Greetings all,

I need help setting up the hobbit-client.cfg file to monitor and ignore the windows event logs (application, system, security).

Here is a sample of what I have in hobbit-client.cfg: LOG %.*application.* %error COLOR=red LOG %.*application.* error COLOR=red IGNORE='%VSS (8193) -*' LOG %.*application.* error COLOR=red IGNORE='%Application Error (1000) -*'

I have played around with different syntax, but I cannot seem to get it right. Here is a sample output (I know the alert does not match what I have above, it is just an example):

failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: Object Server: &unknown failure - 2008/08/20 07:39:23 - Security (578) - Privileged object operation: &unknown failure - 2008/08/20 07:26:56 - Security (578) - Privileged object operation: Object Server: I get the security failure in this example with the blinking red dot, but then I get the same messages with the &unknown.

If anyone that has set this up correctly can please advice, it would be great.

Thanks in advance for the help, Dev Khemraj