Adding more advanced correlation to nagios with sec (any interest?)

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Sun Jun 29 11:57:27 CEST 2003


Dear Sir,

I am writing to thank you very much for bring 'sec'
(http://www.estpak.ee/~risto/sec/) to my attention.

For a long time now I have wanted a means of handling snmp traps 

. without having to write trap handlers - difficult to test and
                                          difficult to ensure that 
                                          the output of the handler
                                          matches a Nag service.

. to allow multiple trap services per host

. to allow basic interpretation of the trap based on either the
  value of the trap or the var-binds


It seems to me that sec, reading the log file of snmptrapd will do this
for me.

Another contender - to trying to hack it myself - was snort but snort is
big, and quite simply, doesn't seem to allow processing outside of yet
another handle as sec does.

Unfortunately, I cannot comment about it's use for event correlation
other than say it sounds a good thing because (in case you didn't
mention it), there is the intriguing possibility of modelling complex
services like business systems whose state is dependent on a number of
processes.

This can be done with dependent services - maybe - but sec sounds like
it could do this better.

Thank you,

Yours sincerely.


-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01




More information about the Users mailing list