<br>
<br><br><div class="gmail_quote">On Wed, Jun 6, 2012 at 2:16 AM, Joseph Hardeman <span dir="ltr"><<a href="mailto:jwhardeman@gmail.com" target="_blank">jwhardeman@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Eero,<br><br>I had to go to the archives on SourceForge to see your reply. I am not getting emails from the list.<br><br>No, unfortunitely that won't work. I am looking for a plugin that will query the SSM IPS module for any security breach attempts or that will monitor a log file from syslog-ng capturing the SSM syslog data and will then send either an SNMP trap or trigger a passive alert.<br>
<br></blockquote><div><font face="courier new,monospace"><br>If you are happy to "tail" the syslog you can just use the Nagios check_log plugin.<br>With a custom service. i see from the above the syslog file in on the Nagios server.<br>
<br>some sort of service like this applied to the device.<br><br>define service {<br> name check_local_syslog<br> command $USER1$/check_log --filename=/path/to/syslog/$HOSTNAME$ -some other option (sorry i dont have access to man at the moment)<br>
}<br><br clear="all"></font>--<br><-- <a href="http://23.me.uk/2" target="_blank">http://23.me.uk/2</a> --><br><--Time flies like an arrow; fruit flies like a banana. --> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I found where people talk about monitoring their Cisco devices that have SSM IPS modules, but no examples so far.<br><br>Thanks for thinking of that app. :-)<br><br>Joe<div class="HOEnZb"><div class="h5"><br><br><div class="gmail_quote">
On Tue, Jun 5, 2012 at 12:51 AM, Joseph Hardeman <span dir="ltr"><<a href="mailto:jwhardeman@gmail.com" target="_blank">jwhardeman@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Everyone,<br><br>I have been looking around and am hoping that someone can help me out. I recently got a Cisco 5520 with a SSM-20 module (latest code and Signatures) that I need to start monitoring. I have been looking but I have not found a script that will help me monitor this via SNMP.<br>
<br>We are looking to use Nagios to capture any security breachs or attempts that are captured by the SSM module and its analysis engine.<br><br>We do have this device sending Syslog data to the Nagios system, so if there is a way to parse or tail this log to watch for the events that would be helpful too.<br>
<br>Thanks in advance.<br><br>Joe<br>
</blockquote></div><br>
</div></div><br>------------------------------------------------------------------------------<br>
Live Security Virtual Conference<br>
Exclusive live event will cover all the ways today's security and<br>
threat landscape has changed and how IT managers can respond. Discussions<br>
will include endpoint security, mobile security and the latest in malware<br>
threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br>
Nagios-users mailing list<br>
<a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a><br>
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.<br>
::: Messages without supporting info will risk being sent to /dev/null<br></blockquote></div><br>