[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Flooding hobbit



Hello Vernon,

2008/4/18, Everett, Vernon <Vernon.Everett (at) woodside.com.au>:

> Hoping somebody has encountered this before.
> We have put BBWin on a few Windoze servers, but one of the, a DC, has a HUGE
> event log.
> So large, that hobbit is freaking out, and doing the "Data flooding from
> 1.2.3.4, closing connection" thing.
>
> I know this is hobbit protecting iteself from a DOS attack, but is there a
> way around this?
> Can I somehow tell hobbit not to do this for that IP address?
>
> Unfortunately, because of its function, we can't reduce the logging on the
> Windoze server, so we need to either
>     a) get hobbit to handle the problem (desirable solution)
>     b) get bbwin to truncate the event log (less desirable)
>

Do you use the central or local mode of BBWin ?

Depending the mode you use, you may add ignore rules in your BBWin.cfg
(local mode) or client-local.cfg (win32 section) on the hobbit server.

Example for local mode in BBWin.cfg :
<ignore logfile="Application" type ="Error" eventid="2001" />

Example for central mode in client-local.cfg :
[win32]
eventlog:application
ignore 2001




-- 
Etienne GRIGNON