SEC and Nagios for log monitoring

Brian Huffman bhuffman at incyte.com
Thu Dec 9 13:41:41 CET 2004

Previous message: SEC and Nagios for log monitoring
Next message: SEC and Nagios for log monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you!  Forwarded to list so that others may benefit...


-----Original Message-----
From: Stanley Hopcroft [mailto:Stanley.Hopcroft at IPAustralia.Gov.AU] 
Sent: Wednesday, December 08, 2004 7:27 PM
To: Brian Huffman
Subject: Re: [Nagios-users] SEC and Nagios for log monitoring

Dear Sir,

I am writing to thank you for your letter and say,

On Wed, Dec 08, 2004 at 10:04:37AM -0500, Brian Huffman wrote:
> Thanks much!  Sorry for all the mime crap.  :-(  Forgot to switch to
> plain text.  

thank you for your gracious reply (Nag-users in digest is almost 
unusable because of the proliferation of multi-part. Lucky your letter 
had intrinsic interest ..)

> 
> I take it that you're using a perl script 'alarm_hostnames.pl' that
> converts the IP address to usable nagios name...

Yes; exactly. This is the only kludgey part of them working together: 
the need to translate to Nagios hostnames and service names.

Here is an extract

# Revision 1.1  2003-07-08 13:43:15+10  anwsmh
# Initial revision
#

# coming soon: the hash map between IP Address and the Nagios host name

# ip_address --> Nagios host name

# Note that all vars must be global

%ip2NagName = qw(
    10.0.0.1    DBR21-C5K-1
    10.0.0.2    SCBR21-C5K-2
    10.0.0.98   FastIron
    10.0.0.25   DS1R21-C29-25
    10.0.0.30   DNR21-C29-30

 ...

> Do you also use
> syslog-ng? 

No. Otherwise there would be a case for ncsa or friends since SEC would 
be monitoring remote hosts syslogs.

  /usr/local/bin/sec.pl -conf=/usr/local/nagios/etc/sec.conf -detach 
-pid=/var/run/sec.pid -tail        \
                        -syslog=local0

\
                        -input=/var/log/snmptrapd

\
                        -input=/var/log/routers

ie SEC monitors traps and router messages logged by syslog.

> If so do you modify the template at all to make it easier to
> pull out things like the hostname?
>

Only through ignorance of the need to. This is a network of <= 1500 
hosts (mostly PCs) clustered in mainly one campus. All servers do their 
own monitoring - Nag does network nodes and stuff that others can't do.


> Thanks,
> Brian
> 
>

Have a look at the James Brown SEC tutorial, the SEC FAQ (this is the 
document that helps one see the difference between events and 'messages'

in a log).

The SEC users list is low volume (& far less noise than Nag users) and 
quite helpful.

Yours sincerely. 

-- 
Stanley Hopcroft

IP Australia
Ph: (02) 6283 3189  Fax: (02) 6281 1353
PO Box 200 Woden  ACT 2606
http://www.ipaustralia.gov.au


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: SEC and Nagios for log monitoring
Next message: SEC and Nagios for log monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list