We use (or are trying to use ;) ) OSSec as a log monitoring app, we use Zabbix (www.zabbix.com) for availability monitoring.
On Tue, 2008-06-03 at 12:15 -0400, Tim Meader wrote: > Hello all, > > I'm trying to use Ossec in a very rudimentary process monitoring > capacity (similar to Nagios or Big Brother). However, everything I've > read so far only applies to process monitoring on Windows systems, > nothing in the manual or wiki references Linux/Unix process monitoring > at all, even though the system_audit_rcl.txt file clearly lists "p" as > one of the types available. Is it possible to use Ossec (1.5) on the > client side to monitor for a particular process running? > > If so, is the check basically done via "ps -ef | grep <process> | grep > -v grep"... where Ossec will just look for any returned lines and accept > those as a positive check? What I'm trying to do is send an alert when a > process does not exist (ie - isn't running). Is there any example out > there for Linux systems that I could look at? I'm quite surprised that > the wiki and manual (and even the book, which we've purchased) make no > mention of such a monitoring scenario. > > Specifically, we need stunnel running on our logging server, and need to > be notified when the process is no longer running. > > Thanks in advance for any and all help.
