[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] System Log Monitoring
- To: "'hobbit (at) hswn.dk'" <hobbit (at) hswn.dk>
- Subject: RE: [hobbit] System Log Monitoring
- From: "Kruse, Jason K." <jason.kruse (at) teldta.com>
- Date: Fri, 12 Aug 2005 11:31:48 -0500
> -----Original Message-----
> From: henrik (at) hswn.dk [mailto:henrik (at) hswn.dk]
>
> Also, I'd really like to have some mechanism for alerting different
> people depending on what log-entry triggers an alert. (Same goes for
> the "procs" and perhaps "disk" olumns, by the way - but I know how
> to implement that).
>
> So ideas and suggestions are welcome.
I hacked up big brother to do this and was going to try to get this for
hobbit when I had free time. I'd post code but I'm not sure if I'm legally
allowed.
I created a new config file I called the twitchtab. Each entry was:
Hostname ; service ; specific item ; people to page ; people to not page
I have a wrapper script that parses each service and the warnrules to create
the people to page/ignore entry to put in the file. This needs to be
consistent with warnrules since I trigger the check after a match of a
notification being sent.
Messages have a specific item of 'file : " string you matched on "'.
I use perl so some of this might be harder in C. Basically I read until
'&pagelevel /filename (scanned at ...)', parse the filename and set a hash
with the list of recipients. I then read until the next &color /filename,
checking each line to see if our string is found. Each line is treated as
having it's own list of recipients with a tally being done at the end to
find who really gets notified. At the end I walk the hash and create the
final list of recipients. Usually it's the same list as the beginning since
it's hard to account for all items that may be put in the log.
Anyhow, I'm really looking forward to this since it would be one less thing
I need to support myself.
Jason