On Fri, 17 Jan 2014, Radu Gheorghe wrote:
I think embedding alerting functionality in rsyslog would be out of its
scope. For example, threshold-based alerts are often criticized for being
too rigid, so monitoring systems tend to add different algorithms to detect
anomalies.
My current favorite example is alerting on webserver traffic load.
There is some level of load that you want to alert on at 3am on Sunday morning
because the traffic is heavy enough that it indicates very unsuaual (potentially
malicious) activity.
But that same level of traffic at 9am on Monday morning should generate an alert
because the traffic is so low that it indicates something is broken and users
are not able to get to your site.
you can't do this with fixed thresholds.
fixed thresholds only have a chance of working when you set them on the basis
that the hardware can only do so much, and you want to be warned when you get to
that point.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
