[sysmon-help] Best way to structure sysmon config

[Chris Wik]

Hi List,

I have just installed sysmon over the weekend and really love it, it
suits my needs perfectly. Simple and effective. I love the spawn
feature. Combined with key-based SSH authentication this means I can
automatically restart a failed service directly from sysmon, brilliant!

My question is, I've got 40-odd physical devices to monitor, 150+
virtual machines, and each virtual machine runs 3-4 services on average.

Does anyone have suggestions on the best way to organise my config
files? I started by creating individual files for routers, switches and
physical servers. Then I started creating config files for each client,
listing their virtual machines and the services running on them in one
file. In this lists collective experience, is this a good way to go, or
am I better off creating one config file for each service, for example
SMTP, and listing every SMTP server on our network in that file?

I know there is not a single way which is best, I'm just looking for any
tips on the most effective way to manage this type of configuration, as
I am sure others have done the same sort of thing with sysmon.

TIA,
Chris

-- 
Chris Wik
ANU Internet Services Ltd
W: http://www.anu.net/
E: chris at anu.net
T: +44 (0)117 9118820