[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hobbit and BBWin0.12 Windows Event logs



Greetings all,

I need help setting up the hobbit-client.cfg file to monitor and ignore the windows event logs (application, system, security).

Here is a sample of what I have in hobbit-client.cfg:
LOG %.*application.* %error COLOR=red
LOG %.*application.* error COLOR=red IGNORE='%VSS (8193) -*'
LOG %.*application.* error COLOR=red IGNORE='%Application Error (1000) -*'

I have played around with different syntax, but I cannot seem to get it right. Here is a sample output (I know the alert does not match what I have above, it is just an example):

failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: Object Server: 
&unknown failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: 
&unknown failure - 2008/08/20 07:26:56 - Security (578) - Privileged object operation: Object Server: 
I get the security failure in this example with the blinking red dot, but then I get the same messages with the &unknown.

If anyone that has set this up correctly can please advice, it would be great.

Thanks in advance for the help,
Dev Khemraj