Hi,
I'am using SEC in our infrastructure past 2 years and our customers are
extremely happy with the tool.It was all good so far but yesterday experienced
a peculiar issue.
We have SEC rule setup as below:
## Rule:2
## Last Updated At: 2015-03-19T17:39:21.297Z
## Rule:1 Vendor:Cisco BGP
On Mon, 24 Aug 2015, Ganji, Shashirekha Yadav wrote:
Hi,
I'am using SEC in our infrastructure past 2 years and our customers are
extremely happy with the tool.It was all good so far but yesterday experienced
a peculiar issue.
We have SEC rule setup as below:
## Rule:2
## Last Updated At:
On Tue, 25 Aug 2015, Ganji, Shashirekha Yadav wrote:
David,
SEC is perfectly fine is processing other alerts with out any delay.The BGP
alert is an exceptional case we have seen so far from past 2 years which was
alerted with some delay.
just double checking, are you sure that SEC didn't
David,
We are forwarding all devices logs to syslog server and using different
facilities based on the technologies.
I see actual device logs coming around 8:00pm on our syslog local files but
SEC alerted them @00:00hrs with a delay of 4hrs.I see few other events alerted
by SEC in this
David,
Excuse my ignorance.I just checked and it appears that there was delay of 4hrs
for few other events yesterday evening.
But currently events are coming out well.
SO what do u suggest here?
Thanks,
shashi
-Original Message-
From: Ganji, Shashirekha Yadav
Sent: Monday, August 24,
how are the logs getting from syslog to SEC? Is SEC just reading the files that
syslog writes? is syslog writing to stdin on SEC? other?
I would guess that you have syslog writing to file(s) and sec reading those
files. In this case, it was probably that sec was just that far behind in
On Tue, 25 Aug 2015, Ganji, Shashirekha Yadav wrote:
David,
Excuse my ignorance.I just checked and it appears that there was delay of
4hrs for few other events yesterday evening.
But currently events are coming out well.
SO what do u suggest here?
Ok, this makes more sense :-)