|
|
|
|
There are currently five types of message sources that can be configured in the Message Handler. These types are:
File - for text files (note that these must reside on the DGE or DGE-extension)Trap - for SNMP trapsSocket - for reading from a TCP socketWinEvt - for Windows events using nvwmielSyslogd - for syslog filesThe name parameter in the source configuration is matched against the corresponding `name' parameter in the rule definitions to control which rules are applied against which message sources.
Detailed instructions on each of these sources is provided later in this chapter.
Source Specifications
Each of the message sources has a corresponding source file in its respective subdirectory of <TRAVERSE_HOME>/etc/messages/.
For example, the default socket source file is <TRAVERSE_HOME>/etc/messages/ism/00_src_socket_ism.xml.
<message-handler>
<source type="socket" name="ism">
<enabled>true</enabled>
<duplicateEventInterval>60</duplicateEventInterval>
<logunmatched>false</logunmatched> <!-- log unmatched messages -->
<port>7659</port> <!-- port for incoming connections -->
<connections>4</connections> <!-- maximum concurrent connections -->
<timeout>60</timeout> <!-- idle timeout, in seconds -->
<username>ismuser</username> <!-- username to use for TCP socket login -->
<password>fixme</password> <!-- password to use for login -->
</source>
<!-- add custom <source> blocks for file, syslog, traps under plugin/messages/ -->
</message-handler>
The elements in the following table apply to all source types:
Source Elements
Element Name |
Description |
|
The message source type. |
|
A name for this source type. |
|
true | false Indicates whether this source type is enabled. |
|
The number of seconds in the de-duplication interval for messages from this source. Note that for polled threshold violation events, there is a corresponding duplicateEventCycle configuration setting in dge.xml file. |
|
true | false If true, messages that do not match a pattern specified in the rules are logged to a log file. |
Adding Custom Message Sources
Users can extend the Message Handler to handle additional message sources very easily by creating additional configuration files and storing it in the plug-ins directory under <TRAVERSE_HOME>/plugin/messages/. You can create additional log files to be monitored, additional trap handlers running on different ports, or other TCP sockets to accept text streams. For details on how to extend Traverse using the plug-in architecture, see the .