SEC

Simple Event Correlator (SEC) is an open source and platform independent event correlation tool that was designed to fill the gap between commercial event correlation systems and homegrown solutions that usually comprise a few simple shell scripts.

SEC is a simple event correlation tool that reads lines from files, named pipes, or standard input, and matches the lines with regular expressions, Perl subroutines, and other patterns for recognizing input events. Events are then correlated according to the rules in configuration files, producing output events by executing user-specified shell commands, by writing messages to pipes or files, etc.

SEC accepts input from regular files, named pipes, and standard input, and can thus be employed as an event correlator for any application that is able to write its output events to a file stream.

SEC has been successfully applied in various domains like network management, system monitoring, data security, intrusion detection, log file monitoring and analysis, etc.

SEC

License GNU GPL v2 Developer Risto Vaarandi Website estpak.ee/~risto/sec Requirements Perl Support: Man Page, FAQ, Mailing List Selected Reviews: Ars Technica

Features include:

• Support for event correlation rule types:
• Single
• SingleWithScript
• SingleWithSuppress
• Pair
• PairWithWindow
• SingleWithThreshold
• SingleWith2Thresholds
• Suppress
• Calendar

Last Updated Sunday, May 04 2008 @ 12:51 PM EDT