Package: monit Version: 1:5.27.2-1 Severity: wishlist I had something like this:
check host example.com address example.com if failed port 514 type udp then alert This causes the receiving rsyslog to log a weird event, like this: 2022-10-26 19:09:49+11:00 example.net : where we would expect more like 2022-10-26 19:09:49+11:00 example.net frobozzd[123]: success I did a little bit of reading, and this seems to be Good EnoughTM: check host example.com address example.com if failed port 514 type udp # https://www.rfc-editor.org/rfc/rfc5424#section-6.5 # 15 = LOG_USER (1) × 8 + LOG_DEBUG (7) # syslog version 1 (RFC 5424) # unknown time (-) # hard-coded hostname (heavy) # process name (monit) # unknown process ID (-) # no structured data (-) # no message ID (-) # a test message send "<15>1 - example.net monit - - - testing if 514/UDP is open" then alert However it'd be nicer if I could just write check host example.com address example.com if failed port 514 type udp protocol syslog then alert Can that "send" be baked into monit's C code in src/protocols/syslog.c ? If so, it could also be a little bit better, e.g. include correct timestamp, hostname, and PID. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-0.deb11.4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled