[Xymon] Bug in msgs test in 4.3.19

Johan Sjöberg johan.sjoberg at deltait.se
Thu Apr 16 16:24:04 CEST 2015 

Hi.

I upgraded our Xymon server to 4.3.19. Unfortunately, I experienced problems with the msgs test for the Xymon server itself.
The most serious bug is that I am getting log rows associated with the wrong log file, and triggering alerts for that file.

If I look in the client data, I can see that a few lines are from the correct file, but then it switches over to another log file's content:

[msgs:/var/log/server01.log]
<...SKIPPED...>
Apr 16 15:53:32 server01 AppMailImporter[INFO]: KTRO2155 Successfully made deed avaliable to registrator group propID = 10029300
Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 Email did not have a body or contains crap from scanners only. Not creating deed, but for attachments!
Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 PostList item created with propID = 10101563
Apr 16 15:54:38 server01 AppMailImporter[INFO]: KESK2216 Attachment written to disk with GUID = 6fc966f7-796b-427f-b114-173f927ae451.pdf
Apr 16 15:54:39 server01 AppMailImporter[INFO]: KESK2216 Created document with propID = 10101564 and ObjectID = 15612
<...CURRENT...>
Apr 16 15:54:39 server01 AppMailImporter[INFO]: KESK2216 Successfully connected document with deed propID = 10101563 and ObjectID = 15612
cal proxy 192.168.105.10/255.255.255.255/0/0 on interface outside
Apr 16 15:51:02 fw2-v10 %ASA-3-713902: Group = 192.168.206.250, IP = 192.168.206.250, QM FSM error (P2 struct &0x00007fff4a020c40, mess id 0x5ac031d1)!
Apr 16 15:51:02 fw2-v10 %ASA-3-713902: Group = 192.168.206.250, IP = 192.168.206.250, Removing peer from correlator table failed, no match!

The logs for "server01" are from the correct file, but the ones from "fw2-v10" are from  a different log file which has different alert match rules.
The log file for fw2-v10 is also included in the client data, as a separate section

Also, if I alert on all log entries, I now get alerts for <...CURRENT...>, which I guess is some tag that is added internally by Xymon. This I can avoid by adding ignore for this string, so it's not a big problem.

Regards,
Johan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150416/e00db9f4/attachment.html>

More information about the Xymon mailing list