On Thu, 25 Apr 2013, Balamurugan Arumugam wrote:
Hi list,
Our idea is to use rsyslog as logger for GlusterFS. My requirement is ;
1. keep track of each log from glusterfs processes.
2. each log is formatted as error code + message optionally extra message.
3. skip logging repeatedly based on the error code, if it occurs N times within
given M seconds.
4. based on the error codes and their occurrence, the system raises alerts to
sysadmin, supervisors and managers based on their severity
To archive this, I would like to get advice on
1. Does rsyslog system/plugin track logs stats like time/source/progname etc?
2. does log skipper plugin available?
3. alerting front, I could archive this by doing with filter conditions.
correct me if I am wrong.
Rsyslog is not an alerting engine, it does not track state.
You can generate alerts based of filter matches, and for a particular output you
can throttle it (no more than 1 message every 5 min type of thing)
I'm not familiar with log skipper, pointer please?
My go-to tool for any non-trivial alerting is Simple Event Correlator, (SEC)
http://simple-evcorr.sourceforge.net/
for lower volume setups I create a named pipe (mkfifo) and have SEC read from it
and rsyslog write to it
for higher log volumes with more complex configs, I have multiple copies of SEC
running, with rsyslog filtering logs so that a subset of logs go to each
instance of SEC (and the seperate instances of SEC generate log messages to pass
interesting correlations to other copies).
for very high log volumes, this latter approach can be spread across multiple
machines.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
