Hi Sunil

What does "honour only trusted events" actually mean?

Two interpretations:

1. Only accept events from trusted sources?
2. Only condition events in RiverMuse from known trusted sources and suppress the rest?
3. Only condition events as Alerts that have been tested to be true?

If 1 is correct, you probably already know, omosd uses the open source gSoap library to provide a SOAP interface into it; gSoap natively supports things like HTTPS, client certification validation, etc - if you were prepared to do fairly minor alterations to omosd itself to make use of these features you could deploy an authentication, secured event acquisition layer. You'd also need to modify any agents to be able to use an SSL certificate - have a look at the gSoap manual, http://www.cs.fsu.edu/~engelen/soapdoc2.html#tth_sEc19.19

If 2 is correct, then (maybe) create an alert_rule that identifies which (trusted) events become Alerts. This could be done by source address, event type, append/prepend alert_msg with a flag, set a variable that says they're trusted, and then create views for the operators that only show them "trusted" Alerts.

if 3 is correct, then it would be beneficial if you could define some test mechanism for each event (look for some method to test the validity of each event when it comes in (i.e. it's tested to be true before being treated as a real condition)).

If you need further assistance please provide some more details and we are happy to work with you on solving this problem.

Kind regards,

Rouven