[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logfile matching

From: Jan-Henrik Haukeland
Subject: Re: Logfile matching
Date: Fri, 5 Aug 2005 19:56:19 +0200

On 5. aug. 2005, at 12.10, Christian Hopp wrote:

This implementation can be used e.g. for realtime logcheck (like
logcheck does "cron"ed).  Because of the additional feature of
per-rule actions the performance is two times slower then
e.g. logcheck.  110000 lines of real life logfiles (syslog+auth.log),
90 if rules, 700 ignore rules and with 90 alerts took 25s using monit
and 12s using logcheck on a P-M1.7GHz.

If we queued alerts and sent them at the end of a monit-cycle, your logfile matching should at least be on par and probably faster than logcheck. Open and close sockets takes a lot of time and you do 90 of them! I do not think we should use time now doing this extra effort, but it's worth to consider if optimizing should be an issue later.

Jan-Henrik Haukeland
Mobil +47 97141255

Attachment: smime.p7s
Description: S/MIME cryptographic signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]