[osiris] Re: mod_ports and filtering irrelevancies

[Rob Munsch]

Rob Munsch wrote:

>Hey folks,
>
>I realize everyone's favorite nile-based deity of agriculture, the dead, 
>and consistent file structure is kind of in transition at the moment.
>
>However the mod_ports thing failing to ignore mod_ports is getting to be 
>an issue, especially as hosts are added.  I was wondering how others, 
>especially with much larger deployments than mine, are coping with this 
>- no notification mails, log everything centrally..?  I suppose i could 
>alert on any Osiris line that *doesn't* contain mod_ports for starters, 
>but was hoping to not to reinvent any wheels.  Especially since mine 
>like to come out square.
>
>I kind of like the email alerts with the ability to send no mail with no 
>changes - ideally (wishlist?) any number of things could be specified to 
>be ignored.  Then if you get a message you know it's something else, and 
>most of the time you get no mail at all.
>
>I *know* you aren't reading thru 1200 mod_ports emails a day, but i'm 
>hoping not to reduce the effectiveness or speed of any alerts when 
>something *does* happen.  I'd love to hear what people are doing; and 
>lastly, has anyone taken a crack at getting ignoring mod_ports to work 
>successfully?
>
>Thanks,
>
>  
>
I meant, of course, ignoring inodes... not ignoring mod_ports.  After 
looking at mod_ports a few dozen times my mental needle started 
skipping, i think...

If ignoring inodes worked, i could stick with email alerting, as i've it 
set to do nothing with no detected changes.  Has anyone hacked their way 
through this, or have any suggestions on where to start?

-- 
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com