[Xymon] data flooding by bbwin clients
Phil.Crooker at orix.com.au
Fri Jun 28 01:23:28 CEST 2013
>>> On 26/06/2013 at 1:22 PM, in message <CAAnki7BXPyCqRJDmC4qNTRLNt7pnQ-giQfwSbzK9QN=jdmpTrQ at mail.gmail.com>, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
On 26 June 2013 12:41, Phil Crooker <Phil.Crooker at orix.com.au> wrote:
Yes, one is supposed to be able to filter what gets passed into xymon in via client-local.cfg on the xymon server but the problem is xymond rejects everything because of "flooding" before it can be filtered.
No, the section in the client-local.cfg file gets sent to the client, so that the messages are filtered on the client before being sent to the Xymon server. The "client" messages can be made smaller when filtered this way.
OK, did some experimentation:
Using log:security:5120 (for example) results in "[logfile:log:security] ERROR: The system cannot find file specified". I read that someone had tried eventlog:security:5120 but that gets the same error with tlog:security being not found. This is from tcpdump and could not find it in any logs.
So, randomly trying things, I don't get the error if I use msgs:security:5120 but is is unclear that this is recognised by the client.
In all cases, all entries have no effect - having the entry for a specific eventlog or not, having ignore statements, even putting :128 to limit the amount of data) and all logs are sent to xymond in their entirety and appear on the msgs page for that host under "Full log".
I'll perhaps take this up with the bbwin list.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Xymon