Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs

[Shawn Heisey <hobbit (at) elyograg.org>]

Here's our typical list:

   <ignore logfile="System" eventid="2" />
   <ignore logfile="System" eventid="3" />
   <ignore logfile="System" eventid="4" />
   <ignore logfile="System" eventid="8" />
   <ignore logfile="System" eventid="1106" />
   <ignore logfile="System" eventid="1111" />
   <ignore logfile="Application" eventid="3033" />
   <ignore logfile="Application" eventid="2003" />

ID 3033 is an Exchange message relating to Windows Mobile clients, but 
because Exchange was the first server I converted to BBWin from Big 
Brother, it's ended up on all of the systems.  ID 2003 is related to 
performance counters.  It's probably possible to fix, but my focus is 
not so much on the Windows infrastructure.

The rest are the annoying printer driver entries that you get when you 
log into a machine via Remote Desktop and are forwarding printers but 
don't have drivers on the system.  I tried for a long time to get people 
to turn off printer forwarding, because I could never get Big Brother to 
stop alarming, but nobody listened.  Hobbit/BBWin has been a lifesaver 
in this respect.  With a little more work, we will be able to soon 
include the NOC in all alarms.  With Big Brother, msgs was a flood of 
crap and would have overwhelmed them.

I have a question that's really more suited for the BBWin mailing list, 
but I've asked it there and gotten no response:  Does anyone have a 
complete server-side configuration example for BBWin clients, showing 
how to handle all aspects of the client configuration?

Thanks,
Shawn

Kauffman, Tom wrote:
> We haven't been putting the Windows Server msgs column on our bb2 page, nor alerting on msgs, because of the number of events that seem to trigger warnings or errors.
>