2002-12-16-00:32:38 Tina Bird: > may still be interesting. Indeed. > anyone out there have a tool that can parse syslog data (or > anything text based, i guess) and send an alert if a particular > message does >not< show up? I've done this for monitoring the health of an email system; I really like end-to-end functional testing. So I scripted up a trivial little message injector, that fired off periodic emails through the server to be monitored. The account to which they were addressed had a trivial procmail script that recognized enough headers to get some confidence that this was really the intended test message, and touched a timestamp file in response. A daemon woke up periodically, and checked to see if the timestamp file was older than a configured interval (several times the test message interval), if so it set off an alarm, and went to sleep for an hour to rate-limit how often these alarms would be generated. The same strategy would be easy to implement for syslogged messages, just use swatch to touch the timestamp file. -Bennett
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:37:04 PST