It's a Windows event log. I thought maybe there was an issue with the name having a space but quoting it has no bearing (for the "ignore source" entries). I have drilled into the particular events and have added "ignore message" with different single words that are in the alerts. The final alert in Xymon/BB does not have the event body - just a header line with date stamps followed by a line with a bracketed number that something is occurring in the MIMEsweeper log.
I will see about contacting Mr. Nygren.
Office: 240-686-2666 mark.deiss at acs-inc.com ACS, A Xerox Company CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-----Original Message----- From: ulric at siag.nu [mailto:ulric at siag.nu] Sent: Tuesday, September 28, 2010 9:19 AM To: xymon at xymon.com Subject: Re: [xymon] Question on MrBig log parsing
Citerar "Deiss, Mark" <Mark.Deiss at acs-inc.com>:
For the Windows client, MrBig, has anyone fooled around with the rules for parsing the log files? We have a "MIMEsweeper log" that just
cannot
figure out syntax to suppress false alerts.
Is this a Windows event log? Check in Event Viewer what the name is and filtering on the log name should work fine.
Last I heard, the good folks at Qbranch (the company behind Mr Big) were going to carry on maintenance after I left. Tobias Nygren is the new maintainer; see contact info on the web page.
Ulric
To unsubscribe from the xymon list, send an e-mail to xymon-unsubscribe at xymon.com