[Xymon] xymon msgs column

Yes Windows event logs are quite verbose but completely ignoring them is rather extreme!

I don't think you can use wildcards for log filenames.

client-local.cfg:

[myhost]

eventlog:application:10240 ignore .* eventlog:security:10240 ignore The Remote Desktop license server cannot update the license attributes

will tell the myhost BBWin client to completely ignore the application event log (nothing will be sent to the Xymon server). Similarly, lines with "The Remote Desktop license server cannot update the license attributes" of the security event log won't be sent.

Note that the ignore pattern can only match text of the last field as displayed by the Xymon msgs column

warning - 2016/01/20 09:48:25 - TermServLicensing (4105) - The Remote Desktop license server cannot update the license attributes for user...

analysis.cfg:

LOG eventlog_system %(?-i)^error IGNORE=%(?-i)NETLOGON\s\(5789\)

will set the color to red (default if omitted) when "error" pattern appears at the beginning of a line in system event log except for lines with "NETLOGON (5789)".

LOG eventlog_system %(?-i)^failure|^warning.* IGNORE=%(?-i)DCOM\s\(10009\) COLOR=yellow

Same for warning messages (yellow) with exception for lines with "DCOM (10009)"

Dominique Frise - UNIL

De : Xymon <xymon-bounces at xymon.com> de la part de Rebman,Scott (HHSC Contractor) <Scott.Rebman at hhsc.state.tx.us> Envoyé : mercredi 20 janvier 2016 14:48 À : xymon at xymon.com Objet : [Xymon] xymon msgs column

Looking for help to set all msgs columns for windows hosts to green.

The only entries in the client-local.cfg for win32 are:

[win32] log:* ignore failure ignore error ignore warning

This is my existing analysis.cfg file contents for CLASS=win32:

System Level CLASSes and Defaults

CLASS=win32 LOAD 80 90 # Load threholds are in % MEMPHYS 95 98 MEMSWAP 90 95 MEMACT 95 98 DISK C 90 95 # Can be harddrive or mount points DISK D 90 95 # Can be harddrive or mount points DISK E 90 95 # Can be harddrive or mount points PROC BBWin.exe 1 1 PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen SVC BBWin startup=automatic status=started

    LOG %.system    %error|warning|failure  COLOR=green
    LOG %.security  %error|warning|failure  COLOR=green
    LOG %.* %^error|warning|failure COLOR=green

Scott Allen Rebman Solaris System Administrator HHS/HHSC/Contractor TIERS Operations (512)873-6864 (CrossPark) (512) 549-0278 (Work Cell) Scott.Rebman at hhsc.state.tx.us