Read the Installation instructions before attempting to install Wiretap.


All of the configuration files are stored in plain text in the conf/ subdirectory of your Wiretap installaiton. All files are in standard INI format; the files are divided into sections. Sections are designated by a section name in square brackets ([]).


An action entry takes the following form:

[action name]

An alert entry takes the following form:

[alert name]
probe: probe name
warning: expression
error: expression
actions: action list

A host entry takes the following form:

[host name]
hostname: hostname
probes: probe list
alerts: alert list

A probe entry takes the following form:

[probe name]
probe: probe filename
cmd: probe commandline (optional)
fields: fields list
headings: headings list

This file contains common Wiretap configuration information.

cmd: logger filename
log: probe logfile

interval: watchdog interval
log: status logfile

interval: probe dispatcher interval

Expressions are used to define the rules for warnings and errors. If the given expression evaluates truly, a warning or an error will be thrown for that probe's run for that host.

Expressions follow basic Python syntax. Here are some general rules:

  1. Only fields defined in probes.conf are valid variables.
  2. String expressions must be enclosed in "quotes".
  3. Use parenthesis where appropriate to clarify the logic.

Here are some example expressions:

Note that the watchdog scanner will not bother evaluating the warning expression if it has already matched the error expression.


The Dispatcher

The dispatcher process is responsible for launching the probes at regular intervals. The dispatcher must run constantly to ensure consistent service monitoring. When it has successfully launched all of the service probes, the dispatcher process will sleep for the configured interval before repeating the process.

The Probes

Each probe is responsible for determining the state of one network service (i.e. NNTP). Once it's launched by the dispatcher, the probe will attempt to connect to the host passed to it on the commandline. The probe will then log the results of the attempt (the format of the results are, of course, probe specific) to the main probe log via the logger process.

The Logger

The logger is invoked by the probes. It is simply a programmatic abstracted interface to the main probe log (configured in wiretap.conf). The logger process timestamps and formats each entry for consumption by the watchdog process.

The Watchdog

The watchdog process needs to be run as long as the administrator wants to receive alerts. It is responsible for monitoring and evaluating the most recent entries in the probe log. It evaluations each of these entries against the configured rules for "warnings" and "errors". It logs these results to the status log. The status log contains the most current status of each probe's results for each host it was asked to test.

More information on Wiretap's design is available here.