The problem can usually be solved simply by forwarding the log file to OpenNMS through syslog, but what for logs generated by applications that don't speak syslog or if you don't want to configure syslog forwarding?
Collectd Tail plugin comes to the rescue. Collectd is an interesting monitoring agent which basically can be integrated with anything, even though I think it is primarily used together with Graphite.
Since Collectd does not natively speak any of the protocols supported by OpenNMS integration has to be done some through some sort of scripting.
Solution OverviewI installed Collectd (5.2, custom built rpm, thanks fpm!) on the host running the application and configured collectd to tail the log file and look for lines matching certain patterns. Whenever a line matches, a counter is incremented and if the value exceeds a threshold an external notification script is invoked. In my case I want to be notified of every single occurrence so the threshold condition is: value != 0
The notification script then forks out a call to OpenNMS'own send-event.pl. In OpenNMS I have configured a notification connected to the event UEI which sends out alerts to our support personnel.
NotesTo accept events from other hosts eventd has to be configured to listen on all ip addresses (by default it binds only to 127.0.0.1). Since this can pose a security risk iptables should be used to restrict access.
The configuration file in the example above instructs Collectd to use standard output for logging and to write values out to a csv file in /tmp: I left them in so that those unfamiliar with Collectd could run collectd in foreground to figure it out, but you should disable both in production.