On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:

Hi All, Is it possible using the hobbit-clients.cfg file to centrally filter out windows eventlog messages by key word?

Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit" clients that use the hobbit-specific way of reporting data which is then analysed at the server. The bbnt client determines the status all by itself and sends the status update directly to the server, so it isn't possible to filter data on the server.

I can see a couple of ways you can do it, though. You can create a custom Hobbit server-side module, which is passed all of the "msgs" status data. Then you could filter these and generate a new status column - "msgs2", or whatever you'd call it - from these filtered data.

Writing server-side modules may seem daunting, but it really isn't. If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/ then you'll find a perl program which is such a server-side module: It's in the hobbitd/hobbitd_rootlogin.pl file.

You'd need to write a tool that reads the "msgs" status data it gets. The "msgs" status report (if I recall correctly) has the interesting lines listed with a red/yellow marker first, like: &red This is a critical message &yellow This is a warning &yellow This is pure noise So your script could weed out the "noise" lines, and then look at the remaining lines (if any) to see what the new status color should be.

From that, it should be easy to generate the new "msgs2" status and feed it into Hobbit.

Regards, Henrik