OSSEC Alerts Via Nagios
693 views
Skip to first unread message
Dave Stycos
Dec 13, 2009, 11:14:27 AM12/13/09
to ossec...@googlegroups.com, osse...@googlegroups.com
Here's a shell script that will take an OSSEC alert and convert it to a
Nagios passive service event.
Install the script as an Active Response handler, then add a passive
service check in Nagios for all the hosts that have OSSEC agents. The
agent name must match the Nagios host name. Currently, the script
requires OSSEC and Nagios to be running on the same server.
I like funneling events through the Nagios notification system for a
couple of reasons: 1) Nagios' notification system is far more
sophisticated; 2) All notification configuration is handled in one
place; 3) Because ISP's are trying to defeat spamming, more are are
requiring SMTP traffic to be authenticated and/or use non-standard
ports, and OSSEC doesn't not provide this configurability (that I've seen).
Enjoy.
- Dave Stycos
Nagios passive service event.
Install the script as an Active Response handler, then add a passive
service check in Nagios for all the hosts that have OSSEC agents. The
agent name must match the Nagios host name. Currently, the script
requires OSSEC and Nagios to be running on the same server.
I like funneling events through the Nagios notification system for a
couple of reasons: 1) Nagios' notification system is far more
sophisticated; 2) All notification configuration is handled in one
place; 3) Because ISP's are trying to defeat spamming, more are are
requiring SMTP traffic to be authenticated and/or use non-standard
ports, and OSSEC doesn't not provide this configurability (that I've seen).
Enjoy.
- Dave Stycos
Reply all
Reply to author
Forward
0 new messages