<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;
mso-fareast-language:EN-AU;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:blue;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Hi<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>The fields in the event log message from the PS client are as follows:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><level> - <date / time> - [<eventid>] - <provider> - <message><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.</span><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>In the example given, 'test' is the provider.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>Ignore rules should match against provider or message. You cannot currently ignore against event ids – I believe you could use them in alert.cfg though.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>If you want to only receive warning or error 'level' messages, you can limit using the eventlogswanted:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>eventlogswanted:LIST_OF_EVENT_LOGS:MAX_SIZE:REQUIRED_LEVELS<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>REQUIRED_LEVELS is an optional list of the levels you want to report, e.g.:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'>eventlogswanted:*:250000:error,warning <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue'>Zak </span><span style='font-size:9.0pt;font-family:"Arial",sans-serif;color:blue'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Xymon [mailto:xymon-bounces@xymon.com] <b>On Behalf Of </b>Brandon Dale<br><b>Sent:</b> 30 March 2015 04:37<br><b>To:</b> Timothy Persoon; xymon@xymon.com<br><b>Subject:</b> Re: [Xymon] Migrating from BBWin to Xymon PS Client<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>I think this will work:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> LOG eventlog_System %^error.* COLOR=red<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> LOG eventlog_System %^warning.* COLOR=yellow<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> LOG eventlog_Application %^error.* COLOR=red<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> LOG eventlog_Application %^warning.* COLOR=yellow<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> LOG eventlog_Security %^failure.* COLOR=red<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>The Ignore rules for the eventid’s I’m not sure about, in the past with bbwin I have always had to ignore based on the message detail. If someone knows how to do this I would also like to know.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>In the latest powershell client this is the type of data that you get for events, the eventid is 1 in the below example.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.</span><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>However I haven’t had any success using an ignore rule to match anything other than the “This is a test message” part of the message.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Regards, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-AU style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#000097;mso-fareast-language:EN-US'>Brandon </span></b><span lang=EN-AU style='font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:10.0pt;line-height:115%'><span lang=EN-AU style='font-size:11.0pt;line-height:115%;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> Xymon [<a href="mailto:xymon-bounces@xymon.com">mailto:xymon-bounces@xymon.com</a>] <b>On Behalf Of </b>Timothy Persoon<br><b>Sent:</b> Tuesday, 24 March 2015 7:55 PM<br><b>To:</b> <a href="mailto:xymon@xymon.com">xymon@xymon.com</a><br><b>Subject:</b> [Xymon] Migrating from BBWin to Xymon PS Client<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>Hi,</span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>I'm migrating from BBWin to the newest Xymon PS Client. However, there are some settings in the BBWin.cfg file that I can't seem to migrate to the analysis.cfg file.</span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>In BBWin there are several message checks:</span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'><msgs></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <setting name="alwaysgreen" value="false" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <ignore logfile="Application" eventid="1000" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <ignore logfile="Application" eventid="16385" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <ignore logfile="Application" eventid="8198" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <ignore logfile="Application" eventid="489" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <ignore logfile="System" eventid="6038" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <setting name="delay" value="1h" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <match logfile="System" type="error" alarmcolor="red" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <match logfile="System" type="warning" alarmcolor="yellow" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <match logfile="Application" type="error" alarmcolor="red" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <match logfile="Application" type="warning" alarmcolor="yellow" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'> <match logfile="Security" type="fail" /></span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'></msgs></span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>but how do I migrate those to analysis.cfg? There seem to be two options:</span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>1) LOG eventlog_application %^warning COLOR=red</span><span lang=EN-AU> <br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>2) LOG eventlog:Application %warning COLOR=red</span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>Is there a difference between these two notations and is it even possible to migrate the settings of BBWin.cfg to the analysis.cfg?</span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>Kind regards,</span><span lang=EN-AU> <br><br></span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial",sans-serif'>Timothy</span><span lang=EN-AU> <o:p></o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="100%" style='width:100.0%;border-collapse:collapse'><tr style='height:6.0pt'><td colspan=3 style='padding:0cm 0cm 0cm 0cm;height:6.0pt'><div class=MsoNormal align=center style='text-align:center;mso-line-height-alt:6.0pt'><hr size=2 width="100%" align=center></div></td></tr><tr style='height:6.0pt'><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'></td><td rowspan=4 style='padding:0cm 0cm 0cm 0cm;height:6.0pt'><p class=MsoNormal align=right style='text-align:right;mso-line-height-alt:6.0pt'><img border=0 width=159 height=40 id="_x0000_i1026" src="cid:image001.gif@01D06AC6.ACEEBBA0"><o:p></o:p></p></td><td valign=top style='padding:0cm 0cm 0cm 0cm;height:6.0pt'></td></tr><tr style='height:6.0pt'><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'></td><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'><p class=MsoNormal style='mso-line-height-alt:6.0pt'><span style='font-size:7.5pt;font-family:"Verdana",sans-serif'> </span> <o:p></o:p></p></td></tr><tr style='height:6.0pt'><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'></td><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'><p class=MsoNormal style='mso-line-height-alt:6.0pt'><span style='font-size:7.5pt;font-family:"Verdana",sans-serif'> </span> <o:p></o:p></p></td></tr><tr style='height:6.0pt'><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'></td><td style='padding:0cm 0cm 0cm 0cm;height:6.0pt'><p class=MsoNormal style='mso-line-height-alt:6.0pt'><span style='font-size:7.5pt;font-family:"Verdana",sans-serif'> </span><o:p></o:p></p></td></tr></table><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p></div></body></html>