data flooding by bbwin clients 🔗 link

Yes, one is supposed to be able to filter what gets passed into xymon in via client-local.cfg on the xymon server but the problem is xymond rejects everything because of "flooding" before it can be filtered.

On 26/06/2013 at 11:59 AM, in message <CAAnki7C0f6p_f8DYDw-n8bmDaUscn3PJ9N=user-fcaffcf94a10@xymon.invalid>, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:

On 26 June 2013 11:37, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:


it appears the data flooding is somewhat but not exactly related to the MAXMSG parameters - larger values reduce the frequency of the data flooding errors.

Do you need every message in the file? Perhaps you can define some "match" and/or "ignore" lines to limit what comes through. I've never used BBWin, so I don't know what's possible (and what works in central or non-central modes), but the doco suggests that you can do this in some fashion.

J

On 26 June 2013 12:41, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:


Yes, one is supposed to be able to filter what gets passed into xymon in via client-local.cfg on the xymon server but the problem is xymond rejects everything because of "flooding" before it can be filtered.

No, the section in the client-local.cfg file gets sent to the client, so that the messages are filtered on the client before being sent to the Xymon server. The "client" messages can be made smaller when filtered this way.

J

 
OK, did some experimentation:
 
Using log:security:5120  (for example) results in "[logfile:log:security] ERROR: The system cannot find file specified". I read that someone had tried eventlog:security:5120 but that gets the same error with tlog:security being not found. This is from tcpdump and could not find it in any logs.
 
So, randomly trying things, I don't get the error if I use msgs:security:5120 but is is unclear that this is recognised by the client.
 
In all cases, all entries have no effect - having the entry for a specific eventlog or not, having ignore statements, even putting :128 to limit the amount of data) and all logs are sent to xymond in their entirety and appear on the msgs page for that host under "Full log".
 
I'll perhaps take this up with the bbwin list.
 
cheers, Phil

Yeah, "eventlog:security:5120" might only be supported in newer versions of
BBWin.  Try "msgs:eventlog_security:5120" instead, or upgrade to latest.

On 28 June 2013 09:23, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:

  Please consider the environment before printing this e-mail

This message from ORIX Australia may contain confidential and/or
privileged information. If you are not the intended recipient, any use,
disclosure or copying of this message (or of any attachments to it) is not
authorised. If you have received this message in error, please notify the
sender immediately and delete the message and any attachments from your
system. Please inform the sender if you do not wish to receive further
communications by email. ORIX handles personal information according to a
Privacy Policy that is consistent with the National Privacy Principles.
Please let us know if you would like a copy.
It is also available at http://www.orix.com.au