Alering on log file entries
Hello all,
I have a requirement to monitor a number of log files on one system and to page different people depending on what it sees in the different files. From what I can tell, this functionality is not available. Am I wrong here?
My thoughts on setting this up would be to clone and modify the existing bb-msgs feeder script to accept a different config file and report as a different test and then through hobbit, set up alerts to the different group for the additional test.
Is this a sound approach or is there a better way?
Cheers
Phil
======================================================= IMPORTANT INFORMATION
This message and any files transmitted with it are confidential and should be read only by those persons to whom it is addressed. If you have received this message in error, please notify us immediately by way of reply. Please also destroy and delete the message from your computer. Any unauthorised form of reproduction of this message is strictly prohibited.
It is the duty of the recipient to virus scan and otherwise test the information provided before loading on to any computer system. No warranty is given or made by Asgard Wealth Solutions Limited, Asgard Capital Management Limited or SECURITOR Financial Group Limited that the information is free of a virus or any other defect or error and they will not be liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt.
Any views expressed in this message are those of the individual sender, except where the sender specifically states they are the views of Asgard Wealth Solutions Limited, Asgard Capital Management Limited or SECURITOR Financial Group Limited, as the case may be.
=======================================================
Wild, Phil wrote:
Hello all,
I have a requirement to monitor a number of log files on one system and to page different people depending on what it sees in the different files. From what I can tell, this functionality is not available. Am I wrong here?
My thoughts on setting this up would be to clone and modify the existing bb-msgs feeder script to accept a different config file and report as a different test and then through hobbit, set up alerts to the different group for the additional test.
Is this a sound approach or is there a better way?
Cheers
Phil
======================================================= IMPORTANT INFORMATION
This message and any files transmitted with it are confidential and should be read only by those persons to whom it is addressed. If you have received this message in error, please notify us immediately by way of reply. Please also destroy and delete the message from your computer. Any unauthorised form of reproduction of this message is strictly prohibited.
It is the duty of the recipient to virus scan and otherwise test the information provided before loading on to any computer system. No warranty is given or made by Asgard Wealth Solutions Limited, Asgard Capital Management Limited or SECURITOR Financial Group Limited that the information is free of a virus or any other defect or error and they will not be liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt.
Any views expressed in this message are those of the individual sender, except where the sender specifically states they are the views of Asgard Wealth Solutions Limited, Asgard Capital Management Limited or SECURITOR Financial Group Limited, as the case may be.
=======================================================
We have exactely same requirements.
We did clone bb-msgs when we were using Big Brother and have not yet integrated this feature on our Hobbit system. I don't think there is a better to this at the moment but maybe Henrik could think about this ;-)
Dominique UNIL - University of Lausanne
In <446C0A01.7030900 at unil.ch> Dominique Frise <Dominique.Frise at unil.ch> writes:
Wild, Phil wrote:
Hello all,
I have a requirement to monitor a number of log files on one system and to page different people depending on what it sees in the different files. From what I can tell, this functionality is not available. Am I wrong here?
My thoughts on setting this up would be to clone and modify the existing bb-msgs feeder script to accept a different config file and report as a different test and then through hobbit, set up alerts to the different group for the additional test.
Is this a sound approach or is there a better way?
We have exactely same requirements.
We did clone bb-msgs when we were using Big Brother and have not yet integrated this feature on our Hobbit system. I don't think there is a better to this at the moment but maybe Henrik could think about this ;-)
I have been thinking about this, actually :-) It is one case of several where it would be useful to direct alerts triggered by one status to different people. Think disk-alerts, or processes, or web applications.
This was discussed briefly back in November, see the thread starting with http://www.hswn.dk/hobbiton/2005/11/msg00159.html
Let me just say that it is being worked on.
Regards, Henrik
-- Henrik Storner
Henrik Storner wrote:
In <446C0A01.7030900 at unil.ch> Dominique Frise <Dominique.Frise at unil.ch> writes:
Wild, Phil wrote:
Hello all,
I have a requirement to monitor a number of log files on one system and to page different people depending on what it sees in the different files. From what I can tell, this functionality is not available. Am I wrong here?
My thoughts on setting this up would be to clone and modify the existing bb-msgs feeder script to accept a different config file and report as a different test and then through hobbit, set up alerts to the different group for the additional test.
Is this a sound approach or is there a better way?
We have exactely same requirements.
We did clone bb-msgs when we were using Big Brother and have not yet integrated this feature on our Hobbit system. I don't think there is a better to this at the moment but maybe Henrik could think about this ;-)
I have been thinking about this, actually :-) It is one case of several where it would be useful to direct alerts triggered by one status to different people. Think disk-alerts, or processes, or web applications.
This was discussed briefly back in November, see the thread starting with http://www.hswn.dk/hobbiton/2005/11/msg00159.html
Let me just say that it is being worked on.
Regards, Henrik
Henrik,
Is it going to be integrated in 4.2?
Dominique UNIL - University of Lausanne
In Hobbit 4.2, you can associate each rule in the hobbit-clients.cfg file with a "group". E.g.
HOST=db1.foo.com DISK %^/oracle 95 98 GROUP=dba DISK / 90 95 GROUP=admins PROC sshd GROUP=admins PROC httpd GROUP=webmasters
When the client message is analyzed and the status messages are generated, the group-names of any rules that result in a yellow or red status are combined into a group list, and the status message it then "tagged" with this group-list.
So using the example above, if the /oracle/db1 filesystem is at 96%, then the "disk" status is tagged with a "dba" group. If the root filesystem is at 99%, then the "disk" status is tagged with an "admins" group. If both happen, the "disk" status is tagged with a group-list "admins,dba".
Likewise, if the "sshd" process is missing, the "procs" status is tagged with the "admins" group; if there is not "httpd" process, then it is tagged with the "webmasters" group.
These groups can then be referenced in the hobbit-alerts.cfg file. E.g. if "john" takes care of the DB problems, "sue" is the webmaster, and "bob" handles the normal admin problems, then hobbit-alerts.cfg might have this:
HOST=db1.foo.com MAIL john at foo.com GROUP=dba MAIL bob at foo.com GROUP=admins MAIL sue at foo.com GROUP=webmasters
Or perhaps you'll just base the alerts on the groups, and have
GROUP=dba MAIL john at foo.com GROUP=admins MAIL bob at foo.com GROUP=webmasters MAIL sue at foo.com
Note that this "group-thing" will NOT work with the old BB clients; you must use a real Hobbit client. But I gotta get you guys upgrading, so this is my cunning scheme to make all of you to stop using the BB client :-)
Also, currently this is only for client-side stuff - not for network tests (eg. it might be relevant to direct "http" alerts to different people, depending on which of the 5 URL's you check is down). That is for a later release.
You can grab the current snapshot and play with it, but be warned that I added this code yesterday and haven't had time to test it much - will do that over the week-end while I have on-call duty (hopefully nothing will happen).
Regards, Henrik
participants (3)
-
Dominique.Frise@unil.ch
-
henrik@hswn.dk
-
Phil.Wild@asgardwealthsolutions.com.au