I have a requirement to monitor application log files and have alerts on
certain patterns. I would use the logwatch plugin, but unfortunately it
frequently exists because of limits we had to set on the time it is
allowed to run.
Now I've been thinking to create a small daemon that monitors the file
(similar to tail -F or so) and matches new lines against defined
patterns. I would like this daemon to use a configuration file similar
to logwatch.cfg and have it write matching lines to a cache file. A
plugin could then be written to read the cached file every time the
check_mk agent is queried.
Is anyone familiar with an existing solution for this? If not, I'll
probably try to write something myself, but I'm not sure that this will
result in high quality code. If anyone else should be willing to give
this a try, I've already found that pyinotify can be used for this as
well as an example on StackOverflow[1] that illustrates how it can be
used.
Any help, suggestions and ideas are greatly appreciated.
I have a requirement to monitor application log files and have alerts on certain patterns. I would use the logwatch plugin, but unfortunately it frequently exists because of limits we had to set on the time it is allowed to run.
Now I've been thinking to create a small daemon that monitors the file (similar to tail -F or so) and matches new lines against defined patterns. I would like this daemon to use a configuration file similar to logwatch.cfg and have it write matching lines to a cache file. A plugin could then be written to read the cached file every time the check_mk agent is queried.
Is anyone familiar with an existing solution for this? If not, I'll probably try to write something myself, but I'm not sure that this will result in high quality code. If anyone else should be willing to give this a try, I've already found that pyinotify can be used for this as well as an example on StackOverflow[1] that illustrates how it can be used.
Any help, suggestions and ideas are greatly appreciated.
Regards,
Paul
[1] http://stackoverflow.com/questions/17823487/using-pyinotify-to-live-refresh-displayed-file
_______________________________________________
checkmk-en mailing list checkmk-en@lists.mathias-kettner.de http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
More of an idea than an answer. Many years ago I always deployed SWATCH a simple log monitor that has configurable actions. Still available on sourceforge.