Running Hobbit version 4.2.0 all-in-one patch dated 2007-02-09 10:30 UTC.
OS: Redhat AS 5
I have searched thru the Hobbit Archive for ways to best pattern match in log files. What I have is working to the extent of what I believe hobbit will support "out of the box"
Has anyone been able to do the following:
1.) In Hobbit today with version 4.2.0 log file alerts happen once in a 30 minute window even if you have more than one occurrence. Has anyone been able to change this behavior to a smaller window? "maybe 4.3.0 has something new?"
2.) Another feature that I am looking for is thresholding. If I throw 10 messages "that match" into a log in X time frame say 15 minutes or 30 minutes and so on I don't want to get notified but if I throw 11 into the log I do. Is there any way to do this? Another script to do the work and then send to another log file and have hobbit alert on that maybe?