Hi I'm testing syslog-ng for centralized log server on Solaris 8. It acts very well and I was even able to create real-time notification mechanizm based on syslog-ng and some scripts (without any additional log analizer). The problem I've lately met is that some computers sending their messages to central system frequently perform additional maintanence tasks during nights or off days. For example they scan disks and other i/o devices and in effect produce many warnings. That messages almost always countain information which are suspicous within work hours and they cannot be filtered permanently. My question is: Is it possible or planed for future releases to include time conditions in filter functions?. The "match" statement doesn't seem to check date or time and using program as destination is quite hard due to it "destination" not filter role in log paths. In my opinion very interesting option would be including external program as filter (ie. returning filter decision as std output or exit code). Greetings Michal Wesolowski
On Mon, Mar 29, 2004 at 12:05:13PM +0200, Wesolowski Michal wrote:
My question is: Is it possible or planed for future releases to include time conditions in filter functions?. The "match" statement doesn't seem to check date or time and using program as destination is quite hard due to it "destination" not filter role in log paths. In my opinion very interesting option would be including external program as filter (ie. returning filter decision as std output or exit code).
Most people use external programs like swatch or SEC to do these things. http://www.campin.net/newlogcheck.html#swatch The syslog-ng author doesn't want to overload the program with too many features, at least in cases when similar functionality is available using external programs. -- Nate "Often, when I am reading a good book, I stop and thank my teacher. That is, I used to, until she got an unlisted number." - Unknown 15-year-old
participants (2)
-
Nate Campi
-
Wesolowski Michal