How do I get windows events to turn red?
list Tom Diehl
Hi, I am using the win_ps_client to monitor a bunch of windows servers. In looking at the documentation it appears that I should be able to get Xymon to alert on different events. I have added eventlogswanted:information,Application,System:2048:Warning,Critical,error to client-local.cfg and eventlog:System in the analysis.cfg file. When I do this I see various messages when I click on msgs dot. However, I cannot figure out how to get it to turn red when it sees the events I want to monitor. In the docs I see mention of include and exclude parameters but I do not understand exactly how I need to configure things. I would like to be able to alert on certain windows event IDs Is this possible? If yes, how do I actually configure xymon to do this? Regards, -- Tom user-dcee455aaab0@xymon.invalid
list Kris Springer
Here's some sample lines that I have running in my analysis.cfg file on the Xymon Server.? It's checking the log files it gets from the client and if it sees the specifics I'm looking for it will flag an alert. This of course assumes that your client is sending logs that appear in the 'msgs' column of your Xymon Server. HOST=boxA #LOG filename match-pattern [COLOR=color] [IGNORE=ignore-pattern] [TEXT=displaytext] LOG???? %.* [2004] COLOR=red IGNORE=FIPS LOG???? %.* [7034] COLOR=red LOG???? %.* [6417] IGNORE LOG???? %.* [4624] COLOR=yellow Kris Springer
▸
On 5/10/22 12:01, user-dcee455aaab0@xymon.invalid wrote:Hi, I am using the win_ps_client to monitor a bunch of windows servers. In looking at the documentation it appears that I should be able to get Xymon to alert on different events. I have added eventlogswanted:information,Application,System:2048:Warning,Critical,error to client-local.cfg and eventlog:System in the analysis.cfg file. When I do this I see various messages when I click on msgs dot. However, I cannot figure out how to get it to turn red when it sees the events I want to monitor. In the docs I see mention of include and exclude parameters but I do not understand exactly how I need to configure things. I would like to be able to alert on certain windows event IDs Is this possible? If yes, how do I actually configure xymon to do this? Regards,
list Tom Diehl
Hi,
▸
On Tue, 10 May 2022, Kris Springer wrote:
Here's some sample lines that I have running in my analysis.cfg file on the Xymon Server.? It's checking the log files it gets from the client and if it sees the specifics I'm looking for it will flag an alert. This of course assumes that your client is sending logs that appear in the 'msgs' column of your Xymon Server. HOST=boxA #LOG filename match-pattern [COLOR=color] [IGNORE=ignore-pattern] [TEXT=displaytext] LOG %.* [2004] COLOR=red IGNORE=FIPS LOG %.* [7034] COLOR=red LOG %.* [6417] IGNORE LOG %.* [4624] COLOR=yellow
That works. It is all so simple when you know what to do! :-) Thanks for that. Hopefully someone else finds this useful. Regards, -- Tom user-dcee455aaab0@xymon.invalid
▸
Kris Springer On 5/10/22 12:01, user-dcee455aaab0@xymon.invalid wrote:Hi, I am using the win_ps_client to monitor a bunch of windows servers. In looking at the documentation it appears that I should be able to get Xymon to alert on different events. I have added eventlogswanted:information,Application,System:2048:Warning,Critical,error to client-local.cfg and eventlog:System in the analysis.cfg file. When I do this I see various messages when I click on msgs dot. However, I cannot figure out how to get it to turn red when it sees the events I want to monitor. In the docs I see mention of include and exclude parameters but I do not understand exactly how I need to configure things. I would like to be able to alert on certain windows event IDs Is this possible? If yes, how do I actually configure xymon to do this? Regards,