[hobbit] windows logs

Harold J. Ballinger hballinger at heritage-healthcare.com
Tue Jul 14 18:00:31 CEST 2009


We monitor the windows event logs and have built an ignore list over time. But we mostly use the BBNT client and not the BBWIN client. We ran into a few challenges that we couldn't easily overcome when we first attempted to switch to the BBWIN client - we couldn't send test results for a different hostname, etc.

We have to use the BBWIN client for our Windows Server 2008 machines, so I do have a few setup if you want to compare notes?

I may get stoned by the community for suggesting this, but I would suggest trying the BBNT client as we don't have any of these types of eventlog issues with it.

Otherwise, I'd be happy to match/compare our BBWIN.cfg with you.


-----Original Message-----
From: DKDeckert at Hormel.com [mailto:DKDeckert at Hormel.com] 
Sent: Tuesday, July 14, 2009 9:19 AM
To: hobbit at hswn.dk
Subject: [hobbit] windows logs


Hi everyone,

Does anyone monitor windows system logs?  When we installed the bbwin
client on the machine it started to just crazily send messages to xymon.
The harddrive for xymon went from 20% to 98% in one night.  I tried to
ignore logs but it still takes them in...

Its reading all the sucessful logins as well as the failures and logs them
so i get about 8 entries every second from all 189 hosts.

page=Wintel
        LOG %.*   %.*sucess.* IGNORE

this is what i tried to do to ignore them..


Has anyone ran into this issue before?

Thanks everyone...




Notice:
This communication is an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. ? 2510.  Its disclosure is strictly limited to the recipient(s) intended by the sender of this message.  This transmission and any attachments may contain proprietary, confidential, attorney-client privileged information and/or attorney work product. If you are not the intended recipient, any disclosure, copying, distribution, reliance on, or use of any of the information contained herein is STRICTLY PROHIBITED.  Please destroy the original transmission and its attachments without reading or saving in any matter and confirm by return email.



More information about the Xymon mailing list