Log monitoring with SEC and Nagios. [SEC=UNCLASSIFIED]

[Andreas Ericsson]

Nate Campi wrote:
> On Thu, Aug 30, 2007 at 11:11:17AM +1000, Stanley.Hopcroft at Dest.gov.au wrote:
>> Dear Risto
>>
>> (Thank you very much for SEC, the king of event correlators).
>  
> I also thank you, SEC saves my SA staff a lot of trouble every day.
>  
>>> From: Risto Vaarandi <risto.vaarandi at seb.ee>
>>> Subject: [Nagios-users] Log monitoring with Nagios - recommendations?
>>> hi all,
>>>
>>> few weeks ago I posted a question to this list about passive service 
>>> checks - I was actually experimenting with Nagios as an event log 
>>> monitoring GUI. I am tracking event logs with SEC and also 
>>> sending out 
>>> alerts with it, but I would still like to see correlated log 
>>> messages in 
>>> Nagios web interface as well.
>>>
>> I used to use (and enjoy) SEC to inject passive service check results
>> to Nagios.
> 
> I also do this, but it forces me to define a different check for every
> thing that I might see - because if I submit a second, different bad
> result (like a different system error message for a "syslog" check)
> it'll overwrite the last submitted results. There are ways around this
> on the SEC side if you want to keep state, but you'd probably like
> people to be able to wipe events clear independently on the Nagios side
> (like with a passive submission from the CGI) and not have that old
> result come back. I hate to state that like it's fact when I'm at best
> an intermediate Nagios admin, no expert. Am I overlooking anything here?
> 

There is an option to log and (re)alert on every change in plugin output
in nagios. I can't remember off of the top of my head what the option is
named, but 5 minutes with the object config docs should tell you.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null