Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - farcsa

Pages1
#1
General Support / Re: Windows Event Log parser
November 17, 2014, 12:50:47 PM
Excuse me, but my above problem is outstanding. Could anybody help me to resolve this?
#2
General Support / Re: Windows Event Log parser
November 05, 2014, 11:15:31 PM
In the documentation there are these "levels":
1    Error
2    Warning
4    Information
8    Audit Success
16    Audit Failure
These levels are in Windows XP.

But there isn't Critical, like in Windows 7 and above versions. As I wrote, in Windows 7 (and above) the levels are:
1 Critical
2 Error
3 Warning
4 Information

So, how to combine the NetXMS levels for capturing Windows Critical level events?

To help clarify my problem, I insert the link of TechNet documentation about Windows Event Properties:
http://technet.microsoft.com/en-us/library/cc765981.aspx

Thanks for your answers!
#3
General Support / Windows Event Log parser
October 28, 2014, 06:38:30 PM
Hi!
I have 3 questions.
I have a parser file hereunder:
Quote<parser>
  <file>*Application</file>
  <rules>
    <rule>
      <match>(.*)</match>
      <id>5</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <id>1006</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <id>1008</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <id>1023</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <id>1057</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <id>12014</id>
    </rule>
    <rule>
      <match>(.*)</match>
      <level>1</level>
      <event params="1">100003</event>
    </rule>
  </rules>
</parser>

1:
Is there a simpler method to exclude events with predefined event id? (e.g.: 5,1006,1008,...)

2:
I manage Windows 7, Windows Server 2008 and Windows Server 2012, and i see that the severity levels are the following:
Critical =1
Error=2
Warning =3
Information=4

The above example captures only Windows error level events. How to set the <level> parameter to capture Windows critical events? (And, of course, how to combine the values?)

3:
With the above parser, the agent always misses the event with event id 1. What could be the reason?
#4
General Support / Re: Integration with LDAP question
October 13, 2014, 11:31:16 PM
I am also having issues trying to authenticating AD users via LDAP. The log file contains that line:
"LDAPConnection::syncUsers(): FAILED - server was compiled without LDAP support"

How to compile NetXMS with LDAP support?
#5
General Support / NetXMS Objects Decorator unexpectedly and randomly turns off
October 09, 2014, 07:07:01 PM
An annoying bug in NetXMS Management Console (1.2.16): the NetXMS Objects Decorator unexpectedly and randomly turns off, and the statuses in the Object tree disappear. (my environment: Windows 7, Java 7).
Pages1