Any luck with the template? Or should I just roll my own.
Cheers, Phil Rainer Gerhards wrote: > So what you are actually looking for is a system that can work with > dynamically changable alert definitions? As David said, there is no such > thing currently, but the best road to approach is is to write a custom output > plugin, that you pass each message to. That plugin can even decide if > messages should be discarded and not further processed. I envisioned such a > plugin, but had not yet time to write, for a similar use case. > > If you intend to write one AND contribute it to the project, I can help you > get started with the interface, would even be willing to create you a custom > skeleton that you can fill in your logic ;) > > HTH > Rainer > > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Phil Reilly >> Sent: Sunday, November 08, 2009 9:30 AM >> To: rsyslog-users >> Subject: Re: [rsyslog] Alerting rules via a database >> >> [email protected] wrote: >> >>> On Sun, 8 Nov 2009, Phil Reilly wrote: >>> >>> >>> >>>> I attempting to allow for flexible rule matches on Syslogs >>>> >> from a web >> >>>> front end (rather than entires into the rsyslog config files) >>>> >>>> I want to get regexp filters from a db to alert upon >>>> >> messages. Not sure >> >>>> the best way to achieve this. I've so far though of. >>>> >>>> * Outputting to a pipe and runing it via an alerting script. >>>> * Having file watch the messages. >>>> * Recieving the messages then passing them to rsyslog (yuck) >>>> >>>> Can the rule engine allow for match rules outside of the config? is >>>> there an elegant way of doing this? >>>> >>>> >>> rsyslog doesn't give you this ability, but it's not really the best >>> approach to use for alerting anyway. >>> >>> what are you trying to achieve by having the alert definitions in a >>> database? there are several tools out there to do alerting >>> >> (SEC, Simple >> >>> Event Correlator) is one of the leading ones, but I'm not >>> >> aware of any of >> >>> them that use a database for their rulesets. >>> >>> I'm also scratching my head trying to figure out what the >>> >> advantage of >> >>> doing so would be. >>> >>> David Lang >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >>> >>> >> Thanks David, >> >> We have a networked environment. We also have a web page that >> allows you >> to configure regexp to match certain syslog messages. These >> patterns are >> compiled and kept in a table. The current syslog process we >> use listens >> for udp. When it gets a syslog message, we examine the >> patterns (which >> are re-read upon addition or change) and pass them to an alertering >> process before writing the logs to disk. The existing system >> works well, >> but we now want to scale it over a few machines and I'm >> examining what >> syslog products out there cater for alerting. >> >> So a database will make configuring alerts far more dynamic than >> statically entering them into a config file. It will also allow for >> grouped views so different groups have the ability to have >> custom alerts >> based upon their own interpretation of syslog messages. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com >> >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
