/win_event_col.xml
index 964e3d2e..73010f27 100755
--- a/packages/win_event_col.xml
+++ b/packages/win_event_col.xml
@@ -1,15 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<packages>
+<packages:packages xmlns:packages="http://www.wpkg.org/packages">
 
 <!-- install the Event Viewer Subscriptions settings for the Event Log Collecter Server.  Along with the GPO for the Collector Server the firewall needs tweaking, see below.  This is all that is needed to make a Event Log Server.  Another GPO is used for all of the clients, this tells them the name of the Server to send events to. -->
 
 <package id="win_event_col" name="Windows Event Collector Service" revision="%VERSION%" priority="50" reboot="false">
 
 	<variable name="VERSION"  value="1" />
-	<variable name="CONFIG1"  value="maths.cam.ac.uk domain collection" />
+	<variable name="CONFIG1"  value="GPO" />
 	<variable name="CONFIG2"  value="power on-off-sleep" />
 	<variable name="CONFIG3"  value="RDS Servers" />
-	<variable name="CONFIG4"  value="Windows Defender" />
+	<variable name="CONFIG4"  value="Logon logoff" />
+	<variable name="CONFIG5"  value="Smartd" />
+	<variable name="CONFIG6"  value="Windows Updates" />
 
 	<check type='registry' condition='equals' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector\version' value="%version%"/>
 
@@ -17,6 +19,8 @@
 	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG2%.xml"' />
 	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG3%.xml"' />
 	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG4%.xml"' />
+	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG5%.xml"' />
+	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG6%.xml"' />
 	<install cmd='reg add HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /t reg_sz /v version /d %version% /f'/>
 	<install cmd='cmd /c netsh http add urlacl url=http://+:5985/wsman/ sddl="D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)"' />
 
@@ -27,6 +31,8 @@
 	<remove cmd='cmd /c wecutil ds "%CONFIG2%"' />
 	<remove cmd='cmd /c wecutil ds "%CONFIG3%"' />
 	<remove cmd='cmd /c wecutil ds "%CONFIG4%"' />
+	<remove cmd='cmd /c wecutil ds "%CONFIG5%"' />
+	<remove cmd='cmd /c wecutil ds "%CONFIG6%"' />
 	<remove cmd='reg delete HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /f'>
 		<condition>
 			<check type='registry' condition='exists' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector' />
@@ -35,7 +41,7 @@
 	<remove cmd='cmd /c netsh http delete urlacl url=http://+:5985/wsman/' />
 
 </package>
-</packages>
+</packages:packages>
 
 <!--
 Run the following in an admin cmd window on the server - open up the firewall:
-- 
GitLab