The Message Log notifier parses the message_log file and generates events based on what it sees in the file. Events that are to be notified on are each configured via a <event>...</event> block in the monitor-notifier.conf file.
<notifier message_log> use = PureMessage::Monitor::Notifier::MessageLog <event spam> p=(?:0\.|1\.) </event> <event internal_mail> i=1 </event> <event every_message> q=. </event> </notifier>
Within the <event>...</event> block,
key=value pairs are
used to filter log entries and determine when to fire the event. The ``key'' is
the actual field from the message_log and the ``value'' is a regular
expression that must be matched in order for the event to fire. Multiple
key=value pairs can be listed within an <event>...</event>
block, and all must match in order for the event to fire.
For more information on the fields present in the message_log and their meaning, please refer to PureMessage::MessageLog.
Events generated by the Message Log notifier may contain the following fields of information which can be consumed by Analyzers:
You can also monitor custom message_log entries by specifying their given name. For example, if you have added a custom message_log entry such as the following:
You could then monitor the occurrences of this message_log entry by adding an event block to the monitor-notifier.conf file like the following:
<event my_event_name> my_event_name=1 </event>
Copyright (C) 2000-2006 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.