# Configuration parameters The plugin is configured using an external configuration file. This configuration file has a series of “general” parameters, a series of parameters specific to each record, and a set of parameters specific to each regular expression block. **General parameters** - **include** Calls another configuration file. It can be nested without limit, and its loading order is sequential. It is important to call files with absolute paths. - **index\_dir** Use this directory to store index files. The plugin must be able to write to and read from the directory. - **logfile** Plugin log file. **Specific log parameters** - **log\_begin y log\_end** Set start and end marks for the definition of a logparser.log file - **log\_module\_name** Name of the module generated by the plugin. - **log\_type** There are three types of log module: \- log\_module: Returns the log lines in a log-type module. \- return\_occurrences: Returns a numerical value with the number of occurrences. \- return\_lines: Returns the lines of the log that match. \- return\_message: Returns a message specified by the configuration file. - **log\_rotate\_mode** It can be of the inode or md5 type. This is the type of detection performed to determine whether a record is rotated or not. - **log\_force\_readall** When this token is present, the log analyzer processes the entire log from the beginning if it has not already done so (it is the first time it has been opened or a rotation has been detected). NOTE: This can generate large volumes of data. - **log\_location\_exec** Execute the specified command to obtain the name (absolute path) of the file to be processed. - **log\_location\_filename** Specifies the name of the log file (absolute path) to be processed. - **log\_location\_multiple** Allows you to specify one or more files using a wildcard, for example: /tmp/apache/file\_log\* or /tmp/system\*/mail\*. Used in combination with log\_create\_module\_for\_each\_log, it will create a different module for each log file or put all the information from different files into the same module. - **log\_create\_module\_for\_each\_log** If used with “log\_location\_multiple,” it will force the plugin to generate a different module for each log file. **Definition of regular expressions** - **log\_regexp\_begin y log\_regexp\_end** Mark the beginning and end of the definition of a regular expression for the definition of the log file in which they are found. - **log\_regexp\_rule** Define the regular expression. NOTE: Do not use / / markers directly in the extended regular expression (Perl-like). Examples: ``` File\sdoes\snot\sexist → Find “File does not exist” [0-9]*\serrores → Find strings “043 errores” ``` - **log\_regexp\_severity** Send a severity in the XML, which can be WARNING, CRITICAL, or NORMAL (in uppercase). This is optional. - **log\_return\_message** Text that was sent to find at least one occurrence (if several were found, only one message will be sent). You can use the switches $1 .. $2 for fields previously identified with a regular expression to perform the search field → syntax () - **log\_regexp\_action** Command that runs to find at least one occurrence (if it finds several, it runs only once). When defining a record, you can define several regular expression blocks. Each regular expression block will contain only one regexp rule. In case of multiple matches, it will count each occurrence, but will only send one message or execute one action. To understand each element, an example configuration file is shown below. **Linux** ``` # Include, to load extenal/aditional configuration files # include /tmp/my_other_configuration.conf # Directory where temporal indexes will be stored (/tmp by default) #index_dir /tmp # Log problems with the logparser, (/tmp/pandora_logparser.log by default) #logfile /tmp/pandora_logparser.log # Sample of creating a log-type module log_begin log_module_name errors file log_force_readall log_location_file /var/log/errors.out log_description get errors log_type log_module log_regexp_begin log_regexp_rule (?i)error log_regexp_severity CRITICAL log_return_message Error log_regexp_end log_end # Sample of a single log match log_begin log_module_name Weekly log_location_file /var/log/weekly.out log_description Errors cannot find log_type return_lines log_regexp_begin log_regexp_rule output log_regexp_severity WARNING log_return_message Cannot find process to run log_regexp_end log_end # Sample of wildcard matching of several logfiles within the same module log_begin log_rotate_mode md5 log_module_name system_log log_force_readall log_location_multiple /var/log/system.log* log_description Errors cannot find log_type return_lines log_regexp_begin log_regexp_rule Cannot log_regexp_severity WARNING log_return_message Cannot find process to run log_regexp_end log_end # Sample of several wildcard matching on the same file log_begin log_module_name hits_apache log_location_file /var/log/apache2 log_description Access log from Apache, we will get the integria access log_type return_ocurrences log_regexp_begin log_regexp_rule Error -($1)\-($2) [0-9a-zA-Z]* log_regexp_severity WARNING log_return_message Otro bonito texto de error log_regexp_end log_regexp_begin log_regexp_rule File\sdoes\snot\sexist log_regexp_severity WARNING log_regexp_end log_regexp_begin log_regexp_rule pandora_backend\.html log_regexp_severity WARNING log_return_message Something possible harmful happen log_regexp_end log_end # Sample of wildcard matching of several logfiles with diferent dynamic modules log_begin log_rotate_mode inode log_module_name test_log log_force_readall # If enabled, this token will create a different module using the module_name # provided plus the full logfilename replacing / with " ". log_create_module_for_each_log log_location_multiple /tmp/log*/hola* log_description Errors cannot find log_type return_lines log_regexp_begin log_regexp_rule adios log_regexp_severity WARNING log_return_message Cannot find process to run log_regexp_end log_end ``` **Windows** ``` # Include external/additional configuration files # include C:\PandoraFMS\conf\extra.conf # Temporary index directory index_dir C:\PandoraFMS\tmp\logparser # Log file for logparser errors logfile C:\PandoraFMS\logs\pandora_logparser.log # Example: log module creation log_begin log_module_name errors_file log_force_readall log_location_file C:\Logs\errors.log log_description get_errors log_type log_module log_regexp_begin log_regexp_rule (?i)error log_regexp_severity CRITICAL log_return_message Error_detected log_regexp_end log_end # Example: single log file matching log_begin log_module_name weekly_log log_location_file C:\Logs\weekly.log log_description weekly_errors log_type return_lines log_regexp_begin log_regexp_rule output log_regexp_severity WARNING log_return_message Cannot_find_process_to_run log_regexp_end log_end # Example: multiple log files in same module log_begin log_rotate_mode md5 log_module_name system_log log_force_readall log_location_multiple C:\Logs\system.log* log_description system_errors log_type return_lines log_regexp_begin log_regexp_rule Cannot log_regexp_severity WARNING log_return_message Cannot_find_process_to_run log_regexp_end log_end # Example: multiple patterns in one log file log_begin log_module_name apache_access log_location_file C:\Logs\apache\access.log log_description apache_access_log log_type return_occurrences log_regexp_begin log_regexp_rule Error\-([0-9]+) log_regexp_severity WARNING log_return_message Apache_error_detected log_regexp_end log_regexp_begin log_regexp_rule File\sdoes\snot\sexist log_regexp_severity WARNING log_regexp_end log_regexp_begin log_regexp_rule pandora_backend\.html log_regexp_severity WARNING log_return_message Potential_issue_detected log_regexp_end log_end # Example: dynamic modules for multiple files log_begin log_rotate_mode inode log_module_name test_log_dynamic log_force_readall log_create_module_for_each_log log_location_multiple C:\Logs\app*.log log_description application_logs log_type return_lines log_regexp_begin log_regexp_rule adios log_regexp_severity WARNING log_return_message Match_found log_regexp_end log_end ```