Looper - Alert Routing System.
A Basic Configuration
Let's start with a basic (and probably useless) configuration that takes syslog input and logs it to another file. For this we use the syslog_in input module and the logfile_out output module. We won't be use any rules files.
The syslog_in input module monitors a syslog file for new (and old) syslog events. The logfile_out module writes token information from the input module to a flat file. This module is useful for debugging your Looper configuraions.
Here's the basic configuration file easy.conf:
That's basically it!! The file is more-or-less self explanatory; but here's a breakdown.
The first two lines contain the dirs that hold the modules. The next line says that there is no rules file for this configuration, and the line after specifies the log file for looper to dump it's crap.
Note: When no rules file is specified, Looper routes data from the input module to all outputmodules blindly. This won't always work because some modules need rules files to function.
Then comes the module configuration. Input modules are defined with the word input followed by a logical module name. This name will be used for the routing in the rules files. The same goes for output modules, except that the module name is preceded by an output tag.
Note: There can only be one input module. You can, on the other hand, have one or more output modules.
The first input module (cleverly named "in") is followed by a configuration block in braces. This is where you specify the module details. Here we specify the module name (which is syslog_in in the modules/input subdirectory). Following this are the module parameters. Different modules can have different sets of parameters. Some common parameters found in most modules are debugmode and debugmessages which are used to specify the logging level and the log file for the module where debugging messages are spit out. The only parameters that are unique to the module here are logfile, which denotes the file that the syslogd daemon writes to and sleeptime, the time to block at end-of-file clecking for new syslogs; 2 seconds is a good sleeptime.
As for the output module; the same goes. Notice that the debug params are not included. They can be if needed. Here, the unique param is filename which denotes the file where the data is sent out.
Note that the logfile module is only a sample. The format in which is spits is logs out is rather ugly. If you want to tune it, go edit the code. It's really not that hard.
To run the configuration, use the following command:
The -c commandline parameter is used to specify the configuration file, and the -d tells looper to run as a daemon.
Reference
Commandline parameters:
-c conffile : Specify the looper configuration file to load. If ignored, it sets to 'conf/sample.conf'.
Configuration file tokens:
inputmodulepath: Path to input modules.
And, there it is. Your first looper configuration. From here you can go and take the next step which is: Adding Rules Files.
Go to the Looper Event / Alert System home page: looper.sf.net.
Mohit Muthanna [mohit AT muthanna DOT com]
inputmodulepath = '/opt/looper/modules/input'
outputmodulepath = '/opt/looper/modules/output'
rulesfile = 'NORULES'
logfile = '/tmp/looper.log'
input in {
module = 'syslog_in'
debugmessages = '/tmp/syslog.looper.log'
logfile = '/var/log/messages.1.bak'
debugmode = '3'
sleeptime = '2'
}
output logout {
module = 'logfile_out'
filename = '/tmp/easy.out'
debugmode = '3'
}
$ ./looper -c conf/easy.conf -d
looper [-c conffile] [-d] [-q]
-d : Daemonize. Forks to the background, becomes session leader, separates from terminal and all that jazz. Remember to use absolute path names in your configuration file because while daemonizing, Looper chdirs to root and relative paths don't make sense anymore.
-q : Quiet mode. Tell looper to shut up.
outputmodulepath: Path to output modules.
rulesfile: Location of rules file
logfile: Path to file where looper sends its logs.
loglevel: Level of Looper logging. 0 = System, 1 = Error, 2 = Warn, 3 = Informational, 4 = Debug (generates the most logs).