ok, I opened an enhancement to implement this: http://
I'll attach an updated plugin there when it's ready.
On Dec 16, 2006, at 2:36 PM, Eric Case wrote:
> At 07:07 PM 12/14/2006 -0800, Doug MacEachern wrote:
>> It sounds like you'd prefer to have events from all logs tied to a
>> single resource, I can see advantages to that.
>> How about if we change the system plugin to included a check box [x]
>> Monitor all event logs
>> Where, the default would still be the System log, but if the box is
>> checked, the plugin would monitor all?
> That would be good. I think the ideal event log monitor would
> send events that have not been excluded (if it doesn't correlate
> the events). An event like booting up will produce a bunch of
> event logs; if we could correlate that "bunch" into a single event
> that would be assume. Given that is not easy to do, I think the
> next best thing is to list the event logs to exclude. Maybe I
> don't care to get a alert every time the system logs the up time,
> every successful log in, any information only events, and "other
> background noise" but anything I didn't tell it to exclude I want
> to know about. If I knew exactly what events to monitor for today,
> I won't know what new ones will be added tomorrow. It's the
> unknown that has me worried.
> Eric Case, CISSP <ecase@Email.Arizona.EDU>
> Support Systems Analyst, Principal
> Department of Chemical & Environmental Engineering <http://
> 1133 E James E. Rogers Way (Room 108)
> Tucson, AZ 85721-0011
> Mobile Phone 520-275-6436