[hobbit] System Log Monitoring

Kruse, Jason K. jason.kruse at teldta.com
Fri Aug 12 18:31:48 CEST 2005


> -----Original Message-----
> From: henrik at hswn.dk [mailto:henrik at hswn.dk]
> 
> Also, I'd really like to have some mechanism for alerting different
> people depending on what log-entry triggers an alert. (Same goes for
> the "procs" and perhaps "disk" olumns, by the way - but I know how
> to implement that).
> 
> So ideas and suggestions are welcome.

I hacked up big brother to do this and was going to try to get this for
hobbit when I had free time. I'd post code but I'm not sure if I'm legally
allowed.

I created a new config file I called the twitchtab.  Each entry was:
Hostname ; service ; specific item ; people to page ; people to not page

I have a wrapper script that parses each service and the warnrules to create
the people to page/ignore entry to put in the file.  This needs to be
consistent with warnrules since I trigger the check after a match of a
notification being sent.

Messages have a specific item of 'file : " string you matched on "'.

I use perl so some of this might be harder in C.  Basically I read until
'&pagelevel /filename (scanned at ...)', parse the filename and set a hash
with the list of recipients.  I then read until the next &color /filename,
checking each line to see if our string is found.  Each line is treated as
having it's own list of recipients with a tally being done at the end to
find who really gets notified.  At the end I walk the hash and create the
final list of recipients.  Usually it's the same list as the beginning since
it's hard to account for all items that may be put in the log.

Anyhow, I'm really looking forward to this since it would be one less thing
I need to support myself.

Jason



More information about the Xymon mailing list