[rsyslog] Log watch software
Gerrard Geldenhuis
Gerrard.Geldenhuis at datacash.com
Fri Mar 7 10:34:17 CET 2008
> Let me hijack this thread to share an idea. Rsyslog has a lot of
> infrastructure in place. Once I am finished with the essentials (which
> will of course be in a few month...), I'd like to put that
> infrastructure to better use than just drive the simple outputs we
> currently have. One thing I have on my mind is an output plugin which
> stores (hashes) of all message within a timeframe (e.g. last 7 days).
> Then, when a new message comes in, it compares it to all previous
> messages and emits a special message itself if the message occured
less
> than "n" times in the past. I think this goes into the direction of
what
> you are looking for.
>
> But would it generally be considered to be a useful idea? Even though
we
> are months away from an implementation, feedack would be very valuable
> to me as it helps me shape my mid- to long-term direction.
>
> Rainer
Just thinking out loud... it would be very cool if one could build in
some AI in such a plugin. You could then spend time "training" the
plugin and buying "trained" AI's to regonize certain patterns in the
logs etc.
Regards
More information about the rsyslog
mailing list