I'm just setting up a number of windows servers with bbwin clients and am having the problem of not being able to stop sending log files or ignorned entries to the xymon server. The logs are often overwhelmingly filled with junk which makes it hard to see the interesting bits.
In analysis.cfg, it says:
To monitor a logfile, you *MUST* configure both client-local.cfg
and analysis.cfg. If you configure only the client-local.cfg
file, the client will collect the log data and you can view it in
the "client data" display, but it will not affect the color of the
"msgs" status. On the other hand, if you configure only the
analysis.cfg file, then there will be no log data to inspect,
and you will not see any updates of the "msgs" status either.
This is the case with the xymon linux client but not with bbwin clients set to central mode (not sure about local mode but I haven't fully investigated). Even if I have nothing in client-local.cfg [win32] clientclass (that of the client), all log files are sent to the xymon server anyway.
Here is the windows clientclass: [win32] log:eventlog_application IGNORE BigBrotherXymonClient Here is what I have for a linux client: [linux] log:/var/log/messages:10240 ignore SQLAnywhere Using tcpdump, when the linux client starts, it does a syn/ack with the server and immediately sends its data, including the 'ignored' lines. At the end of that, the server sends the above clientclass statement. Next time the client data is sent to the xymon server, the ignored lines aren't sent. But at no point are the ignored lines displayed on the msgs web page.
With the bbwin client, the same sequence happens, but the xymon server doesn't send the win32 segment and all logs and all log entries are always sent. I confirmed in the tcpdump that the client is sending win32:
whatever.domain.bbwin win32 [osversion] Microsoft Windows Server 2003, Stadard Edition Service Pack 2 (build.3790) .....
Am I doing something wrong here or is the central mode for this client not fully implemented, or ???
thanks, Phil