<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="SV" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I upgraded our Xymon server to 4.3.19. Unfortunately, I experienced problems with the msgs test for the Xymon server itself.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The most serious bug is that I am getting log rows associated with the wrong log file, and triggering alerts for that file.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">If I look in the client data, I can see that a few lines are from the correct file, but then it switches over to another log file’s content:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal">[msgs:/var/log/server01.log]<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"><...SKIPPED...><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:53:32 server01 AppMailImporter[INFO]: KTRO2155 Successfully made deed avaliable to registrator group propID = 10029300<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 Email did not have a body or contains crap from scanners only. Not creating deed, but for attachments!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 PostList item created with propID = 10101563<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 Attachment written to disk with GUID = 6fc966f7-796b-427f-b114-173f927ae451.pdf<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:54:39 server01 AppMailImporter[INFO]: KESK2216 Created document with propID = 10101564 and ObjectID = 15612<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><...CURRENT...><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:54:39 server01 AppMailImporter[INFO]: KESK2216 Successfully connected document with deed propID = 10101563 and ObjectID = 15612<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">cal proxy 192.168.105.10/255.255.255.255/0/0 on interface outside<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:51:02 fw2-v10 %ASA-3-713902: Group = 192.168.206.250, IP = 192.168.206.250, QM FSM error (P2 struct &0x00007fff4a020c40, mess id 0x5ac031d1)!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 16 15:51:02 fw2-v10 %ASA-3-713902: Group = 192.168.206.250, IP = 192.168.206.250, Removing peer from correlator table failed, no match!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The logs for “server01” are from the correct file, but the ones from “fw2-v10” are from a different log file which has different alert match rules.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The log file for fw2-v10 is also included in the client data, as a separate section<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Also, if I alert on all log entries, I now get alerts for <…CURRENT…>, which I guess is some tag that is added internally by Xymon. This I can avoid by adding ignore for this string, so it’s not a big problem.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Johan<o:p></o:p></span></p>
</div>
</body>
</html>