<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Zak –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks so much for the reply.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Actually, this is what I am seeing in the xymon-lastcollect.txt (the file has the correct / current timestamp for right now):<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> [EventlogSummary]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Max(K) Retain OverflowAction Entries Log
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> ------ ------ -------------- ------- ---
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 78,572 Application
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 0 HardwareEvents
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 512 7 OverwriteOlder 0 Internet Explorer
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 0 Key Management Service
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 27,169 Security
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 8,192 0 OverwriteAsNeeded 4,699 Symantec Endpoint Protection Client<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 62,965 System
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 15,360 0 OverwriteAsNeeded 132 Windows PowerShell <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> [msgs:EventlogSummary]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Max(K) Retain OverflowAction Entries Log
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> ------ ------ -------------- ------- ---
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 78,572 Application <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 0 HardwareEvents
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 512 7 OverwriteOlder 0 Internet Explorer
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 0 Key Management Service
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 27,169 Security
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 8,192 0 OverwriteAsNeeded 4,699 Symantec Endpoint Protection Client<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 20,480 0 OverwriteAsNeeded 62,965 System
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> 15,360 0 OverwriteAsNeeded 132 Windows PowerShell
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">This data is actually what I see when it gets over to the Xymon server, as viewed by clicking the “msgs” icon for details. “drop”-ping the test doesn’t do any good since the data is fresh and keeps coming from
the client.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If it helps at all, the client is a Windows Server 2012 R2.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">??<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">;-)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> zak.beck@accenture.com [mailto:zak.beck@accenture.com]
<br>
<b>Sent:</b> Wednesday, December 28, 2016 3:08 AM<br>
<b>To:</b> Mills,David (HHSC Contractor); xymon@xymon.com<br>
<b>Subject:</b> RE: Help turning off "msg" test with XymonPSClient.ps1<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Hi David<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Have a look in the xymon-lastcollect.txt file (which will be in C:\ by default). This file contains the core payload sent to the server on the last collect.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">I suspect the setting has worked in as much as the client is no longer sending the data to the server – there should be no sections in the above log like this:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">[msgs:eventlog_Application]<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">[msgs:eventlog_System]<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">And similar, depending on config.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">I think what may be happening is that the server has old data for the msgs test and so is displaying the column (probably with a purple alert) because it is no longer receiving data.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">I am by no means an expert on the server side. I think you can remove the old data using something like this on the server:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">xymon 0 "drop <server> [test]"<span style="color:blue"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">i.e.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">xymon 0 "drop <server> msgs"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">You might need to add NOCOLUMNS:msgs in hosts.cfg, not sure.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue">Zak </span><span lang="EN-GB" style="font-size:9.0pt;font-family:"Arial","sans-serif";color:blue"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:blue"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Xymon [<a href="mailto:xymon-bounces@xymon.com">mailto:xymon-bounces@xymon.com</a>]
<b>On Behalf Of </b>Mills,David (HHSC Contractor)<br>
<b>Sent:</b> 27 December 2016 22:46<br>
<b>To:</b> 'xymon@xymon.com' <<a href="mailto:xymon@xymon.com">xymon@xymon.com</a>><br>
<b>Subject:</b> [Xymon] Help turning off "msg" test with XymonPSClient.ps1<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal">All –<o:p></o:p></p>
<p class="MsoNormal"><br>
I’ve installed a prototype of the PowerShell client, XymonPSClient.ps1 (2.1.5), and it is successfully reporting data back to the server. However, I’m trying to eliminate all Windows event log data from being sent to the server (i.e. suppressing the “msgs”
column for that client on the Xymon display).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">According to the documentation for the xymonclient_config.xml file, the “reportevt” XML tag value controls this behavior: “reportevt … Whether to scan and report event log … 0 = no 1 = yes”. However, even after adding the necessary tags
and restarting the service on the Windows client, the “msgs” column keeps coming back.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here’s the config file:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><XymonSettings><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> <servers>xxx.xxx.txaccess.net</servers><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> <clientlogfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log</clientlogfile><o:p></o:p></p>
<p class="MsoNormal"> <clientconfigfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg</clientconfigfile><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> <clientfqdn>0</clientfqdn><o:p></o:p></p>
<p class="MsoNormal"> <clientlower>1</clientlower><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <reportevt>0</reportevt><o:p></o:p></p>
<p class="MsoNormal"></XymonSettings><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here’s the output of the currently active configuration on the client:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">PS C:\Users\millsda\Desktop\Xymon PS Client 2.1.5> .\xymonclient.ps1 config<o:p></o:p></p>
<p class="MsoNormal">XymonPSClient config:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">XML: C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient_config.xml<o:p></o:p></p>
<p class="MsoNormal">Settable Params and values:<o:p></o:p></p>
<p class="MsoNormal"> clientbbwinmembug=1<o:p></o:p></p>
<p class="MsoNormal"> clientclass=powershell<o:p></o:p></p>
<p class="MsoNormal"> clientlogpath=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5<o:p></o:p></p>
<p class="MsoNormal"> clientlogretain=0<o:p></o:p></p>
<p class="MsoNormal"> clientname=xxx<o:p></o:p></p>
<p class="MsoNormal"> ClientProcessPriority=Normal<o:p></o:p></p>
<p class="MsoNormal"> clientremotecfgexec=0<o:p></o:p></p>
<p class="MsoNormal"> clientsoftware=powershell<o:p></o:p></p>
<p class="MsoNormal"> EnableWin32_Product=0<o:p></o:p></p>
<p class="MsoNormal"> EnableWin32_QuickFixEngineering=0<o:p></o:p></p>
<p class="MsoNormal"> EnableWMISections=0<o:p></o:p></p>
<p class="MsoNormal"> externaldatalocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\tmp<o:p></o:p></p>
<p class="MsoNormal"> externalscriptlocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\ext<o:p></o:p></p>
<p class="MsoNormal"> loopinterval=300<o:p></o:p></p>
<p class="MsoNormal"> MaxEvents=5000<o:p></o:p></p>
<p class="MsoNormal"> maxlogage=60<o:p></o:p></p>
<p class="MsoNormal"> servergiflocation=/xymon/gifs/<o:p></o:p></p>
<p class="MsoNormal"> serversList=xxx.xxx.txaccess.net<o:p></o:p></p>
<p class="MsoNormal"> slowscanrate=72<o:p></o:p></p>
<p class="MsoNormal"> wanteddisksList=3<o:p></o:p></p>
<p class="MsoNormal"> clientconfigfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg<o:p></o:p></p>
<p class="MsoNormal"> clientfqdn=0<o:p></o:p></p>
<p class="MsoNormal"> clientlogfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log<o:p></o:p></p>
<p class="MsoNormal"> clientlower=1<o:p></o:p></p>
<p class="MsoNormal"> reportevt=0<o:p></o:p></p>
<p class="MsoNormal"> servers=xxx.xxx.txaccess.net<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---<o:p></o:p></p>
<p class="MsoNormal">Thx!<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman","serif"">David Mills<br>
Systems Administrator</span><br>
<b><i><span style="font-family:"Times New Roman","serif";color:#1F33ED">Northrop Grumman</span></i></b><span style="font-family:"Times New Roman","serif""><br>
(512) 595-1238 (mobile)<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>