[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
From: "Bob Gordon" <rgordonjr (at) gmail.com>
Date: Thu, 9 Oct 2008 15:58:15 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=fBHHeMjaBIthLUlqPLiRujhgSCtTyxJDulRN72kgtUs=; b=qocJS6sMPl6ZYkpOQEQidIlNifiXp0sjLxWuPqflhqxpBrrNLhtu4cZ2ScQdMjtbBE WW4FHKmMyiiqQpeQEDUoAiOF23heF3vsQB1x2rV6n2CEegYFeL5t93JrirSlo4j8GWof sJ9FhvNYdzt1TE7kBvQClFjpMs1Goi8kfkczc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=W5AQjDlOEYUFVhTukxqx5Trf8H61wBa9WfC3GqYNa/chPgL3PDD+TCmbWFM7YQ7eYV L2nG6u3R729fHhqR79Rizd+fn5ozekrXTsD4NcWUAIrdbbvDvg2bb523E31+pVkPPJSr m/f166R0Ayq6nW/Yz7BlyZgBu/aqS0UfYpvNE=
References: <A3D12FAD74FC8B46991703F40C182BAB01078343 (at) permls102.wde.woodside.com.au> <gcl09s$f4n$1 (at) voodoo.hswn.dk> <EC70BBBBD43A8B468D2460FE1CFAAA26151967BE (at) EX1.nibco.com> <48EE4539.6020704 (at) elyograg.org> <d4f70c240810091212pd8290b5le3f9d3ac0323729b (at) mail.gmail.com> <48EE63CE.2020203 (at) elyograg.org>

On Thu, Oct 9, 2008 at 1:04 PM, Shawn Heisey <elyograg (at) elyograg.org> wrote:

> It looks like the ignore section only uses text matches, in this case
> regular expressions, right?  That would mean it can't match on event ID
> unless I encode something like "Print (8)" in a regular expression format.
>
> Not that this is a huge problem, but having a nice clean field like event
> ID is one of the good things about BBWin's local config mode.  I'm just
> tired of having to remote into the client to change something, especially
> when I have to do it on more than one client.
>
> Thanks for the info!  Only one more thing I'd want - do you have an
> examples of centrally defined service monitoring?
>


In my case I found it easier to match based on the text rather than the ID.
You should be able to match on the ID rather than the text though...

The entries that I am doing service monitoring on have entries similar to
these:

	SVC "RFBOARD" startup=manual status=started color=red
	SVC "RFDB" startup=manual status=started color=red


Regards,

-- 
--==[ Bob Gordon ]==--

Follow-Ups:
- Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
  - From: Shawn Heisey

References:
- Hobbit server crashing
  - From: Everett, Vernon
- Re: [hobbit] Hobbit server crashing
  - From: Henrik Stoerner
- Looking for sample BBWIN configs for filtering Windows event logs
  - From: Kauffman, Tom
- Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
  - From: Shawn Heisey
- Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
  - From: Bob Gordon
- Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
  - From: Shawn Heisey

Prev by Date: Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
Next by Date: RE: Old acknowledgements
Previous by thread: Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
Next by thread: Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs
Index(es):
- Date
- Thread