rec 1.3.4 → 1.3.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/EXAMPLES +2 -2
  2. data/README +4 -4
  3. metadata +9 -5
data/EXAMPLES CHANGED
@@ -24,7 +24,7 @@ If we see that happen 3 times (+threshold+) within a minute (+lifespan+), alert
24
24
  }
25
25
 
26
26
  When we see the first event, a state is created with title "Failed sudo password for user richard".
27
- The second event has not effect, beyond automatically incrementing the count.
27
+ The second event has no effect, beyond automatically incrementing the count.
28
28
  When we see the third event, an output message is generated and logged, and then the generated
29
29
  message is also sent via IM to the administrator. Alternatively:
30
30
 
@@ -59,7 +59,7 @@ for a fixed 5 minutes.
59
59
  == Adding a final block
60
60
  If we want to see one message when the user first has trouble, then another message
61
61
  after he has decided to stop trying, the format is a little different. The block
62
- given is previous examples is stored in the +params+ as +action+.
62
+ given in previous examples is stored in the +params+ as +action+.
63
63
 
64
64
  Instead, the +action+ block may be specified directly as a member of the params hash,
65
65
  and the +final+ must be specified in this way if it is to be used.
data/README CHANGED
@@ -55,7 +55,7 @@ There are several alternatives to REC which may suit your needs better:
55
55
  * scalextreme.com[www.scalextreme.com]
56
56
 
57
57
  While I like these options, I find they take a lot of configuring.
58
- They also has some dependencies that make them a bit heavier than you may want.
58
+ They also have some dependencies that make them a bit heavier than you may want.
59
59
  If you just want to keep track of a few kinds of events, want a lot of flexibility
60
60
  and control without too much effort, then REC may be of some value.
61
61
 
@@ -85,7 +85,7 @@ We can also 'swallow' all of the rest of the "host terra is down" events because
85
85
  This <em>event compression</em> means the administrator gets one important message, and not 27
86
86
  distracting alerts.
87
87
 
88
- A notifcation can be sent by email or IM, depending on your preferences and working hours.
88
+ A notification can be sent by email or instant message, depending on your preferences and working hours.
89
89
  The destinations and credentials are supplied to your ruleset:
90
90
  # For better security, move the next few lines into a file readable only by
91
91
  # the user running this script eg. /home/rec/alert.conf
@@ -154,7 +154,7 @@ The sequence of captures is as specified for ruby Regexps.
154
154
  :pattern => /\w+ sudo\: (\w+) \: (\d) incorrect password attempts/,
155
155
  :details => ["userid", "failures"],
156
156
  The names chosen for captured values are used as keys to store the values in the same
157
- hash that stores the parameters, so do *not* choose words like +pattern+, +details+,
157
+ hash that stores the parameters, so do *not* choose the following keywords: +pattern+, +details+,
158
158
  +message+, +threshold+, +lifespan+, +alert+, +capture+, +continue+, or +action+.
159
159
 
160
160
  === message
@@ -179,7 +179,7 @@ minutes longer at each request.
179
179
  This is a string template used to generate an output log message (the timestamp will be
180
180
  prefixed automatically to complete the log entry).
181
181
  :alert => "'Too much sudo activity' userid=%userid$s attempts=%count$d dur=%dur$0.3fs ",
182
- By convention, we make out log messages very easy to parse by creating name=value pairs,
182
+ By convention, we make our log messages very easy to parse by creating name=value pairs,
183
183
  and single-quoting strings containing spaces, in case the output will be processed further.
184
184
 
185
185
  If no +alert+ is provided, it will default to +message+.
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rec
3
3
  version: !ruby/object:Gem::Version
4
- hash: 19
4
+ hash: 17
5
5
  prerelease:
6
6
  segments:
7
7
  - 1
8
8
  - 3
9
- - 4
10
- version: 1.3.4
9
+ - 5
10
+ version: 1.3.5
11
11
  platform: ruby
12
12
  authors:
13
13
  - Richard Kernahan
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2013-03-26 00:00:00 Z
18
+ date: 2013-10-10 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: xmpp4r
@@ -32,7 +32,11 @@ dependencies:
32
32
  version: "0.5"
33
33
  type: :runtime
34
34
  version_requirements: *id001
35
- description: "\t\tSifts through your log files in real time, using stateful intelligence to determine\n\
35
+ description: "\t\tDeprecated. \n\
36
+ \t\tI'm planning to discontinue this gem. Although it has enormous flexibility and power, \n\
37
+ \t\tit is in my view too complex. 80% of requirements can be met through custom shell scripts\n\
38
+ \t\twhich are much simpler to write and maintain. \n\n\
39
+ \t\tSifts through your log files in real time, using stateful intelligence to determine\n\
36
40
  \t\twhat is really important. REC can alert you (by email or IM) or it can simply condense\n\
37
41
  \t\ta large log file into a much shorter and more meaningful log.\n\
38
42
  \t\tREC is inspired by Risto Vaarandi's brilliant *sec* (simple-evcorr.sourceforge.net)\n\