Re: X command and Lost client data

["Andy Woods" <andywoods () mail com>]

----- Original Message -----
From: Edward Balas <ebalas () iu edu>
Date: Thu, 25 Mar 2004 08:37:28 -0500 (EST)
To: tebodell () mchsi com
Subject: Re: X command and Lost client data

> On Thu, 25 Mar 2004 tebodell () mchsi com wrote:
>
> > Back again folks :-/,
> >
> > So far i've tried to streamline setting up a sebek server and several sebek
> > clients and i've run into the same thing everytime.  The install process is
> > pretty much flawless but when i start the client with accurate configuration and
> > the server listening with sbk_upload (database schema and user is setup
> > correctly).  In the web interface the only record that ever occurs is the X
> > Command and the pid corresponds to the X server of the sebek client.  When the
> > server is listening i also get a lot of Warning 5 RX Lost 4 with the numbers
> > close to each other.  Why do i only get the X server command and why is it
> > losing so much data between the clients and server (there are no other hosts on
> > this segment).
>
> Can you provide a bit of background on the server you are using, including 
> OS version and type of nic that you are collecting on.  
>
> What is the CPUload on the box when you are doing this?
>
> Is the Sebek Client on a vmware host or physical host?
>
> What version of the sebek server are you using?  


I am also getting the same problem (RX lost #), but not at the frequency as the other guy.  I am using a Gentoo 
2.4.24-hardened kernel, Sebek server 2.1.6 collecting with a Intel 100 NIC card.  Client data is coming from a windows 
2000 client running Sebek 2.1.5 in a non-vmware environment.  Sebek is the only thing running on the server, so there 
is no CPU load (other than Sebek recording to a MySQL DB).