[xymon] Windows Event logs monitor added to Xymonton

David Baldwin david.baldwin at ausport.gov.au
Wed Aug 18 01:23:29 CEST 2010 

TJ Yang wrote:
> On Tue, Aug 17, 2010 at 4:09 AM, David Baldwin
> <david.baldwin at ausport.gov.au> wrote:
>   
>> This is my solution for the deficiencies of both BBNT's msgs and BBwin
>> (broken in central mode) windows event log reporting.
>>     
>
> I am preparing to deploy BBWin 0.12 at work.
>
> Would you please elaborate more how BBWin central mode msgs reporting
> is broken ?
>   
The ignore filtering and size limiting has no effect. I currently have
the following in /etc/hobbit/client-local.cfg - doesn't do anything useful.

[win32]
log:eventlog_security:10240
ignore .*
ignore .
msgs:eventlog_security:10240
ignore .*
ignore .
eventlog:security:10240
ignore Windows Filter
ignore handle
ignore .*
ignore .
eventlog:System:10240
ignore .*
ignore .
eventlog:application:10240
ignore .*
ignore .

I also have success and failure auditing turned on - which means the
event log reports can be very big. Too big for hobbitd to handle even
with MAXMSG_DATA set at values like 15242880 (i.e. 15MB), so I get
"flooding" client errors.

Also, the event log subsystem has changed in Vista and Server 2008.
Neither BBNT or BBWin seems to handle event log processing properly for
these.

Thanks, David.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au          Leverrier Street Bruce ACT 2617


-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------

More information about the Xymon mailing list