From bf751eb317f6f5b41c8a2bf775af085ca05f37d6 Mon Sep 17 00:00:00 2001 From: rebortg Date: Sun, 24 Mar 2019 21:37:17 +0100 Subject: add system event-handler --- docs/system/eventhandler.rst | 48 ++++++++++++++++++++++++++++++++++++++++++++ docs/system/index.rst | 3 ++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 docs/system/eventhandler.rst (limited to 'docs') diff --git a/docs/system/eventhandler.rst b/docs/system/eventhandler.rst new file mode 100644 index 00000000..6204abcc --- /dev/null +++ b/docs/system/eventhandler.rst @@ -0,0 +1,48 @@ +.. _event-handler: + +Event Handler +------------- + +Event handler allows you to execute scripts when a string that matches a regex appears in a text stream (e.g. log file). + +It uses "feeds" (output of commands, or a named pipes) and "policies" that define what to execute if a regex is matched. + +.. code-block:: sh + + system + event-handler + feed + description + policy + source + preset + syslog # Use the syslog logs for feed + custom + command # E.g. "tail -f /var/log/somelogfile" + named-pipe + policy + description + event + description + pattern + run + +In this small example a script runs every time a login failed and an interface goes down + +.. code-block:: sh + + vyos@vyos# show system event-handler + feed Syslog { + policy MyPolicy + source { + preset syslog + } + } + policy MyPolicy { + description "Test policy" + event BadThingsHappened { + pattern "authentication failure" + pattern "interface \.* index \d+ .* DOWN.*" + run /config/scripts/email-to-admin + } + } \ No newline at end of file diff --git a/docs/system/index.rst b/docs/system/index.rst index aa414a82..7cd641fa 100644 --- a/docs/system/index.rst +++ b/docs/system/index.rst @@ -10,7 +10,8 @@ should be ready for further configuration which is described in this chapter. .. toctree:: :maxdepth: 2 :hidden: - + + eventhandler host-information systemusers syslog -- cgit v1.2.3