We are generating inputs.conf configs programmatically with puppet or chef.
We have a directory tree with a bunch of files we want monitored, and a bunch we don’t.
in this example:
In real life:
Our options as I see them:
Option A: many specific monitors for good apps
QUESTION 1a: if there are 40 of these monitors on a given machine, will it be very slow? 80? 100?
Option B: one monitor with a wild card, and a black list
blacklist = (badapp1|badapp2)
QUESTION 1b: with a long (10-20 elements) blacklist regex, and the wildcard describing 40+ directories, is this going to be very slow?
It is hard to tell, this should be similar. But I have no tests and measures to validate that.
If you expect to have an ever growing list of folders, I think that the whitelist/blacklist approach is easier to maintain.