TCP_DENIED/407

Ben Hay
2009-07-14
2013-04-24
  • Ben Hay
    Ben Hay
    2009-07-14

    Using NTLM_AUTH  results in a lot of TCP_DENIED/407 entries in the logs.

    The following code filters out this junk. 
    I place it right after  if($record[0]<=$lastTimestamp) {} in mysar-importer.php.

    //  Ignore NTLM_AUTH generated entries
            if($record[3] == 'TCP_DENIED/407')
            {
                    debug('Ignoring TCP_DENIED/407', 40);
                    debug('.',30);
                    debug('Updating last known offset to '.ftell($handle).'... ',40,__FILE__,__LINE__);
                    updateConfig('lastLogOffset',ftell($handle));
                    continue;
            }