brudden1

logmon causing mass alarms when logfile is manually modified

Discussion created by brudden1 on Aug 23, 2012
Latest reply on Aug 30, 2012 by craig.schotke

We're using logmon to alarm on various log entries.  Everything is working fine.  We're using 'updates' to prevent a full reading of the log files each time, and alarming is working as expected.

 

However, if someone manually edits/saves a log file, at the next run, the logmon probe does a full read (cat) of the log, generating huge amounts of alarms.  I believe that manually saving the log file is causing the profile to lose it's EOF marker, so not sure what can be done about this.  so basically....

 

1.  Has anyone else encountered this issue? 

 

2.  Is my understanding of why it's cat'ing the log files accurate (lost/invalid EOF marker)

 

3.  How have you handled this in your environments?  Storm protection is a possibility, but I figured I'd pick your brains before I make any changes.

 

 

thanks in advance for any help,

 

Brian

Outcomes