Make your monitors nearly real-time

Make your monitors nearly real-time

Send events instead of polling for them

Handle alarm clock

Most of existing IPHost monitor types are passive, meaning they are being polled by IPHost – directly, or via remote network agent. There are two “active” monitors, that perform “Event” type alert, when receiving data from remote host: Syslog monitor and SNMP Generic Trap monitor. Although it’s not possible to transform all possible passive monitors to active, there are several approaches to make monitoring nearly real-time in certain situations. Below are guidelines.

Using syslog relay

Syslog monitor can be used as an intermediate to execute proper alerts when known syslog events arrive.

In general: if you have a Unix-like system (supporting rsyslog) you can use (such as Linux server), you can set up rsyslog daemon to act as events receiver, and configure it to send certain event types to IPHost installation (see the link above).

The mentioned rsyslog relay can be used as events aggregator: direct events to it from whichever host you can do, and make sure you create proper Syslog monitor for that relay.

Using Windows Subsystem for Linux

There’s a compatibility layer to execute Linux binary executables, named Windows Subsystem for Linux (WSL). Fortunately, it’s capable of running rsyslog and can be easily tuned to interact with IPHost running on the same (or different) computer. In case you can gather required monitoring data from WSL, you can use “logger” standard utility to run under WSL and pass required payload (performance value) to IPHost installation.

Using syslog-ng service on Windows

Although Windows doesn’t have rsyslog facility by default, there are few free alternatives. One of them being rsyslog facility available in Cygwin, namely syslog-ng service. It can be installed on any modern Windows version and used to transmit rsyslog events to either IPHost installation directly, or to a rsyslog relay.

Using inotify

There’s a facility on many Unix-like systems, named inotify, that can be used to run a process when certain parts of file systems are changed (i.e., file grows, or is created)

Along with incron-like facility (runs user-defined process when file system is changed), this can be used to trigger nearly real-time events, by sending rsyslog event (again, to IPhost installation directly, or to a rsyslog relay).

Putting it all together

The mentioned above means allow generating nearly real-time response from virtually any kind of target operating system. There’s no universal recipe for that; depending on environment you use, certain means mentioned above may be unavailable.

if you have a certain setup in mind, requiring running alerts as soon as possible, please contact us for details.

Do you know other means to generate nearly real-time rsyslog or SNMP trap events? If you know, let us know as well.