Snort/ACID alerts for Nagios

Russell Adams RLAdams at Kelsey-Seybold.com
Tue Jul 1 20:09:41 CEST 2003

Previous message: Snort/ACID alerts for Nagios
Next message: status map, trends, alert histogram not working.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is the type of task I would suggest using a log file monitor like
LogSentry or Logmuncher to alert you with.

I find Nagios/Netsaint better at performing boolean status monitoring,
while context sensitive things like snmp traps, acid, logs, etc should be
handled by other tools.

There's no reason you couldn't have Logmuncher feed Nagios data from a
passive check if you want to go that route.

Russell

On Tue, Jul 01, 2003 at 01:47:16PM -0400, Martin C. Walker wrote:
> Thanks Ted
> 
> I was actually looking for something a little more complex that "yes I 
> got an alert/no I didn't".  What I was thinking of was a SQL query
> or script with a couple of queries that returns an OK, WARN, or CRIT 
> based on some params like
> -alert classification
> -time since alert
> -number of alerts in last check period
> -"weighting" of sensor (e.g. an external sensor should never give a 
> critical alert but a sensor on a DMZ or internal might be critical for 
> same alert)
> 
> What data is in the SNMP trap from Snort and how can I process it in Nagios?
> 
> thanks
> 
> > Snort alerts via SNMP Traps
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when 
> reporting any issue. ::: Messages without supporting info will risk being 
> sent to /dev/null


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Snort/ACID alerts for Nagios
Next message: status map, trends, alert histogram not working.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list