summaryrefslogtreecommitdiff
path: root/doc/smman.dox.in
blob: fbac785ecb67d9bb9f900cea854a0631ca5d547f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/**
 * @mainpage Syslog Message MANager
 *
 * @author Guillaume Friloux <kuri@efl.so>
 * @version @PACKAGE_VERSION@
 *
 * @section INTRODUCTION Introduction
 * SMMan is a gateway between syslog files and an
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database.<br />
 * SMMan has a few more interesting stuff : He can tag every log he 
 * sees by using defined rules on them.<br />
 * SMMan uses a configuration file, and needs rules files that must be 
 * written by the user of SMMan.<br />
 * SMMan will then use these rules to monitor all the specified logfiles 
 * (using inotify), and extract every new entry.
 * to filter it using the rules and then indexing it in the configured 
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database.
 * <img src=intro.png>
 *
 * <br />
 * @section CONFIGURATION Configuration
 * The configuration file has to be in <b>/etc/smman/smman.conf</b><br />
 * For now, there is only 3 configurable variables :
 * @li @b server : URL to
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database. 
 * SMMan speaks to <a href=http://www.elasticsearch.com>ElasticSearch</a> using 
 * JSON.
 * @li @b host : Allows you to set a different host that the one returned
 *     by command hostname (optionnal).
 * @li @b type : Default type for all logs (optionnal).
 *
 *
 * Exemple of configuration file : <br />
 * @code
server = http://localhost:9200/logstash/logs/
host = BlackStar
type = syslog
@endcode
 *
 * <br />
 * @section RULES Writing rules
 * Writing rules is quite easy. SMMan search for rules in
 * <b>/etc/smman/rules.d/</b><br />
 * Check the rules directory in the source code to see examples of rules.<br />
 * Basically, rules allows you to write matches about filenames or messages
 * (using globbing/regexp), and set informations like :
 * @li source_host : Set a custom hostname
 * @li type : Set a custom type
 * @li tags : Add tags to the message
 * @li delete : Do not index the log, just drop it
 *
 * <br />
 * @section LOGSTASH Why not using logstash ?
 * @li Its written in ruby and i know nothing to ruby (so i cant modify
 *     anything).
 * @li I have been able to make it crash just by deleting a monitored file,
 *     or by sending chars like éàè.
 * @li I seemed (back in 2010) to be too stupid to understand how to automatically tag 
 * messages properlly with grok.
 *
 */