It is now present in the master branch. It resides in ./plugins/omdbalerting
to enable it, use $ ./configure --enable-omdbalerting <other options> Obviously, the code now needs to be populated. I suggest that you create a simple sample with fixed constants, submit it to me, and then we can talk about how to obtain parameters from the config file. I hope this is useful. If you have any question (I guess you will have), please ask. But be sure to review module-template.h before beginning with any work. Looking at omtemplate.c is also a good idea. Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Phil Reilly > Sent: Tuesday, November 17, 2009 4:10 AM > To: rsyslog-users > Subject: Re: [rsyslog] Alerting rules via a database > > Any luck with the template? > > Or should I just roll my own. > > Cheers, > > Phil > > Rainer Gerhards wrote: > > So what you are actually looking for is a system that can work with > > dynamically changable alert definitions? As David said, there is no > such > > thing currently, but the best road to approach is is to write a > custom output > > plugin, that you pass each message to. That plugin can even decide if > > messages should be discarded and not further processed. I envisioned > such a > > plugin, but had not yet time to write, for a similar use case. > > > > If you intend to write one AND contribute it to the project, I can > help you > > get started with the interface, would even be willing to create you a > custom > > skeleton that you can fill in your logic ;) > > > > HTH > > Rainer > > > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Phil Reilly > >> Sent: Sunday, November 08, 2009 9:30 AM > >> To: rsyslog-users > >> Subject: Re: [rsyslog] Alerting rules via a database > >> > >> [email protected] wrote: > >> > >>> On Sun, 8 Nov 2009, Phil Reilly wrote: > >>> > >>> > >>> > >>>> I attempting to allow for flexible rule matches on Syslogs > >>>> > >> from a web > >> > >>>> front end (rather than entires into the rsyslog config files) > >>>> > >>>> I want to get regexp filters from a db to alert upon > >>>> > >> messages. Not sure > >> > >>>> the best way to achieve this. I've so far though of. > >>>> > >>>> * Outputting to a pipe and runing it via an alerting script. > >>>> * Having file watch the messages. > >>>> * Recieving the messages then passing them to rsyslog (yuck) > >>>> > >>>> Can the rule engine allow for match rules outside of the config? > is > >>>> there an elegant way of doing this? > >>>> > >>>> > >>> rsyslog doesn't give you this ability, but it's not really the best > >>> approach to use for alerting anyway. > >>> > >>> what are you trying to achieve by having the alert definitions in a > >>> database? there are several tools out there to do alerting > >>> > >> (SEC, Simple > >> > >>> Event Correlator) is one of the leading ones, but I'm not > >>> > >> aware of any of > >> > >>> them that use a database for their rulesets. > >>> > >>> I'm also scratching my head trying to figure out what the > >>> > >> advantage of > >> > >>> doing so would be. > >>> > >>> David Lang > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com > >>> > >>> > >> Thanks David, > >> > >> We have a networked environment. We also have a web page that > >> allows you > >> to configure regexp to match certain syslog messages. These > >> patterns are > >> compiled and kept in a table. The current syslog process we > >> use listens > >> for udp. When it gets a syslog message, we examine the > >> patterns (which > >> are re-read upon addition or change) and pass them to an alertering > >> process before writing the logs to disk. The existing system > >> works well, > >> but we now want to scale it over a few machines and I'm > >> examining what > >> syslog products out there cater for alerting. > >> > >> So a database will make configuring alerts far more dynamic than > >> statically entering them into a config file. It will also allow for > >> grouped views so different groups have the ability to have > >> custom alerts > >> based upon their own interpretation of syslog messages. > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > >> > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
