[sysmon-help] sysmond filling log file
Jared Mauch
jared at sysmon.org
Tue Dec 16 11:22:05 EST 2003
On Fri, Dec 12, 2003 at 11:36:42AM -0600, John Gateley wrote:
> Hi Y'all,
>
> During a recent network outage, sysmond filled up the sysmond.log
> file with tons of messages like:
>
> Dec 02 2003-13:32:26 : Possibly stale check of x.x.x.x:www:80 lasting 45.079987
> Dec 02 2003-13:32:27 : Possibly stale check of x.x.x.x:www:80 lasting 46.089802
> Dec 02 2003-13:32:28 : Possibly stale check of x.x.x.x:www:80 lasting 46.644920
> Dec 02 2003-13:32:28 : Possibly stale check of x.x.x.x:www:80 lasting 47.228584
> Dec 02 2003-13:32:28 : Possibly stale check of x.x.x.x:www:80 lasting 47
>
> There were over 8000 of the lines for "Dec 02 2003-13:32:28"
> The log file grew pretty fast, and eventually filled up the file system.
Hmm. the problem is that it should have declared the
host as "connection timed out" after a certain point,
and stopped checking this. let me look at this code a bit more...
the other issue could be if it did connect to port 80, it timed out
while talking to the web server and trying to search for the text
in the html page.
> Any idea where the message comes from, and more important: why
> so many are being generated in a single second?
it should not generate more than one log per second per object.
i'll look into this as well.
- jared
>
> Thanks,
>
> j
> --
> Public key at http://www.jriver.com/~gateley
> _______________________________________________
> Sysmon-help mailing list
> Sysmon-help at puck.nether.net
> https://puck.nether.net/mailman/listinfo/sysmon-help
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the Sysmon-help
mailing list