[hobbit] Looking for sample BBWIN configs for filtering Windows event logs

Shawn Heisey elyograg at elyograg.org
Thu Oct 9 22:04:30 CEST 2008 

It looks like the ignore section only uses text matches, in this case 
regular expressions, right?  That would mean it can't match on event ID 
unless I encode something like "Print (8)" in a regular expression format.

Not that this is a huge problem, but having a nice clean field like 
event ID is one of the good things about BBWin's local config mode.  I'm 
just tired of having to remote into the client to change something, 
especially when I have to do it on more than one client.

Thanks for the info!  Only one more thing I'd want - do you have an 
examples of centrally defined service monitoring?

Bob Gordon wrote:
>
>
> On Thu, Oct 9, 2008 at 10:54 AM, Shawn Heisey <hobbit at elyograg.org 
> <mailto:hobbit at elyograg.org>> wrote:
>
>     I have a question that's really more suited for the BBWin mailing
>     list, but I've asked it there and gotten no response:  Does anyone
>     have a complete server-side configuration example for BBWin
>     clients, showing how to handle all aspects of the client
>     configuration?
>
>
> This is the one that I am using.  I still have some cleanup to do on 
> it though....
>
> ###########################################################
> ## The defaults used by the Hobbit clients
> ###########################################################
> DEFAULT
>         UP      30m
>         DISK    * 90 95
>         SWAP    85 90
>         MEMPHYS 100 101
>         MEMSWAP 90 95
>         MEMACT  90 97
>         CLOCK   30
>
> ###########################################################
> ## Windows Based Systems - Central Config Mode
> ###########################################################
> CLASS=%win32*  EXHOST=server1,server2
>         LOAD 80 90              # Load thresholds are in %
>         PROC svchost.exe 2 -1
>         PROC %[mM]cshield.exe 1 -1
>         PROC nserver.exe 1 -1
>         PROC nrouter.exe 1 -1
>         LOG %.*  %.*error.* COLOR=red 
> IGNORE=%(BigBrotherHobbitClient|SnapDrive|WinVNC4|TermDD|SV-GSX|TermServDevices|Perflib|PerfNet)
>
>
> So far its worked out pretty well as my default setting...  After the 
> Default section and before the generic section above I have my system 
> specific entries...
>

More information about the Xymon mailing list