Chapter Contents

Event Handlers
Elektron Events
Event Handler Actions
Email
Syslog
SNMP
Script Execution

Elektron is capable of executing scripts and sending email, SNMP, and syslog notifications in response to certain server events. These event handlers allow you to keep up to date on the health of your server, track possible security threats in real time, and be apprised of administrative changes to the server.

Elektron Events

A number of server event types may trigger notifications. They are:

  • Successful Login Triggered when a user is successfully authenticated and authorized, and includes information such as the username.
  • Failed Login Triggered when a user login attempt fails due to either authentication or authorization, and includes information such as the username.
  • Server Startup An administrative event triggered when the server is started.
  • Server Shutdown triggered when Elektron is cleanly stopped. This event will not be triggered if the server is abruptly stopped, as in the case of a server power failure or other outage.
  • Successful Replication An event triggered after each successful replication.
  • Failed Replication An administrative event triggered by Elektron's failure to replicate. This will indicate both configuration issues and server outages, as a replication slave will send this notification if its master goes down.
  • Access Log Entry Contains a single entry as written to the Elektron access log.
  • Error Log Entry Contains a single entry (that may span multiple lines) as written to the Elektron error log.
  • Accounting Log Entry Contains a single entry as written to the Elektron accounting log.
  • Password Lockout Triggered by multiple failed login attempts when authenticating users with the password lockout option enabled.
  • Password Lockout Released Event created following the release of a password lockout allowing the user in question to log in once again.
  • Event Queue Overflow Created when the number of events overflows the event handler queue, which can occur if event handlers are taking too long to complete (this may become the case with a slow SMTP server or slow scripts).
  • Invalid Access Point This event is sent when an access point that is not in the list of access points attempts to authenticate a user, or when an access point in the lists in configured with the wrong shared secret.
  • Accounting Login Triggered by the arrival of an accounting packet with an attribute of type "Acct-Status-Type" set to "Start".
  • Accounting Logoff Triggered by the arrival of an accounting packet with an attribute of type "Acct-Status-Type" set to "Stop".
  • Successful Administrator Login Occurs when an Elektron administrator logs in to the Elektron configuration service (such as with the Elektron Settings application).
  • Failed Administrator Login Occurs when an Elektron administrator unsuccessfully attempts to log in to the Elektron configuration service. The failure may be due to an invalid username or password, or because the user does not have the "User Can Administer Elektron" option enabled for their Elektron account.

Event Handler Actions

There are four different ways that Elektron can notify you of server events: via email, syslog, SNMP, and script execution.

Email

You may choose to receive Elektron notifications via email. Enter a comma-separated list of email addresses to be notified when your chosen events occur in the "Email to" field. The email recipient is configured on a per-event basis. You must also set SMTP server options gloablly via the "Log Settings" pane. Email event handlers are the only handlers that receive queued events. That is, Elektron batches emails to be sent periodically rather than flooding your SMTP server with emails.

Syslog

Elektron can also send notifications to hosts that support the "syslog" protocol as described in RFC 3164. This feature is built into Mac OS X, and is available using third party software on Windows. To receive notifications via syslog, enter a comma-separated list of hosts you would like Elektron to notify.

SNMP

An SNMP trap can be triggered by Elektron server events. To receive SNMP traps, configure the hostname or IP address of the peer that will receive the traps, the version of SNMP to be used (Elektron supports SNMPv1 and SNMPv2c), and the community. If the community is left blank, the default is "public". SNMP MIB files describing the traps sent by Elektron are available on the Periodik Labs support site.

Script Execution

Finally, a script can be executed when an event handler is triggered. The only configuration needed is the full path to the script. The script will be executed at the same privilege level as Elektron, which by default is unprivileged. The privilege level can be changed using the Advanced Settings pane.