I'd approach it from a "functional" point of view. Have some host
generate a message periodicaly, send it via RELP to your destination
host, make a rule that outputs this message to a file and check that
file for a message written recently. This way you check the whole
process. If you send the data from the rsyslog further down to some log
management or SIEM solution, you can even check the whole process by
checking for the message on the final destination.
It has nothing to do with rsyslog itself it's just how you do such
checks - look for a string on returned web page, send an email and check
whether it gets delivered and so on.
On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
Hi,
In the past I've used a standard check_tcp Nagios plugin to confirm that
rsyslog was accessible on our receivers. This produces a bit of noise in the
logs since the connections don't follow what I assume would be standard client
connect/disconnect behavior. I've always ignored the noise as it's
intermittent, but figured it might be worth crafting a proper check.
I'd like to craft a plugin that sends a small test message to rsyslog via RELP
(since that is what we're primarily using). I'd setup a rule in rsyslog to
match/ignore it, but receiving it would be enough for a future Nagios check to
confirm (that at a basic level) remote rsyslog connections are working.
Any pointers? I considered digging into the C source code, but I don't think my
skills are up for that task just yet.
Thanks in advance.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
