In message <[EMAIL PROTECTED]>, "Todd M. Hall" writes: >On Sun, 16 Nov 2008, Tim Peiffer wrote: >> I am rewriting several SEC configurations. In an effort to document, is >> there a 'style' that one can offer? Is there a configuration processor >> that can be used to clean up and beautify the configuration files? Perl >> has perltidy. >I don't have a lot to offer, but I have found it very helpful for debugging >to put a sample syslog message (or multiple) above each SEC rule in my config >file. If for some reason, something doesn't work, you can check your regular >expressions against the log message. >
Well I use robodoc for most documentation needs as I can get text/html etc out of it with indexes etc. It is meant for code documentation, but I use it for everything: Makefiles filepp macro libraries sec rules 8-) A sample: #****f* 20main.sr/2cronjobs_ok_during_backups_on_hostname # SYNOPSIS # Accept 2 cronjobs during the backups_running timeperiod as ok on hostname # DESCRIPTION # More than 2 long running cron jobs is usually a problem, but not while # the backups are running. They can run for hours. Check to make sure # that only 2 processes are running. If three (or more) are running, set # to critical. # NOTES # There are three input cases: # * 1 cronjob running - service is ok # * 2 cronjobs running - service is critical # * 3 or more cronjobs running - service is critical # for the 2 cronjob running case, capture the event and set the service to ok # with a backups running notation if backups_running context is set. # Otherwise a default rule asserts the critical nature of the event. # INPUTS # 03a [1193884094] PROCESS_SERVICE_CHECK_RESULT;hostname;\ # CronDaemonCheck;1;PROCS WARNING: 2 processes with command name 'crond' #****** Declares a "function" 20main.sr/.... with a synopsis of what the rule does, a longer description and then implementation notes. Also in the OUTPUT section (which I don't have in my available examples), I define the various values for any $1, $2 ... substring matches and include the annotated regexp if it is hairy. I treat contexts as variables and have a stanza for them like so: #****v* contexts/backups_running # SYNOPSIS # set while backups are running 23:30-07:00 UTC #****** and rules files also get a header: #****h* 01control.sr/General # DESCRIPTION # Allow interactive control of contexts by use of a control file. # Use an input file command line option to sec like: # --input /tmp/sec_control=CONTROL # to set up a seperate control file. #****** Some other rule examples: #****f* 20main.sr/set_backup_running_context/1 # SYNOPSIS # Define backups_running context in time period from midnight to 6:59am UTC. # DESCRIPTION # This creates the context every minute in the time range. # See section 5.3.4 in # http://sixshooter.v6.thrupoint.net/SEC-examples/article-part2.html # to understand the reason for the calendar spec. # NOTES # The calendar rules use a cron based syntax so we can't set the # entire timespan in a single calendar rule # INPUTS # none, calendar rule #****** type = calendar time = * 0-6 * * * desc = start backups_running context context = [! backups_running] action = create backups_running #****f* 20main.sr/set_backup_running_context/2 # SYNOPSIS # Define backups_running context in time period from 23:30-23:59UTC. # DESCRIPTION # This creates the context every minute in the time range. # See section 5.3.4 in # http://sixshooter.v6.thrupoint.net/SEC-examples/article-part2.html # to understand the reason for the calendar spec. # NOTES # The calendar rules use a cron based syntax so we can't set the # entire timespan in a single calendar rule # INPUTS # none, calendar rule #****** type = calendar time = 30-59 23 * * * desc = start backups_running context context = [! backups_running] action = create backups_running #****f* 20main.sr/delete_backup_running_context/1 # SYNOPSIS # Delete backups_running context in time period from 07:00-22:59 UTC. # [...] #****f* 20main.sr/delete_backup_running_context/2 # SYNOPSIS # Delete backups_running context in time period from 23:00-23:29 UTC. # [...] The trailing numbers link together multiple rulesets that are needed to implement a single logical action. Like Todd, I include a sample of the line(s) I am matching. When breaking the input lines for readability, I end the prior line break with a \ where spaces before the \ are important. Then I can indent the continuation lines to make things readable, and just strip leading spaces to recreate the original line. -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
