Obs/bin/ObsAgent/lib/Scripts/ArcADiagnosticLogRoleConfiguration.json
|
{
"version": "1.1", "data": { "Oplets": { "FileLog": [ "E:\\Diagnostics\\UniversalRuntime\\OpletTrace\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "Agents": { "FileLog": [ "E:\\Diagnostics\\FabricRingArcA\\AgentTrace\\*.etl*", "E:\\Logs\\MASLogs\\AgentTrace\\*.etl*", "E:\\Logs\\agentlogs\\*.log" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "Storage": { "FileLog": [ "E:\\Logs\\MASLogs\\ACS\\*\\*.bin", "E:\\Logs\\MASLogs\\StorageResourceProvider\\*.bin" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "MASLogs": { "FileLog": [ "E:\\Logs\\MASLogs\\*.log", "E:\\Logs\\MASLogs\\*.txt", "E:\\Logs\\MASLogs\\TestArcA\\*.html", "E:\\Logs\\MASLogs\\TestArcA\\*.json", "E:\\Logs\\MASLogs\\TestArcA\\*.log" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "ServiceFabric": { "FileLog": [ "E:\\Logs\\MASLogs\\ServiceFabricDeploymentTraces*\\DeploymentTraces\\*.trace" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "ArcADiagnostics": { "FileLog": [ "E:\\Diagnostics\\CLM\\*.etl*", "E:\\Diagnostics\\CommonInfrastructure\\*\\*.etl*", "E:\\Diagnostics\\ContainerLogs\\Docker\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\AzureMonitor\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\DependencyChecker\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\GCS\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\IdentitySystem\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\Messaging\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\Policy\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\RbacApplication\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\ServiceTrace\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\SimpleRPHost\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\StorageService\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\Usage\\*.etl*", "E:\\Diagnostics\\FabricRingArcA\\WAS\\*.etl*", "E:\\Diagnostics\\MSI\\*.etl*", "E:\\Diagnostics\\PowerShell\\*.etl*", "E:\\Diagnostics\\PublicSettingsSvc\\*.etl*", "E:\\Diagnostics\\SecretService\\*.etl*", "E:\\Logs\\MASLogs\\ContainerLogs" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "CosmosDB": { "FileLog": [ "E:\\Diagnostics\\FabricRingArcA\\CosmosDb\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "Observability": { "FileLog": [ "E:\\Diagnostics\\ObservabilityAgent\\*.etl*", "E:\\azureconnectedmachineagent\\log", "E:\\Logs\\azureconnectedmachineagent\\ext_mgr_logs", "E:\\Logs\\azureconnectedmachineagent\\arc_policy_logs", "E:\\GMACache\\MonAgentHostCache\\Configuration\\*.log", "E:\\GMACache\\TelemetryCache\\Configuration\\*.log", "E:\\GMACache\\DiagnosticsCache\\Configuration\\*.log" ], "CSVLog": [], "WindowsEventLog": [], "DefaultRole": "false" }, "WindowsEventLogs": { "FileLog": [], "CSVLog": [], "WindowsEventLog": [ "Application", "DNS Server", "HardwareEvents", "Internet Explorer", "Key Management Service", "Microsoft-AzureStack-Portal-Auth/Admin", "Microsoft-AzureStack-Portal-Client/Admin", "Microsoft-AzureStack-Portal-Common/Admin", "Microsoft-AzureStack-Portal-Common/Operational", "Microsoft-AzureStack-Portal-Ext/Admin", "Microsoft-AzureStack-Portal-OutgoingRequest/Operational", "Microsoft-AzureStack-Portal-PageRequest/Admin", "Microsoft-AzureStack-Portal-Request/Admin", "Microsoft-AzureStack-Portal-Request/Operational", "Microsoft-AzureStack-Portal-Session/Admin", "Microsoft-Client-Licensing-Platform/Admin", "Microsoft-ServiceFabric/Admin", "Microsoft-ServiceFabric/Audit", "Microsoft-ServiceFabric/Operational", "Microsoft-ServiceFabric-DataImpl/Admin", "Microsoft-ServiceFabric-DataImpl/Operational", "Microsoft-ServiceFabric-Lease/Admin", "Microsoft-ServiceFabric-Lease/Audit", "Microsoft-ServiceFabric-Lease/Operational", "Microsoft-Windows-AppModel-Runtime/Admin", "Microsoft-Windows-AppReadiness/Admin", "Microsoft-Windows-AppReadiness/Operational", "Microsoft-WindowsAzure-Frontdoor/Operational", "Microsoft-Windows-Bits-Client/Operational", "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational", "Microsoft-Windows-CodeIntegrity/Operational", "Microsoft-Windows-Containers-BindFlt/Operational", "Microsoft-Windows-Containers-Wcifs/Operational", "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc", "Microsoft-Windows-Crypto-DPAPI/Operational", "Microsoft-Windows-Crypto-NCrypt/CertInUse", "Microsoft-Windows-Crypto-NCrypt/Operational", "Microsoft-Windows-DataIntegrityScan/Admin", "Microsoft-Windows-DataIntegrityScan/CrashRecovery", "Microsoft-Windows-Dhcp-Client/Admin", "Microsoft-Windows-Dhcpv6-Client/Admin", "Microsoft-Windows-Diagnosis-PCW/Operational", "Microsoft-Windows-Diagnosis-PLA/Operational", "Microsoft-Windows-DNSServer/Audit", "Microsoft-Windows-DSC/Admin", "Microsoft-Windows-DSC/Operational", "Microsoft-Windows-GroupPolicy/Operational", "Microsoft-Windows-Host-Network-Service-Admin", "Microsoft-Windows-Host-Network-Service-Operational", "Microsoft-Windows-Hyper-V-Compute-Admin", "Microsoft-Windows-Hyper-V-Compute-Operational", "Microsoft-Windows-Hyper-V-Config-Admin", "Microsoft-Windows-Hyper-V-Config-Operational", "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin", "Microsoft-Windows-Hyper-V-Hypervisor-Admin", "Microsoft-Windows-Hyper-V-Hypervisor-Operational", "Microsoft-Windows-Hyper-V-StorageVSP-Admin", "Microsoft-Windows-Hyper-V-VID-Admin", "Microsoft-Windows-Hyper-V-VMMS-Admin", "Microsoft-Windows-Hyper-V-VMMS-Networking", "Microsoft-Windows-Hyper-V-VMMS-Operational", "Microsoft-Windows-Hyper-V-VMMS-Storage", "Microsoft-Windows-Hyper-V-VmSwitch-Operational", "Microsoft-Windows-Hyper-V-Worker-Admin", "Microsoft-Windows-Hyper-V-Worker-Operational", "Microsoft-Windows-Kernel-Boot/Operational", "Microsoft-Windows-Kernel-Cache/Operational", "Microsoft-Windows-Kernel-EventTracing/Admin", "Microsoft-Windows-Kernel-IO/Operational", "Microsoft-Windows-Kernel-PnP/Configuration", "Microsoft-Windows-Kernel-PnP/Device Management", "Microsoft-Windows-Kernel-PnP/Driver Watchdog", "Microsoft-Windows-Kernel-Power/Thermal-Operational", "Microsoft-Windows-Kernel-ShimEngine/Operational", "Microsoft-Windows-Kernel-WHEA/Errors", "Microsoft-Windows-Kernel-WHEA/Operational", "Microsoft-Windows-Known Folders API Service", "Microsoft-Windows-KTL/Admin", "Microsoft-Windows-KTL/Debug", "Microsoft-Windows-KTL/Error", "Microsoft-Windows-KTL/Operational", "Microsoft-Windows-KTL/PerfData", "Microsoft-Windows-LanguagePackSetup/Operational", "Microsoft-Windows-MUI/Admin", "Microsoft-Windows-MUI/Operational", "Microsoft-Windows-NetworkProfile/Operational", "Microsoft-Windows-Ntfs/Operational", "Microsoft-Windows-Ntfs/WHC", "Microsoft-Windows-Partition/Diagnostic", "Microsoft-Windows-PowerShell/Admin", "Microsoft-Windows-PowerShell/Operational", "Microsoft-Windows-ReFS/Operational", "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin", "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Microsoft-Windows-Resource-Exhaustion-Detector/Operational", "Microsoft-Windows-RestartManager/Operational", "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter", "Microsoft-Windows-ServerManager-DeploymentProvider/Operational", "Microsoft-Windows-SmbClient/Audit", "Microsoft-Windows-SmbClient/Connectivity", "Microsoft-Windows-SMBClient/Operational", "Microsoft-Windows-SmbClient/Security", "Microsoft-Windows-SMBServer/Audit", "Microsoft-Windows-SMBServer/Connectivity", "Microsoft-Windows-SMBServer/Operational", "Microsoft-Windows-SMBServer/Security", "Microsoft-Windows-StateRepository/Operational", "Microsoft-Windows-StateRepository/Restricted", "Microsoft-Windows-Storage-ClassPnP/Operational", "Microsoft-Windows-StorageManagement/Operational", "Microsoft-Windows-StorageManagement-PartUtil/Operational", "Microsoft-Windows-StorageSpaces-Driver/Diagnostic", "Microsoft-Windows-StorageSpaces-Driver/Operational", "Microsoft-Windows-Storage-Storport/Health", "Microsoft-Windows-Storage-Storport/Operational", "Microsoft-Windows-SystemDataArchiver/Diagnostic", "Microsoft-Windows-TaskScheduler/Maintenance", "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin", "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational", "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin", "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational", "Microsoft-Windows-Time-Service/Operational", "Microsoft-Windows-TZSync/Operational", "Microsoft-Windows-User Profile Service/Operational", "Microsoft-Windows-UserPnp/ActionCenter", "Microsoft-Windows-UserPnp/DeviceInstall", "Microsoft-Windows-VDRVROOT/Operational", "Microsoft-Windows-VHDMP-Operational", "Microsoft-Windows-VolumeSnapshot-Driver/Operational", "Microsoft-Windows-Windows Defender/Operational", "Microsoft-Windows-Windows Defender/WHC", "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity", "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall", "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics", "Microsoft-Windows-WindowsUpdateClient/Operational", "Microsoft-Windows-WinINet-Config/ProxyConfigChanged", "Microsoft-Windows-Winlogon/Operational", "Microsoft-Windows-WinRM/Operational", "Microsoft-Windows-WMI-Activity/Operational", "Security", "Setup", "System", "Windows PowerShell" ], "DefaultRole": "false" } } } |