Hi, Im thinking about how to monitor important messages on central rsyslog server via nagios. I've got nagios monitoring various services on several servers on a network. Some servers are sending syslog to rsyslog central server.
In general, There are two ways of syslog messages monitoring: a) when rsyslog recieves message i want to know about, it can send notification to nagios (i want to send notification via nagios because i want only one system maintain notification and nagios do it a good way). Rsyslog is parsing all syslog messages comming from remote hosts, so one more parsing for this purpose will not be a big overhead. b) parse logs by nagios itself (by special plugin). Parsing all syslogs by nagios will lead to bigger overhead as syslogs are parsed twice - by rsyslog AND nagios. As i dont want to parse all syslogs comming from every remote server twice, i prefer to use variant a) - to notify nagios via rsyslog. Rsyslog is able to run any shell script or run some actions as response to specific syslog messages comming from remote machines. For example: i have rsyslog set to send me an e-mail when syslog-message that came from remote server to central rsyslog server fulfill: - syslogtag = mdadm - severity >= warning (to notify me when raid problems occur, i know i can monitor raid status with nagios itself, its just an example :-)) What is the best way to notify nagios by rsyslog that there is some problem in syslog? snmp traps? Best regards Jiri
------------------------------------------------------------------------------
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null