FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-30-2012, 09:52 AM
"C. L. Martinez"
 
Default OT: Tool for monitoring traffic IP reception

Hi all,

I am searching some lightweight tool to control when rsyslog didn't
receive events from a
specific host or group of hosts for x minutes/seconds.

Only a simple tool to send an email when an alert is triggered, I
don't need flat tools like zabbix or similars.

Does anyone know any?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-30-2012, 12:28 PM
Peter Eckel
 
Default OT: Tool for monitoring traffic IP reception

On 30.08.2012, at 11:52, C. L. Martinez wrote:

> I am searching some lightweight tool to control when rsyslog didn't
> receive events from a
> specific host or group of hosts for x minutes/seconds.
>
> Only a simple tool to send an email when an alert is triggered, I
> don't need flat tools like zabbix or similars.

try SEC: <http://sourceforge.net/projects/simple-evcorr/>

SEC can do a lot more, but your requirement can be implemented in a fairly simple rule. The tool is rock-solid and I've been using it in a number of projects for years.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-30-2012, 03:01 PM
"C. L. Martinez"
 
Default OT: Tool for monitoring traffic IP reception

On Thu, Aug 30, 2012 at 12:28 PM, Peter Eckel <lists@eckel-edv.de> wrote:
> On 30.08.2012, at 11:52, C. L. Martinez wrote:
>
>> I am searching some lightweight tool to control when rsyslog didn't
>> receive events from a
>> specific host or group of hosts for x minutes/seconds.
>>
>> Only a simple tool to send an email when an alert is triggered, I
>> don't need flat tools like zabbix or similars.
>
> try SEC: <http://sourceforge.net/projects/simple-evcorr/>
>
> SEC can do a lot more, but your requirement can be implemented in a fairly simple rule. The tool is rock-solid and I've been using it in a number of projects for years.
>
>

Uhmm .. I am reading the docs about SEC, but it only speaks about
event correlation ... How do you do to check if syslog is receiving
data??
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-30-2012, 03:58 PM
Peter Eckel
 
Default OT: Tool for monitoring traffic IP reception

Hi,

> Uhmm .. I am reading the docs about SEC, but it only speaks about
> event correlation ... How do you do to check if syslog is receiving
> data??

essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with a lifetime of your choice that has a shellcmd attached to it that sends a mail if it expires.

The context will be refreshed everytime a message comes in. If no message arrives for your given expiry period, it will send a mail.

You can use this as a sample to start with:

type = Single
ptype = RegExp
pattern = .*
desc = Heartbeat received
action = create HEARTBEAT_ACTIVE 720
shellcmd /bin/echo 'Alert!' | /bin/mail -s test user@example.com

Not very sophisticated (and I have not tested it, so it might contain errors), but something very similar to it should do the trick.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-30-2012, 04:28 PM
Leon Fauster
 
Default OT: Tool for monitoring traffic IP reception

Am 30.08.2012 um 11:52 schrieb C. L. Martinez:
> Hi all,
>
> I am searching some lightweight tool to control when rsyslog didn't
> receive events from a
> specific host or group of hosts for x minutes/seconds.


What are your goals?

What about monitoring the system itself?



> Only a simple tool to send an email when an alert is triggered, I
> don't need flat tools like zabbix or similars.
>
> Does anyone know any?


https://mon.wiki.kernel.org/index.php/Main_Page

not comparable to SEC but could also be used to monitor an (local) event.


--

LF
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2012, 06:03 AM
"C. L. Martinez"
 
Default OT: Tool for monitoring traffic IP reception

On Thu, Aug 30, 2012 at 3:58 PM, Peter Eckel <lists@eckel-edv.de> wrote:
> Hi,
>
>> Uhmm .. I am reading the docs about SEC, but it only speaks about
>> event correlation ... How do you do to check if syslog is receiving
>> data??
>
> essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with a lifetime of your choice that has a shellcmd attached to it that sends a mail if it expires.
>
> The context will be refreshed everytime a message comes in. If no message arrives for your given expiry period, it will send a mail.
>
> You can use this as a sample to start with:
>
> type = Single
> ptype = RegExp
> pattern = .*
> desc = Heartbeat received
> action = create HEARTBEAT_ACTIVE 720
> shellcmd /bin/echo 'Alert!' | /bin/mail -s test user@example.com
>
> Not very sophisticated (and I have not tested it, so it might contain errors), but something very similar to it should do the trick.
>

It is a really good approach if I use plain log files ... But this
syslog process acts as a syslog server and stores logs in a mysql
DB...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2012, 06:07 AM
"C. L. Martinez"
 
Default OT: Tool for monitoring traffic IP reception

On Thu, Aug 30, 2012 at 4:28 PM, Leon Fauster
<leonfauster@googlemail.com> wrote:
> Am 30.08.2012 um 11:52 schrieb C. L. Martinez:
>> Hi all,
>>
>> I am searching some lightweight tool to control when rsyslog didn't
>> receive events from a
>> specific host or group of hosts for x minutes/seconds.
>
>
> What are your goals?
>
> What about monitoring the system itself?
>
>
>
>> Only a simple tool to send an email when an alert is triggered, I
>> don't need flat tools like zabbix or similars.
>>
>> Does anyone know any?
>
>
> https://mon.wiki.kernel.org/index.php/Main_Page
>
> not comparable to SEC but could also be used to monitor an (local) event.
>
>

I only need to send an alert if syslog process doesn't receives logs
from x hosts in a defined time. Only this ... I don't need to check if
syslog process is alive (this is monitored by a Zabbix or Nagios, I am
not sure) ...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2012, 09:34 AM
Markus Falb
 
Default OT: Tool for monitoring traffic IP reception

On 31.8.2012 08:03, C. L. Martinez wrote:
> On Thu, Aug 30, 2012 at 3:58 PM, Peter Eckel <lists-NiwE9pSNePTucvZx32VAuQ@public.gmane.org> wrote:
>> Hi,
>>
>>> Uhmm .. I am reading the docs about SEC, but it only speaks about
>>> event correlation ... How do you do to check if syslog is receiving
>>> data??
>>
>> essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with a lifetime of your choice that has a shellcmd attached to it that sends a mail if it expires.
>>
>> The context will be refreshed everytime a message comes in. If no message arrives for your given expiry period, it will send a mail.
>>
...
>> Not very sophisticated (and I have not tested it, so it might contain errors), but something very similar to it should do the trick.
>>
>
> It is a really good approach if I use plain log files ... But this
> syslog process acts as a syslog server and stores logs in a mysql
> DB...
>

Ask the DB. something like
select count(*) from syslog where host = 'x' or host = 'y' and date > z;

You could make this into a nagios or zabbix check or whatever you use
for monitoring and let this handle the notification.
--
Kind Regards, Markus Falb

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org