On Sun, 8 Nov 2009, Phil Reilly wrote: > I attempting to allow for flexible rule matches on Syslogs from a web > front end (rather than entires into the rsyslog config files) > > I want to get regexp filters from a db to alert upon messages. Not sure > the best way to achieve this. I've so far though of. > > * Outputting to a pipe and runing it via an alerting script. > * Having file watch the messages. > * Recieving the messages then passing them to rsyslog (yuck) > > Can the rule engine allow for match rules outside of the config? is > there an elegant way of doing this?
rsyslog doesn't give you this ability, but it's not really the best approach to use for alerting anyway. what are you trying to achieve by having the alert definitions in a database? there are several tools out there to do alerting (SEC, Simple Event Correlator) is one of the leading ones, but I'm not aware of any of them that use a database for their rulesets. I'm also scratching my head trying to figure out what the advantage of doing so would be. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
