Support This Project

Tips for Prelude

Clean up old alerts

Note: Be careful ! Deleting old entries may remove important data.

The preludedb-admin command can be used to suppress alerts, based on some conditions (called criteria). 

# preludedb-admin delete --alert-criteria "alert.create_time <= 2007-06-15" "type=pgsql user=prelude pass=<db_password>"

With recent versions, the syntax has changed: 

# preludedb-admin delete alert --criteria "alert.create_time <= 2007-08-15" "type=mysql user=prelude pass=<db_password>"

This command will delete all alerts prior to 2007-06-15

If you are using MySQL and got the following error: 

retrieving alert ident failed: The total number of locks exceeds the lock table size.

Then edit MySQL configuration file and try increasing innodb_buffer_pool_size.

See http://mrothouse.wordpress.com/2006/10/20/mysql-error-1206/ for some details.

Replicating a database to another

The preludedb-admin tool has a copy mode. 

# preludedb-admin copy alert "type=pgsql name=prelude user=prelude pass=***** host=192.168.1.101" "type=mysql name=prelude user=prelude pass=****** host=192.168.1.104"
# preludedb-admin copy heartbeat "type=pgsql name=prelude user=prelude pass=***** host=192.168.1.101" "type=mysql name=prelude user=prelude pass=****** host=192.168.1.104"

Suppressing Cron alerts

By default, Prelude-LML sends an alert every time a cron job is executed (since there is effectively a login). While this can be interesting sometimes, we can suppress it to remove some "alert noise" every 5 minutes or similar.

Create a file /etc/prelude-lml/ruleset/cron.rules: 

# Ignore cron jobs

#LOG:Apr 20 11:55:01 piche CRON[23295]: (pam_unix) session opened for user root by (uid=0)
regex=CRON\[\d+\]: \(pam_unix\) session opened for user; \
	 silent; \
	 last

#LOG:Apr 20 11:55:01 piche CRON[23293]: (pam_unix) session closed for user root
regex=CRON\[\d+\]: \(pam_unix\) session closed for user; \
	 silent; \
	 last

Edit /etc/prelude-lml/ruleset/pcre.rules and add the following line before rules concerning PAM (a cron alert is matched by the PAM regex): 

regex=CRON;                             include = cron.rules;
regex=[Pp][Aa][Mm]_;                    include = pam.rules;

Restart LML, and enjoy the silence :)