[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [hobbit] windows logs



The problem i am having is that i have completley wiped out the [win32]
entries we have in client-local.cfg on xymons side.  It shouldnt even be
reporting logs to xymon because xymon isnt looking for them(if it is
working correctly).

It will show the critical events that happen plus show the full log.  We
want it to ignore all events and not even record them but it still is.....


shouldnt the end all end all lie with client-local.cfg.  If i wipe the
entries for log monitoring it should in a sense stop looking for thoes
logs, but xymon still registers them and saves them in the histlogs
directory .....(which i might add is getting about 10% larger every 40
mins)..

EXAMPLE

                                                                                                                                     
 No entries in eventlog_system                                                                                                       
                                                                                                                                     
 No entries in eventlog_security                                                                                                     
                                                                                                                                     
 No entries in eventlog_application                                                                                                  
                                                                                                                                     
                                                                                                                                     
 Full log eventlog_system                                                                                                            
                                                                                                                                     
 Full log eventlog_security                                                                                                          
 success - 2009/07/14 10:52:48 - Security (538) - User Logoff: User Name: DKroken Domain: HFC Logon ID: (0x0,0xBD3817) Logon Type: 3 
 success - 2009/07/14 10:52:48 - Security (540) - Successful Network Logon: User Name: DKroken Domain: HFC Logon ID: (0x0,0xBD3817)  
 Logon Type: 3 Logon Process: CISCO Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: CISCO Logon      
 GUID: - Caller User Name: CONNETACS$ Caller Domain: HFC Caller Logon ID: (0x0,0x3E7) Caller Process ID: 1904 Transited Services: -  
 Source Network Address: - Source Port: -                                                                                            
                                                                                                                                     
                                                                                                                                     


it is logging all the success but we have them ignored in
hobbit-clients.cfg

CLASS=win32
        MEMPHYS 90 101
        MEMSWAP 90 95
        MEMACT 90 97
        LOAD 90 95
        DISK * 90 95
        LOG %.* %.*warning.* COLOR=yellow IGNORE=%(printer|Perflib|PerfNet|
success|redirector|CPU Utilization Management)
        LOG %.*  %.*error.* COLOR=red IGNORE=%(printer|Perflib|PerfNet|
success|JOTS-STORAGE)


I just thought of something as i looked at this......because it is a class
in bb-hosts   do all of the clients need to have the class win32 after it.
But if that was the case than why would it be monitoring logs if it wasent
classified as such for client-local.cfg




HELP !!!!!





Notice:
This communication is an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. § 2510.  Its disclosure is strictly limited to the recipient(s) intended by the sender of this message.  This transmission and any attachments may contain proprietary, confidential, attorney-client privileged information and/or attorney work product. If you are not the intended recipient, any disclosure, copying, distribution, reliance on, or use of any of the information contained herein is STRICTLY PROHIBITED.  Please destroy the original transmission and its attachments without reading or saving in any matter and confirm by return email.