Monitor Bundles and Bodies
This is an Enterprise-only feature.
See the measurements
promises documentation for a
comprehensive reference on the body types and attributes used here.
To use these bodies, add the following to your policy:
body file control
{
inputs => { "monitor.cf" }
}
match_value bodies
scan_log
Prototype: scan_log(line)
Description: Selects lines matching line
in a growing file
Arguments:
line
: Regular expression for matching lines.
See also: select_line_matching
, track_growing_file
Implementation:
body match_value scan_log(line)
{
select_line_matching => "$(line)";
track_growing_file => "true";
}
scan_changing_file
Prototype: scan_changing_file(line)
Description: Selects lines matching line
in a changing file
Arguments:
line
: Regular expression for matching lines.
See also: select_line_matching
, track_growing_file
Implementation:
body match_value scan_changing_file(line)
{
select_line_matching => "$(line)";
track_growing_file => "false";
}
single_value
Prototype: single_value(regex)
Description: Extract lines matching regex
as values
Arguments:
regex
: Regular expression matching lines and values
See also: select_line_matching
, extraction_regex
Implementation:
body match_value single_value(regex)
{
select_line_matching => "$(regex)";
extraction_regex => "($(regex))";
}
line_match_value
Prototype: line_match_value(line_match, extract_regex)
Description: Find lines matching line_match and extract a value matching extract_regex
Arguments:
line_match
: Regular expression matching line where value is foundextract_regex
: Regular expression matching value to extract
See also: select_line_matching
, extraction_regex
Example:
bundle monitor example
{
vars:
"regex_vsz" string => "root\s+[0-9]+\s+[0-9]+\s+[0-9]+\s+[0-9.]+\s+[0-9.]+\s+([0-9]+).*";
measurements:
"/var/cfengine/state/cf_procs"
handle => "cf_serverd_vsz",
comment => "Tracking the memory consumption of a process can help us identify possible memory leaks",
stream_type => "file",
data_type => "int",
history_type => "weekly",
units => "kB",
match_value => line_match_value(".*cf-serverd.*", "$(regex_vsz)");
}
Implementation:
body match_value line_match_value(line_match, extract_regex)
{
select_line_matching => "$(line_match)";
extraction_regex => "$(extract_regex)";
}