11. Logfile monitoring/analysis

Section heading:

[Logmon]

LogmonActive= boolean — 'true' to switch on, 'false' to switch off.

LogmonSaveDir= /abslute/path sets the directory where checkpoint data for logfiles is stored (default: same as for pid file).

LogmonClean= boolean delete old checkpoint data unmodified for 30 days or more (default: off).

LogmonInterval= seconds — Interval between checks (default 10).

LogmonWatch= TYPE:path[:format] — File to monitor.

LogmonHidePID= boolean — Suppress PID in syslog messages, 'true' to switch on, 'false' to switch off.is an option

LogmonMarkSeverity= severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).

LogmonBurstThreshold= number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).

LogmonBurstQueue= queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).

LogmonBurstCron= boolean — Whether to report also on bursts of repeated cron messages (defaul: false).

LogmonDeadtime= seconds — Do not report a correlated event again within the given time (default: 60 seconds).

LogmonQueue= label:[interval]:(sum|report):severity[:alias] — defines an output queue.

LogmonHost= (perl)regex — Causes the following rules to be applied only to entries for this host(s).

LogmonEndHost — Explicitely ends a preceding LogmonHost directive.

LogmonGroup= (perl)regex — Causes the following rules to be applied only if the group regex matches.

LogmonEndGroup — Explicitely ends a preceding LogmonGroup directive.

LogmonRule= queue_label:(perl)regex — matches a logfile entry against the provided regular expression.