Hello,
I’am newby on the dude, and I have a little problem.
Is there any way to controle syslog event from a probe ?
I mean I receive from several servers’ syslog messages on The dude’s server.
I add filters to keep only those which interest me.
Now, i’d like to catch this messages with probes… But I have no idea how to do it !
Thanks for your help.
Some clarification please…
Are you wanting to generate a syslog message when a probe is out of tolerance, or are you trying to get some sort of notification when a particular syslog message is received by The Dude?
I’m trying to get some sort of notification when a praticular notification is received by the dude.
The notification has to be catch by a probe.
I think the best you could do is to send an email when you get a specific syslog message which is not very handy. You could do it with an execute on server or some script.
There is a program called sec (simple event correlator) that you could have running on your dude server and emailing you when you get correlation which is way more handy. It can do things like find message x and wait for message y or 10 more message x and email you once every 86400 seconds… instead of an email every time message x shows up.
Some things in monitoring are not really worth doing since dealing with the notification is more trouble than the bad device. Could you explain your monitoring goal maybe someone has another solution. For example, Those things you are getting in syslog might be in SNMP as well…
Thanks lebowky for your replly.
My goal is to collect events from many different services and applications on servers, and I have two ways to collect : snmp and syslog.
I already collect snmp for most of them but I need syslog for some applications …
I don’t need to get alert when applications is out, but I need mostly to historize what happened.
That’s why I need to catch events in syslog and put them into a probe.
So if anyone has an other idea, thanks to share it !
Do you mean get a notification from an event in syslog?
No, I mean modify the status of a device from syslog !
There is not any good way to do this with out getting a little crazy… so get crazy!
From a syslog execute you could easily execute an external, that external is a batch job and could just write some values to another batch job. Then your probe(s) could execute the 2nd batch and return the values written from the first batch job.
Someone once wanted to play a sound then stop the sound when the device came back up. What you are trying would be somewhat similar. http://forum.mikrotik.com/t/need-help-with-ping-and-beep-notification/41118/1
From a batch job you can easily do things like
echo “echo 1” > log1.bat which will create a new file called log1.txt wtih echo 1 in it.
echo “echo 2” >> log1.bat which will append echo 2 to a new line in the same file.
Then if you executed log1.bat the values 1 and 2 would each appear on their own lines. That is not exactly what you want.
I would just make the first batch job write a new value to a new file every time then when you execute that batch job you could just import the first result to get a state for your probe to test.
shouldn’t be that hard.
Here is some typing at a command prompt…
C:>echo @echo off > test.bat
C:>echo echo 3 >> test.bat
C:>test.bat
3
HTH,
Lebowski
Thanks a lot for your help !
That should solved my problem.