| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
If logrotate has been run inbetween since last time the log file
was checked, the opened fd will not point at the new file. In this
case reopen the log file and process all new events in this new file.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This variable takes a comma separated list of rule names, for the
same log file, which will reset the any active processing
limitations. This can make one rule enforce another rule to
become active again if 'rate-limit' or 'time-frame' limitations
for that rule is stopping it from reacting.
A useful scenario for this feature is if there is a rule which only
reports about connection issues f.ex. only once an hour. If the
connection comes back again another rule can report about this
instantly. Without this feature enabled, it can take up to one
hour before the report about the newly broken connection is sent.
By enabling this feature, the "connection OK" rule can reset the
rate-limit and/or time-frame restrictions on the "broken connection"
rule and thus force a report instantly if the connection breaks
again - regardless of the rate-limit/time-frame limitation.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will avoid sending more reports if it happens within the
given amount of seconds since the last report for this rule.
So if you have this set to 10 seconds and this rule matches
a log line every second, the time between each report will be
10 seconds. The rate-limit is kind of defining 1 report per
X seconds.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This optional variable extends the threshold trigger to require
the matching rule to have a hit within the given time-frame.
If threshold is set to 3 and time-frame to 10, it must be
3 events within 10 seconds for this rule to cause an action.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
| |
This allows alerts to be sent to a Qpid based AMQP broker. A
simple alert consumer has been added as well.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
This allows multiple reporters to act when it is triggered
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
| |
Adding a 'reporters' variable in a [Rule:*] section will
override the default reporter defined in [Logfile:*]
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
This reporter module will send e-mails with the gathered information
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
| |
This will send alerts to a web server via HTTP GET/POST requests
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
|
|
|
|
| |
The [Reporter:*] definitions can now take the 'module' variable,
which is the name of the reporter module, located in LogActio/Reporters/
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
This is the first step of the logactio framework
Signed-off-by: David Sommerseth <davids@redhat.com>
|