windows-nt/Source/XPSP1/NT/admin/snapin/smonlog/smlogsvc/smlogsvc.sld

817 lines
57 KiB
Plaintext
Raw Normal View History

2020-09-26 03:20:57 -05:00
<EFBFBD><EFBFBD><?xml version="1.0" encoding="UTF-16"?>
<!DOCTYPE DCARRIER SYSTEM "Mantis.DTD">
<DCARRIER
CarrierRevision="1"
DTDRevision="16"
>
<TASKS
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </TASKS>
<PLATFORMS
Context="1"
> </PLATFORMS>
<REPOSITORIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </REPOSITORIES>
<GROUPS
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </GROUPS>
<COMPONENTS
Context="0"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<COMPONENT
ComponentVSGUID="{34001539-CDA9-495C-9210-22C2D0BE9423}"
ComponentVIGUID="{83679002-5A67-44ED-BF82-0022B7BFDD55}"
Revision="620"
RepositoryVSGUID="{8E0BE9ED-7649-47F3-810B-232D36C430B4}"
Visibility="200"
MultiInstance="False"
Released="False"
Editable="True"
HTMLFinal="False"
IsMacro="False"
Opaque="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<HELPCONTEXT
src=".\smlogsvc.htm"
><![CDATA[<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML DIR="LTR"><HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<TITLE>Performance Logs and Alerts Service</TITLE>
<STYLE TYPE="text/css">
<!--
BODY { font: normal 8pt Tahoma; background-color: #FFFFFF; }
P { font: normal 8pt Tahoma; }
.showhide { color: blue; text-decoration: underline; cursor: hand; }
.callout { font: normal 8pt Tahoma; background-color: #E0E0E0; padding: 10pt; }
.code { font: normal 8pt Courier New; }
UL { font: normal 8pt Tahoma; list-style: square outside; margin-left: 0.25in; }
OL { font: normal 8pt Tahoma; list-style: decimal outside; margin-left: 0.25in; }
H1 { font: bold 12pt Tahoma; margin-bottom: -12pt; }
H2 { font: bold 10pt Tahoma; margin-bottom: -12pt; }
H3 { font: bold 8pt Tahoma; margin-bottom: -12pt; }
H4 { font: italic 8pt Tahoma; margin-bottom: -12pt; }
TABLE { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
CAPTION { font: bold 8pt Tahoma; text-align: left; padding: 2px; }
THEAD { font: bold 8pt Tahoma; text-align: left; padding: 2px; background-color: #F0F0F0 }
TH { font: bold 8pt Tahoma; text-align: left; padding: 2px; background-color: #F0F0F0 }
TBODY { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
TD { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
TR { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
CODE { font-family: Courier New; }
TT { font-family: Courier New; }
KBD { font-family: Courier New; font-weight: bold; }
VAR { font-family: Courier New; font-style: italic; }
EM { font-style: italic; }
I { font-style: italic; }
STRONG { font-weight: bold; }
B { font-weight: bold; }
-->
</STYLE>
</HEAD>
<BODY TOPMARGIN="0">
The Performance Logs and Alerts Service component provides the scheduled starting and stopping of performance counter and event trace log collections, and the processing of alerts against pre-defined performance counter thresholds. It supports the System Monitor and the Performance Command-Line tool components. </P>
<H3>Component Configuration</H3>
<P>This component is a stand-alone executable file that processes collections that have been configured previously using the System Monitor component or the command-line tool Logman, which is part of the Performance Command Line Tool component.</P>
<H3>For More Information </H3>
<P>For information about configuring performance logs and alerts, see the online Help in the System Monitor component.</P>
</BODY>
</HTML>
]]></HELPCONTEXT>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </PROPERTIES>
<RESOURCES
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<RESOURCE
Name="File(819):&quot;%11%&quot;,&quot;smlogsvc.exe&quot;"
ResTypeVSGUID="{E66B49F6-4A35-4246-87E8-5C1A468315B5}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="DstPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%11%</PROPERTY>
<PROPERTY
Name="DstName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>smlogsvc.exe</PROPERTY>
<PROPERTY
Name="NoExpand"
Format="Boolean"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>False</PROPERTY>
</PROPERTIES>
<DISPLAYNAME>Performance Logs and Alerts service</DISPLAYNAME>
<DESCRIPTION>Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert.</DESCRIPTION>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;ADVAPI32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ADVAPI32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;KERNEL32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>KERNEL32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;USER32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>USER32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;ntdll.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ntdll.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;NETAPI32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>NETAPI32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;SHLWAPI.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>SHLWAPI.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;pdh.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>pdh.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries&quot;,&quot;Defaults Installed&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Defaults Installed</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>0</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog&quot;,&quot;EventMessageFile&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>EventMessageFile</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\System32\smlogsvc.exe</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog&quot;,&quot;TypesSupported&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>TypesSupported</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>7</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="Service(819):&quot;SysmonLog&quot;"
ResTypeVSGUID="{5C16ED57-3182-4411-8EA7-AC1CE70B96DA}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="True"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="Dependencies"
Format="Multi"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
></PROPERTY>
<PROPERTY
Name="ErrorControl"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="LoadOrderGroup"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
></PROPERTY>
<PROPERTY
Name="Password"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
></PROPERTY>
<PROPERTY
Name="ServiceBinary"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\smlogsvc.exe</PROPERTY>
<PROPERTY
Name="ServiceDescription"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.</PROPERTY>
<PROPERTY
Name="ServiceDisplayName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Performance Logs and Alerts</PROPERTY>
<PROPERTY
Name="ServiceName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>SysmonLog</PROPERTY>
<PROPERTY
Name="ServiceType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>16</PROPERTY>
<PROPERTY
Name="StartName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
></PROPERTY>
<PROPERTY
Name="StartType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>3</PROPERTY>
</PROPERTIES>
<DISPLAYNAME>Service(819):&quot;SysmonLog&quot;</DISPLAYNAME>
<DESCRIPTION></DESCRIPTION>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog&quot;,&quot;ObjectName&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ObjectName</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>NT Authority\NetworkService</PROPERTY>
</PROPERTIES>
<DISPLAYNAME>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\ObjectName</DISPLAYNAME>
<DESCRIPTION></DESCRIPTION>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog&quot;,&quot;DefaultLogFileFolder&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DefaultLogFileFolder</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemDrive%\PerfLogs</PROPERTY>
</PROPERTIES>
<DISPLAYNAME>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\DefaultLogFileFolder</DISPLAYNAME>
<DESCRIPTION></DESCRIPTION>
</RESOURCE>
</RESOURCES>
<GROUPMEMBERS
>
<GROUPMEMBER
GroupVSGUID="{E01B4103-3883-4FE8-992F-10566E7B796C}"
></GROUPMEMBER>
<GROUPMEMBER
GroupVSGUID="{D7523171-4196-45C3-BA4A-46ECD881D49B}"
></GROUPMEMBER>
</GROUPMEMBERS>
<DEPENDENCIES
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
> </DEPENDENCIES>
<DISPLAYNAME>Performance Logs and Alerts Service</DISPLAYNAME>
<VERSION>1.0</VERSION>
<DESCRIPTION>Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert.</DESCRIPTION>
<COPYRIGHT>2000 Microsoft Corp.</COPYRIGHT>
<VENDOR>Microsoft Corp.</VENDOR>
<OWNERS>kathse</OWNERS>
<AUTHORS>kathse</AUTHORS>
<DATECREATED>7/20/2001</DATECREATED>
<DATEREVISED>10/28/2001 7:34:52 PM</DATEREVISED>
</COMPONENT>
</COMPONENTS>
<RESTYPES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </RESTYPES>
</DCARRIER>