[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [xymon] Re: Ignoring strings in event logs
- To: xymon (at) xymon.com
- Subject: Re: [xymon] Re: Ignoring strings in event logs
- From: Colin Coe <colin.coe (at) gmail.com>
- Date: Tue, 5 Oct 2010 10:52:28 +0800
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=BUpbNcL+lGTBzv3ciG1q5WIrjIFNxD6iumc+N6Bg9os=; b=qDX1f/xBFMVx+yQz+rGYOKDfUdBnukNs1V6WaQp5sSoDsjnQJyIk/xulERsmeNv5EJ XW8kuItf9SAwPjwA2Ji4l2K960A2rV4gVRw0bF38dKMP2DHWTnCoVWiXq6l14ILgqWod 1aNGXBXz0Zp0HQ9E4a/NaSBCDAKW17fmTy6I4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=N4u2g9gHM/WIci7NTSbgA3oVQI0UfKKFY8G3PZ5KZKpr4VvDAlI8ZjlwbbgV6UZlds xNHdqAvCFra7xkYg4DzyH9unbgmk6iNH0/o1rHd0BR9Rl3vFKNce+qp4vPfFgbUuv9hb zVZind9TJLTJrw3Y3TUeBLDiQoa+Htte/lb78=
- References: <AANLkTinJ7SjO6P=gpCpRzO_AOHxdPdKd9X9pCs1uutpi (at) mail.gmail.com> <AANLkTinFzru5w3ra3RVLZTa5ajug92nnw-apvhXaCoze (at) mail.gmail.com> <17C14BDB-C5F5-4C9E-87B9-03C946684E56 (at) gmail.com>
On Tue, Oct 5, 2010 at 8:48 AM, Steve Holmes <sholmes42 (at) gmail.com> wrote:
>
>
> Wherever you go, there you are.
>
> On Oct 4, 2010, at 8:15 PM, Colin Coe <colin.coe (at) gmail.com> wrote:
>
>> Anyone have ideas on this?
>>
>> CC
>>
>> On Mon, Oct 4, 2010 at 12:43 PM, Colin Coe <colin.coe (at) gmail.com> wrote:
>>> Hi all
>>>
>>> I have the following in my hobbit-clients.cfg on the Xymon server
>>> ---
>>> CLASS=win32
>>> LOAD 80 90 # Load threholds are in %
>>> PORT "LOCAL=%([.:]20000)$" TEXT=RemotelyAnywhere
>>> LOG %.* %error -.* COLOR=yellow
>>> LOG eventlog:Security %failure.* COLOR=yellow
>>> LOG eventlog:Application %warning.* COLOR=yellow
>>> IGNORE="%(Warning: IIS log failed to write entry|Many client computers
>>> have not reported back|Unsuccessful logon attempt from IP address .*
>>> Secure (SSL) Connection).*"
>>> LOG eventlog:System %error.* COLOR=yellow
>>> ---
>>>
>>> I'm finding that I'm still getting warnings coming up from the WSUS
>>> server regarding the clients that have not checked.
>>>
>>> Could someone advise what I'm doing wrong here?
>>>
>>> Thanks
>>>
>>> CC
>>>
>>
>> To unsubscribe from the xymon list, send an e-mail to
>> xymon-unsubscribe (at) xymon.com
>>
>>
>
> Oh, and you don't need the .* on the end of the string.
> Steve
>
Hi Steve
Thanks for the tips but unfortunately, these strings are still not
being ignored. I'm wondering if the problem is in 'client-local.cfg'.
At the top of 'hobbit-clients.cfg' it says that both files need to be
configured but I don't see an example for Windows event logs. How do
you have client-local.cfg configured for Windows logs?
Thanks
CC
--
RHCE#805007969328369