Xymon Mailing List Archive search

data flooding by bbwin clients

list Jeremy Laidman
Fri, 28 Jun 2013 14:17:35 +1000
Message-Id: <user-3762a586af72@xymon.invalid>

Yeah, "eventlog:security:5120" might only be supported in newer versions of
BBWin.  Try "msgs:eventlog_security:5120" instead, or upgrade to latest.


On 28 June 2013 09:23, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:

On 26/06/2013 at 1:22 PM, in message
<CAAnki7BXPyCqRJDmC4qNTRLNt7pnQ-giQfwSbzK9QN=user-cbcc1e37a5de@xymon.invalid>,
Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
   On 26 June 2013 12:41, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:

Yes, one is supposed to be able to filter what gets passed into xymon in
via client-local.cfg on the xymon server but the problem is xymond rejects
everything because of "flooding" before it can be filtered.

No, the section in the client-local.cfg file gets sent to the client, so
that the messages are filtered on the client before being sent to the Xymon
server. The "client" messages can be made smaller when filtered this way.

J


OK, did some experimentation:

Using log:security:5120  (for example) results in "[logfile:log:security]
ERROR: The system cannot find file specified". I read that someone had
tried eventlog:security:5120 but that gets the same error with
tlog:security being not found. This is from tcpdump and could not find it
in any logs.

So, randomly trying things, I don't get the error if I use
msgs:security:5120 but is is unclear that this is recognised by the client.

In all cases, all entries have no effect - having the entry for a specific
eventlog or not, having ignore statements, even putting :128 to limit the
amount of data) and all logs are sent to xymond in their entirety and
appear on the msgs page for that host under "Full log".

I'll perhaps take this up with the bbwin list.

cheers, Phil

--
  Please consider the environment before printing this e-mail

This message from ORIX Australia may contain confidential and/or
privileged information. If you are not the intended recipient, any use,
disclosure or copying of this message (or of any attachments to it) is not
authorised. If you have received this message in error, please notify the
sender immediately and delete the message and any attachments from your
system. Please inform the sender if you do not wish to receive further
communications by email. ORIX handles personal information according to a
Privacy Policy that is consistent with the National Privacy Principles.
Please let us know if you would like a copy.
It is also available at http://www.orix.com.au