I'm not a C++ programmer, but if I'm reading the code correctly then the maxdata parameter is ignored in the eventlog scanning function (AgentMsgs::Run in msgs.cpp), and also in Session::Execute in EventLog.cpp
Note it's a big if, and I'd be happier if someone with C++ experience could give a more reliable assessment.
Regards,
Carl
Carl Inglis Systems Administrator
Rakon UK Limited Dowsett House, Sadler Road, Lincoln LN6 3RS, United Kingdom Tel: +44 (0)1522 812630 | Fax: +44 (0) 1522 812664 | Mob: +44 (0) 7786 552915 Carl.Inglis at rakon.com | www.rakon.com
[The Queens Awards for Enterprise 2012]
[Rakon Logo]
This message together with any attachments contains confidential information and may be subject to privilege. If you are not the intended recipient you may not distribute it in any way, you must notify the sender immediately and delete any copies of the message along with its attachments.
Rakon UK Ltd is a limited company registered in England and Wales. Registered Office: Dowsett House, Sadler Road, Lincoln LN6 3RS Company Registration Number: 5128090.
Please be aware that Rakon UK Limited may monitor email traffic data including the date, time, subject line, sender and recipients for the purposes of security and usage monitoring. Automated monitoring systems may also be applied to ascertain whether incoming/outgoing emails are likely to contain viruses, other destructive devices or inappropriate content. From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Phil Crooker Sent: 10 July 2013 07:24 To: xymon at xymon.com Subject: [Xymon] problem with receiving bbwin data
I've been having difficulties setting up the bbwin client (ver 0.13 going to xymon 4.3.10 server) running on win7 sp1, 2008r2 and win2012 boxes in central mode. I've had zero response from the bbwin-help forum for this, so please bear with me.
For background: I can't get the bbwin client to stop sending all the logs, it ignores any maxdata parameters I use. Eg:
eventlog:system:1024It sends everything anyway. If I use log:system:1024, the bbwin client throws an error that it can't find the system log file. It does find the file without the maxdata parameter.
This aside, I do need to get this working as I have to start monitoring 10 new windows servers and have to monitor the event logs, so I can't just stop sending them as has been suggested. Yes I could do some powershell scripts and send them via bbwincmd but the bbwin client is made for this task.....
So, looking at this from the other side, the xymon server appears to be resetting the session after about 22MB of data has been sent (I know, this is ludicrous, but it is windows). Nothing in the xymond logs (except for the occasional data flooding error ("1st line client", always)); on the client side it reports it can't send the data to the xymon server.
I've set the MAXMSG_* to quite silly levels:
ipcs
------ Shared Memory Segments -------- key shmid owner perms bytes nattch status 0x01034be7 16908288 xymon 600 102400000 2 0x02034be7 16941057 xymon 600 102400000 2 0x03034be7 16973826 xymon 600 102400000 2 0x04034be7 17006595 xymon 600 102400000 2 0x05034be7 17039364 xymon 600 262144 1 0x06034be7 17072133 xymon 600 32768 1 0x07034be7 17104902 xymon 600 102400000 2 0x08034be7 17137671 xymon 600 102400000 2 0x09034be7 17170440 xymon 600 131072 1
Anything up to and including this size has no effect on the problem.
Looking at the tcpdump stream, the bbwin client sends data normally with regular ACKs from xymond till around that 22MB mark then xymond responds with a FIN packet, then with RST packets and the session shuts down. Nothing in the packets themselves indicate what the problem is.
If anyone can help with this, please, it would be great.
thanks, Phil
Please consider the environment before printing this e-mail
This message from ORIX Australia may contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive further communications by email. ORIX handles personal information according to a Privacy Policy that is consistent with the National Privacy Principles. Please let us know if you would like a copy.
It is also available at www.orix.com.au<http://www.orix.com.au>