[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    Alarmtool problems
From:       "Destefano, Robert" <RRD () PARA-PROTECT ! COM>
Date:       2001-08-10 17:46:36
[Download RAW message or body]

>From my understanding Alarmtool "tails" (tail -f) the dragon.log.xxx file
and then
the alarmtool perl script runs against the resulting data looking for
"alarm" events specified in the alarmtool.conf file
and then will forward those "alarmed" events to the dragon administrator via
whatever means you specify (SMTP, SNMP, syslog, etc.)

What I'm running - Several sensors monitoring high amounts of traffic
reporting to a single server
the server is running Alarmtool (v2).

My assumption - (yes I know not to ass u me :)
Since PERL is an intepreted language is it possible for the data from the
dragon.log.xxx file
to be read in faster than the PERL program can handle and cause the
alarmtool not to
process/send all of the data?

Reason for my question:
My dragon.log.xxx file is filling up at a high rate and as a result my
alarmtool smtp alerts and the "real" number of events triggered differs
(greatly) -

"real" data confirmed by:
1.) mklog -e ALERT /usr/drider/DB/date/dragon.db  and/or
2.) cat dragon.log.xxx | grep ALERT


Is there anything I can do to fix this problem?  Am I missing something?

Rocky

[prev in list] [next in list] [prev in thread] [next in thread]