Details
-
Improvement
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
Description
This patch introduces configurable filebased logging to Observium using a template to describe the notification.
Configuration is done in the local configuration.
Default configuration is extended with 3 options:
// File log backend settings
$config['filelog']['enable'] = FALSE; // Enable/Disable filelog globally
$config['filelog']['log_dir'] = $config['install_dir'] . '/logs'; // Log dir. No trailing /
$config['filelog']['log_name'] = 'alerts.log'; // Log name.
The code has been formatted according to the syntax described on the Observium wiki.
In order to make this work the alerter needs a described contact_method.
Insert a contact_method = filelog in the alert_contacts table, and create your mappings by inserting the desired records into alert_contact_assoc.
These mappings are based on the alert_tests id’s.
Attachments
Activity
| Resolution | New: Won't Do [ 10001 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Workflow | Original: classic default workflow [ 12079 ] | New: Observium workflow [ 13030 ] |
| Attachment | New: logstash-observium-filter.conf [ 12287 ] |
Attaching the filter we're using to catch the alerts in Elasticsearch.
Is there a chance you'll accept this patch? I don't see it breaking anything and it helps our use case.
Just tested it, with two contacts I get both email and filelog alerts so it seems to work as intended.
| Attachment | Original: mb_add_filelog_baserev_6252.diff [ 12273 ] |
| Attachment | New: mb_add_filelog_baserev_6252_nlfilter.diff [ 12274 ] |
We want to feed alerts into elasticsearch so we can search them and correlate them with other systems. Easiest way to accomplish that was getting alerts into a logfile. When you insert two contacts in alert_contacts and add the proper associations in alert_contacts_assoc it should do both email and filelog, wouldn't it?
This was obsoleted by the contact system changes, but can probably be more easily reimplemented now.