richard.braggNTL.COM

• Next message: Andrew Danforth: "Re: centralized syslog solutions request"
• Previous message: J. S. Townsley: "Re: CORE-SDI ssyslog [Was: Re: centralized syslog solutions request]"
• Maybe in reply to: offset: "centralized syslog solutions request"
• Next in thread: Andrew Danforth: "Re: centralized syslog solutions request"
• Maybe reply: richard bragg: "Re: centralized syslog solutions request"
• Reply: Andrew Danforth: "Re: centralized syslog solutions request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We capture syslogs into a central syslog and this is
then stored, via managment software into a database.

What I have done is write the central syslog out to a
named pipe. An awk script reads from this pipe and
outputs to a second pipe from which the managment
tool reads.

The awk scripts handles the "Last message was
repeated n times" event. It uses an associative array
to store syslog messages for each server captured.
When a Last message repeated arrives it recalls that
last message and sends it n times to the second
pipe, then reads the next message in.

The awk script is contained in a sub shell so if it fails
it will be restarted.

There are probably better means of doing this,
suggestions always welcome but the net result is to
send the alerts to the managment system.

• Next message: Andrew Danforth: "Re: centralized syslog solutions request"
• Previous message: J. S. Townsley: "Re: CORE-SDI ssyslog [Was: Re: centralized syslog solutions request]"
• Maybe in reply to: offset: "centralized syslog solutions request"
• Next in thread: Andrew Danforth: "Re: centralized syslog solutions request"
• Maybe reply: richard bragg: "Re: centralized syslog solutions request"
• Reply: Andrew Danforth: "Re: centralized syslog solutions request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]