Mailing List Archive

Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?
Hi,

In the past I've used a standard check_tcp Nagios plugin to confirm that rsyslog was accessible on our receivers. This produces a bit of noise in the logs since the connections don't follow what I assume would be standard client connect/disconnect behavior. I've always ignored the noise as it's intermittent, but figured it might be worth crafting a proper check.

I'd like to craft a plugin that sends a small test message to rsyslog via RELP (since that is what we're primarily using). I'd setup a rule in rsyslog to match/ignore it, but receiving it would be enough for a future Nagios check to confirm (that at a basic level) remote rsyslog connections are working.

Any pointers? I considered digging into the C source code, but I don't think my skills are up for that task just yet.

Thanks in advance.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
I'd approach it from a "functional" point of view. Have some host
generate a message periodicaly, send it via RELP to your destination
host, make a rule that outputs this message to a file and check that
file for a message written recently. This way you check the whole
process. If you send the data from the rsyslog further down to some log
management or SIEM solution, you can even check the whole process by
checking for the message on the final destination.

It has nothing to do with rsyslog itself it's just how you do such
checks - look for a string on returned web page, send an email and check
whether it gets delivered and so on.

On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
> Hi,
>
> In the past I've used a standard check_tcp Nagios plugin to confirm that rsyslog was accessible on our receivers. This produces a bit of noise in the logs since the connections don't follow what I assume would be standard client connect/disconnect behavior. I've always ignored the noise as it's intermittent, but figured it might be worth crafting a proper check.
>
> I'd like to craft a plugin that sends a small test message to rsyslog via RELP (since that is what we're primarily using). I'd setup a rule in rsyslog to match/ignore it, but receiving it would be enough for a future Nagios check to confirm (that at a basic level) remote rsyslog connections are working.
>
> Any pointers? I considered digging into the C source code, but I don't think my skills are up for that task just yet.
>
> Thanks in advance.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
Good tip.

We currently have a service check that runs client-side on our senders (and edge receiver which forwards downstream to other instances) that monitors forward queues. This has been extremely helpful in the past catching "stuck" messages.

I like your suggestion and will consider implementing this when time allows.

Thanks.

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Mariusz Kruk via rsyslog
Sent: Monday, January 11, 2021 12:40 AM
To: rsyslog@lists.adiscon.com
Cc: Mariusz Kruk <mkr@safecomp.com>
Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?

I'd approach it from a "functional" point of view. Have some host
generate a message periodicaly, send it via RELP to your destination
host, make a rule that outputs this message to a file and check that
file for a message written recently. This way you check the whole
process. If you send the data from the rsyslog further down to some log
management or SIEM solution, you can even check the whole process by
checking for the message on the final destination.

It has nothing to do with rsyslog itself it's just how you do such
checks - look for a string on returned web page, send an email and check
whether it gets delivered and so on.

On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
> Hi,
>
> In the past I've used a standard check_tcp Nagios plugin to confirm that rsyslog was accessible on our receivers. This produces a bit of noise in the logs since the connections don't follow what I assume would be standard client connect/disconnect behavior. I've always ignored the noise as it's intermittent, but figured it might be worth crafting a proper check.
>
> I'd like to craft a plugin that sends a small test message to rsyslog via RELP (since that is what we're primarily using). I'd setup a rule in rsyslog to match/ignore it, but receiving it would be enough for a future Nagios check to confirm (that at a basic level) remote rsyslog connections are working.
>
> Any pointers? I considered digging into the C source code, but I don't think my skills are up for that task just yet.
>
> Thanks in advance.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
I used this approach several times in the past and it worked great in
detecting:

a) unforeseen problems for which we didn't have specific checks

b) problems in mechanisms for which there was no convenient check to
find otherwise.

c) problems resulting from "logical misbehaviour" - when a service seems
to work but returns a wrong result

Of course it's best implemented in conjunction with simpler technical
checks for various steps along the way so it's easier to come up with
the answer not only _what_ doesn't work but also _why_ because the
longer the "workchain" is, the harder it is of course to pinpoint the
cause in case of malfunction if you have only the final error.

On 11/01/2021 12:04, Adam Chalkley wrote:
> Good tip.
>
> We currently have a service check that runs client-side on our senders (and edge receiver which forwards downstream to other instances) that monitors forward queues. This has been extremely helpful in the past catching "stuck" messages.
>
> I like your suggestion and will consider implementing this when time allows.
>
> Thanks.
>
> -----Original Message-----
> From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Mariusz Kruk via rsyslog
> Sent: Monday, January 11, 2021 12:40 AM
> To: rsyslog@lists.adiscon.com
> Cc: Mariusz Kruk <mkr@safecomp.com>
> Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?
>
> I'd approach it from a "functional" point of view. Have some host
> generate a message periodicaly, send it via RELP to your destination
> host, make a rule that outputs this message to a file and check that
> file for a message written recently. This way you check the whole
> process. If you send the data from the rsyslog further down to some log
> management or SIEM solution, you can even check the whole process by
> checking for the message on the final destination.
>
> It has nothing to do with rsyslog itself it's just how you do such
> checks - look for a string on returned web page, send an email and check
> whether it gets delivered and so on.
>
> On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
>> Hi,
>>
>> In the past I've used a standard check_tcp Nagios plugin to confirm that rsyslog was accessible on our receivers. This produces a bit of noise in the logs since the connections don't follow what I assume would be standard client connect/disconnect behavior. I've always ignored the noise as it's intermittent, but figured it might be worth crafting a proper check.
>>
>> I'd like to craft a plugin that sends a small test message to rsyslog via RELP (since that is what we're primarily using). I'd setup a rule in rsyslog to match/ignore it, but receiving it would be enough for a future Nagios check to confirm (that at a basic level) remote rsyslog connections are working.
>>
>> Any pointers? I considered digging into the C source code, but I don't think my skills are up for that task just yet.
>>
>> Thanks in advance.
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
One thing I like to do is to make sure all systems send a message on a frequent
basis, then look for the message to not arrive.

I like to do

vmstat -t vmstat 60

or similar as it produces a very dense data set that's useful for after-the-fact
investigation of problems

David Lang
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
Hello!

JFYI, I wrote rsyslog prometheus exporter while ago. It's not ideal as it's
using `omprog` to send `imstats` output. But it still quite useful to
monitor your queues and overall system throughput.

You may find it here: https://github.com/jay7x/rsyslog_exporter_py

Main issue with `omprog` is that rsyslog exporter is restarted every time
rsyslog receives SIGHUP. Logrotate signalling rsyslog every hour by
default. So every hour the exporter will be restarted. Though prometheus
handles it well usually.

On Mon, 11 Jan 2021 at 14:40, Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> I'd approach it from a "functional" point of view. Have some host
> generate a message periodicaly, send it via RELP to your destination
> host, make a rule that outputs this message to a file and check that
> file for a message written recently. This way you check the whole
> process. If you send the data from the rsyslog further down to some log
> management or SIEM solution, you can even check the whole process by
> checking for the message on the final destination.
>
> It has nothing to do with rsyslog itself it's just how you do such
> checks - look for a string on returned web page, send an email and check
> whether it gets delivered and so on.
>
> On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
> > Hi,
> >
> > In the past I've used a standard check_tcp Nagios plugin to confirm that
> rsyslog was accessible on our receivers. This produces a bit of noise in
> the logs since the connections don't follow what I assume would be standard
> client connect/disconnect behavior. I've always ignored the noise as it's
> intermittent, but figured it might be worth crafting a proper check.
> >
> > I'd like to craft a plugin that sends a small test message to rsyslog
> via RELP (since that is what we're primarily using). I'd setup a rule in
> rsyslog to match/ignore it, but receiving it would be enough for a future
> Nagios check to confirm (that at a basic level) remote rsyslog connections
> are working.
> >
> > Any pointers? I considered digging into the C source code, but I don't
> think my skills are up for that task just yet.
> >
> > Thanks in advance.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>


--
Yury Bushmelev
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
This makes sense, thanks for sharing.

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Mariusz Kruk via rsyslog
Sent: Monday, January 11, 2021 6:19 AM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Mariusz Kruk <mkr@safecomp.com>
Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?

I used this approach several times in the past and it worked great in
detecting:

a) unforeseen problems for which we didn't have specific checks

b) problems in mechanisms for which there was no convenient check to
find otherwise.

c) problems resulting from "logical misbehaviour" - when a service seems
to work but returns a wrong result

Of course it's best implemented in conjunction with simpler technical
checks for various steps along the way so it's easier to come up with
the answer not only _what_ doesn't work but also _why_ because the
longer the "workchain" is, the harder it is of course to pinpoint the
cause in case of malfunction if you have only the final error.

On 11/01/2021 12:04, Adam Chalkley wrote:
> Good tip.
>
> We currently have a service check that runs client-side on our senders (and edge receiver which forwards downstream to other instances) that monitors forward queues. This has been extremely helpful in the past catching "stuck" messages.
>
> I like your suggestion and will consider implementing this when time allows.
>
> Thanks.
>
> -----Original Message-----
> From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Mariusz Kruk via rsyslog
> Sent: Monday, January 11, 2021 12:40 AM
> To: rsyslog@lists.adiscon.com
> Cc: Mariusz Kruk <mkr@safecomp.com>
> Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?
>
> I'd approach it from a "functional" point of view. Have some host
> generate a message periodicaly, send it via RELP to your destination
> host, make a rule that outputs this message to a file and check that
> file for a message written recently. This way you check the whole
> process. If you send the data from the rsyslog further down to some log
> management or SIEM solution, you can even check the whole process by
> checking for the message on the final destination.
>
> It has nothing to do with rsyslog itself it's just how you do such
> checks - look for a string on returned web page, send an email and check
> whether it gets delivered and so on.
>
> On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
>> Hi,
>>
>> In the past I've used a standard check_tcp Nagios plugin to confirm that rsyslog was accessible on our receivers. This produces a bit of noise in the logs since the connections don't follow what I assume would be standard client connect/disconnect behavior. I've always ignored the noise as it's intermittent, but figured it might be worth crafting a proper check.
>>
>> I'd like to craft a plugin that sends a small test message to rsyslog via RELP (since that is what we're primarily using). I'd setup a rule in rsyslog to match/ignore it, but receiving it would be enough for a future Nagios check to confirm (that at a basic level) remote rsyslog connections are working.
>>
>> Any pointers? I considered digging into the C source code, but I don't think my skills are up for that task just yet.
>>
>> Thanks in advance.
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
Is that just when troubleshooting, or do you have a mechanism setup to check for non-receipt?

I think I've used the vmstat command before, but don't know a lot about it. I'll look more into it. Thanks for the suggestion.

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of David Lang via rsyslog
Sent: Monday, January 11, 2021 6:59 AM
To: Mariusz Kruk via rsyslog <rsyslog@lists.adiscon.com>
Cc: David Lang <david@lang.hm>
Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?

One thing I like to do is to make sure all systems send a message on a frequent
basis, then look for the message to not arrive.

I like to do

vmstat -t vmstat 60

or similar as it produces a very dense data set that's useful for after-the-fact
investigation of problems

David Lang
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
I'll take a look at this, thanks for the suggestion.

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Yuri Bushmelev via rsyslog
Sent: Tuesday, January 12, 2021 5:32 AM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Yuri Bushmelev <jay4mail@gmail.com>
Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?

Hello!

JFYI, I wrote rsyslog prometheus exporter while ago. It's not ideal as it's
using `omprog` to send `imstats` output. But it still quite useful to
monitor your queues and overall system throughput.

You may find it here: https://github.com/jay7x/rsyslog_exporter_py

Main issue with `omprog` is that rsyslog exporter is restarted every time
rsyslog receives SIGHUP. Logrotate signalling rsyslog every hour by
default. So every hour the exporter will be restarted. Though prometheus
handles it well usually.

On Mon, 11 Jan 2021 at 14:40, Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> I'd approach it from a "functional" point of view. Have some host
> generate a message periodicaly, send it via RELP to your destination
> host, make a rule that outputs this message to a file and check that
> file for a message written recently. This way you check the whole
> process. If you send the data from the rsyslog further down to some log
> management or SIEM solution, you can even check the whole process by
> checking for the message on the final destination.
>
> It has nothing to do with rsyslog itself it's just how you do such
> checks - look for a string on returned web page, send an email and check
> whether it gets delivered and so on.
>
> On 10/01/2021 21:58, Adam Chalkley via rsyslog wrote:
> > Hi,
> >
> > In the past I've used a standard check_tcp Nagios plugin to confirm that
> rsyslog was accessible on our receivers. This produces a bit of noise in
> the logs since the connections don't follow what I assume would be standard
> client connect/disconnect behavior. I've always ignored the noise as it's
> intermittent, but figured it might be worth crafting a proper check.
> >
> > I'd like to craft a plugin that sends a small test message to rsyslog
> via RELP (since that is what we're primarily using). I'd setup a rule in
> rsyslog to match/ignore it, but receiving it would be enough for a future
> Nagios check to confirm (that at a basic level) remote rsyslog connections
> are working.
> >
> > Any pointers? I considered digging into the C source code, but I don't
> think my skills are up for that task just yet.
> >
> > Thanks in advance.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>


--
Yury Bushmelev
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Is there an easy way to send a msg to rsyslog via RELP as a Nagios check? [ In reply to ]
On Wed, 13 Jan 2021, Adam Chalkley via rsyslog wrote:

> Is that just when troubleshooting, or do you have a mechanism setup to check for non-receipt?

I've used Simple Event Correlator to set a timeout for each host as the vmstat
message arrives, and as long as they keep arriving, the timeout never fires. If
they stop arriving, the timeout fires and generates an alert.

David Lang


> I think I've used the vmstat command before, but don't know a lot about it. I'll look more into it. Thanks for the suggestion.
>
> -----Original Message-----
> From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of David Lang via rsyslog
> Sent: Monday, January 11, 2021 6:59 AM
> To: Mariusz Kruk via rsyslog <rsyslog@lists.adiscon.com>
> Cc: David Lang <david@lang.hm>
> Subject: Re: [rsyslog] Is there an easy way to send a msg to rsyslog via RELP as a Nagios check?
>
> One thing I like to do is to make sure all systems send a message on a frequent
> basis, then look for the message to not arrive.
>
> I like to do
>
> vmstat -t vmstat 60
>
> or similar as it produces a very dense data set that's useful for after-the-fact
> investigation of problems
>
> David Lang
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.