Welcome to Peep (the sound monitoring system) http://www.eecs.tufts.edu/peep/ Monitor your network in realtime using sound! To compile: ----------- Set the Makefile symbolic link to your platform (Only Solaris and Linux right now). Do a "make clean", followed by a "make". Quickstarting Peep -------------------- 1) Begin by creating symbolic links from /etc/Sound.Map to your Sound.Map file. Also create a symbolic link /etc/LogParser.conf to your LogParser.conf file. 2) Running Peep --help will give you a list of the options. If you are using /dev/audio to play (NOT ALSA drivers), then you must specify the arguement -d AUDIO_DEVICE_PATH on the command line. 3) Use the sound realtime event/state sound producers found in [PEEP_SRC]/utils/ and add the -r PEEP_SERVER_HOST command line to have them to connect to the peep server. Basics of the peep config file, Sound.Map ----------------------------------------- Sound.Map contains entries for the following things: Event type: 0: Chooses an event sound. An event is an instance of a certain thing happening (Ex: Logins). 1: Chooses a state sound. A state sound is network information that can be represented with a single number (Ex: Load Average). Path to Sound file: For event sounds, this is simply the path to the signed 16-bit sound file to load into memory. For state sounds, it's the name of the file with a * extension. Peep will try to load state sound files: .[0 through 7] into memory and your naming convention should reflect this. Intelligeable time: The number of seconds (given as a decimal number) that must elapse so that a sound is identifiable; the seconds until that we recognize the sound. In extreme cases of large streams of events coming in, Peep will halt a sound after its intelligeable time if it representis the same event. (Preferred over enqueueing the sound). For state sounds, this is negligeable. Just put a "-" in place of the number. Using LogParser: The LogParser and Sound Producer --------------------------------------------------- Begin by configuring the LogParser.conf. Basic otpions in LogParser.conf are: Name: Identifier for the item to scan the logs for. Accepts alpha characters and a "-". Option-Letter: Specifies which arguement on the command line will activate scanning for this pattern. EventNo: The event sound to correspond to. This should match with the sound playing in Sound.Map Location: A stereo location from 0-255 where 0 is leftmost and 255 is rightmost. Priority: The priority of the event. Su's, break-in related stuff should be highest with a setting of 255. Pattern: The regular expression to match, delimited by quotes (Ex: "(expr)"). A link should be set to this in /etc/LogParser.conf. If you do not set the link, then you may specify the path to the LogParser.conf with "-c LogParser.conf". Note that on the command-line, the order must be: Generated arguements->Arguements with options->--arguements ^^^^^ Put the -c arguement here. Generated arguements are the ones that are valid after reading your LogParser.conf. To see these arguements, type LogParser --help. Now, run LogParser and point it's output at your host with -r HOSTNAME. Ex CmdLine: LogParser -IO -c LogParser.conf -r 10.0.0.1 /var/adm/syslog/mail.log Scans for incoming and outgoing mail.