Best Practice: Event Collection rules should be categorized correctly

 

What does this best practice check for?

Event Collection rules are rules written into the MP that collect event data from event logs. The best practice is that event collection rules should be categorized as such in the MP.

Why is it important to follow this best practice? What is the impact of not following this best practice?

Event collection rules that are not explicitly categorized as EventCollectionwill still function correctly; they will collect the event data they are intended to collect. However, without the categorization, they will not display in the UI in the correct views, and will not be available to the end-user as a result.

How do I fix this in my MP?

Using the Authoring Console:

1.        To change this for an existing rule, open the Properties dialog for that rule. Under the Options tab, ensure that Category is set to Event Collection.

In XML:

      < Rule ID = " Microsoft.Windows.Server.2008.OperatingSystem.DirtyShutdown.Collection" Enabled =" onEssentialMonitoring" Target =" Server2008!Microsoft.Windows.Server.2008.OperatingSystem" ConfirmDelivery =" true" >

        < Category > EventCollection </ Category >

     

     </ Rule >