Enable keep-alive messages
Keep alive messages can be injected into the syslog input stream at a regular interval and used to trigger scripting actions or can serve as a method of stamping the log files at a regular interval.
The injected keep alive messages are treated as any other incoming message would be, and are processed by the rule engine. Depending on the rule set configured, the message may be written to disk, displayed or forwarded on to another syslog server.
When the keep alive message is forwarded on to another syslog server, it can act as a "I am still alive and well" message to tell the other server that everything is OK. On the remote server, a filter can be setup to detect missing keep alive messages and raise an alarm if necessary.
The injected message properties can be modified by specifying a Facility, Level, Host IP address and message text values.
For more information about using keep-alive messages, see How to use a keep-alive message in a script and Forwarding a keep-alive message to another host as a beacon.
Enable and configure keep-alive messages
- Choose File > Setup to open the Kiwi Syslog Server Setup dialog box.
- Expand the Inputs node.
- Click Keep-alive.
Specify the following options:
Enable keep-alive messages
By default this option is disabled. Check the box to enable the injection of keep-alive messages.
This sets how often the keep-alive messages are injected into the input stream. Every 60 seconds is the default value, but any value between 1 and 86400 seconds (1 day) can be entered.
This sets the facility of the keep-alive message. You can use a priority filter in the rule set to work with this facility only. Normally this option is set to a value of "Syslog" to indicate that it is the Syslog program generating the message.
This sets the level of the keep-alive message. You can use a priority filter in the rule set to work with this facility/level combination only. Normally this option is set to a value of "Info" to indicate that it is an informational message.
From IP Address
This sets the "From" IP address of the keep-alive message. This value can be from 18.104.22.168 to 255.255.255.255 for IPv4 and it supports IPv6 address as well. It is recommended that a value of 127.0.0.1 be used as the default. The address specified can be filtered against by the rule set later.
Message text This is the message text that is used for the keep-alive message. It can be any message or text string that you like. By default the message reads "Keep-alive message".
- Click Apply to save your changes.
Normally, the rules/filters/actions are only run when a message arrives and is processed by the rule engine. If you need to take action based on a time, then you can use the keep-alive messages as a regular trigger of the rule engine.
Rules Rule: MyScript Filters Priority: Match Syslog.Info only Actions Action: Run script Action: Stop processing (Exits the rule engine here) Other Rules here...
The keep-alive message can be identified in a script by checking the varInputSource field value. A keep-alive message uses a value of "3".
The keep-alive messages can be forwarded to another host to tell it that "All is well".
Rules Rule: Send keep alive message Filters Priority: Match Syslog.Info only Actions Action: Forward to host (send to another host via a syslog message) Action: Stop processing (Exits the rule engine here) Other Rules here...
Because we are using the "Stop processing" action, the keep alive messages won't be seen by any other rules below this one. The priority filter will match the "Syslog.Info" priority, then the action will be taken (forward message) then the rule engine will discard the message and wait for the next one to arrive.