Can anyone please clarify the zWinEventlogMinSeverity property? In
my /Devices/Server/Windows zProperties I've got it set to 2, which
according to one post I read hear would mean that we should only get
Error and Critical messages. However, we're still getting Info as
well as Debug events!

I'd really like to prevent the Informational messages from Windows
servers, but I don't seem to understand the exact mechanism.

The zeneventlog daemon runs the following WQL query to be notified
when new events come in:

SELECT * FROM __InstanceCreationEvent where TargetInstance ISA
'Win32_NTLogEvent' and TargetInstance.EventType <= ####

The #### is the zWinEventlogMinSeverity. You can reference the MSDN
site at http://msdn2.microsoft.com/en-us/library/aa394226.aspx to see
what the different EventType fields mean, but there are only five of
them:

1 = Error
2 = Warning
3 = Information
4 = Security Audit Success
5 = Security Audit Failure

So setting the zWinEventlogMinSeverity to 2 would return all events
with EventType <= 2, which would only include errors and warnings
according to Microsoft. Oddly enough there isn't even such a thing as
a Windows debug event, so I have no idea how you could be getting those.

Try restarting zeneventlog after changing zWinEventlogMinSeverity if
you haven't already.
_______________________________________________
zenoss-users mailing list
zenoss-users@zenoss.org
http://lists.zenoss.org/mailman/listinfo/zenoss-users