Hi,<br>Im thinking about how to monitor important messages on central rsyslog server via nagios. I've got nagios monitoring various services on several servers on a network. Some servers are sending syslog to rsyslog central server.<br>
<br>In general, There are two ways of syslog messages monitoring:<br>a) when rsyslog recieves message i want to know about, it can send notification to nagios (i want to send notification via nagios because i want only one system maintain notification and nagios do it a good way). Rsyslog is parsing all syslog messages comming from remote hosts, so one more parsing for this purpose will not be a big overhead.<br>
b) parse logs by nagios itself (by special plugin). Parsing all syslogs by nagios will lead to bigger overhead as syslogs are parsed twice - by rsyslog AND nagios.<br><br>As i dont want to parse all syslogs comming from every remote server twice, i prefer to use variant a) - to notify nagios via rsyslog. Rsyslog is able to run any shell script or run some actions as response to specific syslog messages comming from remote machines.<br>
<br>For example: i have rsyslog set to send me an e-mail when syslog-message that came from remote server to central rsyslog server fulfill:<br>- syslogtag = mdadm<br>- severity >= warning<br>(to notify me when raid problems occur, i know i can monitor raid status with nagios itself, its just an example :-))<br>
<br>What is the best way to notify nagios by rsyslog that there is some problem in syslog? snmp traps?<br><br>Best regards<br>Jiri<br>