LooperNG can also be started with a configuration file. The configuration file can consists of all the module definitions and LooperNG settings. To start LooperNG with a configuration file, use the -c switch.
$ ./looperng -c conf/easy.conf
When using a configuration file, LooperNG expects the modules to be located under $LOOPER_HOME/modules.
The following is a self-documenting sample of a configuration file.
# Uncomment the below line to use a rules file.
# rulesfile = '/opt/local/looper/conf/rules/easy.rules'
# Set log level and location. The location can be overridden
# with the --stderr switch.
loglevel = '3'
logfile = '/opt/local/looper/log/looper.log'
# Set the listen port for the admin server (--port).
port = '5400'
# MD5 encrypted password. Use --md5 to generate a new password.
password = 'cf79217d6d9da75c6605bffb8eeabb96'
# New input module named syslog1. This module will be used to monitor
# a syslog file for new events.
input syslog_in1 {
# Module file name as expected in $LOOPER_HOME/modules
module = 'syslog_in'
# Which file to monitor
logfile = '/var/log/messages.1.bak'
# The poll time for the file.
sleeptime = '2'
# tailstyle specifies where the monitoring begins. Set
# to 0 for end-of-file. n for last n lines. Or -1 to
# read entire file from beginning.
#
# Below we start reading from the last 10 lines.
tailstyle = '10'
# Where syslog_in debug messages go
debugmessages = '/opt/local/looper/log/syslog_in.log'
# syslog_in debug level
debugmode = '4'
}
# Start an SNMP trap collector called snmpd_in1
input snmpd_in1 {
# Don't start the module. Any parameter that begins with
# two underscores is processed by LooperNG and applies to
# all modules.
__autostart = 'no'
# Module file name
module = 'snmpd_in'
debugmessages = '/opt/local/looper/log/snmpd_in.log'
debugmode = '4'
}
# A new output module named logfile_out1. This module is used to
# send events to a log file. Useful debugging aid.
output logfile_out1 {
module = 'logfile_out'
# Name of file to send alerts to
filename = '/opt/local/looper/log/easy.out'
# If set to 0 will overwrite existing file
append = 1
debugmode = '4'
debugmessages = '/opt/local/looper/log/logfile_out.log'
}
# An SNMP trap generator.
output trapgen {
module = 'snmptrap_out'
# Where to send traps to
managementstation = '192.168.0.233'
port = '162'
community = 'public'
# SNMP Enterprise number to use (can be overriden in rules file)
enterprise = '1.3.6.1.4.1.34555'
# OID prefix.
varbindoids = '1.3.5.1.4.1.34555.1'
# String delimeter for varbinds
varbinddelimeter = '::'
debugmode = '4'
debugmessages = '/opt/local/looper/log/trapgen.log'
}
When debugging the configuration file (or rules files). A handy way to start looper is as so:
$ ./looperng -c conf/easy.conf --stderr --loglevel 4
The --stderr option overrides the 'logfile' option and sends logs to STDERR (usually the console).
When running it in production, it is usually started in daemon (background) mode with the -d switch.
$ ./looperng -c conf/easy.conf -d LooperNG 1.0 running with PID 3125 on grok Mohit Muthanna (c) 2001 Using configuration from conf/easy.conf. Daemonizing. Errors logged in /tmp/looper.STDERR.3125
The above syntax can be used in system startup scripts. It causes looper to disconnect from the controlling terminal and fork to the background.
So, using the above session, let's fool around:
$ telnet localhost 5400 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. LooperNG 1.0 running with PID 3142 Listening on grok:5400 ready show tasks Session not authenticated. auth buggeroff Password Accepted. show tasks TID, PID, Name, Type, Path 4 3145 trapgen Output /opt/local/looper/modules/snmptrap_out 3 3144 logfile_out1 Output /opt/local/looper/modules/logfile_out 2 3143 syslog_in1 Input /opt/local/looper/modules/syslog_in show modules Name, Type, Status, TID snmpd_in1 Input Stopped -1 logfile_out1 Output Running 3 trapgen Output Running 4 syslog_in1 Input Running 2 start trapgen Module trapgen already running. shutdown Connection closed by foreign host.
Proceed to Writing Rules
Back to LooperNG Tutorial
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/Template.php:106: Notice[8]: Only variables should be assigned by reference
lib/Template.php:107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference