Read the Installation instructions before attempting to install Wiretap.
All of the configuration files are stored in plain text in the conf/
subdirectory of your Wiretap installaiton. All files are in standard INI
format; the files are divided into sections. Sections are designated by a
section name in square brackets (
An action entry takes the following form:
[action name] cmd:
An alert entry takes the following form:
[alert name] probe: probe name warning: expression error: expression actions: action list
A host entry takes the following form:
[host name] hostname: hostname probes: probe list alerts: alert list
A probe entry takes the following form:
[probe name] probe: probe filename cmd: probe commandline (optional) fields: fields list headings: headings list
This file contains common Wiretap configuration information.
[logger] cmd: logger filename log: probe logfile [watchdog] interval: watchdog interval log: status logfile [dispatcher] interval: probe dispatcher interval
Expressions are used to define the rules for warnings and errors. If the given expression evaluates truly, a warning or an error will be thrown for that probe's run for that host.
Expressions follow basic Python syntax. Here are some general rules:
Here are some example expressions:
(loss > 0) or (avg > 40)
not "msg" == "OK"
Note that the watchdog scanner will not bother evaluating the warning expression if it has already matched the error expression.
The dispatcher process is responsible for launching the probes at regular intervals. The dispatcher must run constantly to ensure consistent service monitoring. When it has successfully launched all of the service probes, the dispatcher process will sleep for the configured interval before repeating the process.
Each probe is responsible for determining the state of one network service (i.e. NNTP). Once it's launched by the dispatcher, the probe will attempt to connect to the host passed to it on the commandline. The probe will then log the results of the attempt (the format of the results are, of course, probe specific) to the main probe log via the logger process.
The logger is invoked by the probes. It is simply a programmatic abstracted interface to the main probe log (configured in wiretap.conf). The logger process timestamps and formats each entry for consumption by the watchdog process.
The watchdog process needs to be run as long as the administrator wants to receive alerts. It is responsible for monitoring and evaluating the most recent entries in the probe log. It evaluations each of these entries against the configured rules for "warnings" and "errors". It logs these results to the status log. The status log contains the most current status of each probe's results for each host it was asked to test.
More information on Wiretap's design is available here.