Hi all!
Currently we are working on a log processing functionality. It's based
on the following key concepts:
1. All log processing should be done by agents.
2. Agent processes log files according to "log processing policy", which
is a set of matching rules for log records. If log record match to the
rule, agent either generate an event specified in the rule, or ignores
the record. It is also possible to generate special event for unmatched
records.
3. Agent can have multiple log processing policies installed, usually
one per file.
4. One log processing policy can be installed on multiple agents,
allowing to configure monitoring of similar files on different hosts
only once.
5. All log processing configuration should be done from the management
console in centralized way.
Does anybody have any comments on that scheme? Also, I'll be very happy
to see suggestions, how user interface for log processing configuration
can looks like.
Best regards,
Victor
Received on Sat Oct 08 2005 - 23:34:31 EEST
This archive was generated by hypermail 2.2.0 : Sat Oct 08 2005 - 23:45:37 EEST