[Nodebrain-users] RE: project interest
Rule Engine for State and Event Monitoring
Brought to you by:
trettevik
From: Benoit D. <bd...@an...> - 2003-03-10 09:09:17
|
Hi, Thank for your mail. Your examples will help me in building rules... About the count of line, it was a bad example. I have many sort of data source: - syslog files - virus log files - host monitoring (delay, up/down, ...) - ... And I have to centralize these data for many servers. For the moment, I use echelog but I have to run my own script to split mesure and put them in rrdtool db, split syslog lines to retrieve number of email/days, to look at rejected/accepted/dropped lines in firewall netfilter logs and more ... For now, I don't known how doing correlation rules with these data. With a friend, we have defined a language that have many common points with yours. We are thinking this is not a good idea to rebuild a project that exist. So I prefer to test and give you new ideas / patch to put on your project. I do that for echelog project and I think it is a work fine. I do not want to run a undetermined number of processus on the log server and perl is very heavy for memory and cpu. I have read all of your doc (very good work), but my are you using your own encryption, why don't you use SSL with certificates to identify hosts? I propose to build a Makefile. All your source files are loaded in a the nb.c. Is it in your todo list? Benoit -- Benoit DOLEZ GSM: +33 6 21 05 91 69 mailto:bd...@an... |