| Cheshire Cat Computing http://steveshipway.org/forum/ |
|
| Trouble http://steveshipway.org/forum/viewtopic.php?f=22&t=769 |
Page 1 of 2 |
| Author: | jbarelds [ Fri Dec 16, 2005 11:43 pm ] |
| Post subject: | Trouble |
Hi all, I installed v1.7.0a and i experienced some strange behaviour. I checked for all the eventlog *only* the "ERROR" events. Now i do get notifications for "INFORMATIONAL" events as if they where errors! Anyone any clues? Thanks. p.s. We do have more then 3 eventlogs but i configured only the system, application and security. Grz. Johan |
|
| Author: | stevesh [ Mon Dec 19, 2005 11:16 am ] |
| Post subject: | |
| Author: | jbarelds [ Mon Dec 19, 2005 11:56 pm ] |
| Post subject: | reg settings |
| Author: | OverHere [ Wed Dec 21, 2005 8:08 am ] |
| Post subject: | |
| Author: | stevesh [ Wed Dec 21, 2005 4:07 pm ] |
| Post subject: | |
Version 1.7.2 is now posted, which includes the source code. The function you are looking for is in filter.c. There was definitely a problem in 1.7.1 with processing eventID 0 (which I had previously thought was illegal), and in versions prior 1.7.0 with processing messages with Category>0. These are now fixed. Also, versions before 1.7.1 were limited to 16 event IDs in the list (unless they were single-digit). I cannot find a cause for this problem, though. |
|
| Author: | jbarelds [ Thu Dec 22, 2005 11:25 pm ] |
| Post subject: | Winsock error: 997 |
| Author: | jbarelds [ Thu Dec 22, 2005 11:37 pm ] |
| Post subject: | mmm... |
| Author: | jbarelds [ Fri Dec 30, 2005 11:27 pm ] |
| Post subject: | It works... |
Hi Steve, I don't know what you did, but the "NOT" option in the Filter does actually works after i upgraded to v1.7.2 This is the first time that is i actually see it working. I came from version 1.6.2. Hope this helps in solving this issue. Happy New Year! Grz. Johan Barelds |
|
| Author: | stevesh [ Sun Jan 01, 2006 5:50 pm ] |
| Post subject: | |
Just to clarify - the only problem you are experiencing now that you have v1.7.2 is that it seems to be that Informational messages are being matched by your filters which should only select Errors. Everything else works as expected. The filters you posted definitely specify only errors. I've run a number of tests here and I can't make it select the wrong thing... please post the complete details for the message that is being incorrectly matched? Sorry about the error message for a wrong password. Unfortunately this is down to the unhelpful NSCA protocol just hanging up on you for a bad password, and the send_nsca code I incorporated not having a catch for this, so theres not much I can do. |
|
| Author: | jbarelds [ Wed Jan 04, 2006 10:29 pm ] |
| Post subject: | Winsock error: 997 |
Hi Steve, Yesterday we had an interesting experience with the famous "Winsock error: 997" error: I was configuring the Nagios server so it was unavailable for a while. One of the Nagios Eventlog clients wanted to report an error which was caught by it's filter. Because the Nagios server was temporary unavailable the client produced the "Winsock error: 997" in the error log. This started a loop, because the client wanted to report this error also, couldn't reach the server, generated an error etc. etc. etc. The result of it all was that the client started an unintended DOS attack to the Nagios server flooding it with several events per second. After this other client (which couldn't reach the Nagios server also anymore) started to flood also which at the end resulted in a Nagios server that couldn't perform it checks anymore because it was to buys processing al the incoming events. My question is: is there anything we can do to prevent these Winsock events from happening? Thanks! Grz. Johan |
|
| Page 1 of 2 | All times are UTC + 12 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|