On Thu, Dec 22, 2011 at 1:21 PM, Kaushal Shriyan
<kaushalshri...@gmail.com>wrote:
> + simple-evcorr-users@lists.sourceforge.net
>
>
> On Thu, Dec 22, 2011 at 1:19 PM, Kaushal Shriyan <kaushalshri...@gmail.com
> > wrote:
>
>>
>>
>> On Thu, Dec 22, 2011 at 1:10 PM, Risto Vaarandi <risto.vaara...@gmail.com
>> > wrote:
>>
>>> > The following NEW packages will be installed:
>>> > sec
>>> > 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
>>> > Need to get 0B/74.1kB of archives.
>>> > After this operation, 360kB of additional disk space will be used.
>>> > Selecting previously deselected package sec.
>>> > (Reading database ... 50113 files and directories currently installed.)
>>> > Unpacking sec (from .../archives/sec_2.4.2-1_all.deb) ...
>>> > Processing triggers for man-db ...
>>> > Processing triggers for ureadahead ...
>>> > Setting up sec (2.4.2-1) ...
>>>
>>> Unfortunately, since Ubuntu 10.04 came out almost two years ago, the
>>> SEC version for this distro is merely 2.4.2 which is almost 4 years
>>> old. If you would like to get support for many of the newer features,
>>> I'd recommend to do the installation from source. Unfortunately, SEC
>>> Debian packages are not updated very frequently :(
>>> with kind regards,
>>> risto
>>>
>>
>> Thanks Risto, Yeah I have downloaded sec-2.6.1.tar.gz from
>> http://simple-evcorr.sourceforge.net/ and uncompressed the tarball and
>> copied sec perl script to /usr/bin/ directory.
>>
>> root@hostlogserver:~# sec -v
>> SEC (Simple Event Correlator) 2.6.1
>> Copyright (C) 2000-2011 Risto Vaarandi
>>
>> This program is free software; you can redistribute it and/or
>> modify it under the terms of the GNU General Public License
>> as published by the Free Software Foundation; either version 2
>> of the License, or (at your option) any later version.
>>
>> This program is distributed in the hope that it will be useful,
>> but WITHOUT ANY WARRANTY; without even the implied warranty of
>> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> GNU General Public License for more details.
>>
>> You should have received a copy of the GNU General Public License
>> along with this program; if not, write to the Free Software
>> Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>> 02110-1301, USA.
>> root@hostlogserver:~#
>>
>> I am still looking at
>> http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html and yet
>> to get to speed and set it up and if i get into issues i would post here in
>> this Mailing List.
>>
>> Regards,
>>
>> Kaushal
>>
>
>
Hi
I have set the below in /etc/sec.conf. is there a way to have SMS based
alerting system given below the configuration. For example if there is a
Hard Disk or RAM issue it would alert the admin person.
###
# /etc/sec.conf
#
##
# Suppress Workstations
#
type=Suppress
ptype=regexp
pattern=\S+\s+\S+\s+\S+\s+(tpr|dpr|bpr|pre)
##
# Combine unknown errors by daemon each hour and report
#
type=Single
ptype=regexp
pattern=\S+\s+\S+\s+\S+\s+(\S+)\s+(\w+).*:\s+(.*)
desc=$1 $2
context=!$1_$2
action=create $1_$2 3600 (report $1_$2 /usr/bin/mail -s \
"LogAlert: $2 errors summary" kaus...@webaroo.com); \
pipe '$0' /usr/bin/mail -s "LogAlert: $2 error, suppressing similar for 1
hour" kaus...@webaroo.com
type=Single
ptype=regexp
pattern=\S+\s+\S+\s+\S+\s+(\S+)\s+(\w+).*:\s+(.*)
desc=$1 $2
context=$1_$2
action=add $1_$2 $0
Regards
Kaushal
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
