In message <782c7f85de5d994f9da1bc1cad2fdf8e15691...@pm1coexm01.ad.nyx.com>,
Joseph Guanzon writes:
>I'm trying to look for a monitoring tool that I can integrate with other
>monitoring tools like HP Openview, HP OVO, Geneos Active Console ( ITRS )
>and BMC Patrol and I can also configure to generate ticket automatically.
SEC was originally written to be a correlation engine for hp openview.
A plugin in the contrib section reads:
SEC plugin for HP OV ITO/Operations (contributed by Risto Vaarandi).
This program reads events from HP OV ITO (now known as HP OV Operations)
server or agent event stream and writes them to standard output. Its main
task is to act as a link between ITO and an external message processing
application (e.g., a correlation engine). The program has been tested with
ITO 5.3, 6.0, 7.1 and 8.1
>Our office is current using several tools to monitor servers status
>and logs and another for the network side. I am trying to find a way
>to incorporate the alerts into a single tool that is also capable of
>summarizing multiple events for example when using Geneos ITRS it
>search for a specific keyword on the server logs, if it sees 1000 of
>said keyword it would flood you with all those as alerts instead of
>alerting that the said keyword was detected 1000 times.
>Has anyone ever tried using SEC to integrate with other monitoring tools?
I created some patches for nagios 2.x to have sec act as an external
correlation engine expanding on nagios' capabilities. Because they
were not accepted for Nagios 3.0 and would require extensive changes
to the abi I have not updated them until nagios provides support for
the types of data that the plugin needs to store for each service.
Plus it is easy to use sec for log analysis and then generate passive
events into nagios for alert management.
>Would it be possible to do so?
It depends on the tool you want to use it with and its capabilities.
Many systems don't play well with external components, but you can
oten have sec generate traps or events using the systems native tool
to allow sec to interoperate.
I have also heard of Sec sending notifications into a ticket system
(to open and close) tickets. I think they mentioned something about
building a rest client library to do it. Not sure which ticketing
system it was or if they had some middleware in there somewhere. Also
some ticketing systems can use email to support ticket manipulation
(roundup, rt with some addons...).
Given the lck of detail as to what you want it's kind of difficut to
respond except in a general "yes" way.
>Can anyone suggest a good front end to work with SEC?
Not really I use straight text files and generate configs for sec from
templates.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
