Page 1 of 1
correlation
Posted: Fri Sep 13, 2019 5:14 am
by debergerac
Hi,
i'm new and i'd like to implement correlation. Where can i find the?
is it possible, for example, to correlate 10 hosts down with a router down?
thanks
Re: correlation
Posted: Fri Sep 13, 2019 9:57 am
by eloyd
Nagios is not a correlation engine. It can do rudimentary parent/child relationships so that if a router is down, anything on the other side of the router will be considered unreachable, but you can't really do much more than that. If you need to go back in time and look at events for event correlation, security, or other analysis, you'll want to look at something like the Nagios Log Server which captures log data and makes it searchable and "reportable."
You could also use an ocsp/ochp command to send the results of every check to an actual SEIM or EC system. But the usage (or selection) of that system is up to you.
Re: correlation
Posted: Fri Sep 13, 2019 1:59 pm
by mbellerue
Thanks for jumping in, Eric!
debergerac, does Eric's post make sense? Do you have any more questions we can help with?