Yeah, "eventlog:security:5120" might only be supported in newer versions of BBWin. Try "msgs:eventlog_security:5120" instead, or upgrade to latest.
On 28 June 2013 09:23, Phil Crooker <Phil.Crooker at orix.com.au> wrote:
On 26/06/2013 at 1:22 PM, in message <CAAnki7BXPyCqRJDmC4qNTRLNt7pnQ-giQfwSbzK9QN=jdmpTrQ at mail.gmail.com>, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote: On 26 June 2013 12:41, Phil Crooker <Phil.Crooker at orix.com.au> wrote:
Yes, one is supposed to be able to filter what gets passed into xymon in via client-local.cfg on the xymon server but the problem is xymond rejects everything because of "flooding" before it can be filtered.
No, the section in the client-local.cfg file gets sent to the client, so that the messages are filtered on the client before being sent to the Xymon server. The "client" messages can be made smaller when filtered this way.
J
OK, did some experimentation:
Using log:security:5120 (for example) results in "[logfile:log:security] ERROR: The system cannot find file specified". I read that someone had tried eventlog:security:5120 but that gets the same error with tlog:security being not found. This is from tcpdump and could not find it in any logs.
So, randomly trying things, I don't get the error if I use msgs:security:5120 but is is unclear that this is recognised by the client.
In all cases, all entries have no effect - having the entry for a specific eventlog or not, having ignore statements, even putting :128 to limit the amount of data) and all logs are sent to xymond in their entirety and appear on the msgs page for that host under "Full log".
I'll perhaps take this up with the bbwin list.
cheers, Phil
-- Please consider the environment before printing this e-mail
This message from ORIX Australia may contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive further communications by email. ORIX handles personal information according to a Privacy Policy that is consistent with the National Privacy Principles. Please let us know if you would like a copy. It is also available at http://www.orix.com.au