[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hobbit and BBWin0.12 Windows Event logs

To: hobbit (at) hswn.dk
Subject: Hobbit and BBWin0.12 Windows Event logs
From: dave khemraj <khemrajk2003 (at) yahoo.com>
Date: Fri, 26 Sep 2008 12:34:42 -0700 (PDT)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=NBDnUSSct4X3UZ7YjgHFo8MTIehSCGZkWsTHg1P5+gyl20qDWCcAvg/KImKRTRC7758hbdzswctbeWXY7j3RdUmr6jwz38pV2NuUCqg00NmN4dbPQuEnkxFWd8LWfs6ra9BUdUct4K0MN9habzobZILsKWY44CXwVPL7cVHC/mA=;

Greetings all,

I need help setting up the hobbit-client.cfg file to monitor and ignore the windows event logs (application, system, security).

Here is a sample of what I have in hobbit-client.cfg:
LOG %.*application.* %error COLOR=red
LOG %.*application.* error COLOR=red IGNORE='%VSS (8193) -*'
LOG %.*application.* error COLOR=red IGNORE='%Application Error (1000) -*'

I have played around with different syntax, but I cannot seem to get it right. Here is a sample output (I know the alert does not match what I have above, it is just an example):

failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: Object Server: 
&unknown failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: 
&unknown failure - 2008/08/20 07:26:56 - Security (578) - Privileged object operation: Object Server: 
I get the security failure in this example with the blinking red dot, but then I get the same messages with the &unknown.

If anyone that has set this up correctly can please advice, it would be great.

Thanks in advance for the help,
Dev Khemraj

Prev by Date: Suspected bug in External Script handling
Next by Date: Re: [hobbit] Suspected bug in External Script handling
Previous by thread: Re: [hobbit] Suspected bug in External Script handling
Next by thread: Downtime Question
Index(es):
- Date
- Thread