Archived community.zenoss.org | full text search
Skip navigation
5961 Views 2 Replies Latest reply: Jan 15, 2008 1:05 PM by jsauve RSS
jsauve Rank: White Belt 49 posts since
Dec 28, 2007
Currently Being Moderated

Jan 14, 2008 10:08 PM

zWinEventlogMinSeverity Clarification

Can anyone please clarify the zWinEventlogMinSeverity property? In my /Devices/Server/Windows zProperties I've got it set to 2, which according to one post I read hear would mean that we should only get Error and Critical messages. However, we're still getting Info as well as Debug events!

I'd really like to prevent the Informational messages from Windows servers, but I don't seem to understand the exact mechanism.

Any help would be greatly appreciated!

Thanks!
  • Chet Luther ZenossEmployee 1,302 posts since
    May 22, 2007
    Currently Being Moderated
    1. Jan 15, 2008 8:07 AM (in response to jsauve)
    zWinEventlogMinSeverity Clarification

     

     

    Can anyone please clarify the zWinEventlogMinSeverity property? In
    my /Devices/Server/Windows zProperties I've got it set to 2, which
    according to one post I read hear would mean that we should only get
    Error and Critical messages. However, we're still getting Info as
    well as Debug events!

    I'd really like to prevent the Informational messages from Windows
    servers, but I don't seem to understand the exact mechanism.


    The zeneventlog daemon runs the following WQL query to be notified
    when new events come in:

    SELECT * FROM __InstanceCreationEvent where TargetInstance ISA
    'Win32_NTLogEvent' and TargetInstance.EventType <= ####

    The #### is the zWinEventlogMinSeverity. You can reference the MSDN
    site at http://msdn2.microsoft.com/en-us/library/aa394226.aspx to see
    what the different EventType fields mean, but there are only five of
    them:

    1 = Error
    2 = Warning
    3 = Information
    4 = Security Audit Success
    5 = Security Audit Failure

    So setting the zWinEventlogMinSeverity to 2 would return all events
    with EventType <= 2, which would only include errors and warnings
    according to Microsoft. Oddly enough there isn't even such a thing as
    a Windows debug event, so I have no idea how you could be getting those.

    Try restarting zeneventlog after changing zWinEventlogMinSeverity if
    you haven't already.
    _______________________________________________
    zenoss-users mailing list
    zenoss-users@zenoss.org
    http://lists.zenoss.org/mailman/listinfo/zenoss-users

More Like This

  • Retrieving data ...