hi, there are three steps here: 1) Install SEC itself -- since currently there is no package file for Solaris, get the source distribution, unpack it, and copy the sec.pl file from the distribution to the /usr/local/bin directory
2) Create a proper startup file for SEC (/etc/rc3.d/S98sec), so that SEC would be started at the next system boot. For that you can use a sample startup file from the distribution -- have a look at contrib/startup.solaris and edit it according to your needs. Basically you have to remove the first 4-5 lines up to #!/bin/bash. Also, the last few lines beginning with "#---------/usr/local/etc/sec/sec.start" should go to a separate file called /usr/local/etc/sec/sec.start 3) Create the /usr/local/etc/sec/sec.rules file and add rules there what you consider important. If you are new to SEC, I would recommend to begin with a couple of Single or SingleWithSuppress rules for monitoring common fault conditions. Basically, the Single rule looks like this: type=Single ptype=RegExp pattern=your_regular_expression desc=$0 action=pipe '%s' /usr/bin/mail -s 'syslog alert' root You have to identify the log messages you want to be alerted on, and then write regular expressions for matching these messages. Unfortunately, there is no out-of-the-box rule file for Solaris at the rule repository, since the things people want to monitor depend on the local environment a lot (log messages that are not so relevant for one site are highly important for other sites). br, risto Gabriele Giorelli wrote: > Hello, > > I want to install sec on a solaris 10 box and then monitor the syslog file > for several patterns. > > Can you please assist on the install and config part? > > thanks, > > > > > > ------------------------------------------------------------------------------ > Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) > software. With Adobe AIR, Ajax developers can use existing skills and code to > build responsive, highly engaging applications that combine the power of local > resources and data with the reach of the web. Download the Adobe AIR SDK and > Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
