[hobbit] Flooding hobbit
Etienne Grignon
etienne.grignon at gmail.com
Thu Apr 24 10:50:35 CEST 2008
Hello Vernon,
2008/4/18, Everett, Vernon <Vernon.Everett at woodside.com.au>:
> Hoping somebody has encountered this before.
> We have put BBWin on a few Windoze servers, but one of the, a DC, has a HUGE
> event log.
> So large, that hobbit is freaking out, and doing the "Data flooding from
> 1.2.3.4, closing connection" thing.
>
> I know this is hobbit protecting iteself from a DOS attack, but is there a
> way around this?
> Can I somehow tell hobbit not to do this for that IP address?
>
> Unfortunately, because of its function, we can't reduce the logging on the
> Windoze server, so we need to either
> a) get hobbit to handle the problem (desirable solution)
> b) get bbwin to truncate the event log (less desirable)
>
Do you use the central or local mode of BBWin ?
Depending the mode you use, you may add ignore rules in your BBWin.cfg
(local mode) or client-local.cfg (win32 section) on the hobbit server.
Example for local mode in BBWin.cfg :
<ignore logfile="Application" type ="Error" eventid="2001" />
Example for central mode in client-local.cfg :
[win32]
eventlog:application
ignore 2001
--
Etienne GRIGNON
More information about the Xymon
mailing list