From c25c40dfa96dfeb022b203280c607c1f1835417b Mon Sep 17 00:00:00 2001
From: Robert Göhler <github@ghlr.de>
Date: Sun, 24 Jan 2021 22:14:00 +0100
Subject: Migrate new file structure to crux (#435)

* order workflows and add submodule

* rename gitmodules file

* delete docs/.gitignore

* add vyos custom linter

* correct __pycache__ in gitignore

* add test-coverage.py

* move draw.io folder

* arrange changelog, install history and about

* arrange: firewall

* arrange: highavailability

* arrange: loadbalancing

* arrange: nat

* arrange: services

* sort configexamples and configuration interfaces

* wireles: rename wireless

* rearrange: Protocols and Policy

* rearrange: Firewall and Zone Policy

* rearrange: Interfaces

* rearrange: Interfaces

* rearrange: dynamic DNS

* hostinfo: add page to index

* rearrange: appendix

* venv: add Pipfile

* rearrange: contributing

* index: remove debugging

* rearrange: fix all figure and refs

* rearrange: commandtree

* fix: cli, openvpn, install headline level

* protocols: change headline

* firewall: move mss clamping

* ip: separate ipv4 and ipv6

* arp: move to static page

* igmp: rename multicast page

* Update to year 2021
---
 docs/configuration/system/eventhandler.rst | 48 ++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 docs/configuration/system/eventhandler.rst

(limited to 'docs/configuration/system/eventhandler.rst')

diff --git a/docs/configuration/system/eventhandler.rst b/docs/configuration/system/eventhandler.rst
new file mode 100644
index 00000000..4421e79c
--- /dev/null
+++ b/docs/configuration/system/eventhandler.rst
@@ -0,0 +1,48 @@
+.. _event-handler:
+
+Event Handler
+-------------
+
+Event handler allows you to execute scripts when a string that matches a regex appears in a text stream (e.g. log file).
+
+It uses "feeds" (output of commands, or a named pipes) and "policies" that define what to execute if a regex is matched.
+
+.. code-block:: none
+
+  system
+  event-handler
+      feed <name>
+      description <feed description>
+      policy <policy name>
+      source
+          preset
+          syslog # Use the syslog logs for feed
+          custom
+          command <command to execute> # E.g. "tail -f /var/log/somelogfile"
+          named-pipe <path to a names pipe>
+      policy <policy name>
+      description <policy description>
+      event <event name>
+          description <event description>
+          pattern <regex>
+          run <command to run>
+
+In this small example a script runs every time a login failed and an interface goes down
+
+.. code-block:: none
+
+  vyos@vyos# show system event-handler 
+  feed Syslog {
+      policy MyPolicy
+      source {
+          preset syslog
+      }
+  }
+  policy MyPolicy {
+      description "Test policy"
+      event BadThingsHappened {
+          pattern "authentication failure"
+          pattern "interface \.* index \d+ .* DOWN.*"
+          run /config/scripts/email-to-admin 
+      }
+  }
\ No newline at end of file
-- 
cgit v1.2.3