[Info-vax] Sending events via email
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Jan 23 11:40:42 EST 2019
On 2019-01-23 15:54:52 +0000, pcoviello at gmail.com said:
> I've done a search for this topic and only one came close.
> I did not see anything in there that would apply today, I even went
> through the Freeware list. does anyone know of anything that will look
> through log files and email out findings?
>
> security and any other abnormalities would be on the list.
Nope.
I've not encountered an open-source log-scanning and notification tool
for OpenVMS, though there are definitely some site-specific tools
around. Ad hoc et al. I've written probes and filters for various
applications over the years, as have others.
Prolly the least-effort approach involves integrating syslog or
syslog-ng into OpenVMS and using SNMP traps and custom probes for
"everything interesting" sent over to a log scanner, with your own
rules running there.
syslog and syslog-ng open source is around and folks have ported
various versions to OpenVMS, though OpenVMS lacks embedded support.
I've not encountered any releases of tie-ins into security auditing or
OPCOM, though those are certainly possible to create.
OpenVMS support for SNMP traps is weak at best, and is limited to the
unencrypted SNMPv2 and its cleartext credentials. Process and thus the
upcoming IP stack has SNMPv3, IIRC.
Suricata or ilk can probably be used as a monitor, and there are other options.
https://suricata-ids.org
It'd be entertaining to see VSI add OpenVMS support for Suricata, or
probes added for osquery, or support for Riemann or Solarwinds, but I
don't see that happening soon...
https://osquery.readthedocs.io/en/stable/
http://riemann.io
https://www.solarwinds.com
Efforts toward remediation aside, security is not featured on the VSI
roadmap for OpenVMS.
There is a third-party security package or OpenVMS from PointSecure.
https://pointsecure.com
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list