Posts Tagged ‘SEC’

SEC – Simple Event Correlator

SEC is a tool for accomplishing event correlation tasks in the domains of log analysis, system monitoring, network and security management, etc. Event correlation is a procedure where a stream of events is processed, in order to detect (and act on) certain event groups that occur within predefined time windows. Unlike most other event correlation products which are heavyweight solutions, SEC is a lightweight and platform-independent event correlator which runs as a single process.

SEC reads lines from files, named pipes, or standard input, matches the lines with patterns (like regular expressions or Perl subroutines) for recognizing input events, and correlates events according to the rules in its configuration file(s). SEC can produce output by executing external programs (e.g., snmptrap or mail), by writing to files, by calling precompiled Perl subroutines, etc.

1 comment - What do you think?  Posted by mutex - July 4, 2012 at 6:03 pm

Categories: Log Analyzers, Log Monitoring, Log Processing, Tools   Tags:

Recent Posts in the Syslog Forum

RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.