nb(1) | NodeBrain Administrator Guide
Version 0.9.03 - December 2014 |
nb(1) |
NAME | SYNOPSIS | DESCRIPTION | ARGUMENTS | OPTIONS | SETTINGS | COMMANDS | SCRIPTS | Nodes | FILES | ENVIRONMENT | EXIT STATUS | DIAGNOSTICS | HISTORY | BUGS | AUTHOR | DOCUMENTATION | SEE ALSO
nb - NodeBrain Rule Engine |
nb { -b | --bail | -B | --noBail | -d | --daemon | -D | --noDaemon | -p | --prompt | -P | --noPrompt | -s | --servant | -S | --noServant | -q | --query | -Q | --noQuery | -t | --trace | -T | --noTrace | --pidfile=file | --logfile=file | --outdir=dir | --user=user | --group=group | variable=value | :"command" | - | = | file [ , assertion ] | -">prefix" } |
NodeBrain, nb(1),
is a rule engine for state and event
monitoring applications. It can be used as an application agent
(daemon), interactive client, or command line
utility. The NodeBrain rule language is relatively small and
integrates with host shell scripting languages and command line
utilities. The interpreter is designed to be lightweight,
flexible, and extendable via modules the use the NodeBrain C API.
See http://www.nodebrain.org for more information. |
Options begin with a minus sign ("-"). They may be specified as a single character
following a single minus, or as a word following a double minus ("--"). See
the OPTIONS section for a description of available options.
|
The first set of options are used to specify an action to be taken after
all of the command line arguments, including files, are processes. Using these options
after file arguments will override options set in the file. These final actions
are optionally performed in the order of --prompt, --query, and --servant or --daemon.
|
Settings passed as arguments may be used as an alternative to specifying settings using a set command within a script.
They can also be used to override settings within a script if specified later in the sequence of parameters.
|
There are three important types of commands, used to
Here's one example of each, where the host shell command "echo" is used in both a rule and an immediate action.
A full description of the NodeBrain command language is beyond the scope of this manual. See documents available online at www.nodebrain.org. See nb.syn(5) for an introduction to command syntax. |
In some cases you may want to use NodeBrain as a special purpose scripting
language. We say "special purpose" because NodeBrain is not procedural,
and therefore not what you might expect in a scripting language. However,
it may be a bit more convenient to invoke NodeBrain and a set of rules
by coding a shebang ("#!") line on the rule file.
... commands ... If our example file is named "myscript", we could invoke it as
instead of
saving a few keystrokes. This is a Unix/Linux feature supported by NodeBrain simply because lines starting with hash ("#") are treated as comments. |
The notion of a node in the NodeBrain model is similar to that of a function in other languages. Sets of rules are associated with nodes. Node modules provide extended capabilities for knowledge representation and evaluation. Communication between nodes is supported by the interpreter for nodes within a single NodeBrain process (skull), and node modules support communication between nodes in separate NodeBrain processes, including processes on different machines. Node modules also support communication with other applications via pipes, log files, TCP/IP socket connections, and command queues. |
|
Some of the C functions nb calls (e.g. for loading dynamic modules) are influenced by environment variables in ways we assume you can figure out for your environment.
|
|
NodeBrain is a bit verbose in logging commands and messages, at least in prototype versions where we want to be
able to watch over NodeBrain's actions more closely. The message format is
|
In 1998, NodeBrain was developed for Unix and Linux system monitoring
in a small lab environment.
In this application, NodeBrain was the decision making component in a kit that included
Perl scripts for configuration, rule administration, state probes and rule actions.
In 2000, NodeBrain was used in a second experimental application for enterprise wide intrusion detection alert correlation. In this application, it was adapted to handle events at a higher rate, support for Windows was added, and it was bundled with an Oracle database with a web user interface. In February 2003, NodeBrain 0.5 was released as a "working prototype" under the GNU General Public License and is now managed as an Open Source project on http://SourceForge.net. The initial release was flawed in many respects and generated little interest in the Open Source community. In April 2004, NodeBrain 0.6 was released with some of the rough edges smoothed a bit. For example, the expected GNU style "configure, make, make install" sequence was supported by the source distribution, replacing "edit this handcrafted make file for your environment". A prototype C API was included for node modules (plug-ins) to enable programmers to extend the capabilities of NodeBrain without fussing with base source code. In early 2009, NodeBrain 0.7 was released with support for a simplified syntax. Support for some features was moved out of the interpreter and into node modules, replacing feature specific syntax with syntax common to all nodes. In February of 2013, NodeBrain 0.8 was released, adding a message feature that enables events to be shared between agents more quickly, statistical anomaly detection, and security patches. In August 2014, version 0.9.02 was released under an MIT license with performance enhancements to enable very large rule sets in special cases. This was followed by a December 2014 release of version 0.9.03 providing more flexibility in the order of rule definition commands. |
See the project website, http://nodebrain.org, for a current list of known bugs.
|
Ed Trettevik <eat@nodebrain.org> |
Online documentation is available at http://nodebrain.org. Manuals are also available in Texinfo format in the git repository. These documents are included in source distribution files. |
nodebrain(7), nb.cfg(5), nb.syn(5), nb.mod(7), nb.lib(3), nbkit(1), nbkit.caboodle(7) |
NodeBrain 0.9.03 | December 2014 | nb(1) |