Hi , i am a noob with sec, i already have a rsyslog sending all logs to
elasticsearch, but i want that some specific events sec triggers a mail to
me.
Maybe is a always asked question , but i didn´t find information about
rsyslog sending the logs (without a file) directly to sec.
Thanks in advance
logs
> to a
> file (but not too much), has a dumpfile defined, creates events and
> contexts for
> startup/shutdown/restart, and when rsyslog is sent a HUP to roll it's
> logs, sec
> will get USR2 instead of HUP so it won't do a full shutdown/restart
>
> David Lang
>
hi i been using sec for cisco monitoring and i have to say, it is flawless.
Now i want to tackle a new kind of reporting , events that only get alarm
if the cancelation event do not come in 10 min.
This is posible with sec?
--
::: (\(\
*: (=' :') :*
i receive an event like this:
Dec 19 09:01:09 10.240.57.150 test0003[34576]: test0003 new critical,
VirtualMachine
and a cancelation like this
Dec 19 09:07:06 10.240.57.150 test0003[34576]: test0003 cancelled critical,
VirtualMachine
i want if the cancelation didnt arrive in 10 mins i get alarme
Hi , everyone! i have a little problem with rsyslog sending events to sec.
part of my config in the *rsyslog.conf* is ;
$ModLoad omprog
$ActionOMProgBinary /usr/local/bin/sec.sh
*.* :omprog:
my *sec.sh* is
exec /usr/local/bin/sec --conf=/etc/sec/sec.conf --notail --input=-
my */etc/sec/sec
hi i configured a rule on sec , that is feeded by rsyslog , everything is
fine but i am stuck in the dumbest way - the mail sending-
here is my rule:
type=PairWithWindow
ptype=RegExp
pattern=([^\ ]*\ ){2}((\S+):)\W\3\Wnew\W\w+\W+\ \w+
desc=No cancellation event for $3 after 10 minutes
action=pip
Hi SEC users.
I have a question , i have this
type=PairWithWindow
ptype=RegExp
pattern=\w{3}\W*\d{1,2}\W\d{2}\W\d{2}\W\d{2}\W\d*\W\d*\W\d*\W\d*\W\W*something:\Wstarted\W(.*)\W\W
(.*)
desc= $1
action=pipe '%s' telegram -C '$1 something something $2 ';pipe '%s' mail -s
'$1' somem...@someserver.com
p
