Sophie

Sophie

distrib > * > cooker > x86_64 > by-pkgid > da2a89686a81980bc1060d2b1d9fea2f > files > 3

prelude-lml-1.0.1-1.x86_64.rpm

##############################################
# Configuration for the Prelude LML Sensor   #
##############################################

include = /etc/prelude/default/idmef-client.conf


# Address where the Prelude Manager Server is listening on.
# if value is "127.0.0.1", the connection will occur throught
# an UNIX socket.
#
# This entry is disabled. The default is to use the entry
# located in the Prelude system wide clients.conf. You may
# overwrite the default address for this sensor by uncommenting
# this entry.
#
# [prelude]
# server-addr = 127.0.0.1


# FILES TO MONITOR
#
# You should define the log message prefix-regex and time-format within
# a [format] section. If not specified, the default syslog format will
# be used.
#
# The prefix-regex should contain PCRE named subpatterns to pick out the
# information available in your syslog's prefix.
#
# The available field names are:
#   - hostname
#   - process
#   - pid
#   - timestamp
#
# Please see pcrepattern(3) manpage for help writing the prefix-regex
# In order to set the time-format, please have a look at the strptime(3)
# manpage.
#
# Example configuration for syslog output:
#
# Each [format] section might have several file entry.
# Each [format] section might have several udp-server entry.
#
# If a file or udp-server entry might is listed accross differents
# formats, then the first matching format for a given log entry will be
# used.
#
# Additionally, you can specify a pattern in a file entry. LML will then
# searches for all the pathnames matching pattern according to the rules
# used by the shell (see glob(7)).
#
# Example: file = /var/log/*/*.log
#


# CHARACTER ENCODING
#
# For each files added to a format, a character encoding can be specified
# using the 'charset' option. Example:
#
# [format=MyFormat]
# charset = ISO-8859-1
# file = /var/log/log1
# file = /var/log/log2
# charset = UTF-8
# file = /var/log/log3
# file = /var/log/*.log
# udp-server = 0.0.0.0
#
# This will set the character set for 'log1' and 'log2' to ISO-8859-1, and
# to UTF-8 for 'log3', any files that match '/var/log/*.log', and any log
# entry read from the '0.0.0.0' integrated UDP server.
#
# Note that if no character encoding is specified, the system will attempt
# to automatically detect the encoding used. If the detection fail, then
# system wide default (retrieved from locale LC_CTYPE) will be used.
#

# ALTERING GENERATED IDMEF Events
#
# Within each format, you might use the 'idmef-alter' option to modify
# generated events:
#
# Example: idmef-alter = alert.analyzer(-1).node.location = MyLocation;
#
# Note that 'idmef-alter' will never overwrite an IDMEF path that is
# already set. Use 'idmef-alter-force' if this is what you intend to do.
#


[format=syslog]
time-format = "%b %d %H:%M:%S"
prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
file = /var/log/messages
# udp-server = 0.0.0.0


#
# Sample configuration for metalog:
#
[format=metalog]
prefix-regex = "^(?P<timestamp>.{15}) \[(?P<process>\S+)\] "
time-format = "%b %d %H:%M:%S"
file = /var/log/everything/current
# udp-server = 0.0.0.0


#
# Sample configuration for apache:
#
[format=apache]
time-format = "%d/%b/%Y:%H:%M:%S"
prefix-regex = "(?P<hostname>\S+) \S+ \S+ \[(?P<timestamp>.{20}) [+-].{4}\] "
file = /var/log/httpd/access_log
file = /var/log/httpd/access_log

[format=apache-error]
time-format = "%a %b %d %H:%M:%S %Y"
prefix-regex = "^\[(?P<timestamp>.{24})\] \S+ (\[client (?P<hostname>\S+)\] )?"
file = /var/log/httpd/error_log
file = /var/log/httpd/error_log



#
# Sample configuration for asterisk:
#
#[format=asterisk]
#time-format = "%b %d %H:%M:%S"
#prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])? (\S*): )?"
#file = /var/log/asterisk/messages


#
# Specifies the maximum difference, in seconds and/or size, between
# the interval of two logfiles' rotation. If this difference is reached,
# a high severity alert will be emited. The K (kbytes) or M (mbytes)
# suffix might be used for size definition.
#
#max-rotation-size-offset = 1024
#max-rotation-time-offset = 300


#
# Maximum number of warning a given source should emit in case it can
# not parse log entry with the provided prefix_regex and time_format.
#
# -1 == unlimited number of warning
#  0 == no warning at all
#  X == print at most X warnings.
#
# warning-limit = -1


####################################
# Here start plugins configuration #
####################################

[Pcre]

ruleset=/etc/prelude-lml/ruleset/pcre.rules


# [Debug]
#
# This plugin issue an alert for each packet.
# Carefull to the loging activity it generate.
#
# Triger Report to the console.
# stderr

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional