[email protected] wrote: > On Sun, 8 Nov 2009, Phil Reilly wrote: > > >> I attempting to allow for flexible rule matches on Syslogs from a web >> front end (rather than entires into the rsyslog config files) >> >> I want to get regexp filters from a db to alert upon messages. Not sure >> the best way to achieve this. I've so far though of. >> >> * Outputting to a pipe and runing it via an alerting script. >> * Having file watch the messages. >> * Recieving the messages then passing them to rsyslog (yuck) >> >> Can the rule engine allow for match rules outside of the config? is >> there an elegant way of doing this? >> > > rsyslog doesn't give you this ability, but it's not really the best > approach to use for alerting anyway. > > what are you trying to achieve by having the alert definitions in a > database? there are several tools out there to do alerting (SEC, Simple > Event Correlator) is one of the leading ones, but I'm not aware of any of > them that use a database for their rulesets. > > I'm also scratching my head trying to figure out what the advantage of > doing so would be. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > Thanks David,
We have a networked environment. We also have a web page that allows you to configure regexp to match certain syslog messages. These patterns are compiled and kept in a table. The current syslog process we use listens for udp. When it gets a syslog message, we examine the patterns (which are re-read upon addition or change) and pass them to an alertering process before writing the logs to disk. The existing system works well, but we now want to scale it over a few machines and I'm examining what syslog products out there cater for alerting. So a database will make configuring alerts far more dynamic than statically entering them into a config file. It will also allow for grouped views so different groups have the ability to have custom alerts based upon their own interpretation of syslog messages. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
