[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Logfile monitoring - I'd like some comments



Henrik,

Well, may be, we could look at logcheck project. http://logcheck.org .
I installed it once and the idea was nice.
Every log message was considered as alerts until you create the regexp to
ignore it.
So, of course, the first days, we would get a lot of alerts on msgs until
the database has all the common regular expression. It would be called the
"learning time". The nice thing is : if one day, new unknown messages is
sent by a client, we are sure to get an alert until we add it to the regexp
database.


So, the knowledge database could of course contain include to be able to
have some special regulars databases depending the os, the group, the host
or the application type to be able to organize clearly the regexp database.
All regexp entries in the database would include the alert type and help
notes  to understand alerts as  you all said.


To get configuration from the hobbit server, I think the actual protocol
would may be need an extra word  :



The actual config message is sent from the client to the hobbit server with
only one argument the filename :

Config <filename>


I think for the future, it will be easyer if you implement config message
like this :

Config <filename> <hostname>


 (sorry for the bad English)

--
Etienne