Hello, I've been toying with an idea to create a logfile poller. The idea being that JFFNMS reads some logfiles and create events based on some of the lines in them matching some rules. It would also mean the database would not be filled up with non-matching lines either.
Here is how it could work, comments are welcome: Create a new table that has a list of logfiles. Each line will have a pathname for the logfile to check and a match group to match the loglines to. This table will also have a space for the last read offset. The Match Group will consist of a group of Match Itmes, just like the Poller Groups have Poller Items. The Match Items will look a lot like the existing rows found in the syslog table, they'll have a match expression plus some fields to work out where the matches go. The poller go through each file in the logfile table in turn. It will open the file then seek() to the last read position. It will then read each line and try to match it with each Match Item for the relevant Match Group. If there is a match then a new event is created. Finally when the poller gets to the end of file it will remember the file offset so it doesn't have to scan through the file again. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 Eye-Net Consulting http://www.enc.com.au/ MIEE Debian developer csmall at : enc.com.au ieee.org debian.org ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ jffnms-users mailing list jffnms-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jffnms-users
