Harnessing IDS (snort snort) to Nagios. Was: dry alarm contact monitor?

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Sat Feb 7 09:32:14 CET 2004

Previous message: Notification problem
Next message: Unclear on mapping of passive checks to state changes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Sir,

I am writing to thank you for your letter and say,

On Fri, Feb 06, 2004 at 08:18:44PM -0800, nagios-users-request at lists.sourceforge.net wrote:

> Date: Fri, 6 Feb 2004 16:03:15 -0700 (MST)
> From: "Matt Sturtz" <nagios at matthouse.com>
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] dry alarm contact monitor?
> 
> Hello,
> 
> We have (like lots of other people, I'm sure) a cabinet at a colocation
> facility...  I want to have some intrusion detection (IE magnetic door
> contacts).  Anybody doing something like this with Nagios?
>

I think this is an example of the general question of having remote
sensors or applications report 'alarms' to Nagios or put another way 'of
integrating Nag with other software' (see docs for example of
integrating ArcServe with Nag).

The answer is 'it depends' on how the "magnetic door contacts" sensors
report their findings

=> snmptrap: easi-peasi, see the ArcServe example

=> log file: easi peasi, have some high class log analysis daemon like
             Sec (see SourceForge), Swatch or the RuleCore process the
             logs, and apply any necessary business logic (don't
             bother if it's a staff card that opens the door unless its
             the reactor door [open the door, Hal]) before submitting
             passive service checks to Nag (maybe with NCSA)

=> look at a distributed monitoring setup and run a Nag reporter that
runs active checks (such as check_log) on the host near the sensor and 
monitors (in some way) its reports.

http://www.nagios.org/download/extras.php has some more ideas.

Out of the box solutions ? prob none.
Doable with not too much work ? Certainly.

> -Matt-

Yours sincerely.

-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.

-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Notification problem
Next message: Unclear on mapping of passive checks to state changes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list