Before I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is.
In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on the Actix framework and focused on high performance. The Tornado engine is able to parse events emitted by rsyslog, snmptrapd and procmail, and then either write to a log file or run a custom script based on the rule set.
After this short explanation, I would now like to briefly explain one customer’s requirement.
This customer collects a lot of syslog messages from various devices, such as routers, switches, storage, etc. Depending on the device type, these syslog messages are assigned to a host group field in Elastic.
An SNMP TRAP message should be sent as soon as messages are registered in the Elastic LogManager that have the name network in the Hostgroup field, and have the severity set to critical.
How might one implement this requirement?
With the help of the current Elastic version, X-Pack, and our Tornado solution, I was able to fulfill the customer request. Here’s a quick description of how I did it:
By using the current Elastic version with X-Pack and our Tornado, it is finally possible to carry out actions based on indexed content within the Elastic database. As a result, our Log Manager solution has become even more complete, and its areas of application has become even more broad.