<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:blue;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Maybe for the eventlogs you could add support for an all command or wildcard type entry for the eventlogs something like
</span><b><span style="color:#1F497D">eventlogswanted:*:max_size </span></b><span style="color:#1F497D">which will just pull all the log names available from<b> Get-EventLog -List
</b>on the machine.</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Regards, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#000097">Brandon
</span></b><span style="font-size:8.0pt;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="color:#1F497D;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU"> zak.beck@accenture.com
[mailto:zak.beck@accenture.com] <br>
<b>Sent:</b> Monday, 23 February 2015 7:55 PM<br>
<b>To:</b> Brandon Dale; xymon@xymon.com<br>
<b>Subject:</b> RE: Xymon PowerShell Windows client<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Hi<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Q1<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">You're right, BBWin does not have an equivalent server sent config for what event logs are wanted. It can be configured locally on the client in the registry if I recall correctly. This is why we added
eventlogswanted - I wanted to be able to send that from the server.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">I think your two methods look correct (either way). This is a problem we have been thinking about for a while as we have no need to collect all logs (hence eventlogswanted) but managing all the configs
can become a problem.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Q2<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Yes, they add to the raw data. They were in the original Powershell client, I added the switches to turn them off and be off by default but left them in as presumably someone does use them or did have
a requirement for them.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">I wouldn't recommend enabling Win32_Product on any current Windows server – it has some nasty side effects (<a href="http://support.microsoft.com/kb/974524">http://support.microsoft.com/kb/974524</a>).
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Q3<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">You're right, the original Powershell client sent back Error and Warning events only. Not sure how this compares to BBWin. I can put this on the todo list – maybe as an additional option on eventlogswanted.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Thanks<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span lang="EN-GB" style="color:blue;mso-fareast-language:EN-GB">Zak
</span><span lang="EN-GB" style="font-size:9.0pt;font-family:"Arial","sans-serif";color:blue;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:EN-GB">From:</span></b><span lang="EN-US" style="mso-fareast-language:EN-GB"> Brandon Dale [<a href="mailto:BDale@kitchengroup.com.au">mailto:BDale@kitchengroup.com.au</a>]
<br>
<b>Sent:</b> 20 February 2015 02:55<br>
<b>To:</b> Beck, Zak; <a href="mailto:xymon@xymon.com">xymon@xymon.com</a><br>
<b>Subject:</b> RE: Xymon PowerShell Windows client<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Hi Zak,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I have been testing this on a few machines and playing around with it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I’m trying to work out how best to handle the rules for filtering and alerting on event logs if there are both bbwin and PowerShell clients being used as the PowerShell client is slightly different in the way
it collects the event logs.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Question 1:<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">In bbwin the raw data contains:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">[collector:]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">client testserver01.bbwin <b>win32</b><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">In the updated PowerShell client it contains:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">[collector:]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">client testserver01.powershell <b>
PowerShell</b> XymonPS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">on the xymon server in client-local.cfg I have a setup like this.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">[win32]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">eventlog:security:10240<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">ignore blahblahblah<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">eventlog:system:10240<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">ignore blahblahblah<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">eventlog:application:10240<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">ignore blahblahblah<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">and then in analysis.cfg:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">CLASS=win32<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> LOG %.* %^critical.* COLOR=red<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> LOG %.* %^error.* COLOR=red<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> LOG %.* %^failure.* COLOR=yellow<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> LOG %.* %^warning.* COLOR=yellow<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I don’t think Bbwin has an equivalent to the
<b>eventlogswanted:event_log_name:max_size</b> command it seems to just pull all the event logs by default (all the logs listed in
<b>Get-EventLog -List | FT log). </b><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Now because bbwin pulls all the logs by default, if I have a situation like the example below I get all the event logs on both servers and filters listed in client-local.cfg apply to the security,application,system
logs which are the ones that contain most of the noise.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Example two servers, event logs collected in bbwin by default:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Server 1 (generic member server, nothing special)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_application]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_hardwareevents]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_internet explorer]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_key management service]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_security]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_system]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_windows PowerShell]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Server 2 (Domain Controller)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_application]<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="mso-fareast-language:EN-AU">[msgs:eventlog_dfs replication]<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="mso-fareast-language:EN-AU">[msgs:eventlog_directory service]<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="mso-fareast-language:EN-AU">[msgs:eventlog_dns server]<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="mso-fareast-language:EN-AU">[msgs:eventlog_file replication service]<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_internet explorer]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_security]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">[msgs:eventlog_system]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">You can see the extra event logs present on the domain controller.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">In the PowerShell client I can’t work out how I can replicate this behaviour as by default it only collects Application,System,Security logs. I know I can specify additional logs using
<b>wantedeventlogs </b>but I can’t see how I can do that in a single general rule It seems like I would need to either<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="color:#1F497D">1.</span><span style="font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D">
</span><span style="color:#1F497D">Have an entry in client-local.cfg under [PowerShell] with eventlogswanted and list every possible event log, this would mean on all clients these would display under msgs even if the log doesn’t exist on the client<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="color:#1F497D">2.</span><span style="font-size:7.0pt;font-family:"Times New Roman","serif";color:#1F497D">
</span><span style="color:#1F497D">Create a separate entry with the [hostname] in client-local.cfg for each server where I want to collect anything outside of the three default logs and then list the ignore filters each time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Have I misunderstood how this works or is there an easy way to replicate the same behaviour as bbwin?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Question 2:<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#1F497D"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D">I read through the documentation but I can’t work out what is the advantage of setting any of these to 1: EnableWin32_Product, EnableWin32_QuickFixEngineering, EnableWMISections ? I understand they are disabled
by default for performance but what do you actually gain if you enable them? I can see you get more info in the raw data but how is this used for the tests in xymon?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Question 3:<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#1F497D"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D">Would it be worth adding a filter to the client so get-winevents only returns critical,error,failure,warning events rather than everything. That would remove the need to have as many ignore rules in the client-local.cfg
and I am guessing most people don’t alert on events that are level=information. From memory I think that is how the original PowerShell client worked. I think ideally you should be able to specify this in the config xml or something similar.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Regards, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#000097">Brandon
</span></b><span style="font-size:8.0pt;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU"> Xymon
[</span><span lang="EN-GB"><a href="mailto:xymon-bounces@xymon.com"><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">mailto:xymon-bounces@xymon.com</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">]
<b>On Behalf Of </b></span><span lang="EN-GB"><a href="mailto:zak.beck@accenture.com"><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">zak.beck@accenture.com</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU"><br>
<b>Sent:</b> Friday, 13 February 2015 8:53 PM<br>
<b>To:</b> </span><span lang="EN-GB"><a href="mailto:xymon-developer@lists.sourceforge.net"><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">xymon-developer@lists.sourceforge.net</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">;
</span><span lang="EN-GB"><a href="mailto:xymon@xymon.com"><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">xymon@xymon.com</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU"><br>
<b>Subject:</b> [Xymon] Xymon Powershell Windows client<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Today I have uploaded a new version of the Xymon Powershell client to SVN (in sandbox/WinPSClient). We (Accenture) are very pleased to be contributing these changes to the
open source community. I've been working on this now for around 8 months on and off and hopefully the changes made will be of benefit to everyone!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Whilst making changes, we have focussed mainly on making it work, improving reliability and most importantly improving performance.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">In most cases, on our 64 bit OS virtual machines, a data collection now takes around 5 seconds. On heavily loaded (CPU load or event log load) servers, the script is now
considerably faster than originally. Key to this has been reducing the amount of WMI usage as this was a major culprit.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">We have also implemented some new features, largely based on our in-house requirements but hopefully useful to others:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle">
<span lang="EN-GB" style="font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB">·</span><span lang="EN-GB" style="font-size:7.0pt;font-family:"Times New Roman","serif";color:black;mso-fareast-language:EN-GB">
</span><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Showing the process owner and command line in [procs]. This has been implemented using c# code, compiled at runtime.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle">
<span lang="EN-GB" style="font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB">·</span><span lang="EN-GB" style="font-size:7.0pt;font-family:"Times New Roman","serif";color:black;mso-fareast-language:EN-GB">
</span><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Adding Active Directory replication test, Terminal Services sessions test<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle">
<span lang="EN-GB" style="font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB">·</span><span lang="EN-GB" style="font-size:7.0pt;font-family:"Times New Roman","serif";color:black;mso-fareast-language:EN-GB">
</span><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Ability to restart any stopped Windows service<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle">
<span lang="EN-GB" style="font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB">·</span><span lang="EN-GB" style="font-size:7.0pt;font-family:"Times New Roman","serif";color:black;mso-fareast-language:EN-GB">
</span><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Client self-update<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:27.0pt;text-indent:-18.0pt;vertical-align:middle">
<span lang="EN-GB" style="font-size:10.0pt;font-family:Symbol;color:black;mso-fareast-language:EN-GB">·</span><span lang="EN-GB" style="font-size:7.0pt;font-family:"Times New Roman","serif";color:black;mso-fareast-language:EN-GB">
</span><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Dirsize and dirtime checks (which were originally external scripts)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">Some things have changed slightly; for example, the local configuration which was registry-based is now XML-based (you can still use registry settings if you prefer). In
the SVN repository I have also uploaded a Word document which describes how to install and the configuration options.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-GB">I have uploaded all the revisions we have made to SVN so there is a history of development. Whilst we will endeavour to continue contributing changes and improvements in
coming months, this is an open source project and as such we are not offering any formal support. If anyone wishes to bugfix, branch or whatever, please do so!<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span lang="EN-GB" style="mso-fareast-language:EN-GB">Zak Beck<br>
Accenture<o:p></o:p></span></p>
</div>
</body>
</html>