The Looper Event / Alert System is a free open-sourced *NIX application designed to simplify alert routing. It is, in short, a rules-based, modularized alert streaming system that is very easy to setup and very customizable. It is mainly used by network/security management or fault monitoring types as a trap forwarding/exploding utility or a central alert gateway. It can also be used as an ad-hoc Netcool probe or gateway.

News: Announcing LooperDB. A central alert management server for use with looper. Secure, multithreaded and about as easy to use as looper itself. [ looperdb.muthanna.com ]

New: - Support for Snort IDS input, Nagios input (in CVS) and MySQL database output.
- Support (in CVS) for ICMP, FTP, SMTP, NNTP, HTTP, Telnet, POP-3, IMAP, LDAP, DNS and lots more via the new Mon alert (www.kernel.org/software/mon).

Current Project Status

Current stable version: 0.20
Current development version: 0.21

A Realworld Example

Take a few geographically dispersed servers, routers and switches that send SNMP traps and Syslog messages. Point them to local Looper listeners which, based on rules, can forward the alerts to a central Looper gateway. Based on rules in the gateway, Looper can pull out contact information from a database and e-mail or page a customer or engineer; decide which management system to send the alert to (LooperDB, Netcool, HPOV etc); log the alert in a flat file; or send the alert to another Looper server for further processing.

Other examples of what can be accomplished are:

- Listen for SNMP traps and forward it as and e-mail message, pager message, entry in a logfile, or whatever.
- Parse syslogs or listen for SNMP traps and send to Netcool (a la "syslog/trapd probe")
- Perform intelligent rules-based trap forwarding / exploding.
- Route alerts all around the globe using SNMP, Syslog, SMTP, raw sockets, flat-files etc.
- Centralize alerts in a LooperDB database.

At the moment a number of modules have already been developed, namely:

Input: Syslog Reader, SNMP Listner, HTTP Error-log reader, Netcool Gateway, File reader, Multiplexing Socket Reader, Snort IDS alert reader, Nagios log reader

Output: SNMP Trap Forwarder, File writer, Netcool probe, E-mail forwarder, Syslog Writer, Socket Writer, MySQL database writer, LooperDB writer.

A configuration can consist of one input module and one or more output modules. The flow and content of data is determined by a "rules" file (which is written in Perl). The rules file can be as simple as only a couple of lines for basic functionality. You can accomplish with it almost anything you can get done in Perl including reading, for example, customer or inventory related data from files or databases.

Building configurations is extremely simple and so is building plugin input / output modules for the application.

Project Page

A big thanks to Source Forge for their superior project management services. The Looper project page can be accessed at sourceforge.net/projects/looper.

Getting Looper

Looper can be downloaded from the sourceforge project site at : http://sourceforge.net/project/showfiles.php?group_id=35073

Anonymous CVS Access

This project's SourceForge CVS repository can be checked out through anonymous (pserver) CVS with the following instruction set. When prompted for a password for anonymous, simply press the Enter key.

cvs -d:pserver:anonymous@cvs.looper.sourceforge.net:/cvsroot/looper login
cvs -z3 -d:pserver:anonymous@cvs.looper.sourceforge.net:/cvsroot/looper co looper

Updates from within the module's directory do not need the -d parameter.

Documentation

- Installing Looper [HTML] - Download and installation instructions.
- Configuring Looper [HTML] - Goes through a basic looper configuration.
- Adding Rules Files [HTML] - More configurations and introduces the user to rules files.
- More Rules and Modules [HTML] - Advanced rules and an intro the SNMP and Netcool modules.
- Module reference [HTML] - Token references for the bundled modules
- Writing modules [HTML] - How to write input or output modules.

Public Mailing Lists and Forums

To subscribe to the looper development mailing list (looper-devel@lists.sourceforge.net), go here: http://lists.sourceforge.net/lists/listinfo/looper-devel. The list archives are here.

To visit the public forums, go here: http://sourceforge.net/forum/?group_id=35073.

Netcool Notes

This project uses no proprietary tools, code, SDKs etc. All code and modules are build with 100% fresh open-source beef. No Netcool probes, gateways or APIs were used (or are needed) in the modules; they work by accessing the Sybase database backend using FreeTDS and the Perl DBI and DBD::Sybase modules. The modules here are by NO means a replacement to the Micromuse Netcool probes, they are just an alternative that addresses some of the limitations of the probe rules files. The official Micromuse Netcool probes are more mature, more stable and perform better in high volumes.

Disclaimer

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to:

Free Software Foundation, Inc.,
59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.