Hi,
> Can you please provide me some more clarification over this:-
>
> According to my understanding, using pm_evcorr 's suppress module;
> a) We are supposed to give a CONDITION to bring it in affect,
> (i don't have any such condition as the message body is not fixed it can
> change, writing a regex here will also not help)
'Condition TRUE' will make it always evaluate the rule for all events.
> b) [Imp] It says that the rule will ignore any further log messages for the
> time specified in the interval. (now what exactly does it means, will it
> ignore the messages matching that condition or will it ignore every log
> messages (which will again be a disaster).? )
pm_evcorr only executes the Exec statement, log messages are not touched
unless that's waht you put in Exec. 'Ignore' refers to this, it will not
evaluate the Exec directive. You would put the mailer command into the
Exec directive.
> c) Context: i am not even able to get how can we make use of it (or what
> exactly that is),. (is it a regex or some conditions, or should i write
> $message_body here, don't know.)
Context would be your log type I guess. You will get one alert per
context.
> Can you provide me with some explanation and a good practical example (if
> possible from my scenario and event logs) of how to use this module along
> with context option.
A simple example is there in the reference manual. There are a lot of
practical examples and tutorials about sec.pl which may help understand
the concept.
Regards,
Botond
>
>
> On Fri, Sep 20, 2013 at 3:45 PM, Botond Botyanszki <b...@nxlog.org> wrote:
>
> > Hi,
> >
> > You may want to look at pm_evcorr's Suppress rule, using a
> > context. This would send one mail per context during the specified
> > interval.
> >
> > Regards,
> > Botond
> >
> >
> > On Fri, 20 Sep 2013 15:25:21 +0530
> > Suraj Sharma <suraj.sha...@webyog.com> wrote:
> >
> > > 1. Typically, my events are multi-line and looks like this:-
> > > a) Say *event A* be:
> > > WY_LOG_TYPE_ERROR <<**
> > > ================================
> > > 2013-08-30 22:08:55
> > > ================================
> > > File: /var/www/.../Dblink.php
> > > Line: 70
> > >
> > > Unknown MySQL server host '127.0.0.1' (0)
> > >
> > > **>>
> > >
> > > b) Say *event B* be:
> > > WY_LOG_TYPE_ERROR <<**
> > > ================================
> > > 2013-08-30 22:08:55
> > > ================================
> > > File: /var/www/.../app.php
> > > Line: 70
> > >
> > > The application connectivity failure...(and some stack trace...)
> > >
> > > **>>
> > >
> > > 2. The important *nxlog module configs* :
> > >
> > > a) Multiline
> > > <Extension *multi*>
> > > Module xm_multiline
> > > HeaderLine /^WY_LOG_TYPE_(ERROR|INFO)/
> > > EndLine /^\*\*>>/
> > > </Extension>
> > > b) The input config:
> > > <Input *in_app_desktop_my_log*>
> > > Module im_file
> > > File "/vagrant/my.log"
> > > SavePos TRUE
> > > ReadFromLast TRUE
> > > InputType multi
> > > PollInterval 20
> > > </Input>
> > > c) *The pattern module: ( used to extract body of error message ie
> > > everything after "File:" till "**>>" as the timestamp of error can
> > change)*
> > > ** *This modules capture the error body message and put it in variable
> > > named message_body*
> > > <Processor *extract_body_of_error*>
> > > Module pm_pattern
> > > PatternFile /vagrant/patterndb.xml
> > > </Processor>
> > >
> > > d) The final norepeat module working on this *message body variable.*
> > > <Processor *no_repeat*>
> > > Module pm_norepeat
> > > CheckFields message_body
> > > </Processor>
> > >
> > > e) Output config (does all the mail sending work)
> > > <Output *out_app_desktop_my_log*>
> > > Module om_null
> > > Exec { exec_async("/bin/sh", "-c", 'echo -e "From:
> > > suraj.shar...@webyog.com\nTo:
> > > suraj.sha...@webyog.com\nContent-Type:text/html;\nSubject: Error in Log
> > > \n\n<pre>' + $raw_event + '<//pre>"|/usr/sbin/sendmail -t' ); }
> > > </Output>
> > > f) The ROUTE config
> > > <Route *1*>
> > > *Path in_app_desktop_my_log => extract_body_of_error =>
> > no_repeat
> > > => out_app_desktop_my_log*
> > > </Route>
> > > 3. The whole series of events happens like ABABABABABAB... every seconds.
> > > IN 20 seconds we get approx 50 such series and the ultimate requirement
> > is
> > > to send just 2 mails (not 100 of them) containing event A and event B
> > after
> > > 20 seconds.
> > > 4. *My question is how can pm_evcorr or xm_perl help me...?*
> > > 5. Some thoughts from you answer are like in xm_perl we can make an
> > > array storing up last 10 events (or precisely storing the message_body)
> > and
> > > checking based on that, whether the current event has been repeated in
> > last
> > > 10 occurrences... if repeated it should be dropped.
> > >
> > >
> > > --
> > > Warm Regards,
> > >
> > > Suraj Sharma
> > > Software Engineer
> > > Webyog Softworks Pvt Ltd
> >
> >
> > ------------------------------------------------------------------------------
> > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
> > SharePoint
> > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
> > includes
> > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
> > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
> > _______________________________________________
> > nxlog-ce-users mailing list
> > nxlog-ce-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
> >
>
>
>
> --
>
> Warm Regards,
> *Suraj Sharma*
> *Software Engineer*
> *Webyog Softworks Pvt Ltd*
> *
> *
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
