Re: [Simple-evcorr-users] rsyslog sending directly log to sec

Tue, 12 Apr 2016 13:02:57 -0700 

Great, thanks! I will try right away

El El mar, 12 de abr. de 2016 a las 4:59 p.m., David Lang <da...@lang.hm>
escribió:

> What I do is:
>
> module(load="omprog")
> $template myformat,"%hostname%"
>
> action(type="omprog" name="myname" binary="/usr/bin/sec
> --conf=/etc/sec/myname --intevents --intcontexts
> --dump=/tmp/dumpfile.myname --debug=3 --log=/var/log/sec-myname
> --notail --input -" template="myformat" hup.signal="USR2")
>
>
> this is messy, but it does a lot of things
>
> omprog is the rsyslog module that will start a program, restart it if it
> dies,
> etc.
>
> defining myformat lets me pass things to sec in a format easy for sec to
> understand (regex parsing is horribly slow)
>
> then in the action, I call sec with a bunch of parameters so that it logs
> to a
> file (but not too much), has a dumpfile defined, creates events and
> contexts for
> startup/shutdown/restart, and when rsyslog is sent a HUP to roll it's
> logs, sec
> will get USR2 instead of HUP so it won't do a full shutdown/restart
>
> David Lang
>
> On Tue, 12 Apr 2016, Martin Etcheverry wrote:
>
> > Date: Tue, 12 Apr 2016 16:08:35 -0300
> > From: Martin Etcheverry <mar...@etcheverri.com>
> > To: simple-evcorr-users@lists.sourceforge.net
> > Subject: [Simple-evcorr-users] rsyslog sending directly log to sec
> >
> > Hi , i am a noob with sec, i already have a rsyslog sending all logs to
> > elasticsearch, but i want that some specific events sec triggers a mail
> to
> > me.
> > Maybe is a always asked question , but i didn´t find information about
> > rsyslog sending the logs (without a file) directly to sec.
> >
> > Thanks in advance for any hint
> >
> > Best Regards
> >                   Martin
> >
> > --
> >

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to