Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]

Nate Campi nate at campin.net
Thu Aug 30 06:22:17 CEST 2007

Previous message: Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]
Next message: Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 30, 2007 at 11:11:17AM +1000, Stanley.Hopcroft at Dest.gov.au wrote:
> Dear Risto
> 
> (Thank you very much for SEC, the king of event correlators).

I also thank you, SEC saves my SA staff a lot of trouble every day.

> > From: Risto Vaarandi <risto.vaarandi at seb.ee>
> > Subject: [Nagios-users] Log monitoring with Nagios - recommendations?
> > hi all,
> > 
> > few weeks ago I posted a question to this list about passive service 
> > checks - I was actually experimenting with Nagios as an event log 
> > monitoring GUI. I am tracking event logs with SEC and also 
> > sending out 
> > alerts with it, but I would still like to see correlated log 
> > messages in 
> > Nagios web interface as well.
> >
> 
> I used to use (and enjoy) SEC to inject passive service check results
> to Nagios.

I also do this, but it forces me to define a different check for every
thing that I might see - because if I submit a second, different bad
result (like a different system error message for a "syslog" check)
it'll overwrite the last submitted results. There are ways around this
on the SEC side if you want to keep state, but you'd probably like
people to be able to wipe events clear independently on the Nagios side
(like with a passive submission from the CGI) and not have that old
result come back. I hate to state that like it's fact when I'm at best
an intermediate Nagios admin, no expert. Am I overlooking anything here?

You could have a feedback loop between Nagios logs and SEC that helps
detect the passive submission that clears your prior alerts, but that
seems overly complicated. If it was like a traditional NMS that just
accepts arbitrary events, then it might be more like what Risto is
looking for.

What exactly are your needs, Risto?
-- 
Nate

All data leaves a trail. The search for data leaves a trail. The erasure of
data leaves a trail.The absence of data, under the right circumstances, can
leave the clearest trail of all.                             Dr. Kio Masada

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]
Next message: Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list