Monitor Bundles and Bodies

Table of Contents

This is an Enterprise-only feature.

See the measurements promises documentation for a comprehensive reference on the body types and attributes used here.

To use these bodies, add the following to your policy:

body file control
{
    inputs => { "monitor.cf" }
}

match_value bodies

scan_log

Prototype: scan_log(line)

Description: Selects lines matching line in a growing file

Arguments:

  • line: Regular expression for matching lines.

See also: select_line_matching, track_growing_file

Implementation:

body match_value scan_log(line)
{
      select_line_matching => "$(line)";
      track_growing_file => "true";
}

scan_changing_file

Prototype: scan_changing_file(line)

Description: Selects lines matching line in a changing file

Arguments:

  • line: Regular expression for matching lines.

See also: select_line_matching, track_growing_file

Implementation:

body match_value scan_changing_file(line)
{
      select_line_matching => "$(line)";
      track_growing_file => "false";
}

single_value

Prototype: single_value(regex)

Description: Extract lines matching regex as values

Arguments:

  • regex: Regular expression matching lines and values

See also: select_line_matching, extraction_regex

Implementation:

body match_value single_value(regex)
{
      select_line_matching => "$(regex)";
      extraction_regex => "($(regex))";
}

line_match_value

Prototype: line_match_value(line_match, extract_regex)

Description: Find lines matching line_match and extract a value matching extract_regex

Arguments:

  • line_match: Regular expression matching line where value is found
  • extract_regex: Regular expression matching value to extract

See also: select_line_matching, extraction_regex

Example:

bundle monitor example
{
  vars:
     "regex_vsz" string => "root\s+[0-9]+\s+[0-9]+\s+[0-9]+\s+[0-9.]+\s+[0-9.]+\s+([0-9]+).*";
   measurements:
     "/var/cfengine/state/cf_procs"
             handle => "cf_serverd_vsz",
             comment => "Tracking the memory consumption of a process can help us identify possible memory leaks",
             stream_type => "file",
             data_type => "int",
             history_type => "weekly",
             units => "kB",
             match_value => line_match_value(".*cf-serverd.*", "$(regex_vsz)");
}

Implementation:

body match_value line_match_value(line_match, extract_regex)
{
      select_line_matching => "$(line_match)";
      extraction_regex => "$(extract_regex)";
}