[rsyslog] Alert when multiple repeated lines are found

Rainer Gerhards rgerhards at hq.adiscon.com
Thu Jul 31 23:19:35 CEST 2008 

Oh, and one thing i forgot: what makes an event identical? Same message except timestamp - or what (eg same host, same tag, ...)

rainer

----- Ursprüngliche Nachricht -----
Von: "Rainer Gerhards" <rgerhards at hq.adiscon.com>
An: "Julian Yap" <julianokyap at gmail.com>
Cc: "rsyslog at lists.adiscon.com" <rsyslog at lists.adiscon.com>
Gesendet: 31.07.08 22:39
Betreff: Re: [rsyslog] Alert when multiple repeated lines are found

To clarify: be "a" the event in question and "b" any other event. Two samples of an event sequence:

1. a - a - a - b
2. a - a - b - a 

Result: in case 1 an alert is triggered, in case 2 not. 

Is this understanding correct?

rainer

----- Ursprüngliche Nachricht -----
Von: "Julian Yap" <julianokyap at gmail.com>
An: "rsyslog-users" <rsyslog at lists.adiscon.com>
Cc: "rgerhards at hq.adiscon.com" <rgerhards at hq.adiscon.com>; "hks.private at gmail.com" <hks.private at gmail.com>
Gesendet: 31.07.08 21:59
Betreff: Re: [rsyslog] Alert when multiple repeated lines are found

That's pretty much it for now.  I've written Alerts for single line
events.  But for one particular event, it's only really a factor if it
happens tree times in a row.


On Thu, Jul 31, 2008 at 8:37 AM, Rainer Gerhards
<rgerhards at hq.adiscon.com> wrote:
> What exactly do you need to do except the "three in a row" alert?
>
> ----- Ursprüngliche Nachricht -----
> Von: "Julian Yap" <julianokyap at gmail.com>
> An: "rsyslog-users" <rsyslog at lists.adiscon.com>
> Gesendet: 31.07.08 20:27
> Betreff: Re: [rsyslog] Alert when multiple repeated lines are found
>
> Hmm, Nagios is a pain to set up.  Looking for something more light
> weight...  Was hoping that I could have consolidated lots of Alerts
> under Rsyslog.
>
> Any other suggestions besides Swatch?
>
>
>
> On 7/31/08, (private) HKS <hks.private at gmail.com> wrote:
>> Not in rsyslogd itself, but you could do this with Swatch, Nagios, or
>> some other monitoring-type software.
>>
>> -HKS
>>
>> On Wed, Jul 30, 2008 at 6:18 PM, Julian Yap <julianokyap at gmail.com> wrote:
>>> Is there a way to set an Alert when multiple repeated lines are found in a
>>> log?
>>>
>>> I want to spawn an email Alert if a message is received 3 times.
>>>
>>> Example log lines:
>>> Jul 30 04:19:29 localhost program: Error detected
>>> Jul 30 05:19:29 localhost program: Error detected
>>> Jul 30 06:19:29 localhost program: Error detected
>>>
>>> Thanks,
>>> Julian
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog

More information about the rsyslog mailing list