NetXMS Support Forum

Trying to get a logwatch on a custom Eventlog (Server 2003) and no matter what I try I can't seem to get it to work. I'm sure I'm missing something obvious.

MasterServers = 10.32.3.49
LogFile = {syslog}
FileStore = C:\NetXMS\var
SubAgent = ecs.nsm
SubAgent = ping.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm
SubAgent = logwatch.nsm

*LOGWATCH
Parser = C:\NetXMS\tvdevicefail.xml

............................

<parser>
<file>C:\WINDOWS\System32\config\TVEvent.evt</file>
<rules>
   <rule>
   <match>*</match>
   <id>137</id>
   <level>2</level>
   <source>Televantage</source>
   <event>100065</event>
   </rule>
      <rule>
      <match>*</match>
      <id>106</id>
      <level>4</level>
      <source>Televantage</source>
      event>100066</event>
      </rule>
</rules>
</parser>

I can generate automatically the 2nd event, but no matter what I try, I don't seem to receive it in NetXMS. Am I missing something very obvious, does it have to set up a DCI? If so, what on earth would the parameters be?

Thanks once agian guys and keep up the good work.

Hi!

If you give file name in <file> tag, logwatch subagent will threat it as regular text file, which I suppose is not the case. If you need to openWindows event log, you must prepend it's name with asterisk, like <file>*System</file>. And you have missing opening angle bracket in second rule, maybe just a copy/paste error.

Best regards,
Victor

Also, I suppose that you have to use custom event log name, not a full path to actual .evt file. If I understand correctly, all available logs are listed in registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog. But I never works with custom Windows event logs, so I may be wrong.

Best regards,
Victor