logpecker main configuration file

This is the reference for the main configuration file. This file enables all rules and reports, and it also sets important parameters. It consists of the following parts:

options
inputs
reports
processes (rules and report groups)

Options

Syntax:

options        ::= options '{' option-list '}'  ';'
option-list    ::= option [ option-list ]
option         ::= delay-period | delay-max | pending-period | pending-max 
delay-period   ::= "delay-period" time ';'
delay-max      ::= "delay-max" integer ';'
pending-period ::= "delay-period" time ';'
pending-max    ::= "delay-max" integer ';'
rules-path     ::= '{' directory-list '}' ';'
directory-list ::= directory ';' [ directory-list ]

There can be only one option section.

delay-period defines how long (seconds) an incident is held in the delay queue. Default: 20
delay-max defines how many incidents of the same group and severity will be held in the delay queue before a group overflow occurs. Default: 30
pending-period defines how long (seconds) an incident is held in the pending queue. Default: 6 hours
pending-max defines how many incidents of the same group and severity will be held in the pending queue before a group overflow occurs. Default: 30
rules-path tells logpecker where to find the rule definitions.

input definition

For each source of messages, one input section may exist. Syntax:

input        ::= input '{' input-specs '}' ';'
input-specs  ::= input-type input-format input-source
input-type   ::= 'type' ( 'file' | 'pipe' ) ';'
input-format ::= 'format' ( 'plain-syslog' | 'patched-syslog' | 'syslog-ng' | 'syslog-bsd' ) ';'
input-source ::= 'source' filename ';'

... the rest is still under construction