f60352b3c1
SEC is a free and platform independent event correlation tool. from Okan Demirmen <okan at demirmen.com>
15 lines
875 B
Plaintext
15 lines
875 B
Plaintext
SEC is a free and platform independent event correlation tool that
|
|
was designed to fill the gap between commercial event correlation
|
|
systems and homegrown solutions that usually comprise of a few
|
|
simple shell scripts. SEC accepts input from regular files, named
|
|
pipes, and standard input, making it suitable to employ with any
|
|
application that is able to write its output to a file stream. The
|
|
SEC configuration is stored in text files as rules, each rule
|
|
specifying an event matching condition, an action list, and optionally
|
|
a Boolean expression whose truth value decides whether the rule can
|
|
be applied at a given moment. Regular expressions are used for
|
|
defining event matching conditions, and output events can be produced
|
|
by executing user-specified shell scripts or programs (e.g., snmptrap
|
|
or mail), by writing messages to pipes or files, and by various
|
|
other means.
|