Migrating from BBWin to Xymon PS Client
Hi,
I'm migrating from BBWin to the newest Xymon PS Client. However, there are some settings in the BBWin.cfg file that I can't seem to migrate to the analysis.cfg file.
In BBWin there are several message checks: <msgs> <setting name="alwaysgreen" value="false" /> <ignore logfile="Application" eventid="1000" /> <ignore logfile="Application" eventid="16385" /> <ignore logfile="Application" eventid="8198" /> <ignore logfile="Application" eventid="489" /> <ignore logfile="System" eventid="6038" /> <setting name="delay" value="1h" /> <match logfile="System" type="error" alarmcolor="red" /> <match logfile="System" type="warning" alarmcolor="yellow" /> <match logfile="Application" type="error" alarmcolor="red" /> <match logfile="Application" type="warning" alarmcolor="yellow" /> <match logfile="Security" type="fail" /> </msgs>
but how do I migrate those to analysis.cfg? There seem to be two options:
- LOG eventlog_application %^warning COLOR=red
- LOG eventlog:Application %warning COLOR=red
Is there a difference between these two notations and is it even possible to migrate the settings of BBWin.cfg to the analysis.cfg?
Kind regards,
Timothy
I think this will work:
LOG eventlog_System %^error.* COLOR=red
LOG eventlog_System %^warning.* COLOR=yellow
LOG eventlog_Application %^error.* COLOR=red
LOG eventlog_Application %^warning.* COLOR=yellow
LOG eventlog_Security %^failure.* COLOR=redThe Ignore rules for the eventid's I'm not sure about, in the past with bbwin I have always had to ignore based on the message detail. If someone knows how to do this I would also like to know.
In the latest powershell client this is the type of data that you get for events, the eventid is 1 in the below example.
Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.
However I haven't had any success using an ignore rule to match anything other than the "This is a test message" part of the message.
Regards,
Brandon
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Timothy Persoon Sent: Tuesday, 24 March 2015 7:55 PM To: xymon at xymon.com Subject: [Xymon] Migrating from BBWin to Xymon PS Client
Hi,
I'm migrating from BBWin to the newest Xymon PS Client. However, there are some settings in the BBWin.cfg file that I can't seem to migrate to the analysis.cfg file.
In BBWin there are several message checks: <msgs> <setting name="alwaysgreen" value="false" /> <ignore logfile="Application" eventid="1000" /> <ignore logfile="Application" eventid="16385" /> <ignore logfile="Application" eventid="8198" /> <ignore logfile="Application" eventid="489" /> <ignore logfile="System" eventid="6038" /> <setting name="delay" value="1h" /> <match logfile="System" type="error" alarmcolor="red" /> <match logfile="System" type="warning" alarmcolor="yellow" /> <match logfile="Application" type="error" alarmcolor="red" /> <match logfile="Application" type="warning" alarmcolor="yellow" /> <match logfile="Security" type="fail" /> </msgs>
but how do I migrate those to analysis.cfg? There seem to be two options:
- LOG eventlog_application %^warning COLOR=red
- LOG eventlog:Application %warning COLOR=red
Is there a difference between these two notations and is it even possible to migrate the settings of BBWin.cfg to the analysis.cfg?
Kind regards,
Timothy
[cid:image001.gif at 01D06AF3.F96FDF40]
Hi
The fields in the event log message from the PS client are as follows:
<level> - <date / time> - [<eventid>] - <provider> - <message>
Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.
In the example given, 'test' is the provider.
Ignore rules should match against provider or message. You cannot currently ignore against event ids - I believe you could use them in alert.cfg though.
If you want to only receive warning or error 'level' messages, you can limit using the eventlogswanted:
eventlogswanted:LIST_OF_EVENT_LOGS:MAX_SIZE:REQUIRED_LEVELS
REQUIRED_LEVELS is an optional list of the levels you want to report, e.g.:
eventlogswanted:*:250000:error,warning
Zak
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Brandon Dale Sent: 30 March 2015 04:37 To: Timothy Persoon; xymon at xymon.com Subject: Re: [Xymon] Migrating from BBWin to Xymon PS Client
I think this will work:
LOG eventlog_System %^error.* COLOR=red
LOG eventlog_System %^warning.*COLOR=yellow
LOG eventlog_Application %^error.*COLOR=red
LOG eventlog_Application %^warning.*COLOR=yellow
LOG eventlog_Security %^failure.*COLOR=red
The Ignore rules for the eventid's I'm not sure about, in the past with bbwin I have always had to ignore based on the message detail. If someone knows how to do this I would also like to know.
In the latest powershell client this is the type of data that you get for events, the eventid is 1 in the below example.
Warning - 03/30/2015 14:11:25 - [1] - test - This is a test message.
However I haven't had any success using an ignore rule to match anything other than the "This is a test message" part of the message.
Regards,
Brandon
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Timothy Persoon Sent: Tuesday, 24 March 2015 7:55 PM To: xymon at xymon.com <mailto:xymon at xymon.com> Subject: [Xymon] Migrating from BBWin to Xymon PS Client
Hi,
I'm migrating from BBWin to the newest Xymon PS Client. However, there are some settings in the BBWin.cfg file that I can't seem to migrate to the analysis.cfg file.
In BBWin there are several message checks: <msgs> <setting name="alwaysgreen" value="false" /> <ignore logfile="Application" eventid="1000" /> <ignore logfile="Application" eventid="16385" /> <ignore logfile="Application" eventid="8198" /> <ignore logfile="Application" eventid="489" /> <ignore logfile="System" eventid="6038" /> <setting name="delay" value="1h" /> <match logfile="System" type="error" alarmcolor="red" /> <match logfile="System" type="warning" alarmcolor="yellow" /> <match logfile="Application" type="error" alarmcolor="red" /> <match logfile="Application" type="warning" alarmcolor="yellow" /> <match logfile="Security" type="fail" /> </msgs>
but how do I migrate those to analysis.cfg? There seem to be two options:
- LOG eventlog_application %^warning COLOR=red
- LOG eventlog:Application %warning COLOR=red
Is there a difference between these two notations and is it even possible to migrate the settings of BBWin.cfg to the analysis.cfg?
Kind regards,
Timothy
participants (3)
-
BDale@kitchengroup.com.au
-
Timothy_Persoon@axi.be
-
zak.beck@accenture.com