[osiris] Re: Osiris scaling

Alexei_Roudnev Alexei_Roudnev at exigengroup.com
Thu Jun 29 18:52:38 EDT 2006 

It's what I'd like to see:
- system maintain WEB page with changes and history
- system sends daily _condensed_ list of changes
- auto-confirm use rules saying _what to auto confirm_
- e-mail reports are sent (separately from report) only if events fit into
ALERT filter.

Now, problem is that we have _normal changes_ which we want to see BUT do
not want to be alerted of,
and unexpected changes. For example, /etc/passwd and /etc/mail/aliass are
expected change, and /bin/ps
change is unexpected change.

In addition , 99% of all changes do not need manual approval (at least
should not be shown on the next day).


----- Original Message ----- 
From: "David Vasil" <dmvasil at ornl.gov>
To: "Osiris Users" <osiris at lists.shmoo.com>
Sent: Thursday, June 29, 2006 3:39 PM
Subject: [osiris] Re: Osiris scaling


> David Thiel wrote:
> > - I use a periodically run a script to walk through every host name in
LDAP,
> > ensure that port 2265 is open by using tcping and check to see if
> > it's already been initialized or not. If the host is listening but
> > not in osiris, an option is given to initialize the host(just by
> > creating a directory with a template file, searched-and-replaced
> > with the hostname). It then checks to see if there are any hosts
> > left over in osiris that aren't in LDAP, aren't listening or
> > don't resolve, giving an option to delete them. There are
> > a couple other additional sanity checks, but this is about it.
> >
> > - I use another script that parses the osiris syslogs to provide daily
> > reports on changes, similar to the e-mail reports, but
> > condensed. In its basic form, it shows:
> >
> > Obviously these scripts are pretty site-specific and far from perfect,
> > but it should be pretty easy to come up with the glue you need for your
> > own environment. I had hoped to be able to switch over to using the
> > Host Integrity console, but it failed to materialize, at least with the
> > functionality needed for really large-scale environments.
>
> I appreciate the response, this helps a great deal.  The idea of
> managing many hundreds of hosts through the console is overwhelming to
> say the least; being able to create them through a template is a great
> method.
>
> My colleague was also worried about the email noise, and was hoping to
> do something very similar to what you mention.  I told him it should  be
> pretty easy to script up by parsing the syslog output, but its nice to
> see others are doing it that way.  Thanks for the help!
>
> -dave
> _______________________________________________
> osiris mailing list
> osiris at lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris
>

More information about the osiris mailing list