1

How best to monitor and alert on the absence of an event in the logs?

view story
linux-howto

http://serverfault.com – With logs getting captured in syslog-ng, I'd like to be able to automatically monitor the logs and receive an alert if NO log events appear that match a certain criteria. For instance, for a subscription-based website, if 6 hours elapse with no orders, then email or text this person or group of people. What is a good way to do that? (HowTos)

xskl's picture
Submitted by xskl on 10/11/2012

Stories similar to How best to monitor and alert on the absence of an event in the logs?

The swatch program (simple watcher) can monitor all sorts of logs and respond to certain events when they occur. Its concept is quite simple. Swatch will monitor a logfile for us , for example, /var/log/syslog, and when a specific event occurs (these events are configured in the swatch config file) and are logged in the [...]

I am using Amazon Spot Instances to crawl a lot data. Most of them run until Amazon terminates them once the current price exceeds our max bid.

I need to monitor and mainly archive the logs generated in those spot instances. Those logs are very important for debugging and analytics. We have application logs, system logs such as syslog, secure log.

Syslog lag, dropping data 2 years 21 weeks ago

Hello,

My issue here is that rsyslog seems to be dropping data. I first installed Debian 5 on a old HP Proliant server that has 1gb of ram and 1TB of storage in old ass disk array. While the server is old it is not THAT old and runs all tasks fine. I pushed my firewall traffic logs plus some Windows server event logs to this server.

Monitor Apache Logs? 3 years 29 weeks ago

I have few webiste running on my Fedora 11 Web Server. What tool can ease me to monitor the Logs. Here I can see whenver the http service is restarted it creates logs as error_log.1, erro_log.2..adn so on. How can I manager these and monitor through GUI tool.

Hi,

I am using syslog Facility6 for the logs generated by an application. I have appended the following line in the /etc/syslog.conf

local6.* /var/log/app.log

And my application logs are successfully getting created in /var/log/app.log.

On Windows Server 2003 I have an alert configured in "Performance" based on a counter.

On our server we have (or you should have) tons of logs generated, logs from various daemons (ssh, iptables, monit, fail2ban), services (apache. nginx, bind, ftp, etc.) and system logs (syslog, messages, kernel).

So i’m sure that every day you check these logs and look if something bad has happened, right ?

How many logs/second can usually be handled by syslog servers? By syslog servers, I am referring to rsyslog, syslog-ng, splunk etc. The intent of the question is to find out at what logs/second rate the OS (Linux kernel >=3.0) becomes bottle-neck.

So far, I am able to forward about 10,000 logs/sec using UDP. If I increase the rate, logs start getting dropped.

monitor new logs 40 weeks 2 days ago

I would like to monitor logfile for specific keyword and send email once detected. I'm trying out the code here, the script is scheduled to run every minute. Everytime it runs, the same log will be detected and send email.