AzStackHciStandaloneObservability/package/bin/ObsAgent/lib/Scripts/ArcADiagnosticLogRoleConfiguration.json
|
{
"Oplets": { "FileLog": [ "E:\\Diagnostics\\UniversalRuntime\\OpletTrace\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "MASLogs": { "FileLog": [ "E:\\Logs\\MASLogs\\*.log", "E:\\Logs\\MASLogs\\ACS\\*\\*.bin", "E:\\Logs\\MASLogs\\AgentTrace\\*.etl*", "E:\\Logs\\MASLogs\\ContainerLogs", "E:\\Logs\\MASLogs\\ServiceFabricDeploymentTraces*\\DeploymentTraces\\*.trace", "E:\\Logs\\MASLogs\\StorageResourceProvider\\*.bin", "E:\\Logs\\MASLogs\\TestArcA\\*.html", "E:\\Logs\\MASLogs\\TestArcA\\*.json", "E:\\Logs\\MASLogs\\TestArcA\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "ServiceFabric": { "FileLog": [ "E:\\Diagnostics\\FabricRingArcA\\ClusterTrace\\fabriclogs-*\\FabricRingNode*\\*\\*.dtr*", "E:\\Logs\\sflogs\\AppInstanceData\\Etl\\*.etl*", "E:\\Logs\\sflogs\\Archived*\\*.etl*", "E:\\Logs\\sflogs\\Containers", "E:\\Logs\\sflogs\\OperationalTraces\\*.etl*", "E:\\Logs\\sflogs\\QueryTraces\\*.etl*", "E:\\Logs\\sflogs\\Traces\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "SetupEntrypoint": { "FileLog": [ "E:\\Logs\\mount.logs\\SetupEntryPointLog\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "ArcADiagnostics": { "FileLog": [ "E:\\Diagnostics\\CLM\\*.etl*", "E:\\Diagnostics\\CommonInfrastructure\\*\\*.etl*", "E:\\Diagnostics\\ContainerLogs\\Docker\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\*\\*.etl*", "E:\\Diagnostics\\MSI\\*.etl*", "E:\\Diagnostics\\PowerShell\\*.etl*", "E:\\Diagnostics\\PublicSettingsSvc\\*.etl*", "E:\\Diagnostics\\SecretService\\*.etl*", "E:\\Logs\\agentlogs\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "Observability": { "FileLog": [ "E:\\Diagnostics\\ObservabilityAgent\\*.etl*", "$env:SystemDrive\\ProgramData\\AzureConnectedMachineAgent\\Log", "$env:SystemDrive\\ProgramData\\GuestConfig\\ext_mgr_logs", "$env:SystemDrive\\ProgramData\\GuestConfig\\arc_policy_logs", "$env:SystemDrive\\GMACache\\MonAgentHostCache\\Configuration\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "GMATelemetry": { "FileLog": [ "$env:SystemDrive\\GMACache\\TelemetryCache\\Configuration\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "GMADiagnostics": { "FileLog": [ "$env:SystemDrive\\GMACache\\DiagnosticsCache\\Configuration\\*.log" ], "CSVLog": [], "WindowsEventLog": [] }, "WindowsEventLogs": { "FileLog": [], "CSVLog": [], "WindowsEventLog": [ "Application", "DNS Server", "HardwareEvents", "Internet Explorer", "Key Management Service", "Microsoft-AzureStack-Portal-Auth/Admin", "Microsoft-AzureStack-Portal-Client/Admin", "Microsoft-AzureStack-Portal-Common/Admin", "Microsoft-AzureStack-Portal-Common/Operational", "Microsoft-AzureStack-Portal-Ext/Admin", "Microsoft-AzureStack-Portal-OutgoingRequest/Operational", "Microsoft-AzureStack-Portal-PageRequest/Admin", "Microsoft-AzureStack-Portal-Request/Admin", "Microsoft-AzureStack-Portal-Request/Operational", "Microsoft-AzureStack-Portal-Session/Admin", "Microsoft-Client-Licensing-Platform/Admin", "Microsoft-ServiceFabric/Admin", "Microsoft-ServiceFabric/Audit", "Microsoft-ServiceFabric/Operational", "Microsoft-ServiceFabric-DataImpl/Admin", "Microsoft-ServiceFabric-DataImpl/Operational", "Microsoft-ServiceFabric-Lease/Admin", "Microsoft-ServiceFabric-Lease/Audit", "Microsoft-ServiceFabric-Lease/Operational", "Microsoft-Windows-AppModel-Runtime/Admin", "Microsoft-Windows-AppReadiness/Admin", "Microsoft-Windows-AppReadiness/Operational", "Microsoft-WindowsAzure-Frontdoor/Operational", "Microsoft-Windows-Bits-Client/Operational", "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational", "Microsoft-Windows-CodeIntegrity/Operational", "Microsoft-Windows-Containers-BindFlt/Operational", "Microsoft-Windows-Containers-Wcifs/Operational", "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc", "Microsoft-Windows-Crypto-DPAPI/Operational", "Microsoft-Windows-Crypto-NCrypt/CertInUse", "Microsoft-Windows-Crypto-NCrypt/Operational", "Microsoft-Windows-DataIntegrityScan/Admin", "Microsoft-Windows-DataIntegrityScan/CrashRecovery", "Microsoft-Windows-Dhcp-Client/Admin", "Microsoft-Windows-Dhcpv6-Client/Admin", "Microsoft-Windows-Diagnosis-PCW/Operational", "Microsoft-Windows-Diagnosis-PLA/Operational", "Microsoft-Windows-DNSServer/Audit", "Microsoft-Windows-DSC/Admin", "Microsoft-Windows-DSC/Operational", "Microsoft-Windows-GroupPolicy/Operational", "Microsoft-Windows-Host-Network-Service-Admin", "Microsoft-Windows-Host-Network-Service-Operational", "Microsoft-Windows-Hyper-V-Compute-Admin", "Microsoft-Windows-Hyper-V-Compute-Operational", "Microsoft-Windows-Hyper-V-Config-Admin", "Microsoft-Windows-Hyper-V-Config-Operational", "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin", "Microsoft-Windows-Hyper-V-Hypervisor-Admin", "Microsoft-Windows-Hyper-V-Hypervisor-Operational", "Microsoft-Windows-Hyper-V-StorageVSP-Admin", "Microsoft-Windows-Hyper-V-VID-Admin", "Microsoft-Windows-Hyper-V-VMMS-Admin", "Microsoft-Windows-Hyper-V-VMMS-Networking", "Microsoft-Windows-Hyper-V-VMMS-Operational", "Microsoft-Windows-Hyper-V-VMMS-Storage", "Microsoft-Windows-Hyper-V-VmSwitch-Operational", "Microsoft-Windows-Hyper-V-Worker-Admin", "Microsoft-Windows-Hyper-V-Worker-Operational", "Microsoft-Windows-Kernel-Boot/Operational", "Microsoft-Windows-Kernel-Cache/Operational", "Microsoft-Windows-Kernel-EventTracing/Admin", "Microsoft-Windows-Kernel-IO/Operational", "Microsoft-Windows-Kernel-PnP/Configuration", "Microsoft-Windows-Kernel-PnP/Device Management", "Microsoft-Windows-Kernel-PnP/Driver Watchdog", "Microsoft-Windows-Kernel-Power/Thermal-Operational", "Microsoft-Windows-Kernel-ShimEngine/Operational", "Microsoft-Windows-Kernel-WHEA/Errors", "Microsoft-Windows-Kernel-WHEA/Operational", "Microsoft-Windows-Known Folders API Service", "Microsoft-Windows-KTL/Admin", "Microsoft-Windows-KTL/Debug", "Microsoft-Windows-KTL/Error", "Microsoft-Windows-KTL/Operational", "Microsoft-Windows-KTL/PerfData", "Microsoft-Windows-LanguagePackSetup/Operational", "Microsoft-Windows-MUI/Admin", "Microsoft-Windows-MUI/Operational", "Microsoft-Windows-NetworkProfile/Operational", "Microsoft-Windows-Ntfs/Operational", "Microsoft-Windows-Ntfs/WHC", "Microsoft-Windows-Partition/Diagnostic", "Microsoft-Windows-PowerShell/Admin", "Microsoft-Windows-PowerShell/Operational", "Microsoft-Windows-ReFS/Operational", "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin", "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Microsoft-Windows-Resource-Exhaustion-Detector/Operational", "Microsoft-Windows-RestartManager/Operational", "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter", "Microsoft-Windows-ServerManager-DeploymentProvider/Operational", "Microsoft-Windows-SmbClient/Audit", "Microsoft-Windows-SmbClient/Connectivity", "Microsoft-Windows-SMBClient/Operational", "Microsoft-Windows-SmbClient/Security", "Microsoft-Windows-SMBServer/Audit", "Microsoft-Windows-SMBServer/Connectivity", "Microsoft-Windows-SMBServer/Operational", "Microsoft-Windows-SMBServer/Security", "Microsoft-Windows-StateRepository/Operational", "Microsoft-Windows-StateRepository/Restricted", "Microsoft-Windows-Storage-ClassPnP/Operational", "Microsoft-Windows-StorageManagement/Operational", "Microsoft-Windows-StorageManagement-PartUtil/Operational", "Microsoft-Windows-StorageSpaces-Driver/Diagnostic", "Microsoft-Windows-StorageSpaces-Driver/Operational", "Microsoft-Windows-Storage-Storport/Health", "Microsoft-Windows-Storage-Storport/Operational", "Microsoft-Windows-SystemDataArchiver/Diagnostic", "Microsoft-Windows-TaskScheduler/Maintenance", "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin", "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational", "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin", "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational", "Microsoft-Windows-Time-Service/Operational", "Microsoft-Windows-TZSync/Operational", "Microsoft-Windows-User Profile Service/Operational", "Microsoft-Windows-UserPnp/ActionCenter", "Microsoft-Windows-UserPnp/DeviceInstall", "Microsoft-Windows-VDRVROOT/Operational", "Microsoft-Windows-VHDMP-Operational", "Microsoft-Windows-VolumeSnapshot-Driver/Operational", "Microsoft-Windows-Windows Defender/Operational", "Microsoft-Windows-Windows Defender/WHC", "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity", "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall", "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics", "Microsoft-Windows-WindowsUpdateClient/Operational", "Microsoft-Windows-WinINet-Config/ProxyConfigChanged", "Microsoft-Windows-Winlogon/Operational", "Microsoft-Windows-WinRM/Operational", "Microsoft-Windows-WMI-Activity/Operational", "Security", "Setup", "System", "Windows PowerShell" ] } } |