<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Times New Roman","serif";
font-weight:bold;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
letter-spacing:0pt;
mso-ligatures:standard;
mso-number-form:default;
mso-number-spacing:default;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;
letter-spacing:0pt;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Good day!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>My bad.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>I checked the event log again from the 4.2.0 version and the description is there. It’s just that the description in the latest beta release is displayed as in the event viewer.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Please disregard my concern regarding the event log.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Ryan<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Lapuz, Ryan Jay <br><b>Sent:</b> Wednesday, July 21, 2010 11:06 AM<br><b>To:</b> xymon@xymon.com<br><b>Subject:</b> Windows Event Logs Description Sent<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Good day!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>I am currently testing xymon 4.3.0 beta2 and I received this event log from windows client.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>This is the description of the even log. I never received description of the event log on the 4.2.0 version. (Please see the event log at the bottom)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Is this normal in the latest beta release?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Also, I am testing the centralized configuration of bbwin but I can’t make the ignore function on the clien-local.cfg.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Here’s my entry in the client-local.cfg:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>[wsus11]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>eventlog:System:10240<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore Information<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore Print<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore Removable Storage Service<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>eventlog:Application:10240<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore Information<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore Windows Server Update Services<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore BigBrotherHobbitClient<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>eventlog:Security:10240<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>ignore success<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>The clientlocal.cfg file that was being sent to the windows client is empty. But in my other windows client, the clientlocal.cfg fie is normal and I can see in the detailed logs that the entry will be ignored but it is still sent to the xymon server.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>2010/07/16 17:05:36 [DEBUG]: [msgs]: will ignore : information<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>2010/07/16 17:05:36 [DEBUG]: [msgs]: will ignore : Print<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>2010/07/16 17:05:36 [DEBUG]: [msgs]: will ignore : Removable Storage Service<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>2010/07/16 17:05:36 [DEBUG]: [msgs]: will ignore : The Big Brother Hobbit Client service<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'>Ryan<o:p></o:p></span></p><h3>System logs at Wed Jul 21 08:49:59 2010<o:p></o:p></h3><pre><img width=16 height=16 id="Picture_x0020_4" src="cid:image001.gif@01CB28C6.47CBB800" alt=red> Critical entries in <a href="http://10.193.57.106/xymon-cgi/bb-hostsvc.sh?CLIENT=wsus11&SECTION=msgs:eventlog_application">eventlog_application</a><o:p></o:p></pre><pre><img border=0 width=16 height=16 id="Picture_x0020_5" src="cid:image001.gif@01CB28C6.47CBB800" alt=red> Last Error Code: 0<o:p></o:p></pre><p class=MsoNormal><img border=0 width=16 height=16 id="Picture_x0020_6" src="cid:image001.gif@01CB28C6.47CBB800" alt=red> <span style='font-size:10.0pt;font-family:"Courier New"'>Last Error Code (WSA): 0</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><pre><span style='color:black'>Full log </span><span style='color:blue'><a href="http://10.193.57.106/xymon-cgi/bb-hostsvc.sh?CLIENT=wsus11&SECTION=msgs:eventlog_application">eventlog_application</a><o:p></o:p></span></pre><pre><span style='color:black'>information - 2010/07/21 08:49:15 - DWMRCS (111) - The description for Event ID ( 111 ) in Source ( DWMRCS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The following user has connected via remote control.<o:p></o:p></span></pre><pre><span style='color:black'><o:p> </o:p></span></pre><pre><span style='color:black'><o:p> </o:p></span></pre><pre><span style='color:black'>Date: 07/21/2010 08:49:15<o:p></o:p></span></pre><pre><span style='color:black'>Computer Name: <o:p></o:p></span></pre><pre><span style='color:black'>User ID: <o:p></o:p></span></pre><pre><span style='color:black'>Logon As ID: <o:p></o:p></span></pre><pre><span style='color:black'>Domain: .<o:p></o:p></span></pre><pre><span style='color:black'>Desktop User ID: <o:p></o:p></span></pre><pre><span style='color:black'>Desktop Name: Winlogon<o:p></o:p></span></pre><pre><span style='color:black'>System Settings Using: INI-File<o:p></o:p></span></pre><pre><span style='color:black'>Desktop State: Unknown<o:p></o:p></span></pre><pre><span style='color:black'>Permission Required: No<o:p></o:p></span></pre><pre><span style='color:black'>Access Approved By: N/A - See Disconnect Notification<o:p></o:p></span></pre><pre><span style='color:black'>Access Declined By: N/A - See Disconnect Notification<o:p></o:p></span></pre><pre><span style='color:black'>Access Request Timeout: N/A - See Disconnect Notification<o:p></o:p></span></pre><pre><span style='color:black'>Access Request Disconnected: N/A - See Disconnect Notification<o:p></o:p></span></pre><pre><span style='color:black'>OS Product ID: 76487-640-6912145-23304<o:p></o:p></span></pre><pre><span style='color:black'>OS Registered Owner:<o:p></o:p></span></pre><pre><span style='color:black'>OS Registered Organization: <o:p></o:p></span></pre><pre><span style='color:black'>Host Name from Peer: rrr<o:p></o:p></span></pre><pre><span style='color:black'>IP Address(es) from Peer:<o:p></o:p></span></pre><pre><span style='color:black'>Peer Host Name: <o:p></o:p></span></pre><pre><span style='color:black'>Peer IP Address: <o:p></o:p></span></pre><pre><span style='color:black'>Protocol Version - DWRCC.EXE: 5.100000-1.100000<o:p></o:p></span></pre><pre><span style='color:black'>Protocol Version - DWRCS.EXE: 5.100000-1.100000<o:p></o:p></span></pre><pre><span style='color:black'>Product Version - DWRCS.EXE: 6.5.0.0<o:p></o:p></span></pre><pre><span style='color:black'>Product Version - DWRCC.EXE: 6.5.0.0<o:p></o:p></span></pre><pre><span style='color:black'>Proxy Host Used: No<o:p></o:p></span></pre><pre><span style='color:black'>Proxy Host: <o:p></o:p></span></pre><pre><span style='color:black'>Proxy Destination Host: <o:p></o:p></span></pre><pre><span style='color:black'>Proxy Destination Port: 0 <o:p></o:p></span></pre><pre><span style='color:black'>Proxy Callback Port: N/A <o:p></o:p></span></pre><pre><span style='color:black'>Authentication Type: Encrypted Windows Logon<o:p></o:p></span></pre><pre><span style='color:red'>Last Error Code: 0<o:p></o:p></span></pre><pre><span style='color:red'>Last Error Code (WSA): 0<o:p></o:p></span></pre><pre><span style='color:black'>Host Port Number: 6129 <o:p></o:p></span></pre><pre><span style='color:black'>Host IP Address: <o:p></o:p></span></pre><pre><span style='color:black'>Host Name: wsus11 <o:p></o:p></span></pre><pre><span style='color:black'>Absolute timeout setting: 0 minutes<o:p></o:p></span></pre><pre><span style='color:black'>Connect/Logon timeout setting: 90000 milliseconds<o:p></o:p></span></pre><pre><span style='color:black'>Access Check: Administrators<o:p></o:p></span></pre><pre><span style='color:black'>Registered: Yes<o:p></o:p></span></pre><pre><span style='color:black'>WTS Session: No<o:p></o:p></span></pre><pre><span style='color:black'>Used RSA Public-Key Key Exchange (1024 bit keys).<o:p></o:p></span></pre><pre><span style='color:black'>Encryption IDs: 26115 (24576,1536,1536) [192].<o:p></o:p></span></pre><pre><span style='color:black'>Hashing IDs: 26115 (24576,1536,1536).<o:p></o:p></span></pre><pre><span style='color:black'>Used Shared Secret: No<o:p></o:p></span></pre><pre><span style='color:black'>Registration: B3E7B137A1-C472C063<o:p></o:p></span></pre><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-ligatures:standard'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.5pt;font-family:"Tahoma","sans-serif";color:black'> </span></b><o:p></o:p></p></div></body></html>