NAME

/opt/pmx/etc/scheduler.d/monitor-reactor.conf


DESCRIPTION

Specifies the reaction to particular action events generated by the pmx-monitor-analyzer.


CONFIGURATION

Send E-mail Example

  <reactor email_on_too_much_mail_from_host>
    use = PureMessage::Monitor::Reactor::Email
    event = too_much_mail_from_host
    to = admin@example.com
    subject = Too much mail from %%RELAY_HOST%%
    template = alert-threshold.tmpl
  </reactor>

Send E-mail Option Explanations

The E-mail reactor sends a customizable e-mail message in response to an Action Event. The following configuration options can be used to help configure the E-mail reactor:

event
Specifies the Action Event that this reactor is reacting to. Use of the keyword ``all'' here signifies that the reactor is willing to react to any generated Action Events. Required

to
Specifies the ``To'' address for the e-mail notification message. To send to multiple recipients, include this option multiple times. Required

from
Specifies the ``From'' address for the e-mail notification message. Defaults to the PureMessage Administrator e-mail address.

subject
Specifies the ``Subject'' for the e-mail message (which populates the %%SUBJECT%% template variable used below).

template
Specifies the name of the template file which is to be used as the e-mail message. Templates are expected to be found in the <pmx>/etc/templates/en/monitor/ directory.

Your template should include any e-mail headers that you wish to have present in the message; e-mail headers are not added automatically. If not specified, a default template is used instead.

When processing the e-mail message template, substitution variables are created automatically for all of the fields within the Action Event; depending on which Analyzer generated the Action Event you may have different fields available to you. This list of substitution variables is supplemented with the following other additional fields:

%%SUBJECT%%
The subject of the message as specified by the ``subject'' configuration value above.

%%FROM%%
The ``From'' address as specified by the ``from'' configuration value above.

%%TIME_STAMP_STR%%
The ``time_stamp'' field from the Action Event, in ISO-8601 format (e.g. ``2006-06-01T12:34:56'').

Log Message Example

  <reactor audit_log>
    use = PureMessage::Monitor::Reactor::Log
    event = all
    logfile = monitor_audit_log
    format = %%NAME%% occurred at %%TIME_STAMP_STR%%
  </reactor>

Log Message Option Explanations

The Log reactor logs a message to a specified logfile in response to an Action Event being generated. The following configuration options can be used to help configure the Log reactor:

event
Specifies the Action Event that this reactor is reacting to. Use of the keyword ``all'' here signifies that the reactor is willing to react to any generated Action Events. Required

logfile
Specifies the name of the logfile that will be written to (default ``reactor_log'').

format
Specifies the format of the entry which is to be written to the logfile. This format may contain template substitution variables, which will be expanded prior to the entry being written to the logfile.

Substitution variables are created automatically for all of the fields within th eAction Event; depending on which Analyzer generated the Action Event you may have different fields available to you.

Add to List Example

  <reactor auto_blacklist>
    use = PureMessage::Monitor::Reactor::ListAdd
    event = too_much_spam_from_host
    list = blacklisted-hosts
  </reactor>

Add to List Option Explanations

The ListAdd reactor takes the value from the Action Event and adds it to a specified list (if its not already there). The following configuration options can be used to help configure the ListAdd reactor:

event
Specifies the Action Event that this reactor is reacting to. Use of the keyword ``all'' here signifies that the reactor is willing to reacto to any generated Action Events. Required

list
Specifies the name of the list to add the item to. Required

NOTE: The ListAdd reactor is currently hard-wired to the structure of the Action Event generated by the ``Threshold'' Analyzer; when more analyzers come available this reactor may be subject to change.

Add to List Temporarily Example

  <reactor temp_blacklist_host>
    use = PureMessage::Monitor::Reactor::ListAddTemporary
    event = too_much_spam_from_host
    list = blacklisted-hosts
    expiry = 3600
  </reactor>

Add to List Temporarily Option Examples

The ListAddTemporary reactor takes the value from the Action Event and temporarily adds it to a specified list. Existing values have their expiry time pushed ahead into the future. The following configuration options can be used to help configure the ListAddTemporary reactor:

event
Specifies the Action Event that this reactor is reacting to. Use of the keyword ``all'' here signifies that the reactor is willing to react to any generated Action Events. Required

list
Specifies the name of the list to add the item to. Required

expiry
Specifies the expiry time (in seconds) for items added to the list. Items added will be automatically removed after this much time. The default is 3600, the minimum is 60, and the maximum is 86400. This option must be specified in seconds. The numeric value must not be followed by an 's'.

NOTE: The ListAddTemporary reactor is currently hard-wired to the structure of the Action Event generated by the ``Threshold'' Analyzer; when more analyzers come available this reactor may be subject to change.


COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.