[hobbit] Filtering event logs from windows sytems bbnt client

Aaron Stranberg a_stranberg at hotmail.com
Thu May 10 22:49:34 CEST 2007


Thanks for the reply, I will have too weigh out taking a swag at this module vs. moving forward with deployment of BBWIN  Is BBWIN considered production stable?  I was also reading about the centralized updates, does this include ability for the agent to upgrade/udpate its self?  This is a huge step for folks in my position with windows hosts in the hundreds with no central LDAP/AD, or even common logons it means manually touching each system for updates and config changes on the current bbnt client. I am really looking forward to getting bbwin roled out!  > Date: Thu, 10 May 2007 18:57:40 +0200> To: hobbit at hswn.dk> From: henrik at hswn.dk> Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt client> > On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:> > > > Hi All,    Is it possible using the hobbit-clients.cfg > > file to centrally filter out windows eventlog messages by key word?> > Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit"> clients that use the hobbit-specific way of reporting data which is> then analysed at the server. The bbnt client determines the status all> by itself and sends the status update directly to the server, so it> isn't possible to filter data on the server.> > I can see a couple of ways you can do it, though. You can create a> custom Hobbit server-side module, which is passed all of the "msgs"> status data. Then you could filter these and generate a new status> column - "msgs2", or whatever you'd call it - from these filtered data.> > Writing server-side modules may seem daunting, but it really isn't.> If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/> then you'll find a perl program which is such a server-side module:> It's in the hobbitd/hobbitd_rootlogin.pl file.> > You'd need to write a tool that reads the "msgs" status data it gets.> The "msgs" status report (if I recall correctly) has the interesting> lines listed with a red/yellow marker first, like:>     &red This is a critical message>     &yellow This is a warning>     &yellow This is pure noise> So your script could weed out the "noise" lines, and then look at the> remaining lines (if any) to see what the new status color should be.> From that, it should be easy to generate the new "msgs2" status and> feed it into Hobbit.> > > Regards,> Henrik> > > To unsubscribe from the hobbit list, send an e-mail to> hobbit-unsubscribe at hswn.dk> > 
_________________________________________________________________
Add some color. Personalize your inbox with your favorite colors.
www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_addcolor_0507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20070510/cdf4180b/attachment.html>


More information about the Xymon mailing list