Adding more advanced correlation to nagios with sec (any interest?)

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Wed Jul 9 00:20:18 CEST 2003


Dear Sir,

I am writing to thank you for your letter and comment about the last
little iota (unfortunately, I need to think about your proposal far more
before remarking on it).

On Sat, Jun 28, 2003 at 03:48:16PM -0400, John P. Rouillard wrote:

> 
> Note, there is a issue with sec in that ;'s can't be embedded in its
> action commands. This is a problem since nagios' passive commands are ;
> delimited. There should be a new version of sec out (2.1.8) once
> testing is complete that addresses this issue.
>

Indeed 2.1.8 addresses these issues beautifully eg from my sec.conf
that is in the process of disintermediating my /bin/sh trap handlers
(bliss)

type=PairWithWindow
desc=Alarm threshold crossed.
ptype=RegExp
pattern=:\s+(\S+?): .+?\(RMON-MIB::risingAlarm\) Uptime: .+?,(.*)
action=assign %i $1;            \
   assign %o Failed. Potential problem (broadcast storm or congestion
            ?): monitored value exceeded alarm threshold. $2; \
   eval   %h ( require
'/usr/local/nagios/etc/alarm_hostnames.pl'; $ip2NagName{'%i'}; );    \
   write  /usr/local/nagios/var/rw/nagios.cmd ([%u] 
PROCESS_SERVICE_CHECK_RESULT;%h;%s;2;%o)

The wrapping makes a mess, but I think you get the picture:
 action=write NagCmdQueue ( [%u]PROCESS_SERVICE_CHECK_RESULT;foo;bar;..)
 
> 				-- rouilj
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>

Yours too ?
 

Once again, this is simply a fantastic assist for Nagios. Thank you for
mentioning it.

Yours sincerely.

-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps




More information about the Developers mailing list