<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:blue;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:336079418;
mso-list-type:hybrid;
mso-list-template-ids:717547172 201916431 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:blue'>Hi<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Q1<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>You're right, BBWin does not have an equivalent server sent config for what event logs are wanted. It can be configured locally on the client in the registry if I recall correctly. This is why we added eventlogswanted - I wanted to be able to send that from the server.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>I think your two methods look correct (either way). This is a problem we have been thinking about for a while as we have no need to collect all logs (hence eventlogswanted) but managing all the configs can become a problem.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Q2<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Yes, they add to the raw data. They were in the original Powershell client, I added the switches to turn them off and be off by default but left them in as presumably someone does use them or did have a requirement for them.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>I wouldn't recommend enabling Win32_Product on any current Windows server – it has some nasty side effects (<a href="http://support.microsoft.com/kb/974524">http://support.microsoft.com/kb/974524</a>). <o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Q3<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>You're right, the original Powershell client sent back Error and Warning events only. Not sure how this compares to BBWin. I can put this on the todo list – maybe as an additional option on eventlogswanted.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Thanks<o:p></o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><span style='color:blue;mso-fareast-language:EN-GB'>Zak </span><span style='font-size:9.0pt;font-family:"Arial",sans-serif;color:blue;mso-fareast-language:EN-GB'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='mso-fareast-language:EN-GB'>From:</span></b><span lang=EN-US style='mso-fareast-language:EN-GB'> Brandon Dale [mailto:BDale@kitchengroup.com.au] <br><b>Sent:</b> 20 February 2015 02:55<br><b>To:</b> Beck, Zak; xymon@xymon.com<br><b>Subject:</b> RE: Xymon PowerShell Windows client<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Hi Zak,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>I have been testing this on a few machines and playing around with it.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>I’m trying to work out how best to handle the rules for filtering and alerting on event logs if there are both bbwin and PowerShell clients being used as the PowerShell client is slightly different in the way it collects the event logs.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='color:#1F497D'>Question 1:<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>In bbwin the raw data contains:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>[collector:]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>client testserver01.bbwin <b>win32</b><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>In the updated PowerShell client it contains:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>[collector:]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>client testserver01.powershell <b>PowerShell</b> XymonPS<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>on the xymon server in client-local.cfg I have a setup like this.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>[win32]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>eventlog:security:10240<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>ignore blahblahblah<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>eventlog:system:10240<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>ignore blahblahblah<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>eventlog:application:10240<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>ignore blahblahblah<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>and then in analysis.cfg:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>CLASS=win32<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'> LOG %.* %^critical.* COLOR=red<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'> LOG %.* %^error.* COLOR=red<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'> LOG %.* %^failure.* COLOR=yellow<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'> LOG %.* %^warning.* COLOR=yellow<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>I don’t think Bbwin has an equivalent to the <b>eventlogswanted:event_log_name:max_size</b> command it seems to just pull all the event logs by default (all the logs listed in <b>Get-EventLog -List | FT log). </b><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Now because bbwin pulls all the logs by default, if I have a situation like the example below I get all the event logs on both servers and filters listed in client-local.cfg apply to the security,application,system logs which are the ones that contain most of the noise.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Example two servers, event logs collected in bbwin by default:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Server 1 (generic member server, nothing special)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_application]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_hardwareevents]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_internet explorer]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_key management service]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_security]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_system]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_windows PowerShell]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-AU'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Server 2 (Domain Controller)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_application]<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_dfs replication]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_directory service]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_dns server]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_file replication service]<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_internet explorer]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_security]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='mso-fareast-language:EN-AU'>[msgs:eventlog_system]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>You can see the extra event logs present on the domain controller.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>In the PowerShell client I can’t work out how I can replicate this behaviour as by default it only collects Application,System,Security logs. I know I can specify additional logs using <b>wantedeventlogs </b>but I can’t see how I can do that in a single general rule It seems like I would need to either<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-AU style='color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-AU style='color:#1F497D'>Have an entry in client-local.cfg under [PowerShell] with eventlogswanted and list every possible event log, this would mean on all clients these would display under msgs even if the log doesn’t exist on the client<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-AU style='color:#1F497D'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-AU style='color:#1F497D'>Create a separate entry with the [hostname] in client-local.cfg for each server where I want to collect anything outside of the three default logs and then list the ignore filters each time.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Have I misunderstood how this works or is there an easy way to replicate the same behaviour as bbwin? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='color:#1F497D'>Question 2:<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>I read through the documentation but I can’t work out what is the advantage of setting any of these to 1: EnableWin32_Product, EnableWin32_QuickFixEngineering, EnableWMISections ? I understand they are disabled by default for performance but what do you actually gain if you enable them? I can see you get more info in the raw data but how is this used for the tests in xymon?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='color:#1F497D'>Question 3:<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Would it be worth adding a filter to the client so get-winevents only returns critical,error,failure,warning events rather than everything. That would remove the need to have as many ignore rules in the client-local.cfg and I am guessing most people don’t alert on events that are level=information. From memory I think that is how the original PowerShell client worked. I think ideally you should be able to specify this in the config xml or something similar.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'>Regards, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#000097'>Brandon </span></b><span lang=EN-AU style='font-size:8.0pt;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal align=center style='text-align:center'><span lang=EN-AU style='font-size:8.0pt;color:#1F497D'><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-AU style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'> Xymon [</span><a href="mailto:xymon-bounces@xymon.com"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>mailto:xymon-bounces@xymon.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>] <b>On Behalf Of </b></span><a href="mailto:zak.beck@accenture.com"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>zak.beck@accenture.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'><br><b>Sent:</b> Friday, 13 February 2015 8:53 PM<br><b>To:</b> </span><a href="mailto:xymon-developer@lists.sourceforge.net"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>xymon-developer@lists.sourceforge.net</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>; </span><a href="mailto:xymon@xymon.com"><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'>xymon@xymon.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:EN-AU'><br><b>Subject:</b> [Xymon] Xymon Powershell Windows client<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>Today I have uploaded a new version of the Xymon Powershell client to SVN (in sandbox/WinPSClient). We (Accenture) are very pleased to be contributing these changes to the open source community. I've been working on this now for around 8 months on and off and hopefully the changes made will be of benefit to everyone!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>Whilst making changes, we have focussed mainly on making it work, improving reliability and most importantly improving performance.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>In most cases, on our 64 bit OS virtual machines, a data collection now takes around 5 seconds. On heavily loaded (CPU load or event log load) servers, the script is now considerably faster than originally. Key to this has been reducing the amount of WMI usage as this was a major culprit. <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>We have also implemented some new features, largely based on our in-house requirements but hopefully useful to others:<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle'><span style='font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB'>·</span><span style='font-size:7.0pt;font-family:"Times New Roman",serif;color:black;mso-fareast-language:EN-GB'> </span><span style='color:black;mso-fareast-language:EN-GB'>Showing the process owner and command line in [procs]. This has been implemented using c# code, compiled at runtime.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle'><span style='font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB'>·</span><span style='font-size:7.0pt;font-family:"Times New Roman",serif;color:black;mso-fareast-language:EN-GB'> </span><span style='color:black;mso-fareast-language:EN-GB'>Adding Active Directory replication test, Terminal Services sessions test<o:p></o:p></span></p><p class=MsoNormal style='margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle'><span style='font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB'>·</span><span style='font-size:7.0pt;font-family:"Times New Roman",serif;color:black;mso-fareast-language:EN-GB'> </span><span style='color:black;mso-fareast-language:EN-GB'>Ability to restart any stopped Windows service<o:p></o:p></span></p><p class=MsoNormal style='margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle'><span style='font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB'>·</span><span style='font-size:7.0pt;font-family:"Times New Roman",serif;color:black;mso-fareast-language:EN-GB'> </span><span style='color:black;mso-fareast-language:EN-GB'>Client self-update<o:p></o:p></span></p><p class=MsoNormal style='margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle'><span style='font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB'>·</span><span style='font-size:7.0pt;font-family:"Times New Roman",serif;color:black;mso-fareast-language:EN-GB'> </span><span style='color:black;mso-fareast-language:EN-GB'>Dirsize and dirtime checks (which were originally external scripts)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>Some things have changed slightly; for example, the local configuration which was registry-based is now XML-based (you can still use registry settings if you prefer). In the SVN repository I have also uploaded a Word document which describes how to install and the configuration options.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:black;mso-fareast-language:EN-GB'>I have uploaded all the revisions we have made to SVN so there is a history of development. Whilst we will endeavour to continue contributing changes and improvements in coming months, this is an open source project and as such we are not offering any formal support. If anyone wishes to bugfix, branch or whatever, please do so!<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><span style='mso-fareast-language:EN-GB'>Zak Beck<br>Accenture<o:p></o:p></span></p></div></body></html>