Re: [jffnms-users] RE : Severities windows logs

Mon, 08 Dec 2008 12:43:36 -0800 

Hi David,

First of all, thanks for your answer. I have configured Ntsyslog with
default values of install, that send system, application  and security. Also
I have changed all default values of facility to (5) syslog and I have
configured severitie with information, warning or error.

My syslog-ng configuration is

source s_udp {
unix-stream("/dev/log");
udp();
tcp(ip(0.0.0.0) port(5000) max-connections(300));
internal();
};


destination d_jffnms {
    pipe ("/var/run/syslogmysql.pipe"
    template("INSERT INTO syslog (date, date_logged, host, message) VALUES
('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\
    template-escape(yes));
};


I have checked with a file destination in syslog-ng and I'm receiving this:
-----------------------------
Dec  8 21:33:38  REMOTE IP NT: <NTSYSLOG;I3;> Shutdown of Service 'NTSYSLOG'
in progress
Dec  8 21:33:38  REMOTE IP NT: <NTSYSLOG;I4;> Service 'NTSYSLOG' stopped
Dec  8 21:33:39  REMOTE IP NT: <NTSYSLOG;I1;> Start of Service 'NTSYSLOG' in
progress
Dec  8 21:33:39  REMOTE IP NT: <NTSYSLOG;I2;> Service 'NTSYSLOG' started
Dec  8 21:33:38  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
NTSyslog (2nd edition) entró en estado detenido.
Dec  8 21:33:38  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control detener al servicio NTSyslog (2nd edition).
Dec  8 21:33:39  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control iniciar al servicio NTSyslog (2nd edition).
Dec  8 21:33:39  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
NTSyslog (2nd edition) entró en estado Activo.
Dec  8 21:33:49  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control detener al servicio Actualizaciones automáticas.
Dec  8 21:33:50  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
Actualizaciones automáticas entró en estado detenido.
Dec  8 21:33:51  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control iniciar al servicio Actualizaciones automáticas.
Dec  8 21:33:51  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
Actualizaciones automáticas entró en estado Activo.
Dec  8 21:34:01  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
Cliente DNS entró en estado detenido.
Dec  8 21:34:01  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control detener al servicio Cliente DNS.
Dec  8 21:34:02  REMOTE IP NT: <Service Control
Manager;I7035;PLANTILLAWIN03\Administrador> Se ha enviado satisfactoriamente
un control iniciar al servicio Cliente DNS.
Dec  8 21:34:02  REMOTE IP NT: <Service Control Manager;I7036;> El servicio
Cliente DNS entró en estado Activo.
------------------------------



and I'm using default script that appears in JFFNMS manual to create the
pipe

Where is the problem?

Sorry but I'm newbie with JFFNMS

Thanks


2008/12/8 LIMA David <[EMAIL PROTECTED]>

>
> Hi,
>
> Jffnms support info, warning and error from Windows event log with
> different colors for each categoy, are your events well catagorized, eg:
> Windows Warn. Are you forwarding the severity field from windows events ?
> check ntsyslog config, you have to configure the forwarding for Application,
> security and System types.
>
> David
>
>
>
> -------- Message d'origine--------
> De: klxout [
> https://portailsch.sch-groupe.fr/CitrixFEI/[EMAIL PROTECTED]
> ]
> Date: lun. 08/12/2008 15:07
> À: [email protected]
> Objet : [jffnms-users] Severities windows logs
>
> Hello,
>
> I have configured ntsyslog in different widnows server to send logs to my
> JFFNMS with syslog-ng, all is working correctly but I have a question.  I'm
> receivingall  the logs with a severitie colour of yellow, but I like to
> know
> how can I made to show widnows logs that are error, can show in jffnms with
> red severitie
>
> Thanks
>
>
> ______________________________________________________________________
> Ce message contient des informations dont le contenu est susceptible d'etre
> confidentiel.
> Il est destine au(x) destinataire(s) indique(s) exclusivement.
>
> A moins que vous ne fassiez partie de la liste des destinataires, ou que
> vous soyez habilite a recevoir le mail a leur place, il vous est interdit de
> le copier, de l'utiliser ou de devoiler son contenu a un tiers.
>
> Si vous avez recu cet email par erreur, merci de prendre contact avec
> l'emetteur.
>
> Les opinions exprimees dans cet e-mail sont celles de l'emetteur et ne
> refletent pas necessairement celles de l'entreprise.
>
> Ce e-mail peut contenir des pieces jointes dont certaines pourraient
> contenir des virus qui pourraient endommager votre systeme informatique.
>
> La compagnie a pris toutes dispositions afin de minimiser ce risque et
> decline toute responsabilite pour toute perte ou dommage resultant
> directement ou indirectement de l'utilisation de cet email ou de son
> contenu.
>
> Il vous appartient d'effectuer vos propres controles anti-virus avant
> d'ouvrir la ou les pieces jointes.
> ______________________________________________________________________
>

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
jffnms-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jffnms-users

Reply via email to