evntwin and windows 2008
|
|
Austin Papp
|
Guys
I've run into a bit of a situation. I am looking to use evntwin to map events to traps. this works great with every release except vista/server 2008. I found out that vista/2k8 never received new updated security mappings. again, this is what i saw/read and this was dated more than a year ago. that being said, has anyone been able to get evntwin to map correctly? with vista/2k8 - http://www.opennms.org/index.php/Windows_Event_Log_Traps - is out of date. -Austin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
Mark Wolek-3
|
Some javascript/style in this post has been disabled (why?)
Yah it sucks… I haven’t found a solution for this,
it’s like evntwin got forgotten about in the 2008 tree heh They changed some service names too =/ From: Austin Papp
[mailto:[hidden email]] Guys ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
|
Austin Papp
|
well that is a buzz kill...
On Fri, Sep 11, 2009 at 11:36 PM, Mark Wolek <[hidden email]> wrote:
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
Michael Seibold
|
In reply to this post
by Mark Wolek-3
Probably they moved some functionality to the WMI services?
-Michael >>> "Mark Wolek" <[hidden email]> 12.09.2009 05:36 >>> Yah it sucks... I haven't found a solution for this, it's like evntwin got forgotten about in the 2008 tree heh They changed some service names too =/ From: Austin Papp [mailto:[hidden email]] Sent: Friday, September 11, 2009 9:16 PM To: General OpenNMS Discussion Subject: [opennms-discuss] evntwin and windows 2008 Guys I've run into a bit of a situation. I am looking to use evntwin to map events to traps. this works great with every release except vista/server 2008. I found out that vista/2k8 never received new updated security mappings. again, this is what i saw/read and this was dated more than a year ago. that being said, has anyone been able to get evntwin to map correctly? with vista/2k8 - http://www.opennms.org/index.php/Windows_Event_Log_Traps - is out of date. -Austin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
James Zuelow
|
It looks like they did two things.
On Server 2008+ they stopped reporting security events on the "legacy" event numbers of 0-4095. Now all security events generate numbers higher than 4095. They also changed evntwin to only see security events of 4095 or lower. (Other logs can go higher- it looks like evntwin only has this restriction for the security log.) This has me ticked off because when I look at some of our 2003 servers I can set evntwin to report security events higher than 4095. Even if you add the event manually in the registry, when you start evntwin you'll get a pop-up complaining of illegal values and the manually entered event will be missing. I sent an email to our Microsoft TAM about it, but he did not respond. The conspiracy theorist in me sees these two complimentary actions taken as a deliberate attempt to make non-MS monitoring tools less useful. They would prefer you use system management console or whatever they're calling MOM now. But that's just my opinion, and I admit I've been infected with the Linux mindset for years now so it is easy for me to see a conspiracy where it might be just a dumb mistake (that AFAIK didn't get fixed in 2008R2). Anyway -- it is an issue for me, since on the 2003 servers I can monitor logins, breaking them out by even 528 type 2 (console login) and 528 type 10 (network login). OpenNMS logs and sends a notification when people log on to critical servers. This option isn't available for 2008+ using evntwin since they don't generate "legacy" 528 events for logins anymore. James Zuelow....................CBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 > -----Original Message----- > From: Michael Seibold [mailto:[hidden email]] > Sent: Monday, 14 September, 2009 08:17 > To: General OpenNMS Discussion > Subject: [opennms-discuss] Antw: Re: evntwin and windows 2008 > > Probably they moved some functionality to the WMI services? > > -Michael > > > >>> "Mark Wolek" <[hidden email]> 12.09.2009 05:36 >>> > Yah it sucks... I haven't found a solution for this, it's like evntwin > got forgotten about in the 2008 tree heh > > > > They changed some service names too =/ > > > > From: Austin Papp [mailto:[hidden email]] > Sent: Friday, September 11, 2009 9:16 PM > To: General OpenNMS Discussion > Subject: [opennms-discuss] evntwin and windows 2008 > > > > Guys > > I've run into a bit of a situation. I am looking to use evntwin to map > events to traps. this works great with every release except > vista/server > 2008. I found out that vista/2k8 never received new updated security > mappings. again, this is what i saw/read and this was dated > more than a > year ago. that being said, has anyone been able to get evntwin to map > correctly? with vista/2k8 - > http://www.opennms.org/index.php/Windows_Event_Log_Traps - is out of > date. > > -Austin > > > > -------------------------------------------------------------- > ---------------- > Let Crystal Reports handle the reporting - Free Crystal > Reports 2008 30-Day > trial. Simplify your report design, integration and > deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-discuss mailing list > > To *unsubscribe* or change your subscription options, see the > bottom of this page: > https://lists.sourceforge.net/lists/listinfo/opennms-discuss > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
|
Austin Papp
|
extremely frustrating.
and to think i had deployed 2k8 thinking i was making the right move. -austin On Mon, Sep 14, 2009 at 12:41 PM, James Zuelow <[hidden email]> wrote: It looks like they did two things. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
|
Mark Wolek-3
|
In reply to this post
by James Zuelow
On the same topic... The System-FailoverClustering source isn't even
there... /sigh -----Original Message----- From: James Zuelow [mailto:[hidden email]] Sent: Monday, September 14, 2009 11:42 AM To: 'General OpenNMS Discussion' Subject: Re: [opennms-discuss] Antw: Re: evntwin and windows 2008 It looks like they did two things. On Server 2008+ they stopped reporting security events on the "legacy" event numbers of 0-4095. Now all security events generate numbers higher than 4095. They also changed evntwin to only see security events of 4095 or lower. (Other logs can go higher- it looks like evntwin only has this restriction for the security log.) This has me ticked off because when I look at some of our 2003 servers I can set evntwin to report security events higher than 4095. Even if you add the event manually in the registry, when you start evntwin you'll get a pop-up complaining of illegal values and the manually entered event will be missing. I sent an email to our Microsoft TAM about it, but he did not respond. The conspiracy theorist in me sees these two complimentary actions taken as a deliberate attempt to make non-MS monitoring tools less useful. They would prefer you use system management console or whatever they're calling MOM now. But that's just my opinion, and I admit I've been infected with the Linux mindset for years now so it is easy for me to see a conspiracy where it might be just a dumb mistake (that AFAIK didn't get fixed in 2008R2). Anyway -- it is an issue for me, since on the 2003 servers I can monitor logins, breaking them out by even 528 type 2 (console login) and 528 type 10 (network login). OpenNMS logs and sends a notification when people log on to critical servers. This option isn't available for 2008+ using evntwin since they don't generate "legacy" 528 events for logins anymore. James Zuelow....................CBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 > -----Original Message----- > From: Michael Seibold [mailto:[hidden email]] > Sent: Monday, 14 September, 2009 08:17 > To: General OpenNMS Discussion > Subject: [opennms-discuss] Antw: Re: evntwin and windows 2008 > > Probably they moved some functionality to the WMI services? > > -Michael > > > >>> "Mark Wolek" <[hidden email]> 12.09.2009 05:36 >>> > Yah it sucks... I haven't found a solution for this, it's like evntwin > got forgotten about in the 2008 tree heh > > > > They changed some service names too =/ > > > > From: Austin Papp [mailto:[hidden email]] > Sent: Friday, September 11, 2009 9:16 PM > To: General OpenNMS Discussion > Subject: [opennms-discuss] evntwin and windows 2008 > > > > Guys > > I've run into a bit of a situation. I am looking to use evntwin to map > events to traps. this works great with every release except > vista/server > 2008. I found out that vista/2k8 never received new updated security > mappings. again, this is what i saw/read and this was dated > more than a > year ago. that being said, has anyone been able to get evntwin to map > correctly? with vista/2k8 - > http://www.opennms.org/index.php/Windows_Event_Log_Traps - is out of > date. > > -Austin > > > > -------------------------------------------------------------- > ---------------- > Let Crystal Reports handle the reporting - Free Crystal > Reports 2008 30-Day > trial. Simplify your report design, integration and > deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-discuss mailing list > > To *unsubscribe* or change your subscription options, see the > bottom of this page: > https://lists.sourceforge.net/lists/listinfo/opennms-discuss > ------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
|
James Zuelow
|
In reply to this post
by Austin Papp
> >
> > I've run into a bit of a situation. I am looking to > use evntwin to map > > events to traps. this works great with every release except > > vista/server > > 2008. I found out that vista/2k8 never received new > updated security > > mappings. again, this is what i saw/read and this was dated > > more than a > > year ago. that being said, has anyone been able to > get evntwin to map > > correctly? with vista/2k8 - This is an old thread, but I thought I'd bring the list archives up to date for the googlebot. So much for my conspiracy theory -- This is fixed in 2008 R2, and in 2008 SP2. James Zuelow Network Specialist City and Borough of Juneau MIS (907)586-0236 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-discuss mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-discuss |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
