This advanced plugin allow you to monitor logs easily, with more options than the default parser included in the agents. For more information visit the following webpage: http://pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=297
7. 5 SOFTWARE AGENT MODULES GENERATES
It will create a module for each parameter that you specify in the configuration file. Config_file is
needed for execution.
The plugin is configured by an external configuration file. This configuration file has a number of
“general” parameters, a series of specific parameters for each log and a set of specific parameters
for each block of regular expression.
Page 7
9. 7 MONITORING
The plugin is configured by an external configuration file. This configuration file has a number of
“general” parameters, a series of specific parameters for each log, and a set of specific parameters
for each block of regular expression.
In order to understand each element, following is a sample configuration file:
# Include, to load extenal/aditional configuration files
# include /tmp/my_other_configuration.conf
# Directory where temporal indexes will be stored (/tmp by default)
#index_dir /tmp
# Log problems with the logparser, (/tmp/pandora_logparser.log by default)
#logfile /tmp/pandora_logparser.log
log_begin
log_module_name errores_apache
# This force to process all the log at the beginning
log_force_readall
#log_location_exec /tmp/miscript.sh | cut -f 2
log_location_file /var/log/apache2/error_log
log_description This is a nice sample of how powerful is the new logparser
# log rotation detection mode (md5 or inode change), inode by default
# log_rotate_mode md5
# log_rotate_mode inode
#log_type return_lines
log_type return_ocurrences
#log_type return_message
log_regexp_begin
log_regexp_rule Critical - ($1)-($2)
log_regexp_rule Critical - ($1)
#log_regexp_severity NORMAL
#log_regexp_severity WARNING
log_regexp_severity CRITICAL
log_return_message Encontrado error CRITICO en bloque $1 seccion $2
log_action <mycommand>
log_regexp_end
log_regexp_begin
log_regexp_rule Error -($1)-($2) [0-9a-zA-Z]*
log_regexp_severity WARNING
log_return_message Otro bonito texto de error
log_regexp_end
log_regexp_begin
log_regexp_rule Filesdoessnotsexist
log_regexp_severity WARNING
log_regexp_end
log_end
Page 9
10. log_begin
log_force_readall
log_module_name hits_apache
log_location_file /var/log/apache2/access_log
log_description Access log from Apache, we will get the integria access
log_type return_lines
log_regexp_begin
log_regexp_rule pandora.css
log_regexp_severity WARNING
log_return_message Dispongo de barcos
log_regexp_end
log_end
7.1. General Parameters
7.1.1. include
Makes a call to another configuration file. You can nest without limit, and its load order is
sequence. It is important to call files with absolute paths.
7.1.2. index_dir
Use this directory to store the index files. The plugin should be able to write and read in the
directory.
7.1.3. logfile
Plugin's logfile.
7.2. Log's specific parameters
7.2.1. log_begin y log_end
Set marks of the beginning and end of a file definition logparser.log
7.2.2. log_module_name
Module name generated by the plugin.
7.2.3. log_description
Module description referring to log file.
Page 10
11. 7.2.4. log_type
Log module type, can be of three types:
• return_ocurrences: Returns a numeric data with the number of occurrences.
• return_lines: Returns the log lines that do match.
• return_message: Returns a message specified by the configuration file.
7.2.5. log_rotate_mode
Can be of inode type or md5 type. This is the type detection is done to know if a log is rotated or
not.
7.2.6. log_force_readall
When this token is present, the log parser processes all the log from the beginning if you have not
already done (Is the first time I opened or detects a rotation). NOTE: You can generate large
volumes of data.
7.2.7. log_location_exec
Executes the specified command to obtain the name (absoluto!) file to be processed.
7.2.8. log_location_filename
Specific the log name (absoluto) file to process.
7.3. Parametros específicos de la regexp
7.3.1. log_regexp_begin y log_regexp_end
Set marks of the beginning and end of a regular expression definition for the definition of the log
file in which they are.
7.3.2. log_regexp_rule
Define the regular expression. NOTE: do not use markers / / Directly the extended regular
expression (Perl type). Examples:
Filesdoessnotsexist → Find “File does not exist”
[0-9]*serrores → Find strings “043 errores”
Page 11