Nagios-users digest, Vol 1 #1749 - 25 msgs

[Stanley Hopcroft]

Dear Sir,


On Fri, Nov 14, 2003 at 08:15:51PM -0800, nagios-users-request at lists.sourceforge.net wrote:
> 
> From: Noah Leaman <noah at mac.com>
> Subject: [Nagios-users] Using SEC with Nagios for SNMP trap processing
>

I am writing to thank you for your letter and say,
 
> I am thrilled with the prospect of using SEC to process SNMP traps, but 
> I am wondering the best way to send the received trap(s) to sec.pl.
>

have sec.pl read the snmptrapd log file (input=<path to snmptrapd log>
IIRC).


 
> Should I setup a "traphandle default" in snmptrapd.conf to pipe each 
> trap separately to SEC, or use the traphandle to append to a log file 
> then have that log file read by SEC. If it is the latter, then how or 
> when does SEC get instantiated

>  so it can read the file and how does 
> being able to perform time-based correlation come into play with how 
> the traps are read by SEC?
> 

Whoa, one question at a time please so those searching the archives can
find the answers.

About getting trap events to sec: the default settings for snmptrapd
are for it to log decoded (wrt the MIBs you have installed) traps to a
file.

All you need do is have sec use that file as its input.

You do not have to do anything to snmptrapd to take advantage of Sec and
thus rid yourself of managing snmp trap handlers (one last time: trap
handlers do not scale very well. Better approaches (in particluar
order) are these fine open source products from SourceForge

. snmptt 

. sec

. rulecore ? (see Nag archives for a recent post about this)


However, until you decide to get rid of your trap handlers you can use
them and sec at the same time by simply leaving the traphandle defs in
snmptrapd.conf.

Sec will read all the looged traps but only react to those you consider
pattern matches to recognise and rules to process.

These approaches are very important and are the real reason for why
Tivoli is a significant product.

Matching events - logged traps in this case - and providing rules to
process them makes feasable

- significant automation

- business system views (One could have a whole bunch of Nag alerts and
other inputs correlated to produce another event corresponding to the
health of a business system).

- rule based (Knowledge based) inference 


> I know I am missing a part of the puzzle here. Otherwise I think I 
> understand how to integrate SEC into Nagios as far as setting up the 
> passive service and using SEC to write to nagios.cmd.
> 
> --
> Noah
> 

-- 
Stanley Hopcroft



PROPERTY OF JESUS
(Words and Music by Bob Dylan)

Go ahead and talk about him because he makes you doubt,
Because he has denied himself the things that you can't live without.
Laugh at him behind his back just like the others do,
Remind him of what he used to be when he comes walkin' through.

He's the property of Jesus
Resent him to the bone
You got something better
You've got a heart of stone

Stop your conversation when he passes on the street,
Hope he falls upon himself, oh, won't that be sweet
Because he can't be exploited by superstition anymore
Because he can't be bribed or bought by the things that you adore.

He's the property of Jesus
Resent him to the bone
You got something better
You've got a heart of stone

When the whip that's keeping you in line doesn't make him jump,
Say he's hard-of-hearin', say that he's a chump.
Say he's out of step with reality as you try to test his nerve
Because he doesn't pay no tribute to the king that you serve.

He's the property of Jesus
Resent him to the bone
You got something better
You've got a heart of stone'cause


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null