<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'>Hi<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'>That output is generated by a different function in the client. Unfortunately, that function does not have the suppression.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'>I will submit an update to suppress that output in the next few days – I have one or two other updates to include also.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'>Thanks<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:blue'>Zak </span><span style='font-size:9.0pt;font-family:"Arial",sans-serif;color:blue'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:blue;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Mills,David (HHSC Contractor) [mailto:David.Mills@hhsc.state.tx.us] <br><b>Sent:</b> 28 December 2016 13:35<br><b>To:</b> Beck, Zak <zak.beck@accenture.com>; xymon@xymon.com<br><b>Subject:</b> RE: Help turning off "msg" test with XymonPSClient.ps1<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Zak –<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Thanks so much for the reply.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Actually, this is what I am seeing in the xymon-lastcollect.txt (the file has the correct / current timestamp for right now):<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> [EventlogSummary]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> Max(K) Retain OverflowAction Entries Log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> ------ ------ -------------- ------- --- <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 78,572 Application <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 0 HardwareEvents <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 512 7 OverwriteOlder 0 Internet Explorer <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 0 Key Management Service <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 27,169 Security <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 8,192 0 OverwriteAsNeeded 4,699 Symantec Endpoint Protection Client<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 62,965 System <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 15,360 0 OverwriteAsNeeded 132 Windows PowerShell <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> [msgs:EventlogSummary]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> Max(K) Retain OverflowAction Entries Log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> ------ ------ -------------- ------- --- <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 78,572 Application <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 0 HardwareEvents <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 512 7 OverwriteOlder 0 Internet Explorer <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 0 Key Management Service <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 27,169 Security <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 8,192 0 OverwriteAsNeeded 4,699 Symantec Endpoint Protection Client<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 20,480 0 OverwriteAsNeeded 62,965 System <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> 15,360 0 OverwriteAsNeeded 132 Windows PowerShell <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>This data is actually what I see when it gets over to the Xymon server, as viewed by clicking the “msgs” icon for details. “drop”-ping the test doesn’t do any good since the data is fresh and keeps coming from the client.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>If it helps at all, the client is a Windows Server 2012 R2. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>??<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>;-)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> <a href="mailto:zak.beck@accenture.com">zak.beck@accenture.com</a> [<a href="mailto:zak.beck@accenture.com">mailto:zak.beck@accenture.com</a>] <br><b>Sent:</b> Wednesday, December 28, 2016 3:08 AM<br><b>To:</b> Mills,David (HHSC Contractor); <a href="mailto:xymon@xymon.com">xymon@xymon.com</a><br><b>Subject:</b> RE: Help turning off "msg" test with XymonPSClient.ps1<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Hi David<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Have a look in the xymon-lastcollect.txt file (which will be in C:\ by default). This file contains the core payload sent to the server on the last collect.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>I suspect the setting has worked in as much as the client is no longer sending the data to the server – there should be no sections in the above log like this:<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>[msgs:eventlog_Application]<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'>[msgs:eventlog_System]<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>And similar, depending on config.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>I think what may be happening is that the server has old data for the msgs test and so is displaying the column (probably with a purple alert) because it is no longer receiving data.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>I am by no means an expert on the server side. I think you can remove the old data using something like this on the server:<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal>xymon 0 "drop <server> [test]"<span style='color:blue'><o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>i.e.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>xymon 0 "drop <server> msgs"<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>You might need to add NOCOLUMNS:msgs in hosts.cfg, not sure.<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:blue'>Cheers<o:p></o:p></span></p><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:blue'>Zak </span><span style='font-size:9.0pt;font-family:"Arial",sans-serif;color:blue'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:blue'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> Xymon [<a href="mailto:xymon-bounces@xymon.com">mailto:xymon-bounces@xymon.com</a>] <b>On Behalf Of </b>Mills,David (HHSC Contractor)<br><b>Sent:</b> 27 December 2016 22:46<br><b>To:</b> 'xymon@xymon.com' <<a href="mailto:xymon@xymon.com">xymon@xymon.com</a>><br><b>Subject:</b> [Xymon] Help turning off "msg" test with XymonPSClient.ps1<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>All –<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><br>I’ve installed a prototype of the PowerShell client, XymonPSClient.ps1 (2.1.5), and it is successfully reporting data back to the server. However, I’m trying to eliminate all Windows event log data from being sent to the server (i.e. suppressing the “msgs” column for that client on the Xymon display).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>According to the documentation for the xymonclient_config.xml file, the “reportevt” XML tag value controls this behavior: “reportevt … Whether to scan and report event log … 0 = no 1 = yes”. However, even after adding the necessary tags and restarting the service on the Windows client, the “msgs” column keeps coming back.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Here’s the config file:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><XymonSettings><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US> <servers>xxx.xxx.txaccess.net</servers><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US> <clientlogfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log</clientlogfile><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <clientconfigfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg</clientconfigfile><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US> <clientfqdn>0</clientfqdn><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <clientlower>1</clientlower><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <reportevt>0</reportevt><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US></XymonSettings><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Here’s the output of the currently active configuration on the client:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>PS C:\Users\millsda\Desktop\Xymon PS Client 2.1.5> .\xymonclient.ps1 config<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>XymonPSClient config:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>XML: C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient_config.xml<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Settable Params and values:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientbbwinmembug=1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientclass=powershell<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientlogpath=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientlogretain=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientname=xxx<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ClientProcessPriority=Normal<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientremotecfgexec=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientsoftware=powershell<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> EnableWin32_Product=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> EnableWin32_QuickFixEngineering=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> EnableWMISections=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> externaldatalocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\tmp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> externalscriptlocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\ext<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> loopinterval=300<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> MaxEvents=5000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> maxlogage=60<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> servergiflocation=/xymon/gifs/<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> serversList=xxx.xxx.txaccess.net<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> slowscanrate=72<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> wanteddisksList=3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientconfigfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientfqdn=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientlogfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> clientlower=1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reportevt=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> servers=xxx.xxx.txaccess.net<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>---<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thx!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Times New Roman",serif'>David Mills<br>Systems Administrator</span><span lang=EN-US><br></span><b><i><span lang=EN-US style='font-family:"Times New Roman",serif;color:#1F33ED'>Northrop Grumman</span></i></b><span lang=EN-US style='font-family:"Times New Roman",serif'><br>(512) 595-1238 (mobile)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>