Snippet Guides

New Windows Event Range Collection Rule

Before you begin: Before creating a new rule you need to decide on a rule ID and a display name.

For more information, consult the Management Pack Content document, section Workflow/Element naming.

Rule naming

If the project is not open in Visual Studio, open it.

Note: If there's no prior reference to the following management pack it must be added:
Right-click the References folder in the project and select Add reference. Browse to the management pack and select it. Verify that the aliases are the correct by checking properties on each reference:


Add new item
Find the folder for the class that you want to create a rule for. Right-click the folder and choose Add\New Item.... In the list, select Empty Management Pack Fragment.

Enter fragment name
Enter a name for the fragment. This should be the same as as the description part of the rule name plus the word CollectionRule. So if the rule description is SyncFailureEvent the new fragment should be named SyncFailureEventCollectionRule. Click Add. The fragment is created and opened.

Pick snippet
Right-click between the <ManagementPackFragment> tags and select Insert snippet. Choose MPAuthoring\Rules\Collection Rules\ and select the Windows Eventlog, Range of Event IDs snippet.
The code is inserted.

Enter MPID
Enter the MPID and press tab.
Enter the the description part of the rule name. Press tab.

Enter target
Enter the target class. To use intellisense, press Backspace and then Ctrl+Space. Press tab.

Enter path
Enter the path to the network name property. This depends on if and how the class is hosted. Press tab.

Enter  log name
Enter the name of the event log which contains the event.
Press tab.

Enter source name
Enter the name of the events source. This is shown as "source" in the event viewer but can also be called "publisher name" or "provider name".
Press tab.

Enter event id
Enter the lower and upper event id for the range you want to collect.
Press tab.

Enter the rule display name
Enter the rule display name.
Press tab.

Press enter to stop editing.

Version: 1.0
Created: 2016-08-09, 13:41