C.12. Logfile monitoring/analysis

Section heading:

[Logmon]

LogmonActive=boolean — 'true' to switch on, 'false' to switch off.

LogmonSaveDir=/abslute/path sets the directory where checkpoint data for logfiles is stored (default: same as for pid file).

LogmonClean=boolean delete old checkpoint data unmodified for 30 days or more (default: off).

LogmonInterval=seconds — Interval between checks (default 10).

LogmonWatch=TYPE:path[:format] — File to monitor.

LogmonHidePID=boolean — Suppress PID in syslog messages, 'true' to switch on, 'false' to switch off.is an option

LogmonMarkSeverity=severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).

LogmonBurstThreshold=number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).

LogmonBurstQueue=queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).

LogmonBurstCron=boolean — Whether to report also on bursts of repeated cron messages (defaul: false).

LogmonDeadtime=seconds — Do not report a correlated event again within the given time (default: 60 seconds).

LogmonQueue=label:[interval]:(sum|report):severity[:alias] — defines an output queue.

LogmonHost=(perl)regex — Causes the following rules to be applied only to entries for this host(s).

LogmonEndHost — Explicitely ends a preceding LogmonHost directive.

LogmonGroup=(perl)regex — Causes the following rules to be applied only if the group regex matches.

LogmonEndGroup — Explicitely ends a preceding LogmonGroup directive.

LogmonRule=queue_label:(perl)regex — matches a logfile entry against the provided regular expression.