On 31.8.2012 08:03, C. L. Martinez wrote: > On Thu, Aug 30, 2012 at 3:58 PM, Peter Eckel > <lists-niwe9psneptucvzx32v...@public.gmane.org> wrote: >> Hi, >> >>> Uhmm .. I am reading the docs about SEC, but it only speaks about >>> event correlation ... How do you do to check if syslog is receiving >>> data?? >> >> essentially you set up SEC to watch for the syslog log file where the data >> are supposed to go, set up a 'Single' rule that creates a context with a >> lifetime of your choice that has a shellcmd attached to it that sends a mail >> if it expires. >> >> The context will be refreshed everytime a message comes in. If no message >> arrives for your given expiry period, it will send a mail. >> ... >> Not very sophisticated (and I have not tested it, so it might contain >> errors), but something very similar to it should do the trick. >> > > It is a really good approach if I use plain log files ... But this > syslog process acts as a syslog server and stores logs in a mysql > DB... >
Ask the DB. something like select count(*) from syslog where host = 'x' or host = 'y' and date > z; You could make this into a nagios or zabbix check or whatever you use for monitoring and let this handle the notification. -- Kind Regards, Markus Falb
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
