Greetings. I'm still working a few things out with my Hobbit config. I'm using Hobbit 4.2 and BBWin .12. At the moment I'm trying to sort out how to filter on logs by machine. For example, none of the "LOG" statements in the following hobbit-clients.cfg file have any effect. Another related question I have is regarding the HOST name field. I'm using the hostnames specified by the "client:" tag from bb-hosts as opposed to the fully qualified name. Is that correct (it didn't seem to work when I tried the FQ name either for that matter.) I'm using centralized mode. Should I be using local mode instead for Windows event log filtering? Also, how do I specify a specific event log name? Do I use the evt file name itself? Do I need to include the path to it?

HOST=BUTTERMILK PROC inetinfo.exe 1 1 LOG %.* %.*error.* COLOR=yellow IGNORE=definition

DEFAULT UP 1h LOAD 75 90 DISK * 90 95 MEMPHYS 85 100 MEMSWAP 75 95 MEMACT 90 97 LOG %.* %.*error.* COLOR=yellow IGNORE=password LOG %.* %.*error.* COLOR=yellow IGNORE=printer

The Win32 part of my client-local.cfg looks like this: [win32] eventlog:Security ignore Success eventlog:System ignore Information eventlog:Application ignore Information

Thanks much --Dan

============================================= Daniel Elswit Assistant Director of Information Technology, College of Agriculture & Life Sciences Cornell University Ithaca, NY, USA de21 at cornell.edu (607) 255-5658 http://www.cals.cornell.edu/cals/cals-it/