[hobbit] trimhistory problems

Dominic Young dominic.young at surfcontrol.com
Thu Jan 10 17:11:23 CET 2008


Henrik,

Looking at trimhistory.c in the trim_history function then the ALLEVENTS
case section, i am confused as to why you use column3 and not 2, and
think that this may be a mistake, but not sure, do you mind clarifying.

trimhistory.c line 97:
 switch (ftype) {
                          case F_HOSTHISTORY:
                                copying = (!cols[1] || (atoi(cols[1]) >=
cutoff));
                                break;

                          case F_SERVICEHISTORY:
                                copying = (!cols[6] || (atoi(cols[6]) >=
cutoff));
                                break;

                          case F_ALLEVENTS:
                                copying = (!cols[3] || (atoi(cols[3]) >=
cutoff));
                                break;

                          case F_DROPIT:
                          case F_PURGELOGS:
                                /* Cannot happen */
                                errprintf("Impossible -
F_DROPIT/F_PURGELOGS in trim_history\n");
                                return;


when processing the ALLEVENTS file you reference column3 which is an
epoch time stamp, 
The ALLEVENTS file looks to be sorted by column 2 and not 3, however the
logic in the above case statement means that when processing the
ALLEVENTS file you may delete too much/little data as the file is not
sorted by column 3.

Should the above ALLEVENTS case statement not reference column2 as
below?

case F_ALLEVENTS:
	copying = (!cols[2] || (atoi(cols[2]) >= cutoff));
break;

see below extract from ALLEVENTS file:

xxx01e procs 1195058658 1195058435 223 gr cl 1
yyy01e hobbitd 1195058721 1195058721 0 gr - -1
zzz01e procs 1195058736 1195058658 78 cl gr 2
ffff-m conn 1195058821 1195058447 374 gr re 1

Thanks

Regards

Dominic


On Wed, 2008-01-09 at 17:10 +0000, Dominic Young wrote:
> Hello,
> 
> I am trying to do some hobbit house keeping by using the trimhistory
> tool, however it is not working as expected.
> 
> I have run the following command and expected no action to be taken as
> the server was only built in November 2007
> 
> [root at xxx01x $] /var/hobbit/server/bin/trimhistory --debug
> --env=/var/hobbit/server/etchobbitserver.cfg --cutoff=`date +%s
> --date="1 Oct 2004"`
> 
> However it looks to be trimming logs from many hosts:
> 2008-01-09 15:30:31 Processing xxx04x.conn
> 2008-01-09 15:30:31 Processing xxx01x.conn
> 2008-01-09 15:30:31 Processing xxx01x.conn
> 2008-01-09 15:30:31 Processing xxx01x.conn
> 2008-01-09 15:30:31 Processing xxx03x.conn
> ..........
> 
> When i then look at the conn tests on the above servers, i have
> different lengths of history left, days or hours, so not consistent for
> each one.
> 
> It is as if the --cutoff option is not working, does this have to be the
> 1st command after trimhistory?
> 
> Server in question has correct date set
> [root at xxx01x etc]# date
> Wed Jan  9 17:03:50 GMT 2008
> 
> looking at another server that it has yet to get too shows that there
> are no logs older than Nov 2007.
> 
> Any pointers would be appreciated running the latest stable version of
> hobbit 4.2.0.
> 
> Thanks
> 
> Dominic
> 
> 
> 
>  Protected by Websense Messaging Security ? www.websense.com 
> 
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
> 
> 
> 
> 
>  TO REPORT THIS AS SPAM, PLEASE CLICK THE FOLLOWING LINK: 
> https://www.mailcontrol.com/sr/uUL+OVS8ZIUjSBxHehtsm8Zce65ll4171PONrb+jPjSXBzIi4wtGOZm9H!6!Zn!Ty2wHP1XV4nYsJVkF713lqa+p9h3Y2GqJUkdWTp!VIyuuYiC1uet413O7Vh!noKs7GHqkM8DzHcy2fn4tJVDr2o6S0IpDD2tcDw2xApNJ61d0t7DnahD6SKdSydLTt!HN+5MoUj!2fLcnMG!PXock1E9u!n4UIOoj  
-- 
Dominic Young
Infrastructure Operations Engineer

WEBSENSE, INC.
+44 (0)203 024 4401 Support
+44 (0)118 965 3896 Fax
www.websense.com

INTELLIGENT CONTENT PROTECTION
WHEN AND WHERE YOU NEED IT



More information about the Xymon mailing list