[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] windows logs



DKDeckert (at) Hormel.com wrote:
> Hi everyone,
>
> Does anyone monitor windows system logs?  When we installed the bbwin
> client on the machine it started to just crazily send messages to xymon.
> The harddrive for xymon went from 20% to 98% in one night.  I tried to
> ignore logs but it still takes them in...
>
>   
I also did extensive fiddling with client-side filtering options and
even dived into the BBWIN source but have given up for now. We are
enabling Failure Auditing on a number of servers, and some also have
Success Audit, which makes the reported messages just enormous without
being able to filter them on the client. In some cases I couldn't fit
under even MAXMSG_CLIENT="15242880" and who knows how big I would have
needed to make it!

We are now deploying SNARE to forward event logs via syslog, then using
syslog-ng to split by incoming IP address, and I'm yet to modify the
bb-msgs.pl or similar to do the monitoring. The logs come through well
delimited into the eventlog fields, so should be very easy to filter and
report on.
SNARE: http://www.intersectalliance.com/projects/SnareWindows/index.html

BBNT is less than perfect with event logs. Many messages omit important
sections of the error, just showing "" instead. It is also a pain to
have to set up all the ignore strings on the local clients, and without
regexp patterns filtering is very primitive.

David.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin (at) ausport.gov.au          Leverrier Street Bruce ACT 2617


-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------