2

I have a number of systems and services that send email alerts when some sort of event takes place. This works fine for a small number of systems but as the number of alerts grows the important message become less visible among the informational notices. Email filtering can only be effective to a point.

What sort of solution can I use in place of emails that will allow me to send arbitrary alerts from various services and that will scale easily as the number of services grows?

Dave Forgac
  • 3,486
  • 7
  • 36
  • 48

3 Answers3

2

The kind of solution you are describing is called a SIEM (Security Incident and Event Manangement). Splunk.com is a popular SIEM.

HTTP500
  • 4,827
  • 4
  • 22
  • 31
2

I assume you've considered Nagios or Icinga?

What about using Amazon SNS? All your scripts would need to do is talk the SNS API (Amazon has examples in several languages, and notifications can be sent many different ways (email, SMS, HTTP, etc). It also makes it easy for people to un/subscribe from the various notifications.

darkcontrast
  • 91
  • 4
  • Thank you for the Amazon SNS suggestion. I don't think it's going to work due to the restrictions of this project but could be helpful for something similar in the future. I've ended up using Nagios passive checks for now (http://nagios.sourceforge.net/docs/3_0/passivechecks.html). – Dave Forgac Oct 12 '12 at 19:41
0

Use pingdom to receive emails/smss. you can define for example that it will sample your services every minute and according to the result of 'test system' scripts that you write will allert you via email or sms according to severity.

Niro
  • 1,371
  • 3
  • 17
  • 35
  • In my case this would not work. The services aren't accessible outside the internal network and some of the alerts come from scripts running via cron so there's no daemon to check. – Dave Forgac Oct 08 '12 at 11:52