<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="Courier New, Courier, monospace">Here's some sample
lines that I have running in my analysis.cfg file on the Xymon
Server. It's checking the log files it gets from the client and
if it sees the specifics I'm looking for it will flag an alert.
This of course assumes that your client is sending logs that
appear in the 'msgs' column of your Xymon Server.<br>
<br>
HOST=boxA<br>
#LOG filename match-pattern [COLOR=color] [IGNORE=ignore-pattern]
[TEXT=displaytext]<br>
LOG %.* [2004] COLOR=red IGNORE=FIPS<br>
LOG %.* [7034] COLOR=red<br>
LOG %.* [6417] IGNORE<br>
LOG %.* [4624] COLOR=yellow<br>
</font><br>
<pre class="moz-signature" cols="72">Kris Springer
</pre>
<div class="moz-cite-prefix">On 5/10/22 12:01, <a class="moz-txt-link-abbreviated" href="mailto:me@tdiehl.org">me@tdiehl.org</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d476ddc3-dd1-6d37-5086-f786841236b3@tdiehl.org">Hi,
<br>
<br>
I am using the win_ps_client to monitor a bunch of windows
servers. In looking
<br>
at the documentation it appears that I should be able to get Xymon
to alert
<br>
on different events.
<br>
<br>
I have added
eventlogswanted:information,Application,System:2048:Warning,Critical,error<br>
to client-local.cfg and eventlog:System in the analysis.cfg file.
When I do
<br>
this I see various messages when I click on msgs dot. However, I
cannot figure
<br>
out how to get it to turn red when it sees the events I want to
monitor.
<br>
<br>
In the docs I see mention of include and exclude parameters but I
do not
<br>
understand exactly how I need to configure things.
<br>
<br>
I would like to be able to alert on certain windows event IDs Is
this possible?
<br>
If yes, how do I actually configure xymon to do this?
<br>
<br>
Regards,
<br>
<br>
</blockquote>
<br>
</body>
</html>