Good morning! Have a question regarding syslog-ng TCP/IP connection... Is it possible to configure an SYSLOG-COLLECTION-SERVER to give any kind of alert whenever the connection between this server and any syslog-client is dropped? My problem is: if i plug out the network cable neither the server (AIX) nor the client (an AIX too) do recognize this within an acceptable period of time... Does there exist something like a "SERVER-CLIENT heartbeat" ??? Or... does anybody have an idea how to solve this problem another way? Best regards Roman Ernst
On Tue, Oct 02, 2001 at 11:14:49AM +0200, Roman Ernst wrote:
Good morning!
Have a question regarding syslog-ng TCP/IP connection...
Is it possible to configure an SYSLOG-COLLECTION-SERVER to give any kind of alert whenever the connection between this server and any syslog-client is dropped?
My problem is: if i plug out the network cable neither the server (AIX) nor the client (an AIX too) do recognize this within an acceptable period of time...
Does there exist something like a "SERVER-CLIENT heartbeat" ???
Or... does anybody have an idea how to solve this problem another way?
syslog-ng reports when the OS signals that the connection is broken. You could send those messages to a little perl script using the program() destination and send out alerts of your choice. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Roman Ernst on Tue, Oct 02, 2001 at 11:14:49AM +0200: Roman,
Is it possible to configure an SYSLOG-COLLECTION-SERVER to give any kind of alert whenever the connection between this server and any syslog-client is dropped? [..] Or... does anybody have an idea how to solve this problem another way?
ideally, you would tackle this problem by integrating syslog-ng monito- ring into whatever you use to monitor other software. If your company runs some sort of monitoring software (would be Tivoli in your case I guess :)), you could either use log parsing mechanisms (IIRC, syslog-ng will tell you that it lost connection), or parse the output of netstat (-anf inet, or whatever parameters AIX netstat takes) to verify that the connections you would expect to be there are actually established. If you do not have access to monitoring software, you could also use some sort of program() destination with some match() sort of filter, and use some sort of script that will do the alarming you desire. Obviously, the monitoring software solution always tends to be more bloated, but if it's already in use, use it, since it will provide ways to avoid redundant alerting and similar problems that will arise other- wise. Greetings, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
participants (3)
-
Balazs Scheidler
-
Gregor Binder
-
Roman Ernst