DKDeckert at Hormel.com wrote:
Hi everyone,
Does anyone monitor windows system logs? When we installed the bbwin client on the machine it started to just crazily send messages to xymon. The harddrive for xymon went from 20% to 98% in one night. I tried to ignore logs but it still takes them in...
I also did extensive fiddling with client-side filtering options and even dived into the BBWIN source but have given up for now. We are enabling Failure Auditing on a number of servers, and some also have Success Audit, which makes the reported messages just enormous without being able to filter them on the client. In some cases I couldn't fit under even MAXMSG_CLIENT="15242880" and who knows how big I would have needed to make it!
We are now deploying SNARE to forward event logs via syslog, then using syslog-ng to split by incoming IP address, and I'm yet to modify the bb-msgs.pl or similar to do the monitoring. The logs come through well delimited into the eventlog fields, so should be very easy to filter and report on. SNARE: http://www.intersectalliance.com/projects/SnareWindows/index.html
BBNT is less than perfect with event logs. Many messages omit important sections of the error, just showing "" instead. It is also a pain to have to set up all the ignore strings on the local clients, and without regexp patterns filtering is very primitive.
David.
-- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au