Re: Errors Message from Webtrends Firewall Suite

From:
Date: 10/25/02 

Date: 24 Oct 2002 19:48:58 -0700

Solution

The following article describes the issue in detail as well as a way
to
increase the out of order time so that fewer records are discarded.

http://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB664

Below is the article

Firewall Suite and Firewall Appliance Analyzer keep track of how many
records in the log file were dropped due to being out of chronological
order, and when this number of dropped records becomes high it may
cause concern. All out of order records will affect visitor session
statistics and in some cases, alters session numbers, lengths, etc.

Below is the method for manually setting the timeout value for
Firewall Suite and Firewall Appliance Analyzer. Use this setting with
careful thought and planning to avoid the problems above.

Locate the following file within the WebTrends product:
\wtm_<cartridge>\<cartridge>.ini

Open the file in a text editor and locate the following section:
[defaults]

Add the following line:
MaxOutOfOrder=n
[where n is any number of seconds, 1-359]

Save the changes.

Note: By default, all log analysis cartridges will throw out records
that are more than thirty seconds out of order. This setting will
change the amount of seconds the engine will allow records to be out
of order. The greater this value, however, the more memory will be
used.

The reason it takes more memory is because whatever setting is entered
into the .ini file is the amount of time the WebTrends parsing engine
will do automatic, in-memory sorting for you. The larger the time
slice, more memory is needed to do this sorting. It is important to
understand the results of this configurational change.

Example:

An example case where this might happen is if you had three Check
Point FW-1 modules - two in the United States and one in Central
America - all logging to the same console. The records coming from
Central America could be written out more than thirty seconds past the
other modules. Reasons for this:

One cause could be when multiple machines record to one log, and those
machines have a system clock set more than 30 seconds different.

Another reason could be one in which multiple services write out
records to a single log file on a machine, and the records are then
dumped out from a buffer periodically. This has been known to cause
problems.

Relevant Pages

  • Re: Called ServiceBase.Run(), but never receive OnStart()?
    ... settings, most important of which for our purposes is the name of the ... On the machines where this works, I see, in the logfile, the two ... Write a startup message to the log file. ... But you are reading from the registry before you are actually writing to the log file, what's important is to know the time you entered Main and the time at which you are calling Run, the difference between those may not exceed 30 seconds. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: lost all icons....
    ... Well, sure, there can be more than one reason to get the problem. ... >> How to Copy User Data to a New User Profile ... >> Try logging on using the Administrator account, then run Hijack ... >> and post back with the resultant log file. ...
    (microsoft.public.windowsxp.newusers)
  • Re: how can I send the error message to the user by email?
    ... This is probably the reason that popenwas suggested. ... like Python. ... having your code dump its error message to a log file, ...
    (comp.os.linux.development.apps)
  • FOR command question
    ... windows 2000 and XP machines fill in these fields fine however my NT4 ... I use the 'find' and 'for' commands on this log file a lot. ... so my tokens don't get off? ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: log4j and log file lock?
    ... We have a processor farm (currently 8 machines) running the same ... We use log4j to record ... we'd like to use a single log file in a networked ... which, if faster than the network ...
    (comp.lang.java.programmer)