[Xymon] analysis.cfg log message issue
Phil Crooker
Phil.Crooker at orix.com.au
Mon Aug 26 06:17:06 CEST 2013
I'm running xymon 4.3.10 and have a problem with a log event not being handled correctly. It is unclear whether this is a bbwin client issue or in xymond (perhaps both). The event:
In the windows eventlog:
Cmdlet failed. Cmdlet GetUserPhoto, parameters {Identity=username at domain}.
As sent to xymond by the bbwin client:
error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
I've setup the following rule to 'downgrade' this basically meaningless windows event, with the catchall rule under it for the (remaining) errors that I do want to monitor:
LOG %.* %Cmdlet.failed..Cmdlet COLOR=yellow
LOG %.* %^error COLOR=red
This entry still comes in as a red error:
red Critical entries in eventlog_msexchange management
yellow error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
yellow error - 2013/08/26 11:17:26 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
red error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
red error - 2013/08/26 11:17:26 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
Looking at the windows event viewer, there is only one event for each of these times, so it is somehow being duplicated. Capturing the traffic shows it is not duplicated 'on the wire'. Using the xymon xymondlog command shows it is duplicated. If I remove the Cmdlet rule from analysis.cfg, it is not duplicated.
This doesn't happen to all messages but to some, I haven't worked out what the commonality is -- perhaps the message string itself is affecting the parsing.... The only way I've been able to stop this is to IGNORE the entry which I don't really want to entirely.
Can anyone help, please?
Thanks, Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130826/71ddb7c5/attachment.html>
More information about the Xymon
mailing list