In message <CA+=j5hVvE4kfbEtKV7OzDB13+tdpFYTdFhED0KNn=a537ep...@mail.gmail.com> , Joe Prosser writes:
>Hey Folks, >I'm thinking about ways to get context data out of SEC and into >nagios, and the thought occurred to me of polling SEC on the target >host from nagios using a HTTP (i.e. like read-only REST) interface to >access SEC using the context name to access the context data. > >Has anyone given this any thought? I could write an NRPE agent that >accesses the data via the dumpfile, but this seems suboptimal. Is >there a better way to do this? Well, I implement cli level interfaces that allow me to create/delete contexts. It works by having sec watch a control file to which specifically formatted commands are appended. See: http://www.cs.umb.edu/~rouilj/sec/rulesets/01control.sr and the README.txt for more details. I don't think it would be hard to extend that to dump the contents of a context/query if one exists etc. and send the result to an output pipe. Then a simpl http cgi could query/respond based on a restful like uri. I don't think creating an http daemon (e.g. by calling use HTTP:Daemon) that has access to sec's internal would work as it would disturb/block the flow of data through sec since sec is single threaded. -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
