hi Jason, the messages you are seeing just illustrate what John said - since Activestate does not emulate UNIX environment in a proper way, you are seeing warning messages for missing signals. There are other caveats as well (like 'spawn' action not working properly).
The experience with Activestate is really mixed - 4-5 years ago I discovered that SEC tends to crash after running for about 2-24 hours, and several other users noticed this problem as well. However, I got an encouraging report from one user last fall (see below). I think it really depends what features you would like to use - if these features don't include anything that Activestate warns you about, *and* tests in your environment indicate that SEC runs without problems for longer periods of time, feel free to go with Activestate. If that's not the case, I'd strongly recommend to take some time for cygwin deployment - several SEC features just can't be implemented with Activestate. best regards, risto P.S. Here's the report I received last September: Subject: Re: about SEC From: Olivier Jan Date: Thu, 20 Sep 2007 13:52:00 +0200 To: Risto Vaarandi Risto, I'm using one of the latest ActivePerl (5.8.8.820) on all windows platforms i listed in my precedent mail. It's right, i have some warnings about missing signals when i start sec, only when i start it manually in a dos window. When i start it with AutoexNT, no window and no warning are logged in sec.log. Just a perl process created and alive. There's now 3 months that i've it running without any single crash. The rules are fairly simple and are only SingleWithScript and Single types. The conf for sec is about 100 rules. I use sec to send alert to nagios (action shellcmd to send_nsca) and all is working pretty well for now. You can, of course ;-) forward all this discussion to the mailing-list if you feel it can interest people. Best regards Olivier Risto Vaarandi <[EMAIL PROTECTED]> a écrit : > hi Olivier, > thanks for the feedback! In fact, several users have > experienced some problems in the past having SEC > running on top of ActivePerl (I recall several posts > from the mailing list from 2002-2003) - SEC used to > crash, and ActivePerl didn't emulate well some > functions and macros of UNIX perl. Also, one usually > got some warnings about missing signals at SEC > startup. Have you seen such warnings? Anyway, I > suppose ActivePerl has changed a lot over the last few > years, and it might provide a much better emulation of > various functions, macros and signals not present on > Windows operating system platform. > May I ask what version of ActivePerl you are using and > how long have you been running SEC on top of it? Also, > do you have a large rule set for monitoring log files > with complex action lists? > br, > risto > P.S. Can I forward my reply to the SEC mailing list? > Your message might be interested to list members as > well :) > >> Hello, >> >> And first of all a big thank you for such a nice and >> efficient tool >> you've made with SEC. I'm using it as my "official" >> log scanner and >> correlation engine for Nagios and it works really >> well. >> >> I'm just finishing a windows deployment and can say >> to you that SEC is >> performing well on windows platforms with >> ActivePerl. >> >> My tests : >> >> Windows Server 2003 >> Windows XP and Vista >> Windows server 2008 server aka longhorn >> >> All those four in both 64 ou 32 bits version >> >> Maybe those informations will be interesting for >> you... Don't hesitate >> if you need more precisions about the test i'v done >> on these platforms. >> >> Have a nice day >> >> Olivier Jan >> >> > ---------------------------------------------------------------- > sec worked for windows with cygwin no problem at > all. just when deploying > sec across a few hundred servers it would be helpful > not to also have to > deploy cygwin. still no luck with activestate under > windows. > > C:\>sec.pl > SEC (Simple Event Correlator) 2.4.2 > No such signal: SIGUSR1 at C:\sec.pl line 7966. > No such signal: SIGUSR2 at C:\sec.pl line 7969. > > > > On Sun, Apr 13, 2008 at 9:20 PM, John P. Rouillard > <[EMAIL PROTECTED]> > wrote: > > > > > In message > <[EMAIL PROTECTED]>, > > "Jason N. Meiers" writes: > > >Is there a windows version of sec available? > > > > Sec is a perl script, so it's platform independent > provided you have > > the interpreter. > > > > I have run it under cygwin perl quite > successfully. No difference > > from running it under Linux IIRC. > > > > I believe people have run it under Activestate > Perl with the caveat > > that sending signals to it to reload, dump state > etc is different or > > may be impossible. > > > > -- > > -- rouilj > > John Rouillard > > > > > =========================================================================== > > My employers don't acknowledge my existence much > less my opinions. > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 > JavaOne(SM) Conference > Don't miss this year's exciting event. There's still > time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone> _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
