Cheshire Cat Computing • View topic - Problems with filtering

Board index » Software Support » Nagios: Windows EventLog agent

All times are UTC + 12 hours [ DST ]

Problems with filtering

Page 5 of 6

[ 53 posts ]

Go to page Previous 1, 2, 3, 4, 5, 6 Next

Print view

Previous topic | Next topic

Author

Message

Spoon

Post subject: Filter Limits

Posted: Tue Dec 13, 2005 12:36 pm

User

Joined: Sat Oct 22, 2005 9:40 am
Posts: 5
Location: San Francisco, CA

_________________
-Patrick

Top

stevesh

Post subject:

Posted: Tue Dec 13, 2005 5:23 pm

Site Admin

Joined: Tue Jul 29, 2003 11:42 am
Posts: 3039
Location: Auckland, New Zealand

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11

Top

Spoon

Post subject: Re:Filter Limits

Posted: Wed Dec 14, 2005 9:46 am

User

Joined: Sat Oct 22, 2005 9:40 am
Posts: 5
Location: San Francisco, CA

_________________
-Patrick

Top

OverHere

Post subject:

Posted: Thu Dec 15, 2005 4:31 am

User

Joined: Sat Dec 10, 2005 10:18 am
Posts: 8
Location: Bermuda

Top

OverHere

Post subject:

Posted: Thu Dec 15, 2005 4:42 am

User

Joined: Sat Dec 10, 2005 10:18 am
Posts: 8
Location: Bermuda

Top

OverHere

Post subject:

Posted: Thu Dec 15, 2005 6:24 am

User

Joined: Sat Dec 10, 2005 10:18 am
Posts: 8
Location: Bermuda

Something else strange:

When in regedit, looking at[HKEY_LOCAL_MACHINE\SOFTWARE\Cheshire Cat\Nagios\Filter], I have an entry looking like:

ID=644
matchString=
source=

But when I export the key set, the ID gets repeated in the other keys:

"ID"="644"
"matchString"="644"
"source"="644"

Is that something on my side, or something weird somewhere else?

Top

stevesh

Post subject:

Posted: Thu Dec 15, 2005 9:38 am

Site Admin

Joined: Tue Jul 29, 2003 11:42 am
Posts: 3039
Location: Auckland, New Zealand

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11

Top

stevesh

Post subject:

Posted: Thu Dec 15, 2005 9:39 am

Site Admin

Joined: Tue Jul 29, 2003 11:42 am
Posts: 3039
Location: Auckland, New Zealand

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11

Top

stevesh

Post subject:

Posted: Thu Dec 15, 2005 10:46 am

Site Admin

Joined: Tue Jul 29, 2003 11:42 am
Posts: 3039
Location: Auckland, New Zealand

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11

Top

OverHere

Post subject:

Posted: Fri Dec 16, 2005 3:33 am

User

Joined: Sat Dec 10, 2005 10:18 am
Posts: 8
Location: Bermuda

I'm still getting an issue where I have a filter set for certain events. But other events are being logged at the same time. I'm pasting the registry code here for your review.

Filter0 should only show the eventid's shown. But event id's 677 and 537 are also being sent. They should be caught by Filter1 instead.

Config follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Cheshire Cat\Nagios]

"Port"=dword:00001623
"encryptionMethod"=dword:00000001
"DEBUG"=dword:00000000
"maxFilter"=dword:00000003
"processDelay"=dword:0000001e

[HKEY_LOCAL_MACHINE\SOFTWARE\Cheshire Cat\Nagios\Filter0]
"filterDesc"="Account Audit Failures"
"eventLogName"="Security"
"serviceName"="AccountEvents"
"ID"="675,676,681,642,632,636,660,624,644,517,528,529,530,531,532,533,534,535,539"
"matchString"=""
"source"=""
"eventLog"=dword:00000005
"Information"=dword:00000000
"status"=dword:00000002
"Warning"=dword:00000000
"Error"=dword:00000000
"Audit Success"=dword:00000000
"Audit Failure"=dword:00000001
"notID"=dword:00000000
"notMatch"=dword:00000000
"notSource"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Cheshire Cat\Nagios\Filter1]
"filterDesc"="Ignore Some Failure Audits"
"eventLogName"="Security"
"serviceName"="EventLogs"
"ID"="565,677,537"
"matchString"=""
"source"=""
"eventLog"=dword:00000005
"Information"=dword:00000000
"status"=dword:00000002
"Warning"=dword:00000000
"Error"=dword:00000000
"Audit Success"=dword:00000000
"Audit Failure"=dword:00000001
"notID"=dword:00000001
"notMatch"=dword:00000000
"notSource"=dword:00000000

Top

Page 5 of 6

[ 53 posts ]

Go to page Previous 1, 2, 3, 4, 5, 6 Next

Board index » Software Support » Nagios: Windows EventLog agent

All times are UTC + 12 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to: