[hobbit] Looking for sample BBWIN configs for filtering Windows event logs
Shawn Heisey
hobbit at elyograg.org
Thu Oct 9 19:54:01 CEST 2008
Here's our typical list:
<ignore logfile="System" eventid="2" />
<ignore logfile="System" eventid="3" />
<ignore logfile="System" eventid="4" />
<ignore logfile="System" eventid="8" />
<ignore logfile="System" eventid="1106" />
<ignore logfile="System" eventid="1111" />
<ignore logfile="Application" eventid="3033" />
<ignore logfile="Application" eventid="2003" />
ID 3033 is an Exchange message relating to Windows Mobile clients, but
because Exchange was the first server I converted to BBWin from Big
Brother, it's ended up on all of the systems. ID 2003 is related to
performance counters. It's probably possible to fix, but my focus is
not so much on the Windows infrastructure.
The rest are the annoying printer driver entries that you get when you
log into a machine via Remote Desktop and are forwarding printers but
don't have drivers on the system. I tried for a long time to get people
to turn off printer forwarding, because I could never get Big Brother to
stop alarming, but nobody listened. Hobbit/BBWin has been a lifesaver
in this respect. With a little more work, we will be able to soon
include the NOC in all alarms. With Big Brother, msgs was a flood of
crap and would have overwhelmed them.
I have a question that's really more suited for the BBWin mailing list,
but I've asked it there and gotten no response: Does anyone have a
complete server-side configuration example for BBWin clients, showing
how to handle all aspects of the client configuration?
Thanks,
Shawn
Kauffman, Tom wrote:
> We haven't been putting the Windows Server msgs column on our bb2 page, nor alerting on msgs, because of the number of events that seem to trigger warnings or errors.
>
More information about the Xymon
mailing list