[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] windows logs
- To: hobbit (at) hswn.dk
- Subject: RE: [hobbit] windows logs
- From: DKDeckert (at) Hormel.com
- Date: Tue, 14 Jul 2009 11:09:41 -0500
- References: <OF70040661.B8B20154-ON862575F3.00492363-862575F3.00494248 (at) hormel.com> <833FE11B4A07FD4789F720B6F915124F0786CA3480 (at) HHCGVL-COMM01>
The problem i am having is that i have completley wiped out the [win32]
entries we have in client-local.cfg on xymons side. It shouldnt even be
reporting logs to xymon because xymon isnt looking for them(if it is
working correctly).
It will show the critical events that happen plus show the full log. We
want it to ignore all events and not even record them but it still is.....
shouldnt the end all end all lie with client-local.cfg. If i wipe the
entries for log monitoring it should in a sense stop looking for thoes
logs, but xymon still registers them and saves them in the histlogs
directory .....(which i might add is getting about 10% larger every 40
mins)..
EXAMPLE
No entries in eventlog_system
No entries in eventlog_security
No entries in eventlog_application
Full log eventlog_system
Full log eventlog_security
success - 2009/07/14 10:52:48 - Security (538) - User Logoff: User Name: DKroken Domain: HFC Logon ID: (0x0,0xBD3817) Logon Type: 3
success - 2009/07/14 10:52:48 - Security (540) - Successful Network Logon: User Name: DKroken Domain: HFC Logon ID: (0x0,0xBD3817)
Logon Type: 3 Logon Process: CISCO Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: CISCO Logon
GUID: - Caller User Name: CONNETACS$ Caller Domain: HFC Caller Logon ID: (0x0,0x3E7) Caller Process ID: 1904 Transited Services: -
Source Network Address: - Source Port: -
it is logging all the success but we have them ignored in
hobbit-clients.cfg
CLASS=win32
MEMPHYS 90 101
MEMSWAP 90 95
MEMACT 90 97
LOAD 90 95
DISK * 90 95
LOG %.* %.*warning.* COLOR=yellow IGNORE=%(printer|Perflib|PerfNet|
success|redirector|CPU Utilization Management)
LOG %.* %.*error.* COLOR=red IGNORE=%(printer|Perflib|PerfNet|
success|JOTS-STORAGE)
I just thought of something as i looked at this......because it is a class
in bb-hosts do all of the clients need to have the class win32 after it.
But if that was the case than why would it be monitoring logs if it wasent
classified as such for client-local.cfg
HELP !!!!!
Notice:
This communication is an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. § 2510. Its disclosure is strictly limited to the recipient(s) intended by the sender of this message. This transmission and any attachments may contain proprietary, confidential, attorney-client privileged information and/or attorney work product. If you are not the intended recipient, any disclosure, copying, distribution, reliance on, or use of any of the information contained herein is STRICTLY PROHIBITED. Please destroy the original transmission and its attachments without reading or saving in any matter and confirm by return email.