Adding more advanced correlation to nagios with sec (any interest?)
Stanley Hopcroft
Stanley.Hopcroft at IPAustralia.Gov.AU
Wed Jul 9 00:20:18 CEST 2003
Dear Sir,
I am writing to thank you for your letter and comment about the last
little iota (unfortunately, I need to think about your proposal far more
before remarking on it).
On Sat, Jun 28, 2003 at 03:48:16PM -0400, John P. Rouillard wrote:
>
> Note, there is a issue with sec in that ;'s can't be embedded in its
> action commands. This is a problem since nagios' passive commands are ;
> delimited. There should be a new version of sec out (2.1.8) once
> testing is complete that addresses this issue.
>
Indeed 2.1.8 addresses these issues beautifully eg from my sec.conf
that is in the process of disintermediating my /bin/sh trap handlers
(bliss)
type=PairWithWindow
desc=Alarm threshold crossed.
ptype=RegExp
pattern=:\s+(\S+?): .+?\(RMON-MIB::risingAlarm\) Uptime: .+?,(.*)
action=assign %i $1; \
assign %o Failed. Potential problem (broadcast storm or congestion
?): monitored value exceeded alarm threshold. $2; \
eval %h ( require
'/usr/local/nagios/etc/alarm_hostnames.pl'; $ip2NagName{'%i'}; ); \
write /usr/local/nagios/var/rw/nagios.cmd ([%u]
PROCESS_SERVICE_CHECK_RESULT;%h;%s;2;%o)
The wrapping makes a mess, but I think you get the picture:
action=write NagCmdQueue ( [%u]PROCESS_SERVICE_CHECK_RESULT;foo;bar;..)
> -- rouilj
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
Yours too ?
Once again, this is simply a fantastic assist for Nagios. Thank you for
mentioning it.
Yours sincerely.
--
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------
'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'
from Meditation 17, J Donne.
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
More information about the Users
mailing list