I agree with Radu. That kind of alerting it well outside the scope of Rsyslog and you would also have to consider the potential performance impact that kind of monitoring would have on the application.
-- James -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Radu Gheorghe Sent: Friday, January 17, 2014 1:47 PM To: rsyslog-users Subject: Re: [rsyslog] Queue Alerting? Hi Nick, There's queue.discardmark and queue.discardseverity which helps keep queue sizes in check. Other than that, I guess it's best to monitor queue sizes with impstats and do alerting and actions with your monitoring system. For example Nagios/Shinken can give you those things. WARNING! Opinion ahead! :) I think embedding alerting functionality in rsyslog would be out of its scope. For example, threshold-based alerts are often criticized for being too rigid, so monitoring systems tend to add different algorithms to detect anomalies. One example from our product SPM: http://blog.sematext.com/2013/10/15/introducing-algolerts-anomaly-detection-alerts/ That's why I believe alerts and actions are best done outside rsyslog. Even the current discard action, for example, could have a REST API that would allow something external to say "start discarding" and "stop discarding" in a more dynamic way than rsyslog currently can. But this just my opinion. If someone would embed alerting functionality in rsyslog, I would definitely welcome it. I'm just suggesting that this effort may be better invested elsewhere. For example, in exposing API for external stuff to control what rsyslog does, and let each tool do what it does best. Best regards, Radu 2014/1/17 Nick Syslog <[email protected]> > Would it be possible/feasible to consider adding some sort of queue > alerting features to the server in order to more closely monitor when > queuing could potentially get out of control? (or maybe this has > already being suggested...) > > Something along the lines of the following (parameter options in > parenthesis): > queue.alerttype (email, syslog, snmp, etc.) queue.alertaddress (IP, > email address list, hostname) queue.alertthreshold (# of Files,Queue > File Size Total, OnQueue) > > In this manner you could potentially generate an alert any time > something goes from Direct to DA queuing (OnQueue), or you could > specify a specific number of queue files or total queue file size to > begin generating messages. > > This is something easily done through operational scripts now but > would be a cool feature to have for those of us wanting to closely > monitor queuing events. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
