On Sat, Sep 10, 2011 at 6:30 PM, Jason 'XenoPhage' Frisvold <[email protected]> wrote: > On Sep 8, 2011, at 2:29 PM, dan (ddp) wrote: >>> 1 - How to monitor this? I have raised the Agent offline alert to a >>> higher level, but I would like some automated monitoring of this >>> state. >> >> I use nagios. >
I have a bad python script (ossecctl) that does certain ossec related tasks. One of them checks on the status of ossec agents. In nrpe I have check_agents setup to run "ossecctl status agents" and if an agent is not connected it exits 1 (I think, it's a nagios warning) and lists the bad agents. I keep meaning to clean it up a bit to be a bit smarter (check a list to see if the agent is mobile and is allowed to be disconnected, alert at critical after X minutes, etc.). I just haven't gotten around to it. Another change I keep meaning to make is having it check the agent status directly instead of relying on ossec-control. > > I'm interested in how you're doing this.. Can you explain further? > > --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - Niven's Inverse of Clarke's Third Law > > > > > -----BEGIN PGP SIGNATURE----- > > iEYEARECAAYFAk5r5RMACgkQ8CjzPZyTUTTwPQCfX5t0m0eQRihf+ghC5mVr92Xb > J3kAn1+uS3uQKw6O9h4paxCe0EgWFZ9J > =qxyi > -----END PGP SIGNATURE----- > >
