Author: Ton Voon Date: To: Opsview development Subject: Re: [Opsview-devel] about log monitoring
Hi Josep,
On 25 Nov 2007, at 10:35, Josep Ruano wrote:
> I think the approach should be, in terms of tools:
> - SEC as the log event correlator, which will send alerts to nagios
> - syslog-ng for centralized log collection
> - some open syslog agent or the paid version of syslog-ng for those
> willing
> to monitor windows logs
This fits with how we see log monitoring evolving.
> I think that opsview should not have a web/gui configuration for SEC
> or log
> monitoring, neither have an automated setup for it. IMHO, opsview
> should
> just have the nagios plugin for integrating sec, and provide
> documentation
> as detailed as possible and examples on how to deploy this log
> monitoring
> environment.
I think this is best as a documented, manual procedure for now. We can
spot opportunities where automation would help as the setup matures.
> **** So, in summary (excuse me for such long mail), I think steps
> should be:
> 1- document how to setup sec and syslog-ng for further integration
> with
> opsview/nagios (it's already documented out there, so it should be
> easy and
> quick to do)
Would you offer to do that? We can get you access on docs.opsview.org.
We would be willing to go through your documentation to make sure it
was valid, by duplicating a setup internally.
> 2- prepare the required nagios plugins for opsview (also almost done
> in the
> links I wrote above, so quick and not difficult again)
Sounds easy. Can you point to a plugin that works 80% for you and
explain what else you need it to do?
> 3- release the new version of opsview ready for log monitoring,
> which means
> including plugin / service check and documentation, documentation,
> documentation
If I'm understanding correctly, a new default servicecheck is created
with this new plugin. Documentation would already be on the website.
In which case, we can definitely ship a release of Opsview where we
can say it "integrates with SEC".
