[Xymon] windows event log

zak.beck at accenture.com zak.beck at accenture.com
Fri Jun 5 16:52:13 CEST 2015


Hi

 

You need to add the required logs to "eventlogswanted" in the
client-local.cfg on the server (against the appropriate group or host).

 

For example:

 

eventlogswanted:application,system,Directory
Services:102400:information,warning,error

 

(I haven't tested the above). Alternatively, you can use * in place of the
list of logs for all logs.

 

Also, you may be interested in the adreplicationcheck directive.

 

Zak

 

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Blumenthal,
Russell
Sent: 05 June 2015 15:38
To: xymon at xymon.com
Subject: Re: [Xymon] windows event log

 

I saw that it went green after an hour.

 

I tried doing this on a domain controller with the PowerShell client, how do
I see the directory service event logs, and those other ones?

 

Thanks

 

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Blumenthal,
Russell
Sent: Friday, June 05, 2015 9:36 AM
To: Brandon Dale; xymon at xymon.com <mailto:xymon at xymon.com> 
Subject: Re: [Xymon] windows event log

 

Perfect, thank you! That worked. I've been testing with creating my own
event log entries to trigger the msgs to go red. 

 

Offhand, do you know how long until it goes green again, is it an hour or
so?

 

From: Brandon Dale [mailto:BDale at kitchengroup.com.au] 
Sent: Thursday, June 04, 2015 7:42 PM
To: Blumenthal, Russell; xymon at xymon.com <mailto:xymon at xymon.com> 
Subject: RE: [Xymon] windows event log

 

I haven't tested this but in your analysis.cfg  it should be something like
this:

 

HOST=servername

LOG %.* %\[1\]\s-\sTest\sEvent COLOR=red

 

This should go red for anything that contains "[1] - Test Event" (where
"[1]" is the eventid and "Test Event" is the source name) in any event log.
In your client-local.cfg you need to make sure you are also collecting the
eventlogs where you expect to see this event. 

 

Regards, 

 

 

Brandon 

 

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Blumenthal,
Russell
Sent: Friday, 5 June 2015 4:10 AM
To: xymon at xymon.com <mailto:xymon at xymon.com> 
Subject: [Xymon] windows event log

 

Hey folks,

 

Having a major brain fart right now. How would I get Xymon to go red when a
specific event ID on a Windows servers is detected in the event log? I am
using the PowerShell client so the VM is in a central mode. I have played
around in analysis.cfg and client-local.cfg but haven't been able to get it
down to a specific ID.

 

Thanks



This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by e-mail and destroy all copies of the original. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150605/dbf9345e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6831 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150605/dbf9345e/attachment.bin>


More information about the Xymon mailing list