[prev in list] [next in list] [prev in thread] [next in thread] 

List:       swatch-users
Subject:    Swatch-users digest, Vol 1 #114 - 1 msg
From:       swatch-users-request () ucsb ! edu
Date:       2001-11-03 20:05:02
[Download RAW message or body]

Send Swatch-users mailing list submissions to
	swatch-users@ucsb.edu

To subscribe or unsubscribe via the World Wide Web, visit
	http://ucsb.edu/mailman/listinfo/swatch-users
or, via email, send a message with subject or body 'help' to
	swatch-users-request@ucsb.edu

You can reach the person managing the list at
	swatch-users-admin@ucsb.edu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Swatch-users digest..."


Today's Topics:

   1. new logfile monitoring tool (Risto Vaarandi)

--__--__--

Message: 1
Date: Sat, 03 Nov 2001 13:47:59 +0200
From: Risto Vaarandi <risto.vaarandi@neti.ee>
To: swatch-users <swatch-users@ucsb.edu>
Subject: [Swatch-users] new logfile monitoring tool

hello,

I have released a logfile monitoring tool called 'sec' recently, that 
combines logfile monitoring with event correlation facilities. Like 
swatch, the tool uses regular expressions for recognizing logfile 
patterns. The tool is able to recognize patterns spanning over multiple 
lines, and you can also use named pipe and standard input as input.

Swatch has also some support for event correlation, since it is able to 
suppress repeated lines that match the pattern (i.e., perform 
compression). Sec also implements other common event correlation 
operations, like counting (count the number of matching lines and act 
when certain threshold is exceeded), temporal relationship (correlate 
events depending on the order and/or time of their arrival), etc. Sec 
also supports some features of logsurfer(1) logfile monitoring tool, 
enabling to store events into internal buffers for reporting them at a 
later time.

People who are using sec now have applied it for logfile monitoring, but 
also as event correlation engine for network management systems like HP 
OpenView (sec package contains a plugin for integrating the tool with HP 
OpenView ITO).

If you are interested of sec, have a look at 
http://kodu.neti.ee/~risto/sec/ <http://kodu.neti.ee/%7Eristo/sec/> . 
The tool is available under the terms of GNU GPL.

best regards
risto





--__--__--

_______________________________________________
Swatch-users mailing list
Swatch-users@ucsb.edu
http://ucsb.edu/mailman/listinfo/swatch-users


End of Swatch-users Digest

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic