summaryrefslogtreecommitdiff
path: root/doc/smman.dox.in
blob: da3ef41e20e6c467f5324d2f8cd1807920b40f17 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/**
 * @mainpage Syslog Message MANager
 *
 * @author Guillaume Friloux <kuri@efl.so>
 * @version @PACKAGE_VERSION@
 *
 * @section INTRODUCTION Introduction
 * SMMan is a gateway between syslog files and an
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database.<br />
 * SMMan has a few more interesting stuff : He can tag every log he 
 * sees by using defined rules on them.<br />
 * SMMan uses a configuration file, and needs rules files that must be 
 * written by the user of SMMan.<br />
 * SMMan will then use these rules to monitor all the specified logfiles 
 * (using inotify), and extract every new entry.
 * to filter it using the rules and then indexing it in the configured 
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database.
 * <img src=data/img/intro.png>
 *
 * <br />
 * @section CONFIGURATION Configuration
 * The configuration file has to be in <b>/etc/smman/smman.conf</b><br />
 * For now, there is only 3 configurable variables :
 * @li @b server : URL to
 * <a href=http://www.elasticsearch.com>ElasticSearch</a> database. 
 * SMMan speaks to <a href=http://www.elasticsearch.com>ElasticSearch</a> using 
 * JSON.
 * @li @b host : Allows you to set a different host that the one returned
 *     by command hostname (optionnal).
 * @li @b type : Default type for all logs (optionnal).
 *
 *
 * Exemple of configuration file : <br />
 * @code
server = http://localhost:9200/logstash/logs/
host = BlackStar
type = syslog
@endcode
 *
 * <br />
 * @section RULES Writing rules
 * Writing rules is quite easy. SMMan search for rules in
 * <b>/etc/smman/rules.d/</b><br />
 * Check the rules directory in the source code to see examples of rules.<br />
 * Basically, rules allows you to write matches about filenames or messages
 * (using globbing/regexp), and set informations like :
 * @li source_host : Set a custom hostname
 * @li type : Set a custom type
 * @li tags : Add tags to the message
 * @li delete : Do not index the log, just drop it
 *
 * <br />
 * @section LOGSTASH Why not using logstash ?
 * @li Its written in ruby and i know nothing to ruby (so i cant modify
 *     anything).
 * @li I have been able to make it crash just by deleting a monitored file,
 *     or by sending chars like éàè.
 * @li I seemed (back in 2010) to be too stupid to understand how to automatically tag 
 * messages properlly with grok.
 *
 */


/**
 * @defgroup Lib-Conf Conf Library
 *
 * @section Lib-Conf-Introduction Introduction
 * Conf is an asynchronous library to help loading/parsing basic configuration
 * files.
 * <br />
 * Each configuration line will be stored in an hash table.
 *
 *
 * @section Lib-Conf-Code Code documentation
 * @li @ref Lib-Conf-Functions
 * @defgroup Lib-Conf-Functions API functions
 */

/**
 * @defgroup Lib-Spy Spy Library
 *
 * @section Lib-Spy-Introduction Introduction
 * Spy is an asynchronous library to ease the detection of new lines
 * inside files.
 * <br />
 * For every new line detected on a spied file, it will generate a
 * @b SPY_EVENT_LINE event to ecore that your application will need to
 * listen for.
 *
 * @section Lib-Spy-Code Code documentation
 * @li @ref Lib-Spy-Functions
 * @defgroup Lib-Spy-Functions API functions
 */

/**
 * @defgroup Lib-Rules Rules Library
 * 
 * @section Lib-Rules-Introduction Introduction
 * Rules is an asynchronous library for the loading of smman rules.<br />
 * These rules are basic configuration files, that we read using the
 * @ref Lib-Conf.<br />
 *
 * @section Lib-Rules-Code Code documentation
 * @li @ref Lib-Rules-Functions
 * @defgroup Lib-Rules-Functions API functions
 */