[Xymon] Migrating from BBWin to Xymon PS Client
zak.beck at accenture.com
zak.beck at accenture.com
Mon Mar 30 09:51:21 CEST 2015
Hi
The fields in the event log message from the PS client are as follows:
<level> - <date / time> - [<eventid>] - <provider> - <message>
Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.
In the example given, 'test' is the provider.
Ignore rules should match against provider or message. You cannot currently
ignore against event ids - I believe you could use them in alert.cfg though.
If you want to only receive warning or error 'level' messages, you can limit
using the eventlogswanted:
eventlogswanted:LIST_OF_EVENT_LOGS:MAX_SIZE:REQUIRED_LEVELS
REQUIRED_LEVELS is an optional list of the levels you want to report, e.g.:
eventlogswanted:*:250000:error,warning
Zak
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Brandon Dale
Sent: 30 March 2015 04:37
To: Timothy Persoon; xymon at xymon.com
Subject: Re: [Xymon] Migrating from BBWin to Xymon PS Client
I think this will work:
LOG eventlog_System %^error.* COLOR=red
LOG eventlog_System %^warning.*
COLOR=yellow
LOG eventlog_Application %^error.*
COLOR=red
LOG eventlog_Application %^warning.*
COLOR=yellow
LOG eventlog_Security %^failure.*
COLOR=red
The Ignore rules for the eventid's I'm not sure about, in the past with
bbwin I have always had to ignore based on the message detail. If someone
knows how to do this I would also like to know.
In the latest powershell client this is the type of data that you get for
events, the eventid is 1 in the below example.
Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.
However I haven't had any success using an ignore rule to match anything
other than the "This is a test message" part of the message.
Regards,
Brandon
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Timothy Persoon
Sent: Tuesday, 24 March 2015 7:55 PM
To: xymon at xymon.com <mailto:xymon at xymon.com>
Subject: [Xymon] Migrating from BBWin to Xymon PS Client
Hi,
I'm migrating from BBWin to the newest Xymon PS Client. However, there are
some settings in the BBWin.cfg file that I can't seem to migrate to the
analysis.cfg file.
In BBWin there are several message checks:
<msgs>
<setting name="alwaysgreen" value="false" />
<ignore logfile="Application" eventid="1000" />
<ignore logfile="Application" eventid="16385" />
<ignore logfile="Application" eventid="8198" />
<ignore logfile="Application" eventid="489" />
<ignore logfile="System" eventid="6038" />
<setting name="delay" value="1h" />
<match logfile="System" type="error" alarmcolor="red" />
<match logfile="System" type="warning" alarmcolor="yellow" />
<match logfile="Application" type="error" alarmcolor="red" />
<match logfile="Application" type="warning" alarmcolor="yellow" />
<match logfile="Security" type="fail" />
</msgs>
but how do I migrate those to analysis.cfg? There seem to be two options:
1) LOG eventlog_application %^warning COLOR=red
2) LOG eventlog:Application %warning COLOR=red
Is there a difference between these two notations and is it even possible to
migrate the settings of BBWin.cfg to the analysis.cfg?
Kind regards,
Timothy
_____
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150330/7860c268/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 4508 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150330/7860c268/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6831 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150330/7860c268/attachment.bin>
More information about the Xymon
mailing list