Configuring the Message Sources

There are currently five types of message sources that can be configured in Message Transformation. These types are:

File - for text files (note that these must reside on the DGE or DGE-extension)
Trap - for SNMP traps
Socket - for reading from a TCP socket
WinEvt - for Windows events using nvwmiel
Syslogd - for syslog files

The name parameter in the source configuration is matched against the corresponding `name' parameter in the rule definitions to control which rules are applied against which message sources.

Detailed instructions on each of these sources is provided later in this chapter.

Source Specifications

Each of the message sources has a corresponding source file in its respective subdirectory of <TRAVERSE_HOME>/etc/messages/.

For example, the default socket source file is <TRAVERSE_HOME>/etc/messages/ism/00_src_socket_ism.xml.

<message-handler>

 <source type="socket" name="ism">

  <enabled>true</enabled>

  <duplicateEventInterval>60</duplicateEventInterval>

  <logunmatched>false</logunmatched>  <!-- log unmatched messages -->

  <port>7659</port> <!-- port for incoming connections -->

  <connections>4</connections>  <!-- maximum concurrent connections -->

  <timeout>60</timeout>  <!-- idle timeout, in seconds -->

  <username>ismuser</username>  <!-- username to use for TCP socket login -->

  <password>fixme</password>  <!-- password to use for login -->

 </source>

 <!-- add custom <source> blocks for file, syslog, traps under plugin/messages/ -->

</message-handler>

The elements in the following table apply to all source types:

Source Elements

Element Name	Description
`type`	The message source type.
`name`	A name for this source type.
`enabled`	true \| false Indicates whether this source type is enabled.
`duplicateEventInterval`	The number of seconds in the de-duplication interval for messages from this source. Note that for polled threshold violation events, there is a corresponding duplicateEventCycle configuration setting in dge.xml file.
`logunmatched`	true \| false If true, messages that do not match a pattern specified in the rules are logged to a log file.

Adding Custom Message Sources

Users can extend Message Transformation to handle additional message sources very easily by creating additional configuration files and storing it in the plug-ins directory under <TRAVERSE_HOME>/plugin/messages/. You can create additional log files to be monitored, additional trap handlers running on different ports, or other TCP sockets to accept text streams. For details on how to extend Traverse using the plug-in architecture, see the Traverse Developer Guide & API Reference.