Hi David, Thanks very much for your response. Yes that was I initial assessment the same as monitoring using SNMP, and yes your example is just what I need though I'm curious to know do you use any front-end gui of some sort? Or all in command line?
Regards, _________________ Joseph Bernard F. Guanzon NYSE Technologies t +1.866.467.4004 -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, August 30, 2012 3:12 PM To: Joseph Guanzon Cc: '[email protected]' Subject: Re: [Simple-evcorr-users] Integarting SEC with other monitoring tools On Thu, 30 Aug 2012, Joseph Guanzon wrote: > Hi Guys, > > I'm trying to look for a monitoring tool that I can integrate with > other monitoring tools like HP Openview, HP OVO, Geneos Active Console > ( ITRS > ) and BMC Patrol and I can also configure to generate ticket > automatically. > > Our office is current using several tools to monitor servers status > and logs and another for the network side. I am trying to find a way > to incorporate the alerts into a single tool that is also capable of > summarizing multiple events for example when using Geneos ITRS it > search for a specific keyword on the server logs, if it sees 1000 of > said keyword it would flood you with all those as alerts instead of > alerting that the said keyword was detected 1000 times. > > Has anyone ever tried using SEC to integrate with other monitoring > tools? Would it be possible to do so? Can anyone suggest a good front > end to work with SEC? It really depends on what you mean by "integrate" anything that can generate a syslog message can feed data into SEC SEC can run a script when an alert is generated, so (with enough work), it's possible to feed SEC alerts into any other tool. As a result, SEC can be "integrated" into any other monitoring system. SEC can be configured to consolodate alerts instead of generating 1000 alerts, so you don't need external tools to do this. I commonly do this sort of thing where I have a set of rules for each pattern I care about 1. alert when the pattern first appears and set a timeout and context 2. while the context from #1 is set, any additional instances of the pattern get added to a report. a second context is set 3. when the timeout hits, if the context from #2 has been set, a new alert is generated, including the report. The report is cleared, the timeout is reset, and the context from #2 is cleared. David Lang Please consider the environment before printing this email. Visit our website at http://www.nyse.com **************************************************** Note: The information contained in this message and any attachment to it is privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to the message, and please delete it from your system. Thank you. NYSE Euronext. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
