NetXMS Support Forum

Hello,

i'm using hier NetXMS V1.2.7 in a windows environment (NetXMS server is a Win7 machine, NetXMS Agent runs on a Win2008R2 Server). I'm having here a problem with the monitoring from the Windows server. The NetXMS Agent don't send any events to the NetXMS syslog server (syslog server is up an running...)



My agent config looks like this:
--------------------------------------------
MasterServers = 10.10.9.40
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
#LogFile = {syslog}
LogFile = c:\netxms\var\netxms.log
FileStore = C:\NetXMS\var
SubAgent = logwatch.nsm
SubAgent = winperf.nsm
DebugLevel = 9

*LOGWATCH
Parser = c:\netxms\etc\eventlog_system_parser.xml
--------------------------------------------



Logwatch Parser File:
--------------------------------------------
<parser trace="9">
  <file>*System</file>
  <rules>
    <rule>
      <match>(.*)</match>
    </rule>
  </rules>
</parser>
--------------------------------------------



With these configs i can see the following in the NetXMS Agent Log:

--------------------------------------------
[28-Apr-2015 15:45:27.877] [DEBUG] [session:0] Sending message CMD_REQUEST_COMPLETED (size 48)
[28-Apr-2015 15:45:43.492] [DEBUG] LogWatch: publisher name is Service Control Manager
[28-Apr-2015 15:45:43.492] [DEBUG] Match event: source="Service Control Manager" id=7036 level=4 text="Dienst "Software Protection" befindet sich jetzt im Status "Beendet"."
[28-Apr-2015 15:45:43.492] [DEBUG] checking rule 1 ""
[28-Apr-2015 15:45:43.492] [DEBUG]   rule has no context
[28-Apr-2015 15:45:43.492] [DEBUG]   matching against regexp (.*)
[28-Apr-2015 15:45:43.492] [DEBUG]   matched
[28-Apr-2015 15:45:43.492] [DEBUG] rule 1 "" matched
[28-Apr-2015 15:45:43.492] [DEBUG] processing stopped at rule 1 ""; result = true
[28-Apr-2015 15:45:48.250] [DEBUG] [session:0] Message dump:
--------------------------------------------

By searching for infos on Google i can take a look at other NetXMS Agent Dumps with logwatch active. At all other Dumps i can see an

SendTrap(): event ....

after the line "processing stopped at...". Where is my fault? Can anyone help me, please?


Greets
Marco

PS: By the way, thanx for this great piece of software

Hi,

you miss <event> tag in your parser - so there is nothing to send. You should create new event and your parser should look like this:

<parser trace="9">
  <file>*System</file>
  <rules>
    <rule>
      <match>(.*)</match>
      <event params="1">MY_EVENT</event>
    </rule>
  </rules>
</parser>

Best regards,
Victor

Hi Victor,

thanks for the fast reply... i will try it tomorrow...

Greets
Marco

Hi Victor,

works perfect... thanks for the hint...

Greets
Marco