/opt/pmx/etc/scheduler.d/monitor-analyzer.conf
The Threshold analyzer accepts events from the Notifiers and analyzes them to
determine when a specified threshold has been crossed.
<analyzer too_much_spam_from_host>
use = PureMessage::Monitor::Analyzer::Threshold
event = spam
field = relay_host
expiry = 5m
threshold = 20
</analyzer>
<analyzer too_much_mail_from_host>
use = PureMessage::Monitor::Analyzer::Threshold
event = every_message
field = relay_host
expiry = 5m
threshold = 100
</analyzer>
The following options can be used in the monitor-analyzer.conf file:
- event
-
Specifies the Event that this analyzer is accepting for analysis. Use of the
keyword ``all'' here signifies that the analyzer is willing to accept all
generated events for analysis. Required
- field
-
Specifies the field within the input event that we're analyzing (e.g.
``relay_host''). Required
- threshold
-
Specifies the threshold that must be crossed in order for the analyzer to fire
an Action Event.
- expiry
-
Specifies the expiry time for event counters. Data which is older than this is
considered stale and does not count towards the threshold. Default is 5m,
minimum is 1m, maximum is 1d.
- period
-
Specifies a grouping period for event counters. Default is 1m, minimum is 1m,
maximum is 1d. Default is almost always sufficient; you'll likely never need
to change this value.
Action Events generated by the Threshold analyzer contain the following fields
of information which can be consumed by Reactors:
- time_stamp
-
The time stamp (in seconds since the epoch) when we detected that the threshold
had been crossed.
- name
-
The name of the generated Action Event, which has the same name as the Analyzer
which generated it (e.g. ``too_much_spam_from_host'').
- field
-
The field which is being monitored by the Threshold analyzer (e.g.
``relay_host'').
- value
-
The data value for which the count exceeded the threshold (e.g.
``smtp.example.com'').
- threshold
-
The configured threshold value.
- count
-
The current count for this particular data value.
Copyright (C) 2000-2006 Sophos Group. All rights reserved. Sophos and
PureMessage are trademarks of Sophos Plc and Sophos Group.