How to configure Monit to alert me when anything appears in syslog

Question

I want Monit to alert me if ANYTHING shows up in syslog - as anything in there would be abnormal.

I've tried the following and I'm not receiving any alert emails when I manually add something to syslog echo testing >> /var/log/syslog. I've verified that alert emails are working.

check file syslogd_file with path /var/log/syslog
    if match ".*" then alert
    if match .* then alert
    if changed timestamp then alert

Do you use rsyslog for the mail notifications? If yes then please make sure that you have load the module over the configure! Please follow this link, there you can find the config samples for ommail! http://www.rsyslog.com/doc/ommail.html Best regards, Tim Eifler — , Mar 10 '15 at 11:14

score 2 · Answer 1 · answered Mar 10 '15 at 11:50

You don't care about the content, so test on timestamp or file size. This is covered very well in the Monit Documentation examples.

For your situation, something like:

check file syslogd_file with path /var/log/syslog
        if changed timestamp then alert

Then ensure you reload or restart the monit daemon.

How to configure Monit to alert me when anything appears in syslog

1 Answers1