[hobbit] Filtering event logs from windows sytems bbnt client

Galen Johnson gjohnson at trantor.org
Thu May 10 23:01:12 CEST 2007


I don't think Etienne has the centralized rollout done, yet, but he'd 
have to speak to that.  It's been a few months since the last update to .9.

=G=

Aaron Stranberg wrote:
> Thanks for the reply, I will have too weigh out taking a swag at this 
> module vs. moving forward with deployment of BBWIN  Is BBWIN 
> considered production stable?  I was also reading about the 
> centralized updates, does this include ability for the agent to 
> upgrade/udpate its self?  This is a huge step for folks in my position 
> with windows hosts in the hundreds with no central LDAP/AD, or even 
> common logons it means manually touching each system for updates and 
> config changes on the current bbnt client. I am really looking forward 
> to getting bbwin roled out! 
>
> > Date: Thu, 10 May 2007 18:57:40 +0200
> > To: hobbit at hswn.dk
> > From: henrik at hswn.dk
> > Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt 
> client
> >
> > On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:
> > >
> > > Hi All, Is it possible using the hobbit-clients.cfg
> > > file to centrally filter out windows eventlog messages by key word?
> >
> > Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit"
> > clients that use the hobbit-specific way of reporting data which is
> > then analysed at the server. The bbnt client determines the status all
> > by itself and sends the status update directly to the server, so it
> > isn't possible to filter data on the server.
> >
> > I can see a couple of ways you can do it, though. You can create a
> > custom Hobbit server-side module, which is passed all of the "msgs"
> > status data. Then you could filter these and generate a new status
> > column - "msgs2", or whatever you'd call it - from these filtered data.
> >
> > Writing server-side modules may seem daunting, but it really isn't.
> > If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/
> > then you'll find a perl program which is such a server-side module:
> > It's in the hobbitd/hobbitd_rootlogin.pl file.
> >
> > You'd need to write a tool that reads the "msgs" status data it gets.
> > The "msgs" status report (if I recall correctly) has the interesting
> > lines listed with a red/yellow marker first, like:
> > &red This is a critical message
> > &yellow This is a warning
> > &yellow This is pure noise
> > So your script could weed out the "noise" lines, and then look at the
> > remaining lines (if any) to see what the new status color should be.
> > From that, it should be easy to generate the new "msgs2" status and
> > feed it into Hobbit.
> >
> >
> > Regards,
> > Henrik
> >
> >
> > To unsubscribe from the hobbit list, send an e-mail to
> > hobbit-unsubscribe at hswn.dk
> >
> >
>
> ------------------------------------------------------------------------
> Change is good. See what's different about Windows Live Hotmail. Check 
> it out! 
> <www.windowslive-hotmail.com/learnmore/default.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_changegood_0507>





More information about the Xymon mailing list