[xymon] Question on MrBig log parsing

[Deiss, Mark]

It's a Windows event log. I thought maybe there was an issue with the
name having a space but quoting it has no bearing (for the "ignore
source" entries). I have drilled into the particular events and have
added "ignore message" with different single words that are in the
alerts. The final alert in Xymon/BB does not have the event body - just
a header line with date stamps followed by a line with a bracketed
number that something is occurring in the MIMEsweeper log.

I will see about contacting Mr. Nygren.

Office: 240-686-2666
mark.deiss at acs-inc.com
ACS, A Xerox Company 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

-----Original Message-----
From: ulric at siag.nu [mailto:ulric at siag.nu] 
Sent: Tuesday, September 28, 2010 9:19 AM
To: xymon at xymon.com
Subject: Re: [xymon] Question on MrBig log parsing

Citerar "Deiss, Mark" <Mark.Deiss at acs-inc.com>:

>
> For the Windows client, MrBig, has anyone fooled around with the rules
> for parsing the log files? We have a "MIMEsweeper log" that just
cannot
> figure out syntax to suppress false alerts.

Is this a Windows event log? Check in Event Viewer what the name is and 
filtering on the log name should work fine.

Last I heard, the good folks at Qbranch (the company behind Mr Big) 
were going to carry on maintenance after I left. Tobias Nygren is the 
new maintainer; see contact info on the web page.

Ulric


To unsubscribe from the xymon list, send an e-mail to
xymon-unsubscribe at xymon.com