[Xymon] analysis.cfg log message issue

Phil Crooker Phil.Crooker at orix.com.au
Mon Aug 26 06:17:06 CEST 2013


I'm running  xymon 4.3.10 and have a problem with a log event not being handled correctly. It is unclear whether this is a bbwin client issue or in xymond (perhaps both). The event:

In the windows eventlog:
Cmdlet failed. Cmdlet GetUserPhoto, parameters {Identity=username at domain}.

As sent to xymond by the bbwin client:
error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.

I've setup the following rule to 'downgrade' this basically meaningless windows event, with the catchall rule under it for the (remaining) errors that I do want to monitor:

       LOG %.* %Cmdlet.failed..Cmdlet COLOR=yellow
       LOG %.* %^error   COLOR=red

This entry still comes in as a red error:

red Critical entries in eventlog_msexchange management
yellow error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
yellow error - 2013/08/26 11:17:26 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
red error - 2013/08/26 11:19:57 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.
red error - 2013/08/26 11:17:26 - MSExchange CmdletLogs (6) - Cmdlet failed. Cmdlet %1, parameters %2.

Looking at the windows event viewer, there is only one event for each of these times, so it is somehow being duplicated. Capturing the traffic shows it is not duplicated 'on the wire'.  Using the xymon xymondlog command shows it is duplicated. If I remove the Cmdlet rule from analysis.cfg, it is not duplicated.

This doesn't happen to all messages but to some, I haven't worked out what the commonality is -- perhaps the message string itself is affecting the parsing.... The only way I've been able to stop this is to IGNORE the entry which I don't really want to entirely.

Can anyone help, please?

Thanks, Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130826/71ddb7c5/attachment.html>


More information about the Xymon mailing list