hi Martin,
that's a very good question. Since you want to avoid creating an extra file
on disk, the best communication option is a pipe from rsyslog to sec. The
rsyslog's omprog module allows for running another program and feeding
events to the standard input of the program through a pipe. In the sec FAQ,
there is a relevant entry for rsyslog v5 which provides a simple
configuration example:
http://simple-evcorr.github.io/FAQ.html#2
It is important to note that sec has to be started with the --notail option
from rsyslog, for example:
sec --conf=/etc/sec/sec.conf --notail --input=-
The --notail option ensures that when rsyslog closes the write end of the
pipe, the sec process will terminate. Without --notail, many redundant sec
processes can accumulate over time which have to be taken down manually.
Also, since the FAQ entry covers an older version of rsyslog, I'll try to
update it for rsyslog v8 during the next couple of days.
kind regards,
risto
2016-04-12 22:08 GMT+03:00 Martin Etcheverry <mar...@etcheverri.com>:
> Hi , i am a noob with sec, i already have a rsyslog sending all logs to
> elasticsearch, but i want that some specific events sec triggers a mail to
> me.
> Maybe is a always asked question , but i didnĀ“t find information about
> rsyslog sending the logs (without a file) directly to sec.
>
> Thanks in advance for any hint
>
> Best Regards
> Martin
>
> --
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
