[sysmon-help] Symon www object response parser
J.T. Moore
jtmoore at international-auto.com
Thu Jul 3 11:55:16 EDT 2003
I have a question regarding how sysmon parses the response to
a www probe. We recently added some code to strip unnecessary
tabs and crlf's from the dynamic content generated on our web site.
Since then sysmon has been periodically reporting false positive
failures for the www probe monitoring the site.
What is odd is that the failures are intermittent rather than persistent.
The text that was being searched for is towards the end of the document,
but not at the very end. I have verifyed that the text string is present in
the document as it is in the sysmon.conf file and the web logs indicates
response status 200 for all of the hits from sysmon which occur approximately
once per minute which is the sysmon poll interval.
I changed the text the probe was searching for to "</body></html>"
which is at the very end of the document which seems to have fixed
the problem.
We are currently using sysmon v0.91.12
Any ideas/insights are appreciated.
Thanks,
J.T.
More information about the Sysmon-help
mailing list