Question on MrBig log parsing

Deiss, Mark Mark.Deiss at acs-inc.com
Tue Sep 28 14:56:37 CEST 2010


For the Windows client, MrBig, has anyone fooled around with the rules
for parsing the log files? We have a "MIMEsweeper log" that just cannot
figure out syntax to suppress false alerts.

There is a DNS lookup error that we do not regard as fatal so have tried
variations in the mrbig.cfg file of the following entries -

ignore source MIMEsweeper log		# ignore the log file
ignore source "MIMEsweeper log"
ignore message DNS			# ignore any event with DNS in
body

Bouncing the MrBig service after each change although per documentation
this should not be necessary.  Version 0.20. 

The "ignore message" looks to be pretty broad in scope; does not appear
to support filtering on a single log file so in the above (if it was
working as we would expect...) a DNS message in another log file would
also be trapped out.

We went with MrBig as it sounded like BBWin was withering away. No
support forum for MrBig (yet?). Hoping it is something obvious I am
missing that someone can deliver sufficient blunt trauma before I start
wading through the source code.



More information about the Xymon mailing list