Regarding log monitoring, hinemos provides two monitoring methods, one is system log monitoring, the other is log file monitoring
The difference between the two is:
1. System log monitoring monitors /var/log/message, and log file monitoring can customize log files.
2. System log monitoring does not need to install hinemos agent, while log file monitoring must install hinemos agent.
Object Node Settings
These two log monitoring methods are implemented by the function of rsyslog. If it is system log monitoring and the hinemos agent is not installed in the object node, the general log must be added at the end of the /etc/rsyslog.conf file. Settings to forward to the hinemos manager server
*.info;mail.none;authpriv.none;cron.none @@192.168.75.128:514
(192.168.75.128 is the IP of hinemos Manager)
But if the hinemos agent is installed, then the rsyslog will be set at the same time as the installation, so there is no need to manually add the above line settings,
It is generated in /etc/rsyslog.d/rsyslog_hinemos-agent.properties
[root@Ap1 rsyslog.d]# cat rsyslog_hinemos_agent.conf
#
# Hinemos Agent (for syslog monitoring)
#
*.info;mail.none;authpriv.none;cron.none @@192.168.100.96:514
[root@Ap1 rsyslog.d]#
Monitoring Results Test
Regarding the system log monitoring item, after the object node has set the above information, you can manually write the log to confirm the setting effect of the monitoring item.
[root]# logger "hello world"
[root]# logger "ERROR: warning there is something wrong"
It can be found by confirming the event status of the client, there is an error notification, warning there is something wrong
EVENT_FOR_TRAP settings
By default, there is a setting item event_for_trap in the setting options of system log monitoring. By default, the setting of this item is that within 30 minutes, notifications of the same importance will be notified only once. If you want all notifications to be prompted, you need to modify the default settings to always notify.
How to match monitor characters
Match from the first one, if it matches, then the following string will not be matched again
Processing principle
It can be seen from the settings in rsyslog that the log information generated by the object node is sent to the working mode of the Hinemos Manager server for processing, so the log file is indeed sent to the Hinemos Manager, and then to match the defined string? , the old version is indeed like this, but since version 4.1, it is no longer in this way. The comparison process is no longer in the HinemosManager, but in each object node, through the hinemos agent to judge the match, and then Hinemos The agent sends the problem message to the Hinemos Manager, which greatly reduces the load on the Hinemos Manager.
Reference: http://www.hinemos.info/ja/technology/nttdata/2014091901
http://www.hinemos.info/ja/technology/nttdata/2015092901