diff --git a/docs/manifest_by_file.md b/docs/manifest_by_file.md
index 933d374..4c9cfc7 100644
--- a/docs/manifest_by_file.md
+++ b/docs/manifest_by_file.md
@@ -37,29 +37,29 @@ File Path | Manifest
## linux
File Path | Manifest
------------- | -------------
-/boot/grub\*/grub.c\* | diagnostic
-/boot/grub\*/menu.lst | diagnostic
-/etc/HOSTNAME | agents, diagnostic, lad
-/etc/\*-release | agents, diagnostic
-/etc/fstab | diagnostic, normal
-/etc/hostname | agents, diagnostic, genspec, lad
-/etc/network/interfaces | diagnostic
-/etc/network/interfaces.d/\*.cfg | diagnostic
+/boot/grub\*/grub.c\* | diagnostic, eg
+/boot/grub\*/menu.lst | diagnostic, eg
+/etc/HOSTNAME | agents, diagnostic, eg, lad
+/etc/\*-release | agents, diagnostic, eg
+/etc/fstab | diagnostic, eg, normal
+/etc/hostname | agents, diagnostic, eg, genspec, lad
+/etc/network/interfaces | diagnostic, eg
+/etc/network/interfaces.d/\*.cfg | diagnostic, eg
/etc/nsswitch.conf | diagnostic
/etc/opt/microsoft/omsagent/LAD/conf/omsagent.d/\* | lad
-/etc/resolv.conf | diagnostic
+/etc/resolv.conf | diagnostic, eg
/etc/ssh/sshd_config | diagnostic, normal
-/etc/sysconfig/SuSEfirewall2 | diagnostic
-/etc/sysconfig/iptables | diagnostic
-/etc/sysconfig/network | diagnostic
-/etc/sysconfig/network-scripts/ifcfg-eth\* | diagnostic
-/etc/sysconfig/network-scripts/route-eth\* | diagnostic
-/etc/sysconfig/network/ifcfg-eth\* | diagnostic
-/etc/sysconfig/network/routes | diagnostic
-/etc/ufw/ufw.conf | diagnostic
-/etc/waagent.conf | agents, diagnostic
-/var/lib/dhclient/dhclient-eth0.leases | diagnostic
-/var/lib/dhcp/dhclient.eth0.leases | diagnostic
+/etc/sysconfig/SuSEfirewall2 | diagnostic, eg
+/etc/sysconfig/iptables | diagnostic, eg
+/etc/sysconfig/network | diagnostic, eg
+/etc/sysconfig/network-scripts/ifcfg-eth\* | diagnostic, eg
+/etc/sysconfig/network-scripts/route-eth\* | diagnostic, eg
+/etc/sysconfig/network/ifcfg-eth\* | diagnostic, eg
+/etc/sysconfig/network/routes | diagnostic, eg
+/etc/ufw/ufw.conf | diagnostic, eg
+/etc/waagent.conf | agents, diagnostic, eg
+/var/lib/dhclient/dhclient-eth0.leases | diagnostic, eg
+/var/lib/dhcp/dhclient.eth0.leases | diagnostic, eg
/var/lib/waagent/ExtensionsConfig.\*.xml | agents, diagnostic, lad
/var/lib/waagent/GoalState.\*.xml | agents, diagnostic
/var/lib/waagent/HostingEnvironmentConfig.xml | agents, diagnostic
@@ -73,27 +73,27 @@ File Path | Manifest
/var/lib/waagent/\*.xml | agents
/var/lib/waagent/\*/config/\*.settings | agents, diagnostic
/var/lib/waagent/\*/status/\*.status | agents, diagnostic
-/var/lib/waagent/provisioned | diagnostic, genspec
-/var/log/auth\* | agents, diagnostic, normal
+/var/lib/waagent/provisioned | diagnostic, eg, genspec
+/var/log/auth\* | agents, diagnostic, eg, normal
/var/log/azure/Microsoft.\*LinuxDiagnostic/\*/\* | lad
/var/log/azure/\*/\*/\* | agents, diagnostic
-/var/log/boot\* | diagnostic, normal
-/var/log/cloud-init\* | diagnostic, normal
-/var/log/dmesg\* | agents, diagnostic, normal
-/var/log/dpkg\* | diagnostic, normal
-/var/log/kern\* | diagnostic, normal
-/var/log/messages\* | diagnostic, normal
-/var/log/rsyslog\* | diagnostic, lad, normal
+/var/log/boot\* | diagnostic, eg, normal
+/var/log/cloud-init\* | diagnostic, eg, normal
+/var/log/dmesg\* | agents, diagnostic, eg, normal
+/var/log/dpkg\* | diagnostic, eg, normal
+/var/log/kern\* | diagnostic, eg, normal
+/var/log/messages\* | diagnostic, eg, normal
+/var/log/rsyslog\* | diagnostic, eg, lad, normal
/var/log/sa/sar\* | performance
-/var/log/secure\* | diagnostic, normal
-/var/log/syslog\* | diagnostic, lad, normal
-/var/log/waagent\* | agents, diagnostic, lad, normal
-/var/log/yum\* | diagnostic, normal
+/var/log/secure\* | diagnostic, eg, normal
+/var/log/syslog\* | diagnostic, eg, lad, normal
+/var/log/waagent\* | agents, diagnostic, eg, lad, normal
+/var/log/yum\* | diagnostic, eg, normal
/var/opt/microsoft/omsagent/LAD/log/\* | lad
## windows
File Path | Manifest
------------- | -------------
-/AzureData/CustomData.bin | agents, diagnostic, normal
+/AzureData/CustomData.bin | agents, diagnostic, eg, normal
/Packages/Plugins/ESET.FileSecurity/\*/agent_version.txt | agents, diagnostic, normal
/Packages/Plugins/ESET.FileSecurity/\*/extension_version.txt | agents, diagnostic, normal
/Packages/Plugins/Microsoft.Azure.Diagnostics.IaaSDiagnostics/\*/AnalyzerConfigTempla
te.xml | agents, diagnostic, normal
@@ -159,83 +159,85 @@ File Path | Manifest
/Program Files/Microsoft SQL Server/\*/MSSQL/Log/\*.\* | sql-iaas
/Windows/Inf/netcfg\*.\*etl | diagnostic, normal
/Windows/Inf/setupapi.dev.log | diagnostic, normal
-/Windows/Panther/FastCleanup/setupact.log | diagnostic, normal
-/Windows/Panther/UnattendGC/setupact.log | diagnostic, normal
-/Windows/Panther/WaSetup.log | diagnostic, normal
-/Windows/Panther/WaSetup.xml | agents, diagnostic, genspec, normal
-/Windows/Panther/setupact.log | diagnostic, normal
-/Windows/Panther/setuperr.log | diagnostic, normal
-/Windows/Panther/unattend.xml | diagnostic, normal
-/Windows/Setup/State/State.ini | diagnostic, genspec
+/Windows/Panther/FastCleanup/setupact.log | diagnostic, eg, normal
+/Windows/Panther/UnattendGC/setupact.log | diagnostic, eg, normal
+/Windows/Panther/WaSetup.log | diagnostic, eg, normal
+/Windows/Panther/WaSetup.xml | agents, diagnostic, eg, genspec, normal
+/Windows/Panther/setupact.log | diagnostic, eg, normal
+/Windows/Panther/setuperr.log | diagnostic, eg, normal
+/Windows/Panther/unattend.xml | diagnostic, eg, normal
+/Windows/Setup/State/State.ini | diagnostic, eg, genspec
/Windows/Setup/State/state.ini | agents, normal
-/Windows/System32/Sysprep/ActionFiles/Generalize.xml | diagnostic, normal
-/Windows/System32/Sysprep/ActionFiles/Respecialize.xml | diagnostic, normal
-/Windows/System32/Sysprep/ActionFiles/Specialize.xml | diagnostic, normal
-/Windows/System32/Sysprep/Panther/IE/setupact.log | diagnostic, normal
-/Windows/System32/Sysprep/Panther/IE/setuperr.log | diagnostic, normal
-/Windows/System32/Sysprep/Panther/setupact.log | diagnostic, normal
-/Windows/System32/Sysprep/Panther/setuperr.log | diagnostic, normal
-/Windows/System32/Sysprep/Sysprep_succeeded.tag | diagnostic, normal
+/Windows/System32/Sysprep/ActionFiles/Generalize.xml | diagnostic, eg, normal
+/Windows/System32/Sysprep/ActionFiles/Respecialize.xml | diagnostic, eg, normal
+/Windows/System32/Sysprep/ActionFiles/Specialize.xml | diagnostic, eg, normal
+/Windows/System32/Sysprep/Panther/IE/setupact.log | diagnostic, eg, normal
+/Windows/System32/Sysprep/Panther/IE/setuperr.log | diagnostic, eg, normal
+/Windows/System32/Sysprep/Panther/setupact.log | diagnostic, eg, normal
+/Windows/System32/Sysprep/Panther/setuperr.log | diagnostic, eg, normal
+/Windows/System32/Sysprep/Sysprep_succeeded.tag | diagnostic, eg, normal
/Windows/System32/config/SOFTWARE | diagnostic
/Windows/System32/config/SYSTEM | diagnostic
-/Windows/System32/winevt/Logs/Application.evtx | agents, diagnostic, normal, sql-iaas
-/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Admin.evtx | diagnostic, normal
-/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Operational.evtx | diagnostic, normal
-/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Admin.evtx | diagnostic, normal
-/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Operational.evtx | diagnostic, normal
-/Windows/System32/winevt/Logs/Microsoft-Windows-CAPI2%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-DSC%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnP%4Configuration.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-NdisImPlatform%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkLocationWizard%4Operational.ev
tx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProvider%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-NlaSvc%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admi
n.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Oper
ational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RemoteDesktopSe
ssionManager%4Admin.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-SessionServices
%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-Resource-Exhaustion-Detector%4Operati
onal.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-SMBClient%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Connectivity.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-ServerManager%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-SmbClient%4Connectivity.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TCPIP%4Operational.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Admin.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Admin.ev
tx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Operatio
nal.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RDPClient%4Operation
al.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Admin.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Admin.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-UserPnp%4DeviceInstall.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4ConnectionSecurity.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4Firewall.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-Windows-WindowsUpdateClient%4Operational.evtx | diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Bootstrapper.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4GuestAgent.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Heartbeat.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Runtime.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4GuestAgent.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4Plugins.evtx | agents, diagnostic
-/Windows/System32/winevt/Logs/MicrosoftAzureRecoveryServices-Replication.evtx | diagnostic
-/Windows/System32/winevt/Logs/Security.evtx | diagnostic
-/Windows/System32/winevt/Logs/Setup.evtx | diagnostic
-/Windows/System32/winevt/Logs/System.evtx | agents, diagnostic, normal, sql-iaas
-/Windows/System32/winevt/Logs/Windows Azure.evtx | agents, diagnostic, normal
-/Windows/debug/DCPROMO.LOG | diagnostic, normal
-/Windows/debug/NetSetup.LOG | diagnostic, normal
-/Windows/debug/PASSWD.LOG | diagnostic, normal
-/Windows/debug/dcpromoui.log | diagnostic, normal
-/Windows/debug/mrt.log | diagnostic, normal
-/Windows/debug/netlogon.log | diagnostic, normal
-/WindowsAzure/Logs/AggregateStatus/aggregatestatus\*.json | agents, diagnostic, normal
-/WindowsAzure/Logs/AppAgentRuntime.log | agents, diagnostic, normal
-/WindowsAzure/Logs/MonitoringAgent.log | agents, diagnostic, normal
+/Windows/System32/winevt/Logs/Application.evtx | agents, diagnostic, eg, normal, sql-iaas
+/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Admin.evtx | diagnostic, eg, normal
+/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Operational.evtx | diagnostic, eg, normal
+/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Admin.evtx | diagnostic, eg, normal
+/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Operational.evtx | diagnostic, eg, normal
+/Windows/System32/winevt/Logs/Microsoft-Windows-CAPI2%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-DSC%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Admin.evtx | eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Operational.evtx | eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnP%4Configuration.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-NdisImPlatform%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkLocationWizard%4Operational.ev
tx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProvider%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-NlaSvc%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admi
n.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Oper
ational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RemoteDesktopSe
ssionManager%4Admin.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-SessionServices
%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Resource-Exhaustion-Detector%4Operati
onal.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-SMBClient%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Connectivity.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-ServerManager%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-SmbClient%4Connectivity.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TCPIP%4Operational.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Admin.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Admin.ev
tx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Operatio
nal.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RDPClient%4Operation
al.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Admin.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Admin.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-UserPnp%4DeviceInstall.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4ConnectionSecurity.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4Firewall.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-Windows-WindowsUpdateClient%4Operational.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Bootstrapper.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4GuestAgent.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Heartbeat.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Runtime.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4GuestAgent.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4Plugins.evtx | agents, diagnostic, eg
+/Windows/System32/winevt/Logs/MicrosoftAzureRecoveryServices-Replication.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Security.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/Setup.evtx | diagnostic, eg
+/Windows/System32/winevt/Logs/System.evtx | agents, diagnostic, eg, normal, sql-iaas
+/Windows/System32/winevt/Logs/Windows Azure.evtx | agents, diagnostic, eg, normal
+/Windows/debug/DCPROMO.LOG | diagnostic, eg, normal
+/Windows/debug/NetSetup.LOG | diagnostic, eg, normal
+/Windows/debug/PASSWD.LOG | diagnostic, eg, normal
+/Windows/debug/dcpromoui.log | diagnostic, eg, normal
+/Windows/debug/mrt.log | diagnostic, eg, normal
+/Windows/debug/netlogon.log | diagnostic, eg, normal
+/WindowsAzure/Logs/AggregateStatus/aggregatestatus\*.json | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/AppAgentRuntime.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/MonitoringAgent.log | agents, diagnostic, eg, normal
/WindowsAzure/Logs/Plugins/Microsoft.Azure.Diagnostics.IaaSDiagnostics/\*/Diagnostics
Plugin.log | agents, diagnostic, normal
/WindowsAzure/Logs/Plugins/Microsoft.Azure.Diagnostics.IaaSDiagnostics/\*/Diagnostics
PluginLauncher.log | agents, diagnostic, normal
/WindowsAzure/Logs/Plugins/Microsoft.Azure.Diagnostics.IaaSDiagnostics/\*/\*/Configur
ation/Checkpoint.txt | agents, diagnostic, normal
@@ -262,15 +264,15 @@ File Path | Manifest
/WindowsAzure/Logs/Plugins/Microsoft.SqlServer.Management.SqlIaaSAgent/\*/CommandExec
ution\*.log | sql-iaas
/WindowsAzure/Logs/Plugins/Symantec.SymantecEndpointProtection/\*/sepManagedAzure.txt | agents, diagnostic, normal
/WindowsAzure/Logs/Plugins/TrendMicro.DeepSecurity.TrendMicroDSA/\*/\*.log | agents, diagnostic, normal
-/WindowsAzure/Logs/Plugins/\*/\*/CommandExecution.log | agents, diagnostic, normal
-/WindowsAzure/Logs/Plugins/\*/\*/Heartbeat.log | agents, diagnostic, normal
-/WindowsAzure/Logs/Plugins/\*/\*/Install.log | agents, diagnostic, normal
-/WindowsAzure/Logs/Plugins/\*/\*/Update.log | agents, diagnostic, normal
+/WindowsAzure/Logs/Plugins/\*/\*/CommandExecution.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/Plugins/\*/\*/Heartbeat.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/Plugins/\*/\*/Install.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/Plugins/\*/\*/Update.log | agents, diagnostic, eg, normal
/WindowsAzure/Logs/SqlServerLogs/\*.\* | sql-iaas
-/WindowsAzure/Logs/Telemetry.log | agents, diagnostic, normal
-/WindowsAzure/Logs/TransparentInstaller.log | agents, diagnostic, normal
-/WindowsAzure/Logs/WaAppAgent.log | agents, diagnostic, normal
-/WindowsAzure/config/\*.xml | agents, diagnostic, normal
-/unattend.xml | diagnostic, normal
+/WindowsAzure/Logs/Telemetry.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/TransparentInstaller.log | agents, diagnostic, eg, normal
+/WindowsAzure/Logs/WaAppAgent.log | agents, diagnostic, eg, normal
+/WindowsAzure/config/\*.xml | agents, diagnostic, eg, normal
+/unattend.xml | diagnostic, eg, normal
-*File was created by running [parse_manifest.py](../tools/parse_manifest.py) on `2017-08-04 17:01:30.469208`*
\ No newline at end of file
+*File was created by running [parse_manifest.py](../tools/parse_manifest.py) on `2017-08-16 13:20:41.743941`*
\ No newline at end of file
diff --git a/docs/manifest_content.md b/docs/manifest_content.md
index b88d6e7..3b0417f 100644
--- a/docs/manifest_content.md
+++ b/docs/manifest_content.md
@@ -135,6 +135,42 @@ diagnostic | copy | /var/lib/waagent/Prod.\*.manifest.xml
diagnostic | copy | /var/lib/waagent/SharedConfig.xml
diagnostic | copy | /var/lib/waagent/ManagedIdentity-\*.json
diagnostic | diskinfo |
+eg | list | /var/log
+eg | list | /etc/udev/rules.d
+eg | copy | /var/lib/waagent/provisioned
+eg | copy | /etc/fstab
+eg | copy | /boot/grub\*/grub.c\*
+eg | copy | /boot/grub\*/menu.lst
+eg | copy | /etc/\*-release
+eg | copy | /etc/HOSTNAME
+eg | copy | /etc/hostname
+eg | copy | /etc/network/interfaces
+eg | copy | /etc/network/interfaces.d/\*.cfg
+eg | copy | /etc/resolv.conf
+eg | copy | /etc/sysconfig/iptables
+eg | copy | /etc/sysconfig/network
+eg | copy | /etc/sysconfig/network/ifcfg-eth\*
+eg | copy | /etc/sysconfig/network/routes
+eg | copy | /etc/sysconfig/network-scripts/ifcfg-eth\*
+eg | copy | /etc/sysconfig/network-scripts/route-eth\*
+eg | copy | /etc/sysconfig/SuSEfirewall2
+eg | copy | /etc/ufw/ufw.conf
+eg | copy | /etc/waagent.conf
+eg | copy | /var/lib/dhcp/dhclient.eth0.leases
+eg | copy | /var/lib/dhclient/dhclient-eth0.leases
+eg | copy | /var/log/waagent\*
+eg | copy | /var/log/syslog\*
+eg | copy | /var/log/rsyslog\*
+eg | copy | /var/log/messages\*
+eg | copy | /var/log/kern\*
+eg | copy | /var/log/dmesg\*
+eg | copy | /var/log/dpkg\*
+eg | copy | /var/log/yum\*
+eg | copy | /var/log/cloud-init\*
+eg | copy | /var/log/boot\*
+eg | copy | /var/log/auth\*
+eg | copy | /var/log/secure\*
+eg | diskinfo |
genspec | copy | /etc/hostname
genspec | copy | /var/lib/waagent/provisioned
lad | list | /var/log
@@ -459,6 +495,93 @@ diagnostic | copy | /WindowsAzure/Logs/Plugins/Microsoft.Azure.NetworkWatcher.Ne
diagnostic | copy | /WindowsAzure/Logs/Plugins/Microsoft.Azure.NetworkWatcher.NetworkWatcherAgentWindows/
\*/\*.log
diagnostic | copy | /WindowsAzure/Logs/Plugins/Microsoft.ManagedIdentity.ManagedIdentityExtensionForWindo
ws/\*/RuntimeSettings/\*.xml
diagnostic | diskinfo |
+eg | copy | /Windows/System32/winevt/Logs/System.evtx
+eg | copy | /Windows/System32/winevt/Logs/Application.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Windows Azure.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-CAPI2%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnP%4Configuration.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-NdisImPlatform%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-NetworkLocationWizard%4Operational.ev
tx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProvider%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-NlaSvc%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admi
n.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Oper
ational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RemoteDesktopSe
ssionManager%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-SessionServices
%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Resource-Exhaustion-Detector%4Operati
onal.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-SMBClient%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Connectivity.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-ServerManager%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-SmbClient%4Connectivity.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TCPIP%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%
4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Admin.ev
tx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Operatio
nal.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RDPClient%4Operation
al.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionMana
ger%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Admin.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client
%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-UserPnp%4DeviceInstall.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4ConnectionSecurity.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Securi
ty%4Firewall.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4GuestAgent.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Heartbeat.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Runtime.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Bootstrapper.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4GuestAgent.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4Plugins.evtx
+eg | copy | /Windows/System32/winevt/Logs/MicrosoftAzureRecoveryServices-Replication.evtx
+eg | copy | /Windows/System32/winevt/Logs/Security.evtx
+eg | copy | /Windows/System32/winevt/Logs/Setup.evtx
+eg | copy | /Windows/System32/winevt/Logs/Microsoft-Windows-DSC%4Operational.evtx
+eg | copy | /AzureData/CustomData.bin
+eg | copy | /Windows/Setup/State/State.ini
+eg | copy | /Windows/Panther/WaSetup.xml
+eg | copy | /Windows/Panther/WaSetup.log
+eg | copy | /Windows/Panther/unattend.xml
+eg | copy | /unattend.xml
+eg | copy | /Windows/Panther/setupact.log
+eg | copy | /Windows/Panther/setuperr.log
+eg | copy | /Windows/Panther/UnattendGC/setupact.log
+eg | copy | /Windows/Panther/FastCleanup/setupact.log
+eg | copy | /Windows/System32/Sysprep/ActionFiles/Generalize.xml
+eg | copy | /Windows/System32/Sysprep/ActionFiles/Specialize.xml
+eg | copy | /Windows/System32/Sysprep/ActionFiles/Respecialize.xml
+eg | copy | /Windows/System32/Sysprep/Panther/setupact.log
+eg | copy | /Windows/System32/Sysprep/Panther/IE/setupact.log
+eg | copy | /Windows/System32/Sysprep/Panther/setuperr.log
+eg | copy | /Windows/System32/Sysprep/Panther/IE/setuperr.log
+eg | copy | /Windows/System32/Sysprep/Sysprep_succeeded.tag
+eg | copy | /Windows/debug/netlogon.log
+eg | copy | /Windows/debug/NetSetup.LOG
+eg | copy | /Windows/debug/mrt.log
+eg | copy | /Windows/debug/DCPROMO.LOG
+eg | copy | /Windows/debug/dcpromoui.log
+eg | copy | /Windows/debug/PASSWD.LOG
+eg | copy | /WindowsAzure/Logs/Telemetry.log
+eg | copy | /WindowsAzure/Logs/TransparentInstaller.log
+eg | copy | /WindowsAzure/Logs/WaAppAgent.log
+eg | copy | /WindowsAzure/config/\*.xml
+eg | copy | /WindowsAzure/Logs/AggregateStatus/aggregatestatus\*.json
+eg | copy | /WindowsAzure/Logs/AppAgentRuntime.log
+eg | copy | /WindowsAzure/Logs/MonitoringAgent.log
+eg | copy | /WindowsAzure/Logs/Plugins/\*/\*/CommandExecution.log
+eg | copy | /WindowsAzure/Logs/Plugins/\*/\*/Install.log
+eg | copy | /WindowsAzure/Logs/Plugins/\*/\*/Update.log
+eg | copy | /WindowsAzure/Logs/Plugins/\*/\*/Heartbeat.log
+eg | diskinfo |
genspec | copy | /Windows/Setup/State/State.ini
genspec | copy | /Windows/Panther/WaSetup.xml
normal | copy | /Windows/System32/winevt/Logs/System.evtx
@@ -627,4 +750,4 @@ sql-iaas | copy | /WindowsAzure/Logs/Plugins/Microsoft.SqlServer.Management.SqlI
sql-iaas | copy | /WindowsAzure/Logs/SqlServerLogs/\*.\*
sql-iaas | copy | /Program Files/Microsoft SQL Server/\*/MSSQL/Log/\*.\*
-*File was created by running [parse_manifest.py](../tools/parse_manifest.py) on `2017-08-04 17:01:30.469208`*
\ No newline at end of file
+*File was created by running [parse_manifest.py](../tools/parse_manifest.py) on `2017-08-16 13:20:41.743941`*
\ No newline at end of file
diff --git a/pyServer/manifests/linux/eg b/pyServer/manifests/linux/eg
new file mode 100644
index 0000000..0492694
--- /dev/null
+++ b/pyServer/manifests/linux/eg
@@ -0,0 +1,45 @@
+echo,### Probing Directories ###
+ll,/var/log
+ll,/etc/udev/rules.d
+
+echo,### Gathering Configuration Files ###
+copy,/var/lib/waagent/provisioned
+copy,/etc/fstab
+copy,/boot/grub*/grub.c*
+copy,/boot/grub*/menu.lst
+copy,/etc/*-release
+copy,/etc/HOSTNAME
+copy,/etc/hostname
+copy,/etc/network/interfaces
+copy,/etc/network/interfaces.d/*.cfg
+copy,/etc/resolv.conf
+copy,/etc/sysconfig/iptables
+copy,/etc/sysconfig/network
+copy,/etc/sysconfig/network/ifcfg-eth*
+copy,/etc/sysconfig/network/routes
+copy,/etc/sysconfig/network-scripts/ifcfg-eth*
+copy,/etc/sysconfig/network-scripts/route-eth*
+copy,/etc/sysconfig/SuSEfirewall2
+copy,/etc/ufw/ufw.conf
+copy,/etc/waagent.conf
+copy,/var/lib/dhcp/dhclient.eth0.leases
+copy,/var/lib/dhclient/dhclient-eth0.leases
+echo,
+
+echo,### Gathering Log Files ###
+copy,/var/log/waagent*
+copy,/var/log/syslog*
+copy,/var/log/rsyslog*
+copy,/var/log/messages*
+copy,/var/log/kern*
+copy,/var/log/dmesg*
+copy,/var/log/dpkg*
+copy,/var/log/yum*
+copy,/var/log/cloud-init*
+copy,/var/log/boot*
+copy,/var/log/auth*
+copy,/var/log/secure*
+echo,
+
+echo,### Gathering Disk Info ###
+diskinfo,
diff --git a/pyServer/manifests/windows/eg b/pyServer/manifests/windows/eg
new file mode 100644
index 0000000..4544af1
--- /dev/null
+++ b/pyServer/manifests/windows/eg
@@ -0,0 +1,100 @@
+echo,### EXPERIMENTAL FEATURE ###
+
+echo,### Event Logs ###
+copy,/Windows/System32/winevt/Logs/System.evtx
+copy,/Windows/System32/winevt/Logs/Application.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-ServiceFabric%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-ServiceFabric-Lease%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Windows Azure.evtx
+
+echo,### Additional Event Logs ###
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-CAPI2%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnP%4Configuration.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Kernel-PnPConfig%4Configuration.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-NdisImPlatform%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkLocationWizard%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProvider%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-NlaSvc%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-RemoteDesktopServices-SessionServices%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-SMBClient%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Connectivity.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-SMBServer%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-ServerManager%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-SmbClient%4Connectivity.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TCPIP%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client%4Admin.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-SessionBroker-Client%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-UserPnp%4DeviceInstall.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4GuestAgent.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Heartbeat.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Runtime.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Diagnostics%4Bootstrapper.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4GuestAgent.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-WindowsAzure-Status%4Plugins.evtx
+copy,/Windows/System32/winevt/Logs/MicrosoftAzureRecoveryServices-Replication.evtx
+copy,/Windows/System32/winevt/Logs/Security.evtx
+copy,/Windows/System32/winevt/Logs/Setup.evtx
+copy,/Windows/System32/winevt/Logs/Microsoft-Windows-DSC%4Operational.evtx
+
+echo,### Provisioning ###
+copy,/AzureData/CustomData.bin
+copy,/Windows/Setup/State/State.ini
+copy,/Windows/Panther/WaSetup.xml
+copy,/Windows/Panther/WaSetup.log
+copy,/Windows/Panther/unattend.xml
+copy,/unattend.xml
+copy,/Windows/Panther/setupact.log
+copy,/Windows/Panther/setuperr.log
+copy,/Windows/Panther/UnattendGC/setupact.log
+copy,/Windows/Panther/FastCleanup/setupact.log
+copy,/Windows/System32/Sysprep/ActionFiles/Generalize.xml
+copy,/Windows/System32/Sysprep/ActionFiles/Specialize.xml
+copy,/Windows/System32/Sysprep/ActionFiles/Respecialize.xml
+copy,/Windows/System32/Sysprep/Panther/setupact.log
+copy,/Windows/System32/Sysprep/Panther/IE/setupact.log
+copy,/Windows/System32/Sysprep/Panther/setuperr.log
+copy,/Windows/System32/Sysprep/Panther/IE/setuperr.log
+copy,/Windows/System32/Sysprep/Sysprep_succeeded.tag
+
+echo,### Active Directory domain join ###
+copy,/Windows/debug/netlogon.log
+copy,/Windows/debug/NetSetup.LOG
+copy,/Windows/debug/mrt.log
+copy,/Windows/debug/DCPROMO.LOG
+copy,/Windows/debug/dcpromoui.log
+copy,/Windows/debug/PASSWD.LOG
+
+echo,### Guest Agent ###
+copy,/WindowsAzure/Logs/Telemetry.log
+copy,/WindowsAzure/Logs/TransparentInstaller.log
+copy,/WindowsAzure/Logs/WaAppAgent.log
+copy,/WindowsAzure/config/*.xml
+copy,/WindowsAzure/Logs/AggregateStatus/aggregatestatus*.json
+copy,/WindowsAzure/Logs/AppAgentRuntime.log
+copy,/WindowsAzure/Logs/MonitoringAgent.log
+copy,/WindowsAzure/Logs/Plugins/*/*/CommandExecution.log
+copy,/WindowsAzure/Logs/Plugins/*/*/Install.log
+copy,/WindowsAzure/Logs/Plugins/*/*/Update.log
+copy,/WindowsAzure/Logs/Plugins/*/*/Heartbeat.log
+
+echo,### Gathering Disk Info ###
+diskinfo,