[syslog-ng]sending message by email

Gregor Binder gb@rootnexus.net
Fri, 1 Feb 2002 20:41:44 +0100

Nate Campi on Fri, Feb 01, 2002 at 11:17:09AM -0800:


> I'd be careful with unchecked alerts over email. See
> http://www.campin.net/newlogcheck.html#warning for the reason why, 
> and a solution.

fully agree with you .. I remember answering the question about how to
send single log lines as emails in combination with warning about taking
out one's SMTP server at least two or three times before :)

I think both should be put in syslog-ng documentation somewhere ...

Other than that, I don't think it's a good idea to do that anyway. Even
if you build tresholds into your scripts and all that. If our customers
ask for that kind of real-time-alerting functionality, we help them in-
tegrate syslog-ng with their monitoring systems. Make a lamp turn yellow
or red when problems occur is much better than wading through a lot of
emails (even if reduced by throttling) to see the current condition of
whatever you want to know about.

Also, this will integrate much better in usual administration workflow.
Although you can send emails to multiple people, if you go the monito-
ring way, you can have mutiple people seeing the alert, but only one
person needs to worry about it (they will clear the alert, or fix some-
thing that will clear the alert, and everybody else watching will know
that it's fixed).


 ____ ____ 
/  _/| -  >  Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B