Re: Logfile matching

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logfile matching

From:	Jan-Henrik Haukeland
Subject:	Re: Logfile matching
Date:	Fri, 5 Aug 2005 19:56:19 +0200


On 5. aug. 2005, at 12.10, Christian Hopp wrote:

This implementation can be used e.g. for realtime logcheck (like
logcheck does "cron"ed).  Because of the additional feature of
per-rule actions the performance is two times slower then
e.g. logcheck.  110000 lines of real life logfiles (syslog+auth.log),
90 if rules, 700 ignore rules and with 90 alerts took 25s using monit
and 12s using logcheck on a P-M1.7GHz.

If we queued alerts and sent them at the end of a monit-cycle, yourlogfile matching should at least be on par and probably faster thanlogcheck. Open and close sockets takes a lot of time and you do 90 ofthem! I do not think we should use time now doing this extra effort,but it's worth to consider if optimizing should be an issue later.


--
Jan-Henrik Haukeland
Mobil +47 97141255

smime.p7s
Description: S/MIME cryptographic signature

[Prev in Thread]

Current Thread

[Next in Thread]

Logfile matching, Christian Hopp, 2005/08/05
- Re: Logfile matching, Jan-Henrik Haukeland <=

Prev by Date: Logfile matching
Next by Date: Feature Request: check on readonly filesystem
Previous by thread: Logfile matching
Next by thread: Feature Request: check on readonly filesystem
Index(es):
- Date
- Thread