On Thu, Aug 30, 2007 at 11:11:17AM +1000, [EMAIL PROTECTED] wrote: > Dear Risto > > (Thank you very much for SEC, the king of event correlators). I also thank you, SEC saves my SA staff a lot of trouble every day. > > From: Risto Vaarandi <[EMAIL PROTECTED]> > > Subject: [Nagios-users] Log monitoring with Nagios - recommendations? > > hi all, > > > > few weeks ago I posted a question to this list about passive service > > checks - I was actually experimenting with Nagios as an event log > > monitoring GUI. I am tracking event logs with SEC and also > > sending out > > alerts with it, but I would still like to see correlated log > > messages in > > Nagios web interface as well. > > > > I used to use (and enjoy) SEC to inject passive service check results > to Nagios.
I also do this, but it forces me to define a different check for every thing that I might see - because if I submit a second, different bad result (like a different system error message for a "syslog" check) it'll overwrite the last submitted results. There are ways around this on the SEC side if you want to keep state, but you'd probably like people to be able to wipe events clear independently on the Nagios side (like with a passive submission from the CGI) and not have that old result come back. I hate to state that like it's fact when I'm at best an intermediate Nagios admin, no expert. Am I overlooking anything here? You could have a feedback loop between Nagios logs and SEC that helps detect the passive submission that clears your prior alerts, but that seems overly complicated. If it was like a traditional NMS that just accepts arbitrary events, then it might be more like what Risto is looking for. What exactly are your needs, Risto? -- Nate All data leaves a trail. The search for data leaves a trail. The erasure of data leaves a trail.The absence of data, under the right circumstances, can leave the clearest trail of all. Dr. Kio Masada ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
