I agree that alerting is outside the scope of rsyslog, but I think that values
like this should be exposed to the config (a variation on global variables)
At that point, they could be used in filter rules if you wanted to do so, but a
better thing would be to output them and let an external tool do the alerting.
David Lang
On Fri, 17 Jan 2014, Radu Gheorghe wrote:
Hi Nick,
There's queue.discardmark and queue.discardseverity which helps keep queue
sizes in check.
Other than that, I guess it's best to monitor queue sizes with impstats and
do alerting and actions with your monitoring system. For example
Nagios/Shinken can give you those things.
WARNING! Opinion ahead! :)
I think embedding alerting functionality in rsyslog would be out of its
scope. For example, threshold-based alerts are often criticized for being
too rigid, so monitoring systems tend to add different algorithms to detect
anomalies. One example from our product SPM:
http://blog.sematext.com/2013/10/15/introducing-algolerts-anomaly-detection-alerts/
That's why I believe alerts and actions are best done outside rsyslog. Even
the current discard action, for example, could have a REST API that would
allow something external to say "start discarding" and "stop discarding" in
a more dynamic way than rsyslog currently can.
But this just my opinion. If someone would embed alerting functionality in
rsyslog, I would definitely welcome it. I'm just suggesting that this
effort may be better invested elsewhere. For example, in exposing API for
external stuff to control what rsyslog does, and let each tool do what it
does best.
Best regards,
Radu
2014/1/17 Nick Syslog <[email protected]>
Would it be possible/feasible to consider adding some sort of queue
alerting features to the server in order to more closely monitor when
queuing could potentially get out of control? (or maybe this has already
being suggested...)
Something along the lines of the following (parameter options in
parenthesis):
queue.alerttype (email, syslog, snmp, etc.)
queue.alertaddress (IP, email address list, hostname)
queue.alertthreshold (# of Files,Queue File Size Total, OnQueue)
In this manner you could potentially generate an alert any time something
goes from Direct to DA queuing (OnQueue), or you could specify a specific
number of queue files or total queue file size to begin generating
messages.
This is something easily done through operational scripts now but would be
a cool feature to have for those of us wanting to closely monitor queuing
events.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
