Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-12824

Syslogd is sending new suspect events with null IP Address

    XMLWordPrintable

Details

    • Horizon 2020 - August 5
    • Backlog CM

    Description

      A customer builds their entire OpenNMS inventory using auto-discover via new-suspect-on-trap with Trapd or new-suspect-on-message with Syslogd.

      I found that even when Syslogd receives a message, and it cannot retrieve the IP address of the sender from it, it still sends a new suspect event with a null address. Provisiond, of course, rejects this event, but on a system handling hundreds if not thousands of messages per second, this behavior can unnecessarily overwhelm the system.

      This is why this should be prevented.

      Maybe unrelated, but another scenario is that when a known sender is sending hundreds or thousands of messages, Syslogd will continuously sending new suspect events until the IP exists on the database, which could unnecessarily overwhelm the system even more than the first scenario. That's because, in this case, active transactions are happening until the IP exists on the database. There should be some kind of time-based cache to avoid this situation.

      Attachments

        Activity

          People

            cgorantla Chandra Gorantla
            agalue Alejandro Galue
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: