Oh, and one thing i forgot: what makes an event identical? Same message except timestamp - or what (eg same host, same tag, ...)
rainer ----- Ursprüngliche Nachricht ----- Von: "Rainer Gerhards" <[EMAIL PROTECTED]> An: "Julian Yap" <[EMAIL PROTECTED]> Cc: "[email protected]" <[email protected]> Gesendet: 31.07.08 22:39 Betreff: Re: [rsyslog] Alert when multiple repeated lines are found To clarify: be "a" the event in question and "b" any other event. Two samples of an event sequence: 1. a - a - a - b 2. a - a - b - a Result: in case 1 an alert is triggered, in case 2 not. Is this understanding correct? rainer ----- Ursprüngliche Nachricht ----- Von: "Julian Yap" <[EMAIL PROTECTED]> An: "rsyslog-users" <[email protected]> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Gesendet: 31.07.08 21:59 Betreff: Re: [rsyslog] Alert when multiple repeated lines are found That's pretty much it for now. I've written Alerts for single line events. But for one particular event, it's only really a factor if it happens tree times in a row. On Thu, Jul 31, 2008 at 8:37 AM, Rainer Gerhards <[EMAIL PROTECTED]> wrote: > What exactly do you need to do except the "three in a row" alert? > > ----- Ursprüngliche Nachricht ----- > Von: "Julian Yap" <[EMAIL PROTECTED]> > An: "rsyslog-users" <[email protected]> > Gesendet: 31.07.08 20:27 > Betreff: Re: [rsyslog] Alert when multiple repeated lines are found > > Hmm, Nagios is a pain to set up. Looking for something more light > weight... Was hoping that I could have consolidated lots of Alerts > under Rsyslog. > > Any other suggestions besides Swatch? > > > > On 7/31/08, (private) HKS <[EMAIL PROTECTED]> wrote: >> Not in rsyslogd itself, but you could do this with Swatch, Nagios, or >> some other monitoring-type software. >> >> -HKS >> >> On Wed, Jul 30, 2008 at 6:18 PM, Julian Yap <[EMAIL PROTECTED]> wrote: >>> Is there a way to set an Alert when multiple repeated lines are found in a >>> log? >>> >>> I want to spawn an email Alert if a message is received 3 times. >>> >>> Example log lines: >>> Jul 30 04:19:29 localhost program: Error detected >>> Jul 30 05:19:29 localhost program: Error detected >>> Jul 30 06:19:29 localhost program: Error detected >>> >>> Thanks, >>> Julian >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
