# -*- text -*-
##
## trigger.conf -- Events in the server can trigger a hook to be executed.
##
## $Id: 413a182eec6a193ef8ffd284295e181962265395 $
#
# The triggers are named as "type.subtype.value". These names refer
# to subsections and then configuration items in the "trigger"
# section below. When an event occurs, the trigger is executed. The
# trigger is simply a program that is run, with optional arguments.
#
# The server does not wait when a trigger is executed. It is simply
# a "one-shot" event that is sent.
#
# The trigger names should be self-explanatory.
#
#
# SNMP configuration.
#
# For now, this is only for SNMP traps.
#
# They are enabled by uncommenting (or adding) "$INCLUDE trigger.conf"
# in the main "radiusd.conf" file.
#
# The traps *REQUIRE* that the files in the "mibs" directory be copied
# to the global mibs directory, usually /usr/share/snmp/mibs/.
# If this is not done, the "snmptrap" program has no idea what information
# to send, and will not work. The MIB installation is *NOT* done as
# part of the default installation, so that step *MUST* be done manually.
#
# The global MIB directory can be found by running the following command:
#
# snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR | sed "s/' .*//;s/.* '//;s/.*://"
#
# Or maybe just:
#
# snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR
#
# If you have copied the MIBs to that directory, you can test the
# FreeRADIUS MIBs by running the following command:
#
# snmptranslate -m +FREERADIUS-NOTIFICATION-MIB -IR -On serverStart
#
# It should print out:
#
# .1.3.6.1.4.1.11344.4.1.1
#
# As always, run the server in debugging mode after enabling the
# traps. You will see the "snmptrap" command being run, and it will
# print out any errors or issues that it encounters. Those need to
# be fixed before running the server in daemon mode.
#
# We also suggest running in debugging mode as the "radiusd" user, if
# you have "user/group" set in radiusd.conf. The "snmptrap" program
# may behave differently when run as "root" or as the "radiusd" user.
#
snmp {
#
# Configuration for SNMP traps / notifications
#
# To disable traps, edit "radiusd.conf", and delete the line
# which says "$INCUDE trigger.conf"
#
trap {
#
# Absolute path for the "snmptrap" command, and
# default command-line arguments.
#
# You can disable traps by changing the command to
# "/bin/echo".
#
cmd = "/usr/bin/snmptrap -v2c"
#
# Community string
#
community = "public"
#
# Agent configuration.
#
agent = "localhost ''"
}
}
#
# The "snmptrap" configuration defines the full command used to run the traps.
#
# This entry should not be edited. Instead, edit the "trap" section above.
#
snmptrap = "${snmp.trap.cmd} -c ${snmp.trap.community} ${snmp.trap.agent} FREERADIUS-NOTIFICATION-MIB"
#
# The individual triggers are defined here. You can disable one by
# deleting it, or by commenting it out. You can disable an entire
# section of traps by deleting the section.
#
# The entries below should not be edited. For example, the double colons
# *must* immediately follow the ${snmptrap} reference. Adding a space
# before the double colons will break all SNMP traps.
#
# However... the traps are just programs which are run when
# particular events occur. If you want to replace a trap with
# another program, you can. Just edit the definitions below, so that
# they run a program of your choice.
#
# For example, you can leverage the "start/stop" triggers to run a
# program when the server starts, or when it stops. But that will
# prevent the start/stop SNMP traps from working, of course.
#
trigger {
#
# Events in the server core
#
server {
# the server has just started
start = "${snmptrap}::serverStart"
# the server is about to stop
stop = "${snmptrap}::serverStop"
# The "max_requests" condition has been reached.
# This will trigger only once per 60 seconds.
max_requests = "${snmptrap}::serverMaxRequests"
# For events related to clients
client {
# Added a new dynamic client
add = "/path/to/file %{Packet-Src-IP-Address}"
# There is no event for when dynamic clients expire
}
# Events related to signals received.
signal {
# a HUP signal
hup = "${snmptrap}::signalHup"
# a TERM signal
term = "${snmptrap}::signalTerm"
}
# Events related to the thread pool
thread {
# A new thread has been started
start = "${snmptrap}::threadStart"
# an existing thread has been stopped
stop = "${snmptrap}::threadStop"
# an existing thread is unresponsive
unresponsive = "${snmptrap}::threadUnresponsive"
# the "max_threads" limit has been reached
max_threads = "${snmptrap}::threadMaxThreads"
}
}
# When a home server changes state.
# These traps are edge triggered.
home_server {
# common arguments: IP, port, identifier
args = "radiusAuthServerAddress a %{proxy-request:Packet-Dst-IP-Address} radiusAuthClientServerPortNumber i %{proxy-request:Packet-Dst-Port} radiusAuthServIdent s '%{home_server:instance}'"
# The home server has been marked "alive"
alive = "${snmptrap}::homeServerAlive ${args}"
# The home server has been marked "zombie"
zombie = "${snmptrap}::homeServerZombie ${args}"
# The home server has been marked "dead"
dead = "${snmptrap}::homeServerDead ${args}"
}
# When a pool of home servers changes state.
home_server_pool {
# common arguments
args = "radiusdConfigName s %{home_server:instance}"
# It has reverted to "normal" mode, where at least one
# home server is alive.
normal = "${snmptrap}::homeServerPoolNormal ${args}"
# It is in "fallback" mode, with all home servers "dead"
fallback = "${snmptrap}::homeServerPoolFallback ${args}"
}
# Triggers for specific modules. These are NOT in the module
# configuration because they are global to all instances of the
# module. You can have module-specific triggers, by placing a
# "trigger" subsection in the module configuration.
modules {
# Common arguments
args = "radiusdModuleInstance s ''"
# The files module
files {
# Common arguments
args = "radiusdModuleName s files ${..args}"
# The module has been HUP'd via radmin
hup = "${snmptrap}::serverModuleHup ${args}"
# Note that "hup" can be used for every module
# which can be HUP'd via radmin
}
# The LDAP module
# If the server does "bind as user", it will open and close
# an LDAP connection ofr every "bind as user". Be aware that
# this will likely produce a lot of triggers.
ldap {
# Common arguments
args = "radiusdModuleName s ldap ${..args}"
# A new connection to the DB has been opened
open = "${snmptrap}::serverModuleConnectionUp ${args}"
# A connection to the DB has been closed
close = "${snmptrap}::serverModuleConnectionDown ${args}"
# The module has been HUP'd via radmin
hup = "${snmptrap}::serverModuleHup ${args}"
}
# The SQL module
sql {
# Common arguments
args = "radiusdModuleName s sql ${..args}"
# A new connection to the DB has been opened
open = "${snmptrap}::serverModuleConnectionUp ${args}"
# A connection to the DB has been closed
close = "${snmptrap}::serverModuleConnectionDown ${args}"
# Failed to open a new connection to the DB
fail = "${snmptrap}::serverModuleConnectionFail ${args}"
# The module has been HUP'd via radmin
hup = "${snmptrap}::serverModuleHup ${args}"
}
# You can also use connection pool's start/stop/open/close triggers
# for any module which uses the "pool" section, here and under
# pool.trigger in module configuration.
}
}
#
# The complete list of triggers as generated from the source code is below.
#
# These are the ONLY traps which are generated. You CANNOT add new traps
# by defining them in one of the sections above. New traps can be created
# only by edited both the source code to the server, *and* the MIBs.
# If you are not an expert in C and SNMP, then adding new traps will be
# difficult to create.
#
# home_server.alive
# home_server.dead
# home_server.zombie
# home_server_pool.fallback
# home_server_pool.normal
# modules.*.hup
# modules.ldap.timeout
# modules.sql.close
# modules.sql.fail
# modules.sql.open
# server.client.add
# server.max_requests
# server.signal.hup
# server.signal.term
# server.start
# server.stop
# server.thread.max_threads
# server.thread.start
# server.thread.stop
# server.thread.unresponsive
distrib
>
Mageia
>
7
>
armv7hl
>
media
>
core-release
>
by-pkgid
>
6298fa72b6ad6a392dc9442fe0ec1082
>
files
>
276
