summaryrefslogtreecommitdiffstats
path: root/raddb/trigger.conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
commit50b37d4a27d3295a29afca2286f1a5a086142cec (patch)
tree9212f763934ee090ef72d823f559f52ce387f268 /raddb/trigger.conf
parentInitial commit. (diff)
downloadfreeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.tar.xz
freeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.zip
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--raddb/trigger.conf281
1 files changed, 281 insertions, 0 deletions
diff --git a/raddb/trigger.conf b/raddb/trigger.conf
new file mode 100644
index 0000000..413a182
--- /dev/null
+++ b/raddb/trigger.conf
@@ -0,0 +1,281 @@
+# -*- text -*-
+##
+## trigger.conf -- Events in the server can trigger a hook to be executed.
+##
+## $Id$
+
+#
+# The triggers are named as "type.subtype.value". These names refer
+# to subsections and then configuration items in the "trigger"
+# section below. When an event occurs, the trigger is executed. The
+# trigger is simply a program that is run, with optional arguments.
+#
+# The server does not wait when a trigger is executed. It is simply
+# a "one-shot" event that is sent.
+#
+# The trigger names should be self-explanatory.
+#
+
+#
+# SNMP configuration.
+#
+# For now, this is only for SNMP traps.
+#
+# They are enabled by uncommenting (or adding) "$INCLUDE trigger.conf"
+# in the main "radiusd.conf" file.
+#
+# The traps *REQUIRE* that the files in the "mibs" directory be copied
+# to the global mibs directory, usually /usr/share/snmp/mibs/.
+# If this is not done, the "snmptrap" program has no idea what information
+# to send, and will not work. The MIB installation is *NOT* done as
+# part of the default installation, so that step *MUST* be done manually.
+#
+# The global MIB directory can be found by running the following command:
+#
+# snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR | sed "s/' .*//;s/.* '//;s/.*://"
+#
+# Or maybe just:
+#
+# snmptranslate -Dinit_mib .1.3 2>&1 | grep MIBDIR
+#
+# If you have copied the MIBs to that directory, you can test the
+# FreeRADIUS MIBs by running the following command:
+#
+# snmptranslate -m +FREERADIUS-NOTIFICATION-MIB -IR -On serverStart
+#
+# It should print out:
+#
+# .1.3.6.1.4.1.11344.4.1.1
+#
+# As always, run the server in debugging mode after enabling the
+# traps. You will see the "snmptrap" command being run, and it will
+# print out any errors or issues that it encounters. Those need to
+# be fixed before running the server in daemon mode.
+#
+# We also suggest running in debugging mode as the "radiusd" user, if
+# you have "user/group" set in radiusd.conf. The "snmptrap" program
+# may behave differently when run as "root" or as the "radiusd" user.
+#
+snmp {
+ #
+ # Configuration for SNMP traps / notifications
+ #
+ # To disable traps, edit "radiusd.conf", and delete the line
+ # which says "$INCUDE trigger.conf"
+ #
+ trap {
+ #
+ # Absolute path for the "snmptrap" command, and
+ # default command-line arguments.
+ #
+ # You can disable traps by changing the command to
+ # "/bin/echo".
+ #
+ cmd = "/usr/bin/snmptrap -v2c"
+
+ #
+ # Community string
+ #
+ community = "public"
+
+ #
+ # Agent configuration.
+ #
+ agent = "localhost ''"
+ }
+}
+
+#
+# The "snmptrap" configuration defines the full command used to run the traps.
+#
+# This entry should not be edited. Instead, edit the "trap" section above.
+#
+snmptrap = "${snmp.trap.cmd} -c ${snmp.trap.community} ${snmp.trap.agent} FREERADIUS-NOTIFICATION-MIB"
+
+#
+# The individual triggers are defined here. You can disable one by
+# deleting it, or by commenting it out. You can disable an entire
+# section of traps by deleting the section.
+#
+# The entries below should not be edited. For example, the double colons
+# *must* immediately follow the ${snmptrap} reference. Adding a space
+# before the double colons will break all SNMP traps.
+#
+# However... the traps are just programs which are run when
+# particular events occur. If you want to replace a trap with
+# another program, you can. Just edit the definitions below, so that
+# they run a program of your choice.
+#
+# For example, you can leverage the "start/stop" triggers to run a
+# program when the server starts, or when it stops. But that will
+# prevent the start/stop SNMP traps from working, of course.
+#
+trigger {
+ #
+ # Events in the server core
+ #
+ server {
+ # the server has just started
+ start = "${snmptrap}::serverStart"
+
+ # the server is about to stop
+ stop = "${snmptrap}::serverStop"
+
+ # The "max_requests" condition has been reached.
+ # This will trigger only once per 60 seconds.
+ max_requests = "${snmptrap}::serverMaxRequests"
+
+ # For events related to clients
+ client {
+ # Added a new dynamic client
+ add = "/path/to/file %{Packet-Src-IP-Address}"
+
+ # There is no event for when dynamic clients expire
+ }
+
+ # Events related to signals received.
+ signal {
+ # a HUP signal
+ hup = "${snmptrap}::signalHup"
+
+ # a TERM signal
+ term = "${snmptrap}::signalTerm"
+ }
+
+
+ # Events related to the thread pool
+ thread {
+ # A new thread has been started
+ start = "${snmptrap}::threadStart"
+
+ # an existing thread has been stopped
+ stop = "${snmptrap}::threadStop"
+
+ # an existing thread is unresponsive
+ unresponsive = "${snmptrap}::threadUnresponsive"
+
+ # the "max_threads" limit has been reached
+ max_threads = "${snmptrap}::threadMaxThreads"
+ }
+ }
+
+ # When a home server changes state.
+ # These traps are edge triggered.
+ home_server {
+ # common arguments: IP, port, identifier
+ args = "radiusAuthServerAddress a %{proxy-request:Packet-Dst-IP-Address} radiusAuthClientServerPortNumber i %{proxy-request:Packet-Dst-Port} radiusAuthServIdent s '%{home_server:instance}'"
+
+ # The home server has been marked "alive"
+ alive = "${snmptrap}::homeServerAlive ${args}"
+
+ # The home server has been marked "zombie"
+ zombie = "${snmptrap}::homeServerZombie ${args}"
+
+ # The home server has been marked "dead"
+ dead = "${snmptrap}::homeServerDead ${args}"
+ }
+
+ # When a pool of home servers changes state.
+ home_server_pool {
+ # common arguments
+ args = "radiusdConfigName s %{home_server:instance}"
+
+ # It has reverted to "normal" mode, where at least one
+ # home server is alive.
+ normal = "${snmptrap}::homeServerPoolNormal ${args}"
+
+ # It is in "fallback" mode, with all home servers "dead"
+ fallback = "${snmptrap}::homeServerPoolFallback ${args}"
+ }
+
+ # Triggers for specific modules. These are NOT in the module
+ # configuration because they are global to all instances of the
+ # module. You can have module-specific triggers, by placing a
+ # "trigger" subsection in the module configuration.
+ modules {
+ # Common arguments
+ args = "radiusdModuleInstance s ''"
+
+ # The files module
+ files {
+ # Common arguments
+ args = "radiusdModuleName s files ${..args}"
+
+ # The module has been HUP'd via radmin
+ hup = "${snmptrap}::serverModuleHup ${args}"
+
+ # Note that "hup" can be used for every module
+ # which can be HUP'd via radmin
+ }
+
+ # The LDAP module
+ # If the server does "bind as user", it will open and close
+ # an LDAP connection ofr every "bind as user". Be aware that
+ # this will likely produce a lot of triggers.
+ ldap {
+ # Common arguments
+ args = "radiusdModuleName s ldap ${..args}"
+
+ # A new connection to the DB has been opened
+ open = "${snmptrap}::serverModuleConnectionUp ${args}"
+
+ # A connection to the DB has been closed
+ close = "${snmptrap}::serverModuleConnectionDown ${args}"
+
+ # The module has been HUP'd via radmin
+ hup = "${snmptrap}::serverModuleHup ${args}"
+ }
+
+ # The SQL module
+ sql {
+ # Common arguments
+ args = "radiusdModuleName s sql ${..args}"
+
+ # A new connection to the DB has been opened
+ open = "${snmptrap}::serverModuleConnectionUp ${args}"
+
+ # A connection to the DB has been closed
+ close = "${snmptrap}::serverModuleConnectionDown ${args}"
+
+ # Failed to open a new connection to the DB
+ fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+
+ # The module has been HUP'd via radmin
+ hup = "${snmptrap}::serverModuleHup ${args}"
+ }
+
+ # You can also use connection pool's start/stop/open/close triggers
+ # for any module which uses the "pool" section, here and under
+ # pool.trigger in module configuration.
+ }
+}
+
+#
+# The complete list of triggers as generated from the source code is below.
+#
+# These are the ONLY traps which are generated. You CANNOT add new traps
+# by defining them in one of the sections above. New traps can be created
+# only by edited both the source code to the server, *and* the MIBs.
+# If you are not an expert in C and SNMP, then adding new traps will be
+# difficult to create.
+#
+# home_server.alive
+# home_server.dead
+# home_server.zombie
+# home_server_pool.fallback
+# home_server_pool.normal
+# modules.*.hup
+# modules.ldap.timeout
+# modules.sql.close
+# modules.sql.fail
+# modules.sql.open
+# server.client.add
+# server.max_requests
+# server.signal.hup
+# server.signal.term
+# server.start
+# server.stop
+# server.thread.max_threads
+# server.thread.start
+# server.thread.stop
+# server.thread.unresponsive