| # -*- text -*- |
| ## |
| ## trigger.conf -- Events in the server can trigger a hook to be executed. |
| ## |
| ## $Id: 5cbe8d7d8a09549c060748a582cd6ed359e0e999 $ |
| |
| # |
| # The triggers are named as "type.subtype.value". These names refer |
| # to subsections and then configuration items in the "trigger" |
| # section below. When an event occurs, the trigger is executed. The |
| # trigger is simply a program that is run, with optional arguments. |
| # |
| # The server does not wait when a trigger is executed. It is simply |
| # a "one-shot" event that is sent. |
| # |
| # The trigger names should be self-explanatory. |
| # |
| |
| # |
| # SNMP configuration. |
| # |
| # For now, this is only for SNMP traps. |
| # |
| # They are enabled by uncommenting (or adding) "$INCLUDE trigger.conf" |
| # in the main "radiusd.conf" file. |
| # |
| # The traps *REQUIRE* that the files in the "mibs" directory be copied |
| # to the global mibs directory, usually /usr/share/snmp/mibs/. |
| # If this is not done, the "snmptrap" program has no idea what information |
| # to send, and will not work. The MIB installation is *NOT* done as |
| # part of the default installation, so that step *MUST* be done manually. |
| # |
| # The global MIB directory can be found by running the following command: |
| # |
| # snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR | sed "s/' .*//;s/.* '//;s/.*://" |
| # |
| # Or maybe just: |
| # |
| # snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR |
| # |
| # If you have copied the MIBs to that directory, you can test the |
| # FreeRADIUS MIBs by running the following command: |
| # |
| # snmptranslate -m +FREERADIUS-NOTIFICATION-MIB -IR -On serverStart |
| # |
| # It should print out: |
| # |
| # .1.3.6.1.4.1.11344.4.1.1 |
| # |
| # As always, run the server in debugging mode after enabling the |
| # traps. You will see the "snmptrap" command being run, and it will |
| # print out any errors or issues that it encounters. Those need to |
| # be fixed before running the server in daemon mode. |
| # |
| # We also suggest running in debugging mode as the "radiusd" user, if |
| # you have "user/group" set in radiusd.conf. The "snmptrap" program |
| # may behave differently when run as "root" or as the "radiusd" user. |
| # |
| snmp { |
| # |
| # Configuration for SNMP traps / notifications |
| # |
| # To disable traps, edit "radiusd.conf", and delete the line |
| # which says "$INCUDE trigger.conf" |
| # |
| trap { |
| # |
| # Absolute path for the "snmptrap" command, and |
| # default command-line arguments. |
| # |
| # You can disable traps by changing the command to |
| # "/bin/echo". |
| # |
| cmd = "/usr/bin/snmptrap -v2c" |
| |
| # |
| # Community string |
| # |
| community = "public" |
| |
| # |
| # Agent configuration. |
| # |
| agent = "localhost ''" |
| } |
| } |
| |
| # |
| # The "snmptrap" configuration defines the full command used to run the traps. |
| # |
| # This entry should not be edited. Instead, edit the "trap" section above. |
| # |
| snmptrap = "${snmp.trap.cmd} -c ${snmp.trap.community} ${snmp.trap.agent} FREERADIUS-NOTIFICATION-MIB" |
| |
| # |
| # The individual triggers are defined here. You can disable one by |
| # deleting it, or by commenting it out. You can disable an entire |
| # section of traps by deleting the section. |
| # |
| # The entries below should not be edited. For example, the double colons |
| # *must* immediately follow the ${snmptrap} reference. Adding a space |
| # before the double colons will break all SNMP traps. |
| # |
| # However... the traps are just programs which are run when |
| # particular events occur. If you want to replace a trap with |
| # another program, you can. Just edit the definitions below, so that |
| # they run a program of your choice. |
| # |
| # For example, you can leverage the "start/stop" triggers to run a |
| # program when the server starts, or when it stops. But that will |
| # prevent the start/stop SNMP traps from working, of course. |
| # |
| trigger { |
| # |
| # Events in the server core |
| # |
| server { |
| # the server has just started |
| start = "${snmptrap}::serverStart" |
| |
| # the server is about to stop |
| stop = "${snmptrap}::serverStop" |
| |
| # The "max_requests" condition has been reached. |
| # This will trigger only once per 60 seconds. |
| max_requests = "${snmptrap}::serverMaxRequests" |
| |
| # For events related to clients |
| client { |
| # Added a new dynamic client |
| add = "/path/to/file %{Packet-Src-IP-Address}" |
| |
| # There is no event for when dynamic clients expire |
| } |
| |
| # Events related to signals received. |
| signal { |
| # a HUP signal |
| hup = "${snmptrap}::signalHup" |
| |
| # a TERM signal |
| term = "${snmptrap}::signalTerm" |
| } |
| |
| |
| # Events related to the thread pool |
| thread { |
| # A new thread has been started |
| start = "${snmptrap}::threadStart" |
| |
| # an existing thread has been stopped |
| stop = "${snmptrap}::threadStop" |
| |
| # an existing thread is unresponsive |
| unresponsive = "${snmptrap}::threadUnresponsive" |
| |
| # the "max_threads" limit has been reached |
| max_threads = "${snmptrap}::threadMaxThreads" |
| } |
| } |
| |
| # When a home server changes state. |
| # These traps are edge triggered. |
| home_server { |
| # common arguments: IP, port, identifier |
| args = "radiusAuthServerAddress a %{proxy-request:Packet-Dst-IP-Address} radiusAuthClientServerPortNumber i %{proxy-request:Packet-Dst-Port} radiusAuthServIdent s '%{home_server:instance}'" |
| |
| # The home server has been marked "alive" |
| alive = "${snmptrap}::homeServerAlive ${args}" |
| |
| # The home server has been marked "zombie" |
| zombie = "${snmptrap}::homeServerZombie ${args}" |
| |
| # The home server has been marked "dead" |
| dead = "${snmptrap}::homeServerDead ${args}" |
| } |
| |
| # When a pool of home servers changes state. |
| home_server_pool { |
| # common arguments |
| args = "radiusdConfigName s %{home_server:instance}" |
| |
| # It has reverted to "normal" mode, where at least one |
| # home server is alive. |
| normal = "${snmptrap}::homeServerPoolNormal ${args}" |
| |
| # It is in "fallback" mode, with all home servers "dead" |
| fallback = "${snmptrap}::homeServerPoolFallback ${args}" |
| } |
| |
| # Triggers for specific modules. These are NOT in the module |
| # configuration because they are global to all instances of the |
| # module. You can have module-specific triggers, by placing a |
| # "trigger" subsection in the module configuration. |
| modules { |
| # Common arguments |
| args = "radiusdModuleName s ldap' radiusdModuleInstance s ''" |
| |
| # The files module |
| files { |
| # The module has been HUP'd via radmin |
| hup = "${snmptrap}::serverModuleHup ${..args}" |
| |
| # Note that "hup" can be used for every module |
| # which can be HUP'd via radmin |
| } |
| |
| # The LDAP module |
| ldap { |
| # Failed to open a new connection to the DB |
| fail = "${snmptrap}::serverModuleConnectionFail ${..args}" |
| |
| # There are no "open", "close", or "none" setting. |
| # This is because the LDAP module re-connects and closes |
| # the connection for every "bind as user" query. |
| } |
| |
| # The SQL module |
| sql { |
| # A new connection to the DB has been opened |
| open = "${snmptrap}::serverModuleConnectionUp ${..args}" |
| |
| # A connection to the DB has been closed |
| close = "${snmptrap}::serverModuleConnectionDown ${..args}" |
| |
| # Failed to open a new connection to the DB |
| fail = "${snmptrap}::serverModuleConnectionFail ${..args}" |
| |
| # There are no DB handles available. |
| none = "${snmptrap}::serverModuleConnectionNone ${..args}" |
| } |
| } |
| } |
| |
| # |
| # The complete list of triggers as generated from the source code is below. |
| # |
| # These are the ONLY traps which are generated. You CANNOT add new traps |
| # by defining them in one of the sections above. New traps can be created |
| # only by edited both the source code to the server, *and* the MIBs. |
| # If you are not an expert in C and SNMP, then adding new traps will be |
| # difficult to create. |
| # |
| # home_server.alive |
| # home_server.dead |
| # home_server.zombie |
| # home_server_pool.fallback |
| # home_server_pool.normal |
| # modules.*.hup |
| # modules.ldap.fail |
| # modules.sql.close |
| # modules.sql.fail |
| # modules.sql.none |
| # modules.sql.open |
| # server.client.add |
| # server.max_requests |
| # server.signal.hup |
| # server.signal.term |
| # server.start |
| # server.stop |