I'm using date based file output in SEC and rsyslog to feed it, but I
noticed SEC was not changing to the new date file.
So, I setup logrotate to restart rsyslog, and set SEC 2.7.4 to --notail
and now the files are being logged properly in the appropriate day (after
the logrotate runs )
But, I like to use an internal context to do a syslog heartbeat so to
speak, and since i'm now restarting nightly this is really not that useful.
#set up syslog heartbeat
type=single
ptype=regexp
pattern=^\d+-\d+-\S+\s(\S+)\s+
continue=takenext
desc=[SEC-W] Have not received syslogs from $1 in 12 Hours
action=create HEARTBEAT_$1 43200 (shellcmd echo $0 | /usr/local/sbin/
sec_mail.pl '%s' '%e' )
I do set the SEC dumpfile, but i'm not sure that its maintaining this state
as SEC restarts.
/usr/local/sbin/sec --conf=/usr/local/etc/sec/$CONF
--pid=/tmp/sec-$CONF.pid --dump=/tmp/sec-$CONF.dump --debug=5
--syslog=local1 --intevents --input=- --notail
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
