[Xymon] xymon msgs column

Dominique Frise Dominique.Frise at unil.ch
Wed Jan 20 16:41:39 CET 2016 

Yes Windows event logs are quite verbose but completely ignoring them is rather extreme!

I don't think you can use wildcards for log filenames.


client-local.cfg:

[myhost]

eventlog:application:10240
ignore .*
eventlog:security:10240
ignore The Remote Desktop license server cannot update the license attributes


will tell the myhost BBWin client to completely ignore the application event log (nothing will be sent to the Xymon server). Similarly, lines with "The Remote Desktop license server cannot update the license attributes" of the security event log won't be sent.

Note that the ignore pattern can only match text of the last field as displayed by the Xymon msgs column


warning - 2016/01/20 09:48:25 - TermServLicensing (4105) - The Remote Desktop license server cannot update the license attributes for user...


analysis.cfg:

  LOG eventlog_system  %(?-i)^error IGNORE=%(?-i)NETLOGON\s\(5789\)


will set the color to red (default if omitted) when "error" pattern appears at the beginning of a line in system event log except for lines with "NETLOGON (5789)".


  LOG eventlog_system %(?-i)^failure|^warning.* IGNORE=%(?-i)DCOM\s\(10009\) COLOR=yellow


Same for warning messages (yellow) with exception for lines with "DCOM (10009)"



Dominique Frise - UNIL


________________________________
De : Xymon <xymon-bounces at xymon.com> de la part de Rebman,Scott (HHSC Contractor) <Scott.Rebman at hhsc.state.tx.us>
Envoyé : mercredi 20 janvier 2016 14:48
À : xymon at xymon.com
Objet : [Xymon] xymon msgs column

Looking for help to set all msgs columns for windows hosts to green.

The only entries in the client-local.cfg for win32 are:

[win32]
log:*
ignore  failure
ignore  error
ignore  warning

This is my existing analysis.cfg file contents for CLASS=win32:

## System Level CLASSes and Defaults
CLASS=win32
        LOAD 80 90 # Load threholds are in %
        MEMPHYS 95 98
        MEMSWAP 90 95
        MEMACT 95 98
        DISK C 90 95 # Can be harddrive or mount points
        DISK D 90 95 # Can be harddrive or mount points
        DISK E 90 95 # Can be harddrive or mount points
        PROC BBWin.exe 1 1
        PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen
        SVC BBWin startup=automatic status=started

        LOG %.system    %error|warning|failure  COLOR=green
        LOG %.security  %error|warning|failure  COLOR=green
        LOG %.* %^error|warning|failure COLOR=green

Scott Allen Rebman
Solaris System Administrator
HHS/HHSC/Contractor
TIERS Operations
(512)873-6864 (CrossPark)
(512) 549-0278 (Work Cell)
Scott.Rebman at hhsc.state.tx.us





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160120/20cc4a80/attachment.html>

More information about the Xymon mailing list