[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BBWin central mode - cannot get log filtering to work

To: hobbit (at) hswn.dk
Subject: BBWin central mode - cannot get log filtering to work
From: Shawn Heisey <hobbit (at) elyograg.org>
Date: Mon, 21 Jun 2010 17:26:04 -0600
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=elyograg.org; h= content-transfer-encoding:content-type:content-type:subject :subject:mime-version:user-agent:from:from:date:date:message-id :received:received; s=mail; t=1277162765; bh=Sf4BTJLWTCvb4/kzoWz QITZWbygGceN0vlDHnIvGf7E=; b=c+Ia8dMfeFld+clqkpMemiPfZ923FNdAJU0 wU7DIfi2Vs7G/AA0f2zRrp1VGB+/JuqZyP81fFNGn7kFSZNE515T/IlIv4TYMf3z 84xWkZaghqbiMS2J5emAh8YF3eRGUanlNxlOqI0adZGgYLiaRm6ZK2z30xaKZJj4 P2qR2vIg=
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5

I sent this message to the BBWin mailing list several days ago and have
not gotten a response there.  I hope to find an audience here.

I've got a bunch of machines reporting to my Xymon 4.3 server, of which
a large percentage are Windows, running BBWin 0.12 in local mode.  I
want to convert everything to central mode, but I cannot seem to get the
log filtering to work.  I'm starting with my Exchange 2003 server, on
32-bit Windows 2003 SP2.

Here's what I've got in my client-local.cfg:

=-=-=-=-=-=-=-=-=
[win32]
eventlog:System
ignore TermServDevices
ignore Printer Driver
ignore Big Brother Hobbit Client
eventlog:Application
ignore information
ignore TermServDevices
ignore BigBrotherHobbitClient
ignore Failed to create a new named
ignore Error 0x7da
=-=-=-=-=-=-=-=-=

Here's what's in hobbit-clients.cfg:

=-=-=-=-=-=-=-=-=
HOST=exchange.slc
         SVC IMAP4Svc startup=automatic status=started
         SVC MSExchangeIS startup=automatic status=started
         SVC MSExchangeSA startup=automatic status=started
         SVC RESvc startup=automatic status=started
         SVC SMTPSVC startup=automatic status=started
         SVC W3SVC startup=automatic status=started

CLASS=%win32
         LOAD 50 75
         PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen
         LOG %.* %^error.* COLOR=red
         LOG %.* %^warning.* COLOR=yellow
=-=-=-=-=-=-=-=-=

Nothing is being filtered by the ignore entries in client-local.cfg.
They show up in the log on the website and are tagged as red alarms.
The config is being transferred to the BBWin tmp folder.  If I turn on
debugging, the BBWin log shows all of the ignore lines, but it still
doesn't work.

I took a look through the trunk source code for msgs.dll, but found my
meager C++ skills quickly overwhelmed and I was not able to follow it.

Does anyone have a working BBWin/Xymon 4.3 central mode config with log
filtering that they can share?  I'd like the logs filtered before they
get to Xymon, and from what I understand, if I use the IGNORE syntax in
hobbit-clients.cfg, it has to transfer all log entries to the server.
Windows is notorious for spamming the event log with useless
informational messages when there's a problem, so it might exceed the
buffer size and cause me to miss events if they are not filtered first.

Thanks,
Shawn

Follow-Ups:
- Re: [hobbit] BBWin central mode - cannot get log filtering to work
  - From: Malcolm Hunter

Prev by Date: Any idea on a 4.3.0 third beta (or rc?) timeframe?
Next by Date: Re: [hobbit] BBWin central mode - cannot get log filtering to work
Previous by thread: Re: [hobbit] Any idea on a 4.3.0 third beta (or rc?) timeframe?
Next by thread: Re: [hobbit] BBWin central mode - cannot get log filtering to work
Index(es):
- Date
- Thread