Simple Event Correlator (SEC) is an open source and platform
independent event correlation tool that was designed to fill the gap
between commercial event correlation systems and homegrown solutions
that usually comprise a few simple shell scripts.
SEC is a simple event correlation tool that reads lines from
named pipes, or standard input, and matches the lines with regular
subroutines, and other patterns for recognizing input events. Events
are then correlated according to the rules in configuration files,
producing output events by executing user-specified shell commands, by
writing messages to pipes or files, etc.
SEC accepts input from regular files, named pipes, and
and can thus be employed as an event correlator for any application
that is able to write its output events to a file stream.
SEC has been successfully applied in various domains like
system monitoring, data security, intrusion detection, log file
monitoring and analysis, etc.
to Security Home Page
- Support for event correlation rule types:
Last Updated Sunday, November 23 2014 @ 04:00 AM EST