1FIDO.CONF(8) User Contributed Perl Documentation FIDO.CONF(8)
2
3
4
6 fido.conf
7
9 fido.conf
10
11 The default file /etc/fido/fido.conf You can override the default file
12 with the FIDORC ENV variable or the -f /path/file command line option.
13
15 fido.conf is the configuration file for fido. The file consists of two
16 parts, GLOBAL settings and FILE settings. GLOBAL settings are best
17 defined at the top of the file in key = value format. FILE settings are
18 distinguished with a filename followed by brackets {}. Key = value
19 pairs inside the brackets apply only to that file. If a value isn't set
20 at the FILE level, then fido applies a GLOBAL setting. Here's an exam‐
21 ple:
22
23 # GLOBAL SETTINGS
24 log = syslog
25 pid = /var/run/fido.pid
26
27 # FILE SETTINGS
28 /var/log/messages {
29 log = /var/log/fido.log
30 }
31
32 In this example, we've set 'log' twice. Once at the GLOBAL level and
33 once at the FILE level. The FILE level takes precedent. In this case
34 all logged activity for /var/log/messages monitoring will go to
35 /var/log/fido.log If we log activity for other files that don't have a
36 'log' specified, then it will go to syslog.
37
38 Here is a list of available settings:
39
40 log
41
42 Use this setting to direct logging output. Its values can be either
43 'syslog' or '/path/to/file' This option is available at both the GLOBAL
44 and FILE levels.
45
46 log = syslog
47 log = /var/log/fido.log
48
49 pid
50
51 Use this setting to assign a file to hold fido's process ID (pid). This
52 option is available only at the GLOBAL level. The default setting is
53 /var/run/fido.pid
54
55 pid = /home/jeff/var/fido.pid
56
57 daemon
58
59 Use this option to run fido in the background as a daemon. By default,
60 fido will run as a daemon. This setting is available only at the global
61 level. It takes one of two values, true or false. It runs in the fore‐
62 ground when the setting is 'false'
63
64 rulesdir
65
66 fido monitors a log file and searches for pattern matches. These pat‐
67 terns are regular expressions that can be stored in a rules file. This
68 directive tells fido where to look for its rules. By default, it will
69 look in /etc/fido/rules You can override the default with this setting.
70 This option is available ONLY at the GLOBAL level.
71
72 rulesdir = /usr/local/etc/fido/rules
73
74 rules
75
76 This is a FILES level directive that tells fido where to find its pat‐
77 tern matches. It can take one of three different values, a regex, the
78 'modified' directive or a file name. If the value is a regex, then fido
79 will use that rule as it parses the file it's watching. If the value is
80 the 'modified' directive, then it will trigger an alert each time the
81 file is modified. If the value is a file name, then it will read
82 $rulesdir/$rules for all it's patterns. The benefit of using a file is
83 that you can set many patterns, one on each line. fido will try each
84 line as it looks for a match.
85
86 rules = modified
87 rules = .*OutOfMemory.*
88 rules = exceeds N seconds⎪minutes⎪hours⎪days
89 rules = haha.conf
90
91 In the first example, fido will trigger an action if the modification
92 date of the file it's monitoring is changed. In the second example, it
93 will tail the file it's monitoring and trigger an action each time it
94 matches the '.*OutOfMemory.*' pattern. In the third example, it will
95 triggern an action if the file's timestamp exceeds a designated time.
96 If the file we're monitoring is a directory, then an alert will be
97 triggered if any file in that directory exceeds the designated time. In
98 the final example, it will trigger an action each time it matches a
99 pattern inside $rulesdir/haha.conf
100
101 Beginning with version 1.1.4, you can use parentheses to capture text
102 and assign to variables $1, $2, etc. This is useful if you'd like to
103 send matched text to your program, for example:
104
105 /var/log/httpd/joedog-access_log {
106 rules = ^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*GoogleBot
107 action = /home/jeff/bin/googler $1
108 }
109
110 In the file block above, the IP address is captured within parentheses
111 and passed to the action as variable $1
112
113 action
114
115 This is a FILES level directive that tells fido what to do in the event
116 of a pattern match. Generally, you'll want to specify a script although
117 you can specify a program with parameters:
118
119 action = echo "action alert!!!!" ⎪ /usr/sbin/sendmail -v jeff@joedog.org
120 action = /home/jeff/bin/haha
121 action = /usr/local/bin/myscript $1 $2
122
123 Beginning with version 1.1.4, fido supports regex back references. Any
124 text you capture with a regex match within a set of parentheses can be
125 sent to the action program in $1 $2 $3 etc.
126
127 throttle
128
129 This is a FILES level directive which tells fido to delay place a delay
130 between actions. This is useful to avoid flooding inboxes with emails
131 or node managers with SMTP traps. The trottle format is 'throttle = N
132 denomination' where 'N' is a number and 'denomination' is either 'sec‐
133 onds', 'minutes', 'hours' or 'days'.
134
135 throttle = 15 minutes
136 throttle = 1 hour
137 throttle = 1 day(s)
138
139 exclude
140
141 This is a FILES level directive that only works when you monitor direc‐
142 tories with the exceeds directive. The format is 'exclude = [pattern]'
143 where pattern is a regular expression. Consider this:
144
145 /export {
146 rule = exceeds 7 days
147 exclude = ^\.⎪CVS⎪Makefile }
148
149 Given this file block, fido will execute an action if any file inside
150 the directory /export is older than 7 days but does NOT start with '.'
151 nor is it named CVS or Makefile.
152
153 recurse
154
155 This is a FILES level directive that that only works when you monitor
156 directories. If recurse is true, then fido will search all subdirecto‐
157 ries below the path. If recurse is false then fido will only examine
158 files inside the top-level directory.
159
160 /export {
161 rule = exceeds 1 month
162 recurse = true }
163
164 capture
165
166 This is a FILES level directive that tells fido to log the output from
167 the action directive mentioned above. If you're running sendmail -v,
168 then it will log all that verbose output to its selected logging
169 method. Good for debugging it takes one of two values, 'true' or
170 'false' - if false, it won't log output. The default is false
171
172 capture = true
173 capture = false
174
175 user
176
177 This is a GLOBAL setting in which we specify which user ID fido will
178 run under. You'll need to select a user that has read permissions to
179 the file it's monitoring and write permissions to the directory in
180 which it's logging. It is preferred that you select the least privi‐
181 leged user possible.
182
183 user = jboss
184
185 group
186
187 This is a GLOBAL setting in which we specify with group ID fido will
188 run under. Like 'user' we recommend you select the least privileged
189 group possible
190
191 group = jboss
192
194 #
195 # Global values
196 #
197 log = syslog
198 pid = /var/run/fido.pid
199 daemon = true
200 rulesdir = /etc/fido/rules
201 user = root
202 group = daemon
203
204 /var/log/httpd/access_log {
205 rules = .*siege-.*tar.gz.*
206 action = /usr/bin/tally
207 log = /var/log/fido.log
208 }
209
210 /var/log/maillog {
211 rules = maillog.conf
212 action = /usr/bin/react
213 }
214
215 /var/log/haha.log {
216 rules = ^haha.*
217 action = echo "alert!!!!" ⎪ /usr/sbin/sendmail -v jeff@joedog.org
218 capture = true
219 }
220
221
222
223perl v5.8.8 2014-12-03 FIDO.CONF(8)