Xymon Mailing List Archive search

Filtering event logs from windows sytems bbnt client

list Galen Johnson
Thu, 10 May 2007 17:01:12 -0400
Message-Id: <user-8f69c72e00e1@xymon.invalid>

I don't think Etienne has the centralized rollout done, yet, but he'd 
have to speak to that.  It's been a few months since the last update to .9.

=G=

Aaron Stranberg wrote:
Thanks for the reply, I will have too weigh out taking a swag at this 
module vs. moving forward with deployment of BBWIN  Is BBWIN 
considered production stable?  I was also reading about the 
centralized updates, does this include ability for the agent to 
upgrade/udpate its self?  This is a huge step for folks in my position 
with windows hosts in the hundreds with no central LDAP/AD, or even 
common logons it means manually touching each system for updates and 
config changes on the current bbnt client. I am really looking forward 
to getting bbwin roled out! 

Date: Thu, 10 May 2007 18:57:40 +0200
To: user-ae9b8668bcde@xymon.invalid
From: user-ce4a2c883f75@xymon.invalid
Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt 
client

On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:
Hi All, Is it possible using the hobbit-clients.cfg
file to centrally filter out windows eventlog messages by key word?
Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit"
clients that use the hobbit-specific way of reporting data which is
then analysed at the server. The bbnt client determines the status all
by itself and sends the status update directly to the server, so it
isn't possible to filter data on the server.

I can see a couple of ways you can do it, though. You can create a
custom Hobbit server-side module, which is passed all of the "msgs"
status data. Then you could filter these and generate a new status
column - "msgs2", or whatever you'd call it - from these filtered data.

Writing server-side modules may seem daunting, but it really isn't.
If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/
then you'll find a perl program which is such a server-side module:
It's in the hobbitd/hobbitd_rootlogin.pl file.

You'd need to write a tool that reads the "msgs" status data it gets.
The "msgs" status report (if I recall correctly) has the interesting
lines listed with a red/yellow marker first, like:
&red This is a critical message
&yellow This is a warning
&yellow This is pure noise
So your script could weed out the "noise" lines, and then look at the
remaining lines (if any) to see what the new status color should be.
From that, it should be easy to generate the new "msgs2" status and
feed it into Hobbit.


Regards,
Henrik


Change is good. See what's different about Windows Live Hotmail. Check 
it out! 
<www.windowslive-hotmail.com/learnmore/default.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_changegood_0507>