I love the feature list for LooperNG:
- SNMP Trap forwarding, exploding and rewriting (enhancing).
- Event generation for demos, debugging, troubleshooting etc.
- Event Enrichment and Escalation.
- Intelligent routing, re-routing, and processing of events and alerts.
- Monitoring logfiles, syslog events, intrusion events, etc.
- Forwarding alert history to databases, logfiles, etc.
- Centralize alerts in a LooperDB database.
The bitter reality is that the simple configuration we tried at work didn't properly handle its own logfile, and we ended up getting alerts that we were running out filespace in /var (thank goodness logs were partitioned away from the kernel!). The only way to recover space in /var was to quit Looper NG. So as much as I loved the feature list, this is not the software for me to use at work on a production server(s). I'm not even sure how to phrase this as a bug report since I know Dustin Marquess is professional enough not to use software that slams /var. But I know when to move on, especially when I have trap forwarder and I only wanted to explore more powerful alternatives. Test over, not using this software.
No comments:
Post a Comment