-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/04/10 06:08 AM, Kevin Keane wrote: > I would like to find a way to monitor syslog entries using rsyslog 4.4 > rules before they are ever written to a log file. The log parsing > plugins I found on MonitoringExchange aren?t useful for my purpose. > > > > I have three main requirements: > > - I need to have ?negative logic?: I want to provide a list of > patterns NOT to forward to Nagios ? all unknown log entries should be > sent to nagios. > > - It needs to be realtime, or nearly so. Ideally, I?d like to > use rsyslog rules to classify log messages and forward them to Nagios as > passive-check results. > > - It needs to be reasonably high performance. This syslog > receives quite a few log entries per second (most of which would be > discarded of course). > > > > Has anybody else already done something like this?
I wrote one, although it's really implemented toward Windows Event logs sent to syslog with EvtSys. http://solaris.beaubien.net/~dermoth/pages/nagios/windows-eventlog.php A more generic project would be EventDB, although I never tried it. http://www.nagioswiki.org/wiki/Addon:EventDb - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFLwqeN6dZ+Kt5BchYRAuffAJ9QOZcHcagSciPUZfYobLbCIXUCoQCg+tlH Cwq4nirqagA8dA5PBeVWtDw= =X7bC -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
