Well, what you are asking isn't achievable with syslog-ng itself. We do this at our site, but we have built an inftrastructure around syslog-ng that passes classified events (at first it is a syslog message) to programs which create other events that get passes via syslog-ng to other programs that finally create e-mail, tickets, jabber, SMS, twitter and IP phone alerts.

What you want to do is a great idea, you just need more than syslog-ng to accomplish it.


Evan

Anton Koldaev <koldaevav@gmail.com> wrote:
Could you please give an example of using 'context-length' condition?
I wonder if I can use it for sending an alert to monitoring system when there are more than 'N' exceptions per 'T' second are sent by my app hosts.


On Sun, Apr 14, 2013 at 5:30 AM, Evan Rempel <erempel@uvic.ca> wrote:
As of 2 days ago a new syslog-ng guide was published that now documents this :-)

Slightly different syntax

<action condition='"$(context-length)" >= "$max"'>

Works like a charm.

Also, it isn't specified that <tag>xxx</tag> can be in the <message> part of an action.

syslog-ng never stops amazing me.

Evan.
________________________________________
From: syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] on behalf of Gergely Nagy [algernon@balabit.hu]
Sent: Saturday, April 13, 2013 5:32 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] min and max message count condition in correlation     actions

Evan Rempel <erempel@uvic.ca> writes:

> so the syntax would be
>
> <action condition="$(context-length) == $num">
>
> wher $num is some macro from the pattern used to match a line.
>
> Is that correct?

$num can be pretty much anything: a number, a macro, another template
function - it is entirely up to you. It does not need to be extracted
from the pattern, but that should work too.

--
|8]

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq




--
Best regards,
Koldaev Anton