Send events instead of polling for them
Most of existing IPNetwork monitor types are passive, meaning they are being polled by IPNetwork – directly, or via remote network agent. There are two “active” monitors, that perform “Event” type alert, when receiving data from remote host: Syslog monitor and SNMP Generic Trap monitor. Although it’s not possible to transform all possible passive monitors to active, there are several approaches to make monitoring nearly real-time in certain situations. Below are guidelines.
Using syslog relay
Syslog monitor can be used as an intermediate to execute proper alerts when known syslog events arrive.
In general: if you have a Unix-like system (supporting rsyslog) you can use (such as Linux server), you can set up rsyslog daemon to act as events receiver, and configure it to send certain event types to IPNetwork installation (see the link above).
The mentioned rsyslog relay can be used as an event aggregator: direct events to it from whichever hosts can send Syslog, and create an appropriate Syslog monitor for that relay. In practice, it is usually best to begin with a broad Syslog monitor, verify that messages are arriving, and only then narrow the filters to the facilities, senders, or message patterns that matter.
Using Windows Subsystem for Linux
There is a compatibility layer for running Linux user-space tools on Windows, named Windows Subsystem for Linux (WSL). It can still be used as a convenient way to run tools such as logger or other Linux-side helpers on a Windows machine when you need to generate Syslog-style events locally. In practice, though, WSL is best treated as a convenience option for specific setups rather than the default architecture for event delivery.
Using syslog-ng service on Windows
Although Windows does not include a native Syslog sender by default, third-party Syslog forwarders can still be used when needed. One possible option is syslog-ng available through Cygwin, but in this article it is better treated as an example of a relay/forwarder rather than the primary recommendation.
Using inotify
Linux provides a filesystem event facility named inotify that can be used to react when files or directories change — for example, when a file is created, updated, or replaced.
ogether with tools such as incron or other event handlers, this can be used to trigger near real-time Syslog messages whenever a filesystem event of interest occurs, either to IPNetwork Monitor directly or to an intermediate relay.
Putting it all together
The mentioned above means allow generating nearly real-time response from virtually any kind of target operating system. There’s no universal recipe for that; depending on environment you use, certain means mentioned above may be unavailable.
if you have a certain setup in mind, requiring running alerts as soon as possible, please contact us for details.
Do you know other means to generate nearly real-time rsyslog or SNMP trap events? If you know, let us know as well.