1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
|
# Example mauveserver.conf file, based on Bytemark's configuration.
#
# This is the main configuration clause for the server instance.
#
server {
#
# This is where our database lives. Example strings are as follows:
#
# postgres://username:password@host/database
# sqlite3:///var/lib/mauvealert/alerts.db
#
database "sqlite3::memory:"
#
# This is our hostname. It gets used when URLs are generated, and in the heartbeat alert.
#
hostname `hostname`.chomp
#
# This is the UDP listener.
#
listener {
#
# This is the IP and port for that the UDP packets come in on. The IP can
# be IPv4 or 6. If "::" is specified, then packets will be received over
# both IPv4 and 6. The default port is 32741.
#
ip "::"
port 32741
#
# This is how long the UDP server will sleep between looking for packets.
#
poll_every 1
}
#
# This is the processing thread, which recieves packets, and updates the
# database as needed.
#
processor {
#
# This is the length of time the processor will sleep between checking for
# new packets from the UDP listener.
#
poll_every 1
#
# In order to make sure the same transmission isn't received more then
# once, a cache of transmission IDs is kept. This expire time below
# determines the interval over which this cache is expired.
#
transmission_cache_expire_time 300
}
#
# The web interface
#
web_interface {
#
# The listening IP and port. Can be IPv4 or IPv6. Bear in mind that for
# ports < 1024, mauveserver will need to be run as root, or have special
# dispensation.
#
ip "::"
port 1288
#
# This is where the template files live.
#
# document_root "/srv/mauvealert"
#
# This is used in the cookie, to prevent session-stealing.
#
session_secret "PLEASE CHANGE ME"
}
#
# This is where the mauve server sends its own heartbeat. Useful for
# watching the watcher.
#
heartbeat {
#
# If no destination is specified, then the contents of
# /etc/mauvealert/mauvesend.destination are used.
#
destination "localhost"
#
# This is how long to wait before the alert is raised
#
raise_after 600
#
# These two fields have sensible defaults set, but more informative
# messages can be set here.
#
summary "Mauve alert server is down"
detail "The Mauve alert server has failed to send a heartbeat"
}
}
#
# The logger uses log4r
#
logger {
#
# This is the default formatting string. It is a PatternFormatter, which is
# described at
# http://log4r.rubyforge.org/rdoc/Log4r/rdoc/patternformatter.html
#
default_format "%d [ %6.6l ] [ %12.12c ] %m"
#
# This is the default logging level. It can be one of
#
# Log4r::DEBUG
# Log4r::INFO
# Log4r::NOTICE
# Log4r::WARN
# Log4r::ERROR
# Log4r::FATAL
#
default_level Log4r::INFO
#
# An outputter can be any one of those listed at
# http://log4r.rubyforge.org/rdoc/Log4r/rdoc/outputter.html. The name must
# correspond to the class name. The options in each outputter correspond to
# the "hash" arguments for that particular outputter class.
#
# Additionally each outputter can have a level, and format assoicated.
#
outputter("stdout") {
level Log4r::INFO
}
outputter("file") {
filename "/tmp/mauveserver.log"
trunc true
level Log4r::DEBUG
}
# outputter("email") {
# server "smtp.example.com"
# subject "Mauve logger output"
# from "#{ENV['USER']}@#{Socket.gethostname}"
# to "awooga@example.com"
# level Log4r::WARN
# }
}
#
# Email messaging.
#
notification_method("email") {
#
# email address to send from
#
from "mauvealert@" + `hostname`.chomp
#
# outbound smtp host
#
server "localhost"
#
# add this to the subject of any emails we send
#
subject_prefix "[mauvealert]"
}
# How to notify by SMS - we use aql.com, a provider for clockworksms.com
# is also provided. For another provider, you'll need to write a module.
#
# notification_method("sms") {
# provider "AQL"
#
# username "x"
# password "x"
# from "01234567890"
#
# # Maximum number of SMS messages to concatenate for one notification
# max_messages_per_alert 3
# }
#
# notification_method("sms") {
# provider "Clockwork"
#
# apikey "sssseeeeeeccccccccrrrrreeeeeettttsssssss"
# from "01234567890"
#
# # Maximum number of SMS messages to concatenate for one notification
# max_messages_per_alert 3
# }
# Simple default notification preference for root at this machine, at all
# alert levels. You probably want more people, see below for a more complete
# example.
#
person("root") {
all { email("root@localhost") }
}
# Johnny is the go-to guy for everything on this network, poor Johnny!
#
# person("johnny") {
#
# sms "07111222333"
# email "johnny@example.com"
#
# # Johnny wants waking up 24/7 if anything urgent happens
# urgent { sms }
#
# # Email him for anything that's not urgent
# normal { email }
# low { email }
#
# # SMS messages are expensive, if we're sending more than 5 per minute,
# # tell the user we're going to stop until it slows down.
# suppress_notifications_after 5 => 1.minute
# # In general, this is too many notifications for Johnny
# suppress_notifications_after 60 => 1.hour
# }
# Archie is Johnny's boss
#
# person("archie") {
#
# email "archie@example.com"
#
# all { email }
#
# # Don't spam Archie, if more than 3 messages per hour come in.
# suppress_notifications_after 3 => 1.hour
# }
# Here is a group of alerts generated by the core routers.
#
# alert_group {
# level URGENT
# includes { source == "core-router" }
#
# # Johnny should get up and fix these errors very quickly, we will
# # bother him every 15 minutes until he does.
# #
# notify("johnny") { every 15.minutes }
#
# # Archie only wants to know about these alerts if they have gone
# # unacknowledged for a whole hour - Johnny must be slacking! Even
# # then he only needs to know during the working day.
# #
# notify("archie") {
# every 6.hours
# during { unacknowledged(1.hour); hours_in_day(9..17) }
# }
# }
#
# Default notification - tell root about all alerts every hour
#
alert_group {
level NORMAL
notify("root") { every 1.hour }
}
|