next up previous contents
Next: Importing from within peep.conf Up: Configuring peep.conf Previous: Configuring Events and States   Contents

Configuring Clients

Each client has its own configuration section in peep.conf. The section is denoted by the name of the client and defines which classes the client belongs to, as well as what port the clients run on. Additionally, each client section contains a configuration section specific to the client. Client entries have the following syntax: 

client <CLIENT_NAME>
    class <CLASS NAME> ...  # Classes for which this client belongs
    port  <PORT NO>         # Port for client to use
    config
        ....                # Client-specific config stuff
    end config

end client <CLIENT_NAME>

The classes and port specified in the configuration section apply to auto-discovery and only have any bearing when this has been enabled. Multiple classes can be specifed for a single client and the client will relay its data to all servers that are members of its classes. The config section contains configuration information specific to the client type, in which case, it's best to consult the documentation associated with that specific client. For the instructional purposes, a full example configuration for the logparser client is provided: 

client logparser
  class main
  port 2000
  config
    default
      groups  default,firewall
      logfile /var/log/messages
    end default

    events
      # Name      Group     Location     Priority   Notification   Pattern                                             Hosts
      http        www       255          0          info          "(GET|POST).*HTTP"                                   localhost
      code-red    www       128          0          warn          "default\.ida\?XXXX"                                 localhost
      bad-query   www       128         255         crit          "ORA-\d{5}"                                          localhost
      su-login    default   128         255         warn          "PAM_unix\[\d+\]: \(system-auth\) .* opened .* root" localhost
      su-logout   default   128         255         warn          "PAM_unix\[\d+\]: \(system-auth\) .* closed .* root" localhost
      # note that if one of the previous 2 regexes match, the following 2 will be ignored
      login       default   128         255         info          "PAM_unix\[\d+\]: \(system-auth\) .* opened"         localhost
      logout      default   128          0          info          "PAM_unix\[\d+\]: \(system-auth\) .* closed"         localhost
      ssh-logins  default   128          2          info          "sshd.*Accepted password"                            localhost
      bad-login   default   128         255         warn          "pam_unix.*: authentication failure"            localhost
      ip-deny     firewall  128         255         crit          "DENY"                                               localhost
    end events
  end config
end client logparser

The names used in the events section of this example refer to other event entries with the peep.conf file.

The client library documentation will provide much more thoroughly detailed examples of how to create client configuration sections in peep.conf, so looking there is a must.

next up previous contents
Next: Importing from within peep.conf Up: Configuring peep.conf Previous: Configuring Events and States   Contents
Collin Starkweather 2002-11-03