It would be nice if the agent could alternatively run a script instead of tailing a file that would return event data on stdout. This would allow someone to roll a script to watch a collection of files in a directory or whatever they want and send events via stdout.
There should be auto log rotation that is settable via the frontend. This should also be accompanied with a database maintenance script that can compress the events table for innodb support.
Given that the delete command removes rows from the database but does not free innodb pool space, over time the database will become very bulky and fragmented. There should be some way to dump the events table and then reload it to recover the innodb pool space and defragment the data. This could be done via a frontend trigger or a backend task... don't know yet. Just a thought.
The hostname field has a validation for FQDN only. This fails if the last section of the hostname doesn't include a valid TLD like .com or .net.
This needs to allow for localhost and localdomain at the very least. Assuming that the person setting up cistern knows what they are doing, we can probably pull that validation check.
Removing an agent should remove logtype associations and all events keyed to that agent.
Removing a logtype should remove all agent associations and all static entries keyed to that logtype.
When static entries are removed all events for that static entry should be removed.
The data should expand above the event because a large stack trace makes it hard to see the event data without scrolling. Maybe a nice slide open would be good.
I can send log events with any logtype_id for an agent and the event will be logged. This causes two problems:
If the agent is not a member of the logtype then there is no way to do cross association filtering and metrics
if the logtype doesn't exist, then the event will be shown in the all events view and agent view only and it will cause certain detail views to break.
Proposed Solution: The log collector should verify that the logtype_id in the event is associated to the agent sending the event. If not, punt the event. If so, log it.
When a command such as ps auxx is returned to the server the view doesn't respect spaces and command line columns. The view should respect spaces and columns provided by the command so that columns line up properly.