[Xymon] Help turning off "msg" test with XymonPSClient.ps1

Mills,David (HHSC Contractor) David.Mills at hhsc.state.tx.us
Wed Dec 28 15:08:07 CET 2016 

Thanks, Zak ...

For such a small bit of data, I can live with this for the time being. One question though: does this data ever go "red" or "yellow"?

david

From: zak.beck at accenture.com [mailto:zak.beck at accenture.com]
Sent: Wednesday, December 28, 2016 8:04 AM
To: Mills,David (HHSC Contractor); xymon at xymon.com
Subject: RE: Help turning off "msg" test with XymonPSClient.ps1

Hi

That output is generated by a different function in the client. Unfortunately, that function does not have the suppression.

I will submit an update to suppress that output in the next few days - I have one or two other updates to include also.

Thanks

Zak

From: Mills,David (HHSC Contractor) [mailto:David.Mills at hhsc.state.tx.us]
Sent: 28 December 2016 13:35
To: Beck, Zak <zak.beck at accenture.com<mailto:zak.beck at accenture.com>>; xymon at xymon.com<mailto:xymon at xymon.com>
Subject: RE: Help turning off "msg" test with XymonPSClient.ps1

Zak -

Thanks so much for the reply.

Actually, this is what I am seeing in the xymon-lastcollect.txt (the file has the correct / current timestamp for right now):

                                [EventlogSummary]

                                Max(K) Retain OverflowAction    Entries Log
                                ------ ------ --------------    ------- ---
                                20,480      0 OverwriteAsNeeded  78,572 Application
                                20,480      0 OverwriteAsNeeded       0 HardwareEvents
                                   512      7 OverwriteOlder          0 Internet Explorer
                                20,480      0 OverwriteAsNeeded       0 Key Management Service
                                20,480      0 OverwriteAsNeeded  27,169 Security
                                 8,192      0 OverwriteAsNeeded   4,699 Symantec Endpoint Protection Client
                                20,480      0 OverwriteAsNeeded  62,965 System
                                15,360      0 OverwriteAsNeeded     132 Windows PowerShell


                                [msgs:EventlogSummary]

                                Max(K) Retain OverflowAction    Entries Log
                                ------ ------ --------------    ------- ---
                                20,480      0 OverwriteAsNeeded  78,572 Application
                                20,480      0 OverwriteAsNeeded       0 HardwareEvents
                                   512      7 OverwriteOlder          0 Internet Explorer
                                20,480      0 OverwriteAsNeeded       0 Key Management Service
                                20,480      0 OverwriteAsNeeded  27,169 Security
                                 8,192      0 OverwriteAsNeeded   4,699 Symantec Endpoint Protection Client
                                20,480      0 OverwriteAsNeeded  62,965 System
                                15,360      0 OverwriteAsNeeded     132 Windows PowerShell

This data is actually what I see when it gets over to the Xymon server, as viewed by clicking the "msgs" icon for details. "drop"-ping the test doesn't do any good since the data is fresh and keeps coming from the client.

If it helps at all, the client is a Windows Server 2012 R2.

??

;-)


From: zak.beck at accenture.com<mailto:zak.beck at accenture.com> [mailto:zak.beck at accenture.com]
Sent: Wednesday, December 28, 2016 3:08 AM
To: Mills,David (HHSC Contractor); xymon at xymon.com<mailto:xymon at xymon.com>
Subject: RE: Help turning off "msg" test with XymonPSClient.ps1

Hi David

Have a look in the xymon-lastcollect.txt file (which will be in C:\ by default). This file contains the core payload sent to the server on the last collect.

I suspect the setting has worked in as much as the client is no longer sending the data to the server - there should be no sections in the above log like this:

[msgs:eventlog_Application]
[msgs:eventlog_System]

And similar, depending on config.

I think what may be happening is that the server has old data for the msgs test and so is displaying the column (probably with a purple alert) because it is no longer receiving data.

I am by no means an expert on the server side. I think you can remove the old data using something like this on the server:

xymon 0 "drop <server> [test]"

i.e.

xymon 0 "drop <server> msgs"

You might need to add NOCOLUMNS:msgs in hosts.cfg, not sure.

Cheers

Zak

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mills,David (HHSC Contractor)
Sent: 27 December 2016 22:46
To: 'xymon at xymon.com' <xymon at xymon.com<mailto:xymon at xymon.com>>
Subject: [Xymon] Help turning off "msg" test with XymonPSClient.ps1

All -

I've installed a prototype of the PowerShell client, XymonPSClient.ps1 (2.1.5), and it is successfully reporting data back to the server. However, I'm trying to eliminate all Windows event log data from being sent to the server (i.e. suppressing the "msgs" column for that client on the Xymon display).

According to the documentation for the xymonclient_config.xml file,  the "reportevt" XML tag value controls this behavior: "reportevt ... Whether to scan and report event log ... 0 = no 1 = yes". However, even after adding the necessary tags and restarting the service on the Windows client, the "msgs" column keeps coming back.

Here's the config file:

<XymonSettings>

     <servers>xxx.xxx.txaccess.net</servers>

     <clientlogfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log</clientlogfile>
     <clientconfigfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg</clientconfigfile>

     <clientfqdn>0</clientfqdn>
     <clientlower>1</clientlower>

     <reportevt>0</reportevt>
</XymonSettings>

Here's the output of the currently active configuration on the client:

PS C:\Users\millsda\Desktop\Xymon PS Client 2.1.5> .\xymonclient.ps1 config
XymonPSClient config:

XML: C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient_config.xml
Settable Params and values:
    clientbbwinmembug=1
    clientclass=powershell
    clientlogpath=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5
    clientlogretain=0
    clientname=xxx
    ClientProcessPriority=Normal
    clientremotecfgexec=0
    clientsoftware=powershell
   EnableWin32_Product=0
    EnableWin32_QuickFixEngineering=0
    EnableWMISections=0
    externaldatalocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\tmp
    externalscriptlocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\ext
    loopinterval=300
    MaxEvents=5000
    maxlogage=60
    servergiflocation=/xymon/gifs/
    serversList=xxx.xxx.txaccess.net
    slowscanrate=72
    wanteddisksList=3
    clientconfigfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg
    clientfqdn=0
    clientlogfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log
    clientlower=1
    reportevt=0
    servers=xxx.xxx.txaccess.net

---
Thx!

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
David Mills
Systems Administrator
Northrop Grumman
(512) 595-1238 (mobile)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20161228/7ab984fd/attachment.html>

More information about the Xymon mailing list