*realtime* syslog monitoring/alerting with Rsyslog?
So I am using Rsyslog as a replacement for the standard syslog daemon on my syslog server. I use Rsyslog's functionality of logging to a MySQL DB rather than plaintext files, this allows for easy searching and management via a php web interface. Rsyslog has been working well on a quad PIII box with MySQL; currently there are only about 33k syslog messages in the DB and searches are fast. Now that I have proved the central storage of logs to be stable, I would like to add alerting based on expressions into the mix.....
I am aware of some software packages that can monitor system logs using tail, however one of the main reasons I am using Rsyslog is to have the web interface/searching of the logs. I would like to set up a system where I am alerted/emailed when various expressions are found in the logs.
How can this be done with Rsyslog using a MySQL DB as storage? I dont want to have to write to both a DB and plaintext files, as this is wasteful. I am sure a perl/php script could be written and put in crontab every n-minutes to search for expressions in the DB, however this would get increasingly taxing as the syslog db grows...also I'd have to severly brush up on my skills if I went the perl route =)
So....the end question is, does anyone know if some kind of modification which coul dbe made to Rsyslog, which would allow for realtime monitoring and alerting of the messages passing *though* rsyslog? Also, if anyone has seen a php/perl crontab job as I mentioned, let me know, it cant hurt to try that as well.