Thanks you for your quick reply, I knew that SEC would be the next step for the log management system i set up. I just hoped that rsyslog could support a simple comparison of the last n log of a specific host/severity
>>if you get the same message from two different machines do you consider it the same message or two different messages, both of which should generate alerts? I'm considering two different alert in order to see the impact that a link failure could have on each host for example. The main issue is that an alert is lost. I don't really care about alerting every critical log in the 5 minute window. Just want to see which host is complaining and briefly what it is saying. A solution might be to divide my configuration with Rainerscript to put the logs in different action for each host. But for scalability reason i'm not really sure to implement this. i remain curious to know what is the outcome of using imfile with ommail. If you can go further on on this point of configuration it will be great. -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/How-to-Improve-ommail-triggering-with-imfile-tp7587777p7587785.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
