On 31.8.2012 08:03, C. L. Martinez wrote: > On Thu, Aug 30, 2012 at 3:58 PM, Peter Eckel <lists-NiwE9pSNePTucvZx32VAuQ at public.gmane.org> wrote: >> Hi, >> >>> Uhmm .. I am reading the docs about SEC, but it only speaks about >>> event correlation ... How do you do to check if syslog is receiving >>> data?? >> >> essentially you set up SEC to watch for the syslog log file where the data are supposed to go, set up a 'Single' rule that creates a context with a lifetime of your choice that has a shellcmd attached to it that sends a mail if it expires. >> >> The context will be refreshed everytime a message comes in. If no message arrives for your given expiry period, it will send a mail. >> ... >> Not very sophisticated (and I have not tested it, so it might contain errors), but something very similar to it should do the trick. >> > > It is a really good approach if I use plain log files ... But this > syslog process acts as a syslog server and stores logs in a mysql > DB... > Ask the DB. something like select count(*) from syslog where host = 'x' or host = 'y' and date > z; You could make this into a nagios or zabbix check or whatever you use for monitoring and let this handle the notification. -- Kind Regards, Markus Falb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 307 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120831/d4e02659/attachment-0005.sig>