[Xymon] XymonPSClient and Security eventlog

zak.beck at accenture.com zak.beck at accenture.com
Thu Feb 25 15:34:57 CET 2016 

Hi Dominique

 

This is the event log 'Level' filter.

 

The client uses the Windows event log filtering capabilities built into Windows. You can try these out yourself in Event Viewer by navigating to the Security log and selecting Filter Current Log….

 

You will see when doing this that despite selecting the security log, for level the window only offers you Critical, Warning, Verbose, Error or Information and not Audit Failure / Success. You should find that playing with the options, on the Security log, only "Information" actually returns anything.

 

Looking at the columns for Security log, you should see that the first column changes from Level to Keywords, and that Audit Failure/Success are actually keywords and not a level.

 

Unfortunately for these reasons it appears there is no way to filter on Audit Failure, unless you can configure an alert with a regex to look specifically for some text in the message that relates to the failure or the event id.

 



 

Zak 

 

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Dominique Frise
Sent: 25 February 2016 11:00
To: xymon at xymon.com
Subject: [Xymon] XymonPSClient and Security eventlog

 

​Hi,

 

Question regarding alerting on Security event_log.

 

Extract from xymonclient.ps1:

 

      # default logs - may be overridden by config

    $wantedlogs = "Application", "System", "Security"

    $wantedLevels = @('Critical', 'Warning', 'Error', 'Information', 'Verbose')

    $maxpayloadlength = 1024

    $payload = ''

 

When problems occurr, "Warning", "Critical or "Error" are reported in Application and System event_log, 

but in the Security event_log "Audit Failure" will be reported.

We don't see how this condition is handled.

 

Did we missed something ?

 

Thanks,

Dominique Frise - UNIL

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160225/7c2e43d3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 83416 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160225/7c2e43d3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6831 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160225/7c2e43d3/attachment.bin>

More information about the Xymon mailing list