Hi,
My goal is to have different actions for log file monitoring.
some logs i'd like to notified by mail, and for some i'd like only to log to db (and some i'd like to ignore, but that i already achieved)
So my question is, what is the best practice here
should I create 2 log items on the same log file each with different filter?
another option, Use an action to auto-close alerts with certain tags. was wondering how to do it?
Example,
log Item:
log[/var/log/syslog,@log_filter_syslog,,,skip]
where my regex filter @log_filter_syslog is looking for the word 'ERROR'
Now after catching error lines I'd like to alert on some and to auto-close other errors that are not critical to me but i still want them to be logged in the DB for analytics.
- Mosh
My goal is to have different actions for log file monitoring.
some logs i'd like to notified by mail, and for some i'd like only to log to db (and some i'd like to ignore, but that i already achieved)
So my question is, what is the best practice here
should I create 2 log items on the same log file each with different filter?
another option, Use an action to auto-close alerts with certain tags. was wondering how to do it?
Example,
log Item:
log[/var/log/syslog,@log_filter_syslog,,,skip]
where my regex filter @log_filter_syslog is looking for the word 'ERROR'
Now after catching error lines I'd like to alert on some and to auto-close other errors that are not critical to me but i still want them to be logged in the DB for analytics.
- Mosh
Comment