Hi,
another question. I monitor a few Windows hosts, and it seems Windows logs
everything as errors. I have tried to add a file logwatch.mk in
/omd/sites/prod/etc/check_mk/conf.d and it seems some of my rules work, but
a lot of them don't.
Here is my logwatch.mk. What am I doing wrong?
logwatch_patterns = {
'System': [
( 'I', 'The session setup from the computer PCNAME1 failed
to authenticate' ),
( 'I', 'The session setup from the computer SERVERNAME1
failed to authenticate' ),
( 'I', 'Windows is unable to connect to the automatic
updates service and therefore' ),
( 'I', 'connections to this Domain Controller from client
machines whose IP addresses' ),
( 'I', 'Print Printer Microsoft XPS Document Writer' ),
( 'W', 'rebooting.*system' ),
( 'C', 'path link down' ),
( 'I', 'TermServDevices Driver *required for printer' ),
( 'I', 'The currently selected KDC certificate was once
valid, but now is invalid' )
],
'Application': [
( 'W', 'lalalalaa' ),
( 'C', 'laaaalaaa' ),
( 'I', 'registry while an application or service was still
using the registry during log off.' ),
( 'I', 'Backup_Exec*SQL*' ),
( 'I', 'Failed registration of app type 2*' ),
( 'I', '*Symantec_AntiVirus*Could not scan*' )
],
'DNS Server': [
( 'W', 'lalalalalla' ),
( 'C', 'lalalalala' ),
( 'I', '*has encountered numerous run-time events. To
determine the initial cause of these*' ),
( 'I', 'islaallala' )
],
'Security': [
( 'W', 'laaallaaaa' ),
( 'C', 'lalalalalalalala' ),
( 'I', '*Request*Client Address*' ),
( 'I', '*MICROSOFT_AUTHENTICATION_PACKAGE_V1_0*' ),
( 'I', 'Reason: Unknown user name or bad password' ),
( 'I', 'Security Pre-authentication failed: User Name:' )
]
}
One thing I notice is that those I have added under System seems to work.
Those under the other labels do not work. All the lala's are just
placeholders to have examples for later use.
--
Roald Amundsen
_______________________________________________
omd-users mailing list
[email protected]
http://lists.mathias-kettner.de/mailman/listinfo/omd-users
