I thought I understood how these worked, below I have one configured to
alert me if I receive no logs through this input in an hour and my schedule
block is checking it once an hour to verify that. I checked the logs and
I've received ~ 200 log entries in the previous hour before I received a
notification of "No messages received" . I'm guessing that I don't know how
these work.
I've created the msgrate counter as a rate counter to calculate the number
of events per hour. My understanding is that this will update once for each
message that is received on this input. I've created a schedule block that
check that counter every 3600 seconds - it is doing that because I'm getting
an alert every hour when it runs regardless of how many log messages I've
received. Can anyone point out what I've done incorrectly here?
<Input in_tcp>
Module im_tcp
Host 10.27.40.61
Port 5200
Exec parse_syslog_bsd(); to_syslog_bsd();
Exec create_stat("msgrate", "RATE", 3600);
add_stat("msgrate", 1);
<Schedule>
Every 3600 sec
Exec create_stat("msgrate", "RATE", 10);
add_stat("msgrate", 0);
Exec if defined get_stat("msgrate") and
get_stat("msgrate") <= 1 \
{ \
log_error("No messages received"); \
}
</Schedule>
</Input>
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
