hi Martin,
the FAQ entry has been updated as promised:
http://simple-evcorr.github.io/FAQ.html#2
Also, thank you David for providing a reminder about the hup.signal option
-- I've included it in the FAQ example.
kind regards,
risto
2016-04-12 23:02 GMT+03:00 Risto Vaarandi <risto.vaara...@gmail.com>:
> hi Martin,
> that's a very good question. Since you want to avoid creating an extra
> file on disk, the best communication option is a pipe from rsyslog to sec.
> The rsyslog's omprog module allows for running another program and feeding
> events to the standard input of the program through a pipe. In the sec FAQ,
> there is a relevant entry for rsyslog v5 which provides a simple
> configuration example:
> http://simple-evcorr.github.io/FAQ.html#2
>
> It is important to note that sec has to be started with the --notail
> option from rsyslog, for example:
> sec --conf=/etc/sec/sec.conf --notail --input=-
>
> The --notail option ensures that when rsyslog closes the write end of the
> pipe, the sec process will terminate. Without --notail, many redundant sec
> processes can accumulate over time which have to be taken down manually.
>
> Also, since the FAQ entry covers an older version of rsyslog, I'll try to
> update it for rsyslog v8 during the next couple of days.
>
> kind regards,
> risto
>
> 2016-04-12 22:08 GMT+03:00 Martin Etcheverry <mar...@etcheverri.com>:
>
>> Hi , i am a noob with sec, i already have a rsyslog sending all logs to
>> elasticsearch, but i want that some specific events sec triggers a mail to
>> me.
>> Maybe is a always asked question , but i didnĀ“t find information about
>> rsyslog sending the logs (without a file) directly to sec.
>>
>> Thanks in advance for any hint
>>
>> Best Regards
>> Martin
>>
>> --
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>
>>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
