Views Reference - Forefront Security for Exchange Server
The following tables provide a reference to each of the Forefront Security for Exchange views included in the Microsoft Forefront Server Security Management Pack for MOM 2005. For more information about views, see Views.
Alert Views for Forefront Security - General
Parent Folder |
Microsoft Forefront Server Security |
View Name |
Alerts - Microsoft Forefront |
Criteria |
Resolution State != “Resolved” AND CustomField1 = “Microsoft Forefront Server Security” AND Computer Group = “Forefront Security *” |
Description |
Displays all alerts generated for agent systems that are members of the “Forefront Security *” computer group. |
Alert Views for Forefront for Exchange
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange |
View Name |
Alerts – Forefront for Exchange |
Criteria |
Resolution State != “Resolved” AND CustomField1 = “Microsoft Forefront Server Security” AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays all alerts generated for agent systems that are members of the “Forefront Security for Exchange Server*” computer group. |
Parent Folder |
Microsoft Forefront Server Security\Engines |
View Name |
Engine Update Failure |
Criteria |
Resolution State != “Resolved” AND CustomField1 = “Microsoft Forefront Server Security” AND CustomField3 = “EngineUpdateFailure” AND Computer Group = “Forefront Security *” |
Description |
Displays alerts about engine update failures. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Scan Jobs |
View Name |
Scan Job Failure |
Criteria |
Resolution State != “Resolved” AND CustomField1 = “Microsoft Forefront Server Security” AND CustomField3 = “ScanJobFailure” AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays alerts about scan job failures. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Services |
View Name |
Service Failure |
Criteria |
Resolution State != “Resolved” AND CustomField1 = “Microsoft Forefront Server Security” AND CustomField3 = “ServicesFailure” AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays alerts about service failures. |
State Views
Parent Folder |
Microsoft Forefront Server Security |
View Name |
State – No Heartbeat |
Criteria |
Computer Group = “Forefront Security *” AND No heartbeat detected within the last 15 minutes |
Description |
Displays agent systems which have lost contact with the MOM Server. |
Parent Folder |
Microsoft Forefront Server Security |
View Name |
State – Open Alerts |
Criteria |
Computer Group = “Forefront Security *” AND Computer has Open Alerts |
Description |
Displays agent systems that have unresolved open alerts. |
Event Views for Forefront Security - General
Parent Folder |
Microsoft Forefront Server Security |
View Name |
Events – Microsoft Forefront |
Criteria |
Generated in the last 7 days AND Computer Group = “Forefront Security *” |
Description |
Displays all events generated by agent systems that are members of the “Forefront Security *” computer group. |
Event Views for Forefront for Exchange
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange |
View Name |
Events – Forefront for Exchange |
Criteria |
Generated in the last 7 days AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays all events generated from agent systems in the “Forefront Security for Exchange Server*” computer group. |
Parent Folder |
Microsoft Forefront Server Security\Engines |
View Name |
Engine Update Status |
Criteria |
Event ID = (2014 or 2016 or 6014 or 9525 or 9897 or 9898) AND Generated in the last 7 days AND Computer Group = “Forefront Security *” |
Description |
Displays all events that indicate a successfully-completed scan engine update on “Forefront Security Server” systems. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Scan Jobs |
View Name |
Scan Job Status |
Criteria |
Event ID = (2000 or 2001 or 2002 or 2005 or 2007 or 2008) AND Generated in the last 7 days AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays all events that indicate Scan Jobs going into an enabled or disabled state on “Forefront for Exchange” systems. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Services |
View Name |
Service Status |
Criteria |
Event ID = (332 or 333 or 1002 or 1003 or 1005 or 1006 or 1007 or 1008 or Generated in the last 7 days AND Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays events that indicate Forefront Security and related services started or stopped successfully on “Forefront Security for Exchange Server” systems. |
Performance Views for Forefront Security - General
Parent Folder |
Microsoft Forefront Server Security |
View Name |
Performance – Microsoft Forefront |
Criteria |
Computer Group = “Forefront Security *” |
Description |
Displays a list of agent systems (and their measured counters) that belong to the “Forefront Security *” computer group. |
Performance Views for Forefront for Exchange
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange |
View Name |
Performance – Forefront for Exchange |
Criteria |
Computer Group = “Forefront Security for Exchange Server*” |
Description |
Displays a list of agent systems (and their measured counters) that belong to the “Forefront Security for Exchange Server*” computer group. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Scan Jobs |
View Name |
Realtime Attachment Scan Rate |
Criteria |
Computer Group = “Forefront Security for Exchange Server *” Object=”Microsoft Forefront Server Security Scan” Instance=”Realtime Scan Job” Counter= “Attachments Scanned Rate” |
Description |
Attachment Scan Rate for Realtime scanner. |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Scan Jobs |
View Name |
Realtime Attachments Detected |
Criteria |
Computer Group = “Forefront Security for Exchange Server *” Object=”Microsoft Forefront Server Security Scan” Instance=”Realtime Scan Job” Counter= “Total Attachments Detected” |
Description |
Total number of attachments detected by Realtime scan |
Parent Folder |
Microsoft Forefront Server Security\Forefront for Exchange\Scan Jobs |
View Name |
Realtime Attachments Removed |
Criteria |
Computer Group = “Forefront Security for Exchange Server *” Object=”Microsoft Forefront Server Security Scan” Instance=”Realtime Scan Job” Counter= “Total Attachments Removed” |
Description |
Total number of attachments removed by Realtime scan |