I just found out about a great tutorial on designing logging solutions by Marcus Ranum. Marcus has been doing network security work for a long time and is well known in the network security industry. I have previously referenced some of his work in my blog Handling Network Events (syslog and snmp traps...

The first component of a good network management system is an event handling system. A basic event handling system can be easily implemented with open source tools like syslog-ng . Just watching the new events arrive can be very enlightening. Many network operations teams gain visibility into their network...

I was recently checking out a product that does syslog correlation and noticed that it had not reported a couple of events that I could see in syslog-ng's log. I use syslog-ng because it is free, easy to install and configure, performs filtering, and forwards to other destinations. I normally have...

I've been doing some more reading about network event handling and found some interesting articles and a few facts that I'd like to share. I have my own ideas about handling network events, but am open to learning what other people do and why they prefer their approach. It helps me learn new...

Hello all, I am able to see port security messages being sent to our Event Colector however I am not getting the alert in my email even though I have the system setup to alert on every event. Is there something I am missing? Thank you,

I just finished posting a neat syslog summary script that was passed to me by Phil Koontz. He uses it every day to keep track of syslog events. You can download it from the Netcraftsmen website: http://www.netcraftsmen.net/Resources/Technical Articles/Syslog Summary Scripts . (While you're there...

I'm continuing the list of NMS event handling requirements. Unstable interfaces In the last post, Handling Event Data, Part 1, I talked about correlating interface up/down events. I would also like to know if an interface is unstable. This is where the interface is going up and down on a regular...

I've been examining the handling of event data and wanted to share what I see as common requirements. For the next few posts, I'll describe the requirements and why they are important. Syslog Summary My first requirement was addressed in the prior post about Syslog Summary Scripts (also see the...

We use syslog-ng as our syslog collector and distribute from it to the various systems that need to receive syslog messages. We have configured syslog-ng to forward the CONFIG_I messages to NetMRI. However, NetMRI uses the source IP address in the incoming syslog packet to determine the system that is...

I'm working on network management requirements for several customers and keep running into the same requirements. One of the key requirements is that of event reporting. Events typically take two forms: syslog and SNMP traps. In both cases, they are asynchronous notification of something happening...