Good SEC rules for Cisco devices (to submit passive service check results).

Stanley Hopcroft stanleyhopcroft at gmail.com
Fri Aug 4 04:12:09 CEST 2006


Dear Folks

Could anyone point me at a list or archive of SEC (Simple Event
Correlator rules) for Cisco devices (partic switches and routers. Not
interested in IDS, PIX etc) ?

There are situations that one would like to monitor that depend on
sequences of events. It is not easy to see how a one-shot service
check could react to the state of the event sometime before the
current check.

SEC on the other hand lets one react to events that consist of for
example two log messages that occur within 5 minutes of each other.

SEC allows very flexible responses once an event is recognised. It is
easy for SEC to submit a passive service check result for example.

To give a flavour of the power of this approach,

Here are some syslog-ng messages showing an OSPF neighbour failure

156018 brurt200 syslog-notice 2006-08-02 02:16:45 134780:
%OSPF-5-ADJCHG: Process 1, Nbr 10.255.255.23 on Tunnel0 from LOADING
to FU
LL, Loading Done
156017 mtart200 syslog-notice 2006-08-02 02:16:43 234: Aug 1 16:16:42:
%OSPF-5-ADJCHG: Process 1, Nbr 10.255.255.23 on Tunnel0 from
LOADING to FULL, Loading Done

155796 mtart200 syslog-notice 2006-08-02 01:40:49 231: Aug 1 15:40:49:
%OSPF-5-ADJCHG: Process 1, Nbr 10.255.255.23 on Tunnel0 from
FULL to DOWN, Neighbor Down: Dead timer expired
155795 brurt200 syslog-notice 2006-08-02 01:40:49 134777:
%OSPF-5-ADJCHG: Process 1, Nbr 10.255.255.23 on Tunnel0 from FULL to
DOWN,
 Neighbor Down: Dead timer expired


It is quite clear that when in this case, both neighbours fail (the
second pair) that the end node 10.255.255.23 is really kaput.



Thank you,

Yours sincerely.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list