[syslog-ng] Trigger dynamic action in syslog-ng
Jim Hendrick
james.r.hendrick at gmail.com
Wed Mar 6 18:44:35 UTC 2019
I was wondering if anyone has used syslog-ng to trigger some dynamic action
based on logs.
For example, if a certain threshold of messages happens in a time window,
send an alert. LIke suppress () but more general actions.
Or if a specific event happens, send *.debug from that system for 5
minutes.
Or run a program to collect system data and send it along based on some
condition.
Not thinking SIEM functionality here, but maybe allow the log servers to be
more dynamic around what actions they take for basic things.
Thoughts?
Thanks.
Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190306/9ad9be43/attachment.html>
More information about the syslog-ng
mailing list