[Xymon] Help turning off "msg" test with XymonPSClient.ps1

Zak -

Thanks so much for the reply.

Actually, this is what I am seeing in the xymon-lastcollect.txt (the file has the correct / current timestamp for right now):

                            [EventlogSummary]

                            Max(K) Retain OverflowAction    Entries Log
                            ------ ------ --------------    ------- ---
                            20,480      0 OverwriteAsNeeded  78,572 Application
                            20,480      0 OverwriteAsNeeded       0 HardwareEvents
                               512      7 OverwriteOlder          0 Internet Explorer
                            20,480      0 OverwriteAsNeeded       0 Key Management Service
                            20,480      0 OverwriteAsNeeded  27,169 Security
                             8,192      0 OverwriteAsNeeded   4,699 Symantec Endpoint Protection Client
                            20,480      0 OverwriteAsNeeded  62,965 System
                            15,360      0 OverwriteAsNeeded     132 Windows PowerShell


                            [msgs:EventlogSummary]

                            Max(K) Retain OverflowAction    Entries Log
                            ------ ------ --------------    ------- ---
                            20,480      0 OverwriteAsNeeded  78,572 Application
                            20,480      0 OverwriteAsNeeded       0 HardwareEvents
                               512      7 OverwriteOlder          0 Internet Explorer
                            20,480      0 OverwriteAsNeeded       0 Key Management Service
                            20,480      0 OverwriteAsNeeded  27,169 Security
                             8,192      0 OverwriteAsNeeded   4,699 Symantec Endpoint Protection Client
                            20,480      0 OverwriteAsNeeded  62,965 System
                            15,360      0 OverwriteAsNeeded     132 Windows PowerShell

This data is actually what I see when it gets over to the Xymon server, as viewed by clicking the "msgs" icon for details. "drop"-ping the test doesn't do any good since the data is fresh and keeps coming from the client.

If it helps at all, the client is a Windows Server 2012 R2.

??

;-)

From: zak.beck at accenture.com [mailto:zak.beck at accenture.com] Sent: Wednesday, December 28, 2016 3:08 AM To: Mills,David (HHSC Contractor); xymon at xymon.com Subject: RE: Help turning off "msg" test with XymonPSClient.ps1

Hi David

Have a look in the xymon-lastcollect.txt file (which will be in C:\ by default). This file contains the core payload sent to the server on the last collect.

I suspect the setting has worked in as much as the client is no longer sending the data to the server - there should be no sections in the above log like this:

[msgs:eventlog_Application] [msgs:eventlog_System]

And similar, depending on config.

I think what may be happening is that the server has old data for the msgs test and so is displaying the column (probably with a purple alert) because it is no longer receiving data.

I am by no means an expert on the server side. I think you can remove the old data using something like this on the server:

xymon 0 "drop <server> [test]"

i.e.

xymon 0 "drop <server> msgs"

You might need to add NOCOLUMNS:msgs in hosts.cfg, not sure.

Cheers

Zak

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mills,David (HHSC Contractor) Sent: 27 December 2016 22:46 To: 'xymon at xymon.com' <xymon at xymon.com<mailto:xymon at xymon.com>> Subject: [Xymon] Help turning off "msg" test with XymonPSClient.ps1

All -

I've installed a prototype of the PowerShell client, XymonPSClient.ps1 (2.1.5), and it is successfully reporting data back to the server. However, I'm trying to eliminate all Windows event log data from being sent to the server (i.e. suppressing the "msgs" column for that client on the Xymon display).

According to the documentation for the xymonclient_config.xml file, the "reportevt" XML tag value controls this behavior: "reportevt ... Whether to scan and report event log ... 0 = no 1 = yes". However, even after adding the necessary tags and restarting the service on the Windows client, the "msgs" column keeps coming back.

Here's the config file:

<XymonSettings>

 <servers>xxx.xxx.txaccess.net</servers>

 <clientlogfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log</clientlogfile>
 <clientconfigfile>C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg</clientconfigfile>

 <clientfqdn>0</clientfqdn>
 <clientlower>1</clientlower>

 <reportevt>0</reportevt>

</XymonSettings>

Here's the output of the currently active configuration on the client:

PS C:\Users\millsda\Desktop\Xymon PS Client 2.1.5> .\xymonclient.ps1 config XymonPSClient config:

XML: C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient_config.xml Settable Params and values: clientbbwinmembug=1 clientclass=powershell clientlogpath=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5 clientlogretain=0 clientname=xxx ClientProcessPriority=Normal clientremotecfgexec=0 clientsoftware=powershell EnableWin32_Product=0 EnableWin32_QuickFixEngineering=0 EnableWMISections=0 externaldatalocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\tmp externalscriptlocation=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\ext loopinterval=300 MaxEvents=5000 maxlogage=60 servergiflocation=/xymon/gifs/ serversList=xxx.xxx.txaccess.net slowscanrate=72 wanteddisksList=3 clientconfigfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\clientconfig.cfg clientfqdn=0 clientlogfile=C:\Users\millsda\Desktop\Xymon PS Client 2.1.5\xymonclient.log clientlower=1 reportevt=0 servers=xxx.xxx.txaccess.net

Thx!

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ David Mills Systems Administrator Northrop Grumman (512) 595-1238 (mobile)