*realtime* syslog monitoring/alerting with Rsyslog?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
*realtime* syslog monitoring/alerting with Rsyslog?
So I am using Rsyslog as a replacement for the standard syslog daemon on my syslog server. I use Rsyslog's functionality of logging to a MySQL DB rather than plaintext files, this allows for easy searching and management via a php web interface. Rsyslog has been working well on a quad PIII box with MySQL; currently there are only about 33k syslog messages in the DB and searches are fast. Now that I have proved the central storage of logs to be stable, I would like to add alerting based on expressions into the mix.....
I am aware of some software packages that can monitor system logs using tail, however one of the main reasons I am using Rsyslog is to have the web interface/searching of the logs. I would like to set up a system where I am alerted/emailed when various expressions are found in the logs.
How can this be done with Rsyslog using a MySQL DB as storage? I dont want to have to write to both a DB and plaintext files, as this is wasteful. I am sure a perl/php script could be written and put in crontab every n-minutes to search for expressions in the DB, however this would get increasingly taxing as the syslog db grows...also I'd have to severly brush up on my skills if I went the perl route =)
So....the end question is, does anyone know if some kind of modification which coul dbe made to Rsyslog, which would allow for realtime monitoring and alerting of the messages passing *though* rsyslog? Also, if anyone has seen a php/perl crontab job as I mentioned, let me know, it cant hurt to try that as well.
So i found that rsyslog does support checking for specific words by means of : :msg,contains,"error" ^/usr/bin/alerter "^" is supposed to execute the following script, and send the contents of the syslog message as arguements, which can easily be dealt with using $* and email them.
However, using this methog, I recieve the following error: rsyslogd: unknown priority name "" And I know that it has to do with my /etc/rsyslog.conf line :msg,contains,"invalid" ^/usr/sbin/rsyslog_alerter;precise as I do not recieve the error (when debugging) if it is commented out. ('precise' is a correctly defined template for formatting the syslog message when sending it to the script)
I realize that this is probably a rsyslog specific deal...but perhaps there is someone out there who has seen this or soemthing comparable?
Last edited by TotalDefiance; 11-01-2005 at 10:24 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
