monit is good for this sort of monitoring... http://www.tildeslash.com/monit/
On Tue, Jun 3, 2008 at 11:15 AM, Tim Meader <[EMAIL PROTECTED]> wrote: > > Hello all, > > I'm trying to use Ossec in a very rudimentary process monitoring > capacity (similar to Nagios or Big Brother). However, everything I've > read so far only applies to process monitoring on Windows systems, > nothing in the manual or wiki references Linux/Unix process monitoring > at all, even though the system_audit_rcl.txt file clearly lists "p" as > one of the types available. Is it possible to use Ossec (1.5) on the > client side to monitor for a particular process running? > > If so, is the check basically done via "ps -ef | grep <process> | grep > -v grep"... where Ossec will just look for any returned lines and accept > those as a positive check? What I'm trying to do is send an alert when a > process does not exist (ie - isn't running). Is there any example out > there for Linux systems that I could look at? I'm quite surprised that > the wiki and manual (and even the book, which we've purchased) make no > mention of such a monitoring scenario. > > Specifically, we need stunnel running on our logging server, and need to > be notified when the process is no longer running. > > Thanks in advance for any and all help. > -- > > Timothy Meader > L-3 Communications, NASA EOS Security Operations > [EMAIL PROTECTED] > (301) 614-6371 > >
