MonitorWare Knowledge Base

Hi,

I was visit in the forum and see if there is a configuration regarding on email notification in real time behaviour. But it wasn't there i think. As far as I've seen in the document its only an time interval based on seconds. Maybe I can't see all of message. :)

I don't think if the rsyslogd has a functionality to do real time email notification when receive an error messsage or critical severity it will email automatically to the administrator without waiting time interval.

I've noticed when time interval is approaching, it will collect the message at that time (second) configured. By then if rsyslog get an info message then it will send an email notification to the admin but not a critical message. :)

Here's my configuration.

######
# for help with rsyslog configuration, visit
# http://www.rsyslog.com or the wiki at
# http://wiki.rsyslog.com

# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
*.* /var/log/mensahe.log

# Enable e-mail notification module with ommail
$ModLoad ommail.so

# Enable MySQL module with ommysql
$ModLoad ommysql.so

# Templates to be inject into MySQL
$template phpsyslog,"insert into SystemEvents(host, facility, priority, level, tag, datetime, msg, seq) values ('%HOSTNAME%',%syslogfacility%, %syslogpriority%, '%sysloglevel%', '%syslogtag%', '%timereported:::date-mysql%', '%msg%', '%seq%')", SQL
$template phpsyslog,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql
*.* :ommysql:127.0.0.1,phpsyslog,root,dsc

$ActionMailSMTPServer localhost
$ActionMailFrom syslogop@maildude.com
$ActionMailTo admin@maildude.com
$template mailSubject,"Router Alert on %hostname% (%syslogseverity-text%)"
$template mailBody,"Router ALERT ON: %hostname%\r\n\r\nTIME: %timereported% \r\n\r\nSYSLOG EVENT: [%syslogfacility-text%-%syslogseverity-text%] \r\n\r\nMESSAGE: %msg%"
$ActionMailSubject mailSubject
$MainMsgQueueSize 100000
# make sure we receive a mail only once in six
# hours (21,600 seconds ;))
# $ActionExecOnlyOnceEveryInterval 21600
$ActionExecOnlyOnceEveryInterval 7200 ## 1 hour interval
# the if ... then ... mailBody mus be on one line!
if $syslogpriority-text contains 'emerg' or $syslogpriority-text contains 'crit' then :ommail:;mailBody

$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # kernel logging (formerly provided by rklogd)

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
# kern.* /dev/console

$WorkDirectory /var/log/rsyslog/ # default location for work (spool) files
$MainMsgQueueFileName mainq # set file name, also enables disk mode

# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
# $ModLoad imtcp.so # load module
# $InputTCPServerRun 514 # start up TCP listener at port 514

# UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514

*.* ~ # discards everything
*.* msntp
*.* :ommail:;mailBody


Thank you very much.

--coroy

MODERATOR EDIT: turned off smilies for better readibility

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

The interval is the interval that is waited after a message has been sent. So this is real-time alerting, but you can stop it for n seconds to issue a second alert.

The problems with the severity you see are rooted in a misunderstanding: the settings modify the next action, so it belongs immediately in front of each action that it should affect. In your config, this is not the case (actually, these are split all over the config file).

HTH
Rainer