Hi,
> Uhmm .. I am reading the docs about SEC, but it only speaks about
> event correlation ... How do you do to check if syslog is receiving
> data??
essentially you set up SEC to watch for the syslog log file where the data are
supposed to go, set up a 'Single' rule that creates a context with a lifetime
of your choice that has a shellcmd attached to it that sends a mail if it
expires.
The context will be refreshed everytime a message comes in. If no message
arrives for your given expiry period, it will send a mail.
You can use this as a sample to start with:
type = Single
ptype = RegExp
pattern = .*
desc = Heartbeat received
action = create HEARTBEAT_ACTIVE 720 \
shellcmd /bin/echo 'Alert!' | /bin/mail -s test
[email protected]
Not very sophisticated (and I have not tested it, so it might contain errors),
but something very similar to it should do the trick.
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
