[c-nsp] Syslog Solutions
Andrea Montefusco
andrea.montefusco at gmail.com
Sat Sep 5 16:28:16 EDT 2009
Brian Spade wrote:
> Can people recommend a useful solution for syslog, SNMP traps and event
> correlation? I'm not even sure where to start. I know about syslog-ng but
> am looking for a syslog/snmp trap collector with future capabilities of
> event correlation. The event correlation would be able to accept any data
> source / device via SNMP or syslog.
If you know some regular expression and/or Perl, have a look to SEC
Simple Event Correlator. Simple but powerful IMHO.
For a revue of event correlation, see
http://www.cs.umb.edu/~rouilj/sec/sec_paper_full.pdf
it is a paper mainly system oriented but very useful for network too.
*am*
---------------------------------------------------------
Andrea Montefusco iw0hdv http://www.montefusco.com
tel: +393356992791 fax: +390623318709
---------------------------------------------------------
More information about the cisco-nsp
mailing list