[sniffer] Re: Am I ready to upgrade to version 3?
Hello Stefan, Tuesday, August 5, 2008, 6:35:14 AM, you wrote: Andy, Pete, I did install V3 this morning using the current Windows installer. Everything seems to work. Can you please check if you get good telemetry data? I see good telemetry. Andy and I will discuss the hiccup. snip/ - Question: I installed using Windows Remote Desktop and all looked good. But on the real screen of that server I now see a command line window related to Sniffer. The title contains the WGet command. Some action seems to take place (a simulated rolling wheel in the last line). Must this process run? Why was it started on that other screen? That's interesting. I don't think that happened in testing. If I understand correctly, we're using XYNTService to run SNFServer.exe. In theory it should run silently. It sounds like you are able to see it's screen. Your message rate is not high-- but you do usually have a message or two running through. When that happens, the msg/minute number on that line should change. If it does then that is the live version of SNFServer so you'll want to leave it running. Or, pheraps if you restart the service from the console it will be invisible as it should be? I'll let Andy work on that with you to understand it and come up with a working solution. Thanks for the detail! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Am I ready to upgrade to version 3?
Pete, see my comments inline... I did install V3 this morning using the current Windows installer. Everything seems to work. Can you please check if you get good telemetry data? I see good telemetry. Now that's good. Andy and I will discuss the hiccup. OK. Might well be related to that old mxGuard version. - Question: I installed using Windows Remote Desktop and all looked good. But on the real screen of that server I now see a command line window related to Sniffer. The title contains the WGet command. Some action seems to take place (a simulated rolling wheel in the last line). Must this process run? Why was it started on that other screen? That's interesting. I don't think that happened in testing. If I understand correctly, we're using XYNTService to run SNFServer.exe. In theory it should run silently. It sounds like you are able to see it's screen. Your message rate is not high-- but you do usually have a message or two running through. When that happens, the msg/minute number on that line should change. Yep, as mentioned before. We are just a small company with around 40 mail accounts. If it does then that is the live version of SNFServer so you'll want to leave it running. Or, pheraps if you restart the service from the console it will be invisible as it should be? OK, more information... Stopping the service from the console makes the window disappear. Restarting the service and viola - its back again. I checked the service properties and there I found the culprit (translated from German): The service logs in as Locale System and Allow interaction between service and desktop is checked. If you uncheck that option and then stop/restart the service everything is fine. So it looks like your automatic service setup needs a minor tweak. Cheers -- elektronik-labor CARLS GmbH Co. KG Stefan Paege Fon: +49 5973 9497-23 Fax: +49 5973 9497-19 elektronik-labor CARLS GmbH Co. KG Kommanditgesellschaft: Sitz Neuenkirchen, Registergericht Steinfurt HRA 3310 Persönlich haftende Gesellschafterin: elektronik-labor CARLS, Beteiligungsgesellschaft mbH, Sitz Neuenkirchen, Registergericht Steinfurt HRB 4175 Geschäftsführer: Irmgard Carls, Joachim Schulte # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Am I ready to upgrade to version 3?
Stefan, Pete Ok, thats one of two!... The LocalMachine makes total sense. the thing I'm insterested in now is why it didn't pull up your MXGuard installation. When I got guidance from Greg @ MXGuard, he indicated that IMail's SendName was the only key to detecting an older MXGuard installation ( Short of searching the entire drive. ) And that its key would be pointing at the imailtomxguard.exe. So what is the HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Global\SendName pointing at for your system, that it wouldn't detect the MXGuard call do you have something in between IMail and MXGuard that would mask the installer's detection. [ this is installer has become my own private game of Spy-vs-Spy ] Thanks for the intel, _Andy - Original Message - From: Stefan Paege [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Tuesday, August 05, 2008 9:58 AM Subject: [sniffer] Re: Am I ready to upgrade to version 3? Pete, see my comments inline... I did install V3 this morning using the current Windows installer. Everything seems to work. Can you please check if you get good telemetry data? I see good telemetry. Now that's good. Andy and I will discuss the hiccup. OK. Might well be related to that old mxGuard version. - Question: I installed using Windows Remote Desktop and all looked good. But on the real screen of that server I now see a command line window related to Sniffer. The title contains the WGet command. Some action seems to take place (a simulated rolling wheel in the last line). Must this process run? Why was it started on that other screen? That's interesting. I don't think that happened in testing. If I understand correctly, we're using XYNTService to run SNFServer.exe. In theory it should run silently. It sounds like you are able to see it's screen. Your message rate is not high-- but you do usually have a message or two running through. When that happens, the msg/minute number on that line should change. Yep, as mentioned before. We are just a small company with around 40 mail accounts. If it does then that is the live version of SNFServer so you'll want to leave it running. Or, pheraps if you restart the service from the console it will be invisible as it should be? OK, more information... Stopping the service from the console makes the window disappear. Restarting the service and viola - its back again. I checked the service properties and there I found the culprit (translated from German): The service logs in as Locale System and Allow interaction between service and desktop is checked. If you uncheck that option and then stop/restart the service everything is fine. So it looks like your automatic service setup needs a minor tweak. Cheers -- elektronik-labor CARLS GmbH Co. KG Stefan Paege Fon: +49 5973 9497-23 Fax: +49 5973 9497-19 elektronik-labor CARLS GmbH Co. KG Kommanditgesellschaft: Sitz Neuenkirchen, Registergericht Steinfurt HRA 3310 Persönlich haftende Gesellschafterin: elektronik-labor CARLS, Beteiligungsgesellschaft mbH, Sitz Neuenkirchen, Registergericht Steinfurt HRB 4175 Geschäftsführer: Irmgard Carls, Joachim Schulte # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Am I ready to upgrade to version 3?
Andy, Stefan, Pete Ok, thats one of two!... The LocalMachine makes total sense. the thing I'm insterested in now is why it didn't pull up your MXGuard installation. When I got guidance from Greg @ MXGuard, he indicated that IMail's SendName was the only key to detecting an older MXGuard installation ( Short of searching the entire drive. ) And that its key would be pointing at the imailtomxguard.exe. So what is the HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Global\SendName pointing at for your system, that it wouldn't detect the MXGuard call do you have something in between IMail and MXGuard that would mask the installer's detection. [ this is installer has become my own private game of Spy-vs-Spy ] SendName is pointing to d:\ics\imail\mxhook.exe Regards -- elektronik-labor CARLS GmbH Co. KG Stefan Paege Fon: +49 5973 9497-23 Fax: +49 5973 9497-19 elektronik-labor CARLS GmbH Co. KG Kommanditgesellschaft: Sitz Neuenkirchen, Registergericht Steinfurt HRA 3310 Persönlich haftende Gesellschafterin: elektronik-labor CARLS, Beteiligungsgesellschaft mbH, Sitz Neuenkirchen, Registergericht Steinfurt HRB 4175 Geschäftsführer: Irmgard Carls, Joachim Schulte # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Am I ready to upgrade to version 3?
Stephan, Greetings. I'm Andy. I'm the engineer for the installer. I'll take a comment on number 1 and let Pete hit you with the answers for the rest. First off, since you are running Sniffer2 in persistant mode, it probably means you have it wrapped in a service that the installer won't understand how to unwravel. So you will probably need to stop the service in order to release the $license.exe for archiving. That said, the installer makes an archive file of an old sniffer install in order to help people with a quick restore, for any reason. However, in confirming my answer for you, I noted that uninstalling SNF3.0 will put MXGaurds Auth and PathToEXE lines in the mxguard config file to their default values. This would orphan a RESTORE of the SNF2 image if we attempted to roll back the operation. To reconnect it, the AUTH and the PathToExe lines in the MXGuard config file would need to be corrected. ( That not being too difficult a fix if we did try to put the old install back. ) You should be able to proceed with confidence. If you would like to wait for the patch to the installer that will re-tie the restore back into MXGuard, I can have that out in the next 24hrs. ) I'll send you my contact information so you can have me available to you when you're making your upgrade. Thanks for using Sniffer. _Andrew Wallo - Original Message - From: Stefan Paege [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Monday, August 04, 2008 8:46 AM Subject: [sniffer] Am I ready to upgrade to version 3? Yes, that's what I'm asking myself for quite some time now. I think the answer is yes, but I'd like to know a few things for sure. 1.) I'd like to use the Windows installer. Can it handle my setup? - Windows 2003 Server Standard - IMail Premium 10.01 with Premium Antispam active - MxGuard 1.72 - Sniffer Version 2 installed in persistent mode 2.) Anything I MUST read and understand before upgrading? 3.) What about network traffic generated by V3 compared to V2? Our (small) company has a DSL-line which is used by the mailserver exclusively. But it is not a full flat, so at some point we have to pay traffic. 4.) What about processor load? Do we need more power to get V3 running smoothly. 5.) Anything important I forgot to ask? I'd like to know the answer to that, too ;-) TIA -- elektronik-labor CARLS GmbH Co. KG Stefan Paege Fon: +49 5973 9497-23 Fax: +49 5973 9497-19 elektronik-labor CARLS GmbH Co. KG Kommanditgesellschaft: Sitz Neuenkirchen, Registergericht Steinfurt HRA 3310 Persönlich haftende Gesellschafterin: elektronik-labor CARLS, Beteiligungsgesellschaft mbH, Sitz Neuenkirchen, Registergericht Steinfurt HRB 4175 Geschäftsführer: Irmgard Carls, Joachim Schulte # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Am I ready to upgrade to version 3?
Hello Stefan, I've been chatting with Andy on this. He is the engineer who developed the installer. He should be responding shortly about that piece. I will answer some of the other questions... Monday, August 4, 2008, 8:46:30 AM, you wrote: snip/ 2.) Anything I MUST read and understand before upgrading? You probably should (not necessarily must) read this so you will understand the differences: http://www.armresearch.com/support/articles/installation/upgradeHelp.jsp 3.) What about network traffic generated by V3 compared to V2? Our (small) company has a DSL-line which is used by the mailserver exclusively. But it is not a full flat, so at some point we have to pay traffic. V3 will SYNC every minute with our servers. The session size depends upon how much traffic you are seeing, however in all cases it is fairly small. Our spam trap processor handling about 4000 msg/min at the moment produced about 35K down and 49K up in it's last session. A customer node handling about 430 msg/min at the moment produced about 18.3K down and 24.5K up in it's last session. A customer node handling about 60 msg/min at the moment produced about 3.4K down and 5.8K up during it's last session. That should give you an idea about the extra traffic. If you have been uploading log files then you will not need to do that with the new version. 4.) What about processor load? Do we need more power to get V3 running smoothly. V3 typically uses less CPU than V2... Sometimes significantly less depending upon what it has learned. In general the engine is slightly more efficient due to optimizations, and in addition to that it is able to truncate the scanning process on between 10% and 50% of messages based on learned IP statistics. The new version also uses less CPU and I/O because jobs are coordinated via a local TCP connection instead of job files on disk. The new version is also fully multi-threaded so it's work can be spread among the physical virtual CPUs in your system. 5.) Anything important I forgot to ask? I'd like to know the answer to that, too ;-) I don't think so. If you have gateways or other message processing systems in front of SNF you will want to be sure to tell GBUdb about them so that they can be skipped when SNF is determining the source IP for the message. The rest I think you covered. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
