Mark,
I tried using ruleset editor for quite awhile, but then gave up.
I get more control out of perl, and it also seems to run faster.
I've written a few "C" programs that give me access to the ovw
database, so I can pretty much get what I want, and do what I
want that way.
I did like features like "pass on match", and "reset on match",
and the trap-setting boxes, but the ovwdb database access seemed
upredictable, and overall the performance should have been better.
I finally came to the conclusion that I was always spending more
time trying to work around things that didn't quite work the way
I wanted them to... so I went back to perl as my event-correlation
tool.
Regards,
Gary Boyles
-----Original Message-----
From: Mark van Kerkwyk [mailto:kerkwyk@COMTECH.COM.AU]
Sent: Monday, December 14, 1998 9:59 PM
To: NV-L@UCSBVM.UCSB.EDU
Subject: How many of you use the RuleSet editor , or do you write your
own perl/shell/C rules handler ??
I am wondering how many of you use the RuleSet editor much or whether you
just create an inline action which calls a perl/shell/C script to handle
the incoming events.
I am finding it hard to get what I need done, just simple things like ( if
Enterprise OID =Lotus or Cisco or Netfinity and Severity is > 2 then page
this group of people, if Enterprise OID = ArcServe then page this person)
become quite cumbersome and the rule set edit fills up very quickly with
the very large icons, they are also not labelled with anything too
meaningful and my customer doesn't like it too much.
I can't seem to page a group of people anyway and the nvsec_admin on
Solaris can't be used to administrer user/group names much.
Any comments ?
Mark
|