[hobbit] Looking for sample BBWIN configs for filtering Windows event logs

Gavin Leonard gleonard at progrexion.com
Thu Oct 9 20:01:54 CEST 2008


I have very chatty windows boxes as well,, where do you place these lists? Which file?

-Gavin

-----Original Message-----
From: Shawn Heisey [mailto:hobbit at elyograg.org]
Sent: Thursday, October 09, 2008 11:54 AM
To: hobbit at hswn.dk
Subject: Re: [hobbit] Looking for sample BBWIN configs for filtering Windows event logs

Here's our typical list:

    <ignore logfile="System" eventid="2" />
    <ignore logfile="System" eventid="3" />
    <ignore logfile="System" eventid="4" />
    <ignore logfile="System" eventid="8" />
    <ignore logfile="System" eventid="1106" />
    <ignore logfile="System" eventid="1111" />
    <ignore logfile="Application" eventid="3033" />
    <ignore logfile="Application" eventid="2003" />

ID 3033 is an Exchange message relating to Windows Mobile clients, but
because Exchange was the first server I converted to BBWin from Big
Brother, it's ended up on all of the systems.  ID 2003 is related to
performance counters.  It's probably possible to fix, but my focus is
not so much on the Windows infrastructure.

The rest are the annoying printer driver entries that you get when you
log into a machine via Remote Desktop and are forwarding printers but
don't have drivers on the system.  I tried for a long time to get people
to turn off printer forwarding, because I could never get Big Brother to
stop alarming, but nobody listened.  Hobbit/BBWin has been a lifesaver
in this respect.  With a little more work, we will be able to soon
include the NOC in all alarms.  With Big Brother, msgs was a flood of
crap and would have overwhelmed them.

I have a question that's really more suited for the BBWin mailing list,
but I've asked it there and gotten no response:  Does anyone have a
complete server-side configuration example for BBWin clients, showing
how to handle all aspects of the client configuration?

Thanks,
Shawn

Kauffman, Tom wrote:
> We haven't been putting the Windows Server msgs column on our bb2 page, nor alerting on msgs, because of the number of events that seem to trigger warnings or errors.
>


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk





More information about the Xymon mailing list