[xymon] Re: Ignoring strings in event logs

Josh Luthman josh at imaginenetworksllc.com
Tue Oct 5 05:00:52 CEST 2010 

Are you sure your Windows clients are set for centralized configuration?
They may be sending green/red instead of the data for the server to decide.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Mon, Oct 4, 2010 at 10:52 PM, Colin Coe <colin.coe at gmail.com> wrote:

> On Tue, Oct 5, 2010 at 8:48 AM, Steve Holmes <sholmes42 at gmail.com> wrote:
> >
> >
> > Wherever you go, there you are.
> >
> > On Oct 4, 2010, at 8:15 PM, Colin Coe <colin.coe at gmail.com> wrote:
> >
> >> Anyone have ideas on this?
> >>
> >> CC
> >>
> >> On Mon, Oct 4, 2010 at 12:43 PM, Colin Coe <colin.coe at gmail.com> wrote:
> >>> Hi all
> >>>
> >>> I have the following in my hobbit-clients.cfg on the Xymon server
> >>> ---
> >>> CLASS=win32
> >>>        LOAD 80 90 # Load threholds are in %
> >>>        PORT "LOCAL=%([.:]20000)$" TEXT=RemotelyAnywhere
> >>>        LOG %.*  %error -.* COLOR=yellow
> >>>        LOG eventlog:Security  %failure.* COLOR=yellow
> >>>        LOG eventlog:Application  %warning.* COLOR=yellow
> >>> IGNORE="%(Warning: IIS log failed to write entry|Many client computers
> >>> have not reported back|Unsuccessful logon attempt from IP address .*
> >>> Secure (SSL) Connection).*"
> >>>        LOG eventlog:System %error.* COLOR=yellow
> >>> ---
> >>>
> >>> I'm finding that I'm still getting warnings coming up from the WSUS
> >>> server regarding the clients that have not checked.
> >>>
> >>> Could someone advise what I'm doing wrong here?
> >>>
> >>> Thanks
> >>>
> >>> CC
> >>>
> >>
> >> To unsubscribe from the xymon list, send an e-mail to
> >> xymon-unsubscribe at xymon.com
> >>
> >>
> >
> > Oh, and you don't need the .* on the end of the string.
> > Steve
> >
>
> Hi Steve
>
> Thanks for the tips but unfortunately, these strings are still not
> being ignored.  I'm wondering if the problem is in 'client-local.cfg'.
>  At the top of 'hobbit-clients.cfg' it says that both files need to be
> configured but I don't see an example for Windows event logs.  How do
> you have client-local.cfg configured for Windows logs?
>
> Thanks
>
> CC
>
> --
> RHCE#805007969328369
>
> To unsubscribe from the xymon list, send an e-mail to
> xymon-unsubscribe at xymon.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20101004/d7871956/attachment.html>

More information about the Xymon mailing list