Filtering event logs from windows sytems bbnt client
list Aaron Stranberg
Hi All, Is it possible using the hobbit-clients.cfg file to centrally filter out windows eventlog messages by key word? I am running the bbnt client on the windows hosts and want to tune out for example any eventlog message about printing with out touching each windows client.Thanks-Aaron Create the ultimate e-mail address book. Import your contacts to Windows Live Hotmail. www.windowslive-hotmail.com/learnmore/managemail2.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_impcont_0507
list Galen Johnson
Aaron Stranberg wrote:
Hi All,
Is it possible using the hobbit-clients.cfg file to centrally filter out windows eventlog messages by key word? I am running the bbnt client on the windows hosts and want to tune out for example any eventlog message about printing with out touching each windows client.
Thanks
-Aaron
Add some color. Personalize your inbox with your favorite colors. Try it! <www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_addcolor_0507>Have you looked at bbwin? I believe it already handles this for you. =G=
list Aaron Stranberg
Thanks for the tip, that appears at first glance to be a new agent, what I am trying by best to do is avoid installing a new agent on our 200+ hosts, just the change control would take me a couple of days. :) Know of anyway to filter messages from the bbnt client at the hobbit host level, maybe using the ignore string?-Aaron> Date: Thu, 10 May 2007 00:10:26 -0400> From: user-d2ff723b6cb6@xymon.invalid> To: user-ae9b8668bcde@xymon.invalid> Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt client> > Aaron Stranberg wrote:> > Hi All,> > Is it possible using the hobbit-clients.cfg file to centrally > > filter out windows eventlog messages by key word? I am running the > > bbnt client on the windows hosts and want to tune out for example any > > eventlog message about printing with out touching each windows client.> >> > Thanks> >> > -Aaron> >> > ------------------------------------------------------------------------> > Add some color. Personalize your inbox with your favorite colors. Try > > it! > > <www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_addcolor_0507>> Have you looked at bbwin? I believe it already handles this for you.> > > =G=> > > > See what you’re getting into…before you go there. http://newlivehotmail.com/?ocid=TXT_TAGWL_migration_HM_viral_preview_0507
list Henrik Størner
▸
On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:
Hi All, Is it possible using the hobbit-clients.cfg file to centrally filter out windows eventlog messages by key word?
Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit" clients that use the hobbit-specific way of reporting data which is then analysed at the server. The bbnt client determines the status all by itself and sends the status update directly to the server, so it isn't possible to filter data on the server. I can see a couple of ways you can do it, though. You can create a custom Hobbit server-side module, which is passed all of the "msgs" status data. Then you could filter these and generate a new status column - "msgs2", or whatever you'd call it - from these filtered data. Writing server-side modules may seem daunting, but it really isn't. If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/ then you'll find a perl program which is such a server-side module: It's in the hobbitd/hobbitd_rootlogin.pl file. You'd need to write a tool that reads the "msgs" status data it gets. The "msgs" status report (if I recall correctly) has the interesting lines listed with a red/yellow marker first, like: &red This is a critical message &yellow This is a warning &yellow This is pure noise So your script could weed out the "noise" lines, and then look at the remaining lines (if any) to see what the new status color should be. From that, it should be easy to generate the new "msgs2" status and feed it into Hobbit. Regards, Henrik
list Aaron Stranberg
Thanks for the reply, I will have too weigh out taking a swag at this module vs. moving forward with deployment of BBWIN Is BBWIN considered production stable? I was also reading about the centralized updates, does this include ability for the agent to upgrade/udpate its self? This is a huge step for folks in my position with windows hosts in the hundreds with no central LDAP/AD, or even common logons it means manually touching each system for updates and config changes on the current bbnt client. I am really looking forward to getting bbwin roled out! > Date: Thu, 10 May 2007 18:57:40 +0200> To: user-ae9b8668bcde@xymon.invalid> From: user-ce4a2c883f75@xymon.invalid> Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt client> > On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:> > > > Hi All, Is it possible using the hobbit-clients.cfg > > file to centrally filter out windows eventlog messages by key word?> > Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit"> clients that use the hobbit-specific way of reporting data which is> then analysed at the server. The bbnt client determines the status all> by itself and sends the status update directly to the server, so it> isn't possible to filter data on the server.> > I can see a couple of ways you can do it, though. You can create a> custom Hobbit server-side module, which is passed all of the "msgs"> status data. Then you could filter these and generate a new status> column - "msgs2", or whatever you'd call it - from these filtered data.> > Writing server-side modules may seem daunting, but it really isn't.> If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/>; then you'll find a perl program which is such a server-side module:> It's in the hobbitd/hobbitd_rootlogin.pl file.> > You'd need to write a tool that reads the "msgs" status data it gets.> The "msgs" status report (if I recall correctly) has the interesting> lines listed with a red/yellow marker first, like:> &red This is a critical message> &yellow This is a warning> &yellow This is pure noise> So your script could weed out the "noise" lines, and then look at the> remaining lines (if any) to see what the new status color should be.> From that, it should be easy to generate the new "msgs2" status and> feed it into Hobbit.> > > Regards,> Henrik> > > > Add some color. Personalize your inbox with your favorite colors. www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_addcolor_0507
list Galen Johnson
I don't think Etienne has the centralized rollout done, yet, but he'd have to speak to that. It's been a few months since the last update to .9. =G=
▸
Aaron Stranberg wrote:Thanks for the reply, I will have too weigh out taking a swag at this module vs. moving forward with deployment of BBWIN Is BBWIN considered production stable? I was also reading about the centralized updates, does this include ability for the agent to upgrade/udpate its self? This is a huge step for folks in my position with windows hosts in the hundreds with no central LDAP/AD, or even common logons it means manually touching each system for updates and config changes on the current bbnt client. I am really looking forward to getting bbwin roled out!Date: Thu, 10 May 2007 18:57:40 +0200 To: user-ae9b8668bcde@xymon.invalid From: user-ce4a2c883f75@xymon.invalid Subject: Re: [hobbit] Filtering event logs from windows sytems bbnt client On Wed, May 09, 2007 at 04:21:54PM +0000, Aaron Stranberg wrote:Hi All, Is it possible using the hobbit-clients.cfg file to centrally filter out windows eventlog messages by key word?Unfortunately, no. The hobbit-clients.cfg only works on real "hobbit" clients that use the hobbit-specific way of reporting data which is then analysed at the server. The bbnt client determines the status all by itself and sends the status update directly to the server, so it isn't possible to filter data on the server. I can see a couple of ways you can do it, though. You can create a custom Hobbit server-side module, which is passed all of the "msgs" status data. Then you could filter these and generate a new status column - "msgs2", or whatever you'd call it - from these filtered data. Writing server-side modules may seem daunting, but it really isn't. If you grab the current Hobbit snapshot at http://www.hswn.dk/beta/ then you'll find a perl program which is such a server-side module: It's in the hobbitd/hobbitd_rootlogin.pl file. You'd need to write a tool that reads the "msgs" status data it gets. The "msgs" status report (if I recall correctly) has the interesting lines listed with a red/yellow marker first, like: &red This is a critical message &yellow This is a warning &yellow This is pure noise So your script could weed out the "noise" lines, and then look at the remaining lines (if any) to see what the new status color should be. From that, it should be easy to generate the new "msgs2" status and feed it into Hobbit. Regards, Henrik
Change is good. See what's different about Windows Live Hotmail. Check it out! <www.windowslive-hotmail.com/learnmore/default.html?locale=en-us&ocid=RMT_TAGLM_HMWL_reten_changegood_0507>
list Sean R. Clark
I have three servers tools-www-01 (hobbitd server, BBDISPLAY BBNET BBPAGER) tools-pol-03 (Big Brother BBNET) tools-pol-04 (Big Brother BBNET) on tools-www-01 I have several hosts that are failing the conn test from tools-www-01 and paging me the problem is, tools-www-01 should not be testing these hosts from my understanding of the tags in the bb-hosts file bb-hosts on tools-www-01: 10.10.9.9 tools-www-01.domain.com # BBDISPLAY BBNET BBPAGER NET:tools-pol-03.domain.com 10.10.10.10 hostname-prov-db-02.domain.com # NET:tools-pol-04.domain.com From what I gather, prov-db-02 should only be tested from dev-pol-04 (and that connection is successful) What I am getting is constant "flaps" of it being up/down/up/down - when I get the down page, the failure source is tools-www-01, not tools-pol-04. When tools-pol-04 sends green it recovers Am I not using locations correctly? Or is there something more for me to look at? -Sean
list Larry Barber
Have you set the BBLOCATION variable in either hobbitserver.cfg or in hobbitlaunch.cfg on each server? Thanks, Larry Barber
▸
On 5/11/07, Sean R. Clark <user-94e09d797e16@xymon.invalid> wrote:I have three servers tools-www-01 (hobbitd server, BBDISPLAY BBNET BBPAGER) tools-pol-03 (Big Brother BBNET) tools-pol-04 (Big Brother BBNET) on tools-www-01 I have several hosts that are failing the conn test from tools-www-01 and paging me the problem is, tools-www-01 should not be testing these hosts from my understanding of the tags in the bb-hosts file bb-hosts on tools-www-01: 10.10.9.9 tools-www-01.domain.com # BBDISPLAY BBNET BBPAGER NET:tools-pol-03.domain.com
10.10.10.10 hostname-prov-db-02.domain.com # NET:
tools-pol-04.domain.com
▸
From what I gather, prov-db-02 should only be tested from dev-pol-04 (and
that connection is successful)
What I am getting is constant "flaps" of it being up/down/up/down - when
I
get the down page, the failure source is tools-www-01, not tools-pol-04.
When tools-pol-04 sends green it recovers
Am I not using locations correctly? Or is there something more for me to
look at?
-Sean
list Tod Hansmann
Also, I don't know if it matters, but the NET is Net in our config and works fine. Case may or may not matter. Tod Hansmann Network Engineer
▸
From: Larry Barber [mailto:user-6ef9c2864140@xymon.invalid]
Sent: Friday, May 11, 2007 9:51 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Net:Location appears not to work?
Have you set the BBLOCATION variable in either hobbitserver.cfg or in
hobbitlaunch.cfg on each server?
Thanks,
Larry Barber
On 5/11/07, Sean R. Clark <user-94e09d797e16@xymon.invalid> wrote:
I have three servers
tools-www-01 (hobbitd server, BBDISPLAY BBNET BBPAGER)
tools-pol-03 (Big Brother BBNET)
tools-pol-04 (Big Brother BBNET)
on tools-www-01 I have several hosts that are failing the conn test
from
tools-www-01 and paging me
the problem is, tools-www-01 should not be testing these hosts from my
understanding of the tags in the bb-hosts file
bb-hosts on tools-www-01:
10.10.9.9 tools-www-01.domain.com # BBDISPLAY BBNET BBPAGER
NET:tools-pol-03.domain.com
10.10.10.10 hostname-prov-db-02.domain.com #
NET:tools-pol-04.domain.com
From what I gather, prov-db-02 should only be tested from dev-pol-04
(and
that connection is successful)
What I am getting is constant "flaps" of it being up/down/up/down -
when I
get the down page, the failure source is tools-www-01, not tools-pol-04.
When tools-pol-04 sends green it recovers
Am I not using locations correctly? Or is there something more for me to
look at?
-Sean
list Henrik Størner
▸
On Fri, May 11, 2007 at 10:39:28AM -0400, Sean R. Clark wrote:
I have three servers tools-www-01 (hobbitd server, BBDISPLAY BBNET BBPAGER) tools-pol-03 (Big Brother BBNET) tools-pol-04 (Big Brother BBNET)
First, mixing Hobbit and BB network test tools does complicate things. There are quite a few settings in the bb-hosts file that the BB servers ignore - including the NET:foo setting.
▸
on tools-www-01 I have several hosts that are failing the conn test from tools-www-01 and paging me the problem is, tools-www-01 should not be testing these hosts from my understanding of the tags in the bb-hosts file bb-hosts on tools-www-01: 10.10.9.9 tools-www-01.domain.com # BBDISPLAY BBNET BBPAGER NET:tools-pol-03.domain.com 10.10.10.10 hostname-prov-db-02.domain.com # NET:tools-pol-04.domain.com
Make sure you have BBLOCATION set in the hobbitserver.cfg file on your Hobbit server (tools-www-01). If this isn't set, it will ignore all of the NET:foo settings in bb-hosts. On the other hand, when BBLOCATION is set Hobbit will test ONLY those hosts that have a matching NET: setting. Your two Big Brother servers just ignore the NET: setting in bb-hosts, so they will test whatever hosts are listed in the bb-hosts file. Had they been running Hobbit, you would have set BBLOCATION=tools-pol-03.domain.com or BBLOCATION=tools-pol-04.domain.com in their hobbitserver.cfg file. Regards, Henrik