[Xymon] getting xymon to work with win2008r2 clents in centralmode

Neil Simmonds Neil.Simmonds at express-gifts.co.uk
Tue Oct 2 09:48:50 CEST 2012


I've got BBWin 0.13 successfully running on Windows 2008r2 machines in
central mode.

I've actually had the problem you describe on some 2003 servers as well
(usually on Domain Controllers)

The way I got round it was to comment out in the BBWin.cfg file, the
msgs.dll line, like this,

<!--load name="msgs" value="msgs.dll" -->

This prevents it collecting any log data. Also if you add a CLASS:win32
to your hosts in hosts.cfg on the server you will find that it will pick
up the right lines from client-local.cfg

The bit I haven't had chance to try yet (as we're not bothered about
collecting event log messages from the servers where I have the issue)
is setting up all the necessary exclusions in the client-local.cfg file
and then switching the msgs.dll line back in.

If you've got the right exclusions in then this should work as the BBWin
agent will have created the clientlocal.cfg file on the windows server. 

Try looking at the 67Mb file that you get in the tmp directory and I'm
sure you'll find that the majority if it is event log entries and you
should be able to work out a decent set of exclusions to remove most of
the unneeded messages.

As an example, this is part of my client-local.cfg for a windows server
security event log. I find the security one is the one that often has
floods of messages in.

eventlog:security
ignore Successful Network Logon
ignore User Logoff
ignore Microsoft-Windows-Security-Auditing
ignore success
ignore Logon attempt by
ignore Authentication Ticket Request
ignore Service Ticket Request
ignore Logon attempt using
ignore Special privileges assigned to new logon
ignore Handle Closed
ignore Object Open
ignore Pre-authentication failed
ignore An account was logged off
ignore Special privileges assigned to new logon
ignore The description for Event ID

Regards,
Neil Simmonds

-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf
Of Andersson Tomas
Sent: 01 October 2012 14:42
To: xymon at xymon.com
Subject: [Xymon] getting xymon to work with win2008r2 clents in
centralmode

Hi there !
Has anybody got xymon to function properly with windows 2008r2 clients
in central mode ??
I get it to function properly using local mode but I want to use central
mode usinf the latest BBwin 0.13.

When we tried to specify central mode we found that there was some
problem for the BBWin to create the logfile to be sent to the xymon
server
Apparently since the bbwin was installed in the ...Program files (x86)
folder and after quoting the Path parameter in the bbwin config file
It suddenly started creating  a huge 67 MB ! file to send (included all
event error and application logs ...).

So we then configured the client-local.cfg on the xymon server to try to
ignore those.
Unfortunately the xymon server did not send the client-local.cfg to the
client.

Qestions:
the file client-local.cfg on the server where you specify what log files
should be sent back to the server  and what text matching you want
the syntax is like:

[win32]
eventlog:Security:10240
ignore Success
eventlog:System:10240
ignore Information
eventlog:Application:10240
ignore Information

[freebsd]
log:/var/log/messages:10240

[netbsd]
log:/var/log/messages:10240
...

The OS-name whithin brackets [ ]   is this name win32 for windows 2008r2
also or should this "OS-name" (uname on all unixlike machines) be
specified to something else like win64 on windows 2008r2 machines or ??
Is there a command that xymon uses to figure out the os type on windows
server or how does this function ??

Is it possible to specify [] or [*] as a default entry in the
client-local.cfg on the xymon server ???




Best Regards,
/Tomas Andersson

Unix System Admin/Tech/Dev
SCA IT Services

Tel. +46 31 7460313
Mob. +46 703 610313



This message  may contain confidential, proprietary or legally
privileged information and is intended for the addressee's use
only. Any usage, disclosure, distribution, print or copying of
any  part  of  this  message  is prohibited unless you are the
intended  recipient.  If  you  receive  this message in error,
please  delete it from any computer and notify the sender.  If
you  suspect  that  this message may have been altered, please
notify the sender. SCA has taken every  reasonable  precaution
to ensure that this  e-mail and any attachments to this e-mail
has  been  scanned for viruses. However,  SCA does  not accept
liability for any damage caused by software viruses brought to
you by this mail.
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon

Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.
Express Gifts Limited is authorised and regulated by the Financial Services Authority
--------------
NOTE:  This email and any information contained within or attached in a separate file is confidential and intended solely for the 
Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any 
information or data included with this e-mail remains the property of Findel PLC and the recipient will refrain from utilising the 
information for any purpose other than that indicated and upon request will destroy the information and remove it from their records.  
Any views or opinions presented are solely those of the author and do not necessarily represent those of Findel PLC. If you are not 
the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, 
or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this 
e-mail and any attachments.  No liability is accepted for any consequences arising from it. Findel Plc reserves the right to monitor 
all e-mail communications through its internal and external networks. If you have received this email in error please notify our IT 
helpdesk on +44(0) 1254 303030
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20121002/c8dd08f4/attachment.html>


More information about the Xymon mailing list