<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Scott,<br>
<br>
I have the following in my /etc/xymon/client-local.cfg file to try
to kill the event logs completely - note that the client has to
report successfuly to pull this from the server. If that fails,
you can paste directly into C:\Program Files (x86)\BBWin\tmp\clientlocal.cfg<br>
<br>
[win32]<br>
log:eventlog_security:10240<br>
ignore .*<br>
ignore .<br>
eventlog:security:10240<br>
ignore handle<br>
ignore .*<br>
ignore .<br>
eventlog:System:10240<br>
ignore .*<br>
ignore .<br>
eventlog:application:10240<br>
ignore .*<br>
ignore .<br>
eventlog:directory service:10240<br>
ignore .*<br>
ignore .<br>
eventlog:dfs replication:10240<br>
ignore .*<br>
ignore .<br>
eventlog:windows powershell:10240<br>
ignore .*<br>
ignore .<br>
<br>
<br>
I process all my Windows servers event logs on a central syslog
server forwarded by SNARE using a custom test.<br>
<br>
David.<br>
</div>
<blockquote
cite="mid:3850212fba0145fab02df8988924847b@DM2PR05MB461.namprd05.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div><font color="#1F497D">We are at xymon version 4.3.3 and
bbwin is at 0.13.</font></div>
<div><font color="#1F497D"> </font></div>
<div><font color="#1F497D" face="Script MT Bold" size="4"><span
style="font-size:14pt;"><b>Scott Allen Rebman</b><font
face="Calibri" size="2"><span style="font-size:11pt;">
<br>
</span></font><font face="Arial" size="2"><span
style="font-size:10pt;">Solaris System Administrator
<br>
</span></font><font face="Arial" size="2"><span
style="font-size:10pt;">HHS/HHSC/Contractor</span></font></span></font></div>
<div><font color="#1F497D" face="Arial" size="2"><span
style="font-size:10pt;">TIERS Operations<font
face="Calibri" size="2"><span style="font-size:11pt;">
<br>
</span></font><font face="Calibri" size="2"><span
style="font-size:11pt;">(512)873-6864 (CrossPark)<br>
</span></font>(512)275-6122 (cell)</span></font></div>
<div><font color="#1F497D"><a class="moz-txt-link-abbreviated" href="mailto:Scott.Rebman@hhsc.state.tx.us">Scott.Rebman@hhsc.state.tx.us</a></font></div>
<div><font color="#1F497D"> </font></div>
<div><font color="#1F497D"> </font></div>
<div><font color="#1F497D"> </font></div>
<div><font color="#1F497D"> </font></div>
<div><font face="Tahoma" size="2"><span
style="font-size:10pt;">_____________________________________________<br>
<b>From:</b> Rebman,Scott (HHSC Contractor) <br>
<b>Sent:</b> Tuesday, October 21, 2014 12:22 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:xymon@xymon.com">xymon@xymon.com</a><br>
<b>Cc:</b> Mills,David (HHSC Contractor)<br>
<b>Subject:</b> Hobbit Server Overload Due To Windows
Event Logs</span></font></div>
<div> </div>
<div> </div>
<div>We’re trying to completely shut down all Windows event
logs being sent from the clients to the Xymon server. We
experimented and only seemed able to achieve this by
deleting the:</div>
<div> </div>
<div> <load name="msgs"
value="msgs.dll"/></div>
<div> </div>
<div>line and the entire “<msgs> …</msgs>” stanza
from the local BBWin.cfg. We thought we had a recipe for
success on the rest of our Windows clients but when we
started trying to make it work on two other boxes, we found
that the “procs” and “timediff” tests
went purple!</div>
<div> </div>
<div>We experimented by putting parts of the <msgs> …
stanza back in but we found that (apparently) the client
data was not making it back to the server from the client
after the mods. So – we got it working on our test box, but
on two other “live” boxes it
failed and interfered with other tests.</div>
<div> </div>
<div>This is a hot item for us since our Hobbit server is
being overwhelmed by incoming data, in large part coming
from these huge Windows event logs.</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div><font face="Script MT Bold" size="4"><span
style="font-size:14pt;"><b>Scott Allen Rebman</b><font
face="Calibri" size="2"><span style="font-size:11pt;">
<br>
</span></font><font face="Arial" size="2"><span
style="font-size:10pt;">Solaris System Administrator
<br>
</span></font><font face="Arial" size="2"><span
style="font-size:10pt;">HHS/HHSC/Contractor</span></font></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">TIERS
Operations<font face="Calibri" size="2"><span
style="font-size:11pt;">
<br>
(512)873-6864 (CrossPark)<br>
</span></font>(512)275-6122 (cell)</span></font></div>
<div><a moz-do-not-send="true"
href="mailto:Scott.Rebman@hhsc.state.tx.us"><font
color="blue"><u>Scott.Rebman@hhsc.state.tx.us</u></font></a></div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
</span></font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Xymon mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xymon@xymon.com">Xymon@xymon.com</a>
<a class="moz-txt-link-freetext" href="http://lists.xymon.com/mailman/listinfo/xymon">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
David Baldwin - Senior Systems Administrator (Datacentres + Networks)
Information and Communication Technology Services
Australian Sports Commission <a class="moz-txt-link-freetext" href="http://ausport.gov.au">http://ausport.gov.au</a>
Tel 02 62147266 Fax 02 62141830 PO Box 176 Belconnen ACT 2616
<a class="moz-txt-link-abbreviated" href="mailto:david.baldwin@ausport.gov.au">david.baldwin@ausport.gov.au</a> 1 Leverrier Street Bruce ACT 2617
Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
</pre>
<br>
<hr>
Keep up to date with what's happening in Australian sport visit <a href="http://www.ausport.gov.au">www.ausport.gov.au</a>
<br><br>
<font size="-2" face="arial">This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.</font>
<hr>
</body>
</html>