# vim: syntax=sh
# $Id: defaults.in,v 1.74 2002/02/08 17:08:18 vanbaal Exp $

#
# Copyright (C) 2000-2001 Stichting LogReport Foundation LogReport@LogReport.org
#
#     This file is part of Lire.
# 
#     Lire is free software; you can redistribute it and/or modify
#     it under the terms of the GNU General Public License as published by
#     the Free Software Foundation; either version 2 of the License, or
#     (at your option) any later version.
# 
#     This program is distributed in the hope that it will be useful,
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#     GNU General Public License for more details.
# 
#     You should have received a copy of the GNU General Public License
#     along with this program (see COPYING); if not, check with
#     http://www.gnu.org/copyleft/gpl.html or write to the Free Software 
#     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
#

#
# This is the Lire configuration file.  Format is sh.  Variables you might
# like to override in your defaults.local file:
#
# DEBUG
# KEEP
# SIGNATUREFILE
# DISCLAIMERFILE
# LOGGING
# DEFAULT_OUTPUT_FORMAT
# LR_TARGET_USER
# LR_USERLEVEL
# LR_MAX_MEMORY
#
# Note: running lr_config will create a default.local file for you.  It's
# a bit more userfriendly than vi.


###########################################################################

# first of all, dereference sysconfdir's prefix dependency, so that this
# gets expanded in other variables
# 
prefix="/usr"
exec_prefix="${prefix}"


# Lire shouldn't be run as root. It hasn't been audited for security
# and is a complex piece of software with many interactions. There
# are many places where data from untrusted sources (email received by
# responders, logfiles logging actions from untrusted clients) is read.
# Root permissions are never needed for Lire to run.  The only special
# permission Lire needs is read access to the logs.  You are advised to
# store your logfiles groupreadable, and owned by a group especially set
# up for this purpose.  If, however, you decide to keep your logs
# readable by root only, you force yourself to run Lire as root.  In this
# case, you should set the variable below to 1.  See also the thread,
# starting with 
# http://www.nlnet.nl/projects/logreport/hypermail/logreport/questions/0057.html
#
# SKIP_ID_TEST=

####################################################################
#
#  variables about Lire's handling of tmp files
#
####################################################################

#
# where to store logfiles which are getting processed, as well as intermediate
# files
#
# make sure there's enough space: not only we, also sort(1) uses it.
# TMPDIR="/usr/tmp"
TMPDIR="$HOME/tmp"

#
# set this to 1 if you want to keep intermediate files in $HOME/tmp, 
# for debugging.
#
# KEEP=1
KEEP=

#
# ARCHIVE indicates wether files should get archived.  If set, files which
# are candidates for archiving are moved from TMPDIR to the archive.
# Furthermore, metainfo about the archived files gets stored in a Lire
# database.
#
# ARCHIVE=1
ARCHIVE=

#
# LR_ARCHIVEDIR is the parent directory of LR_DBDIR and of LR_DBFILE.
# LR_DBFILE is used to store metainformation about processed logfiles
# LR_ARCHIVEDIR is where the Lire archive gets build. Furthermore,
# LR_ARCHIVEDIR it's the root of FAILEDDIR, where emails the online responder
# failed to process get stored.
LR_ARCHIVEDIR="${HOME}/data"

####################################################################
#
#  logging - variables about Lire's own logging
#
####################################################################

#
# whether to show or suppress messages with loglevel info and debug
#
# DEBUG=1
DEBUG=

#
# whether to keep the tempory DLF files created for extended and
# derived schema. This is only usually set to debug the extended or
# derived schemas cerator.
#
LR_KEEP_TEMP_DLF=0

# used by lr_run
#
# where to sent logmessages to
LOGGING=stderr
# LOGGING=syslog

#
# defines the way logger(1) gets called
FACILITY=local2
LOGGERTAG="lire"



####################################################################
#
#  variables about the preferred report format
#
####################################################################

# The default report output format. This can be one
# of xml, txt, html or pdf
DEFAULT_OUTPUT_FORMAT="txt"

# if INCLUDEIMAGES is set to 1 images will be included in PDF reports
# 
# INCLUDEIMAGES=1
INCLUDEIMAGES=

# Controls if the number are scaled into more human 
# readable format : 22.1M, 10.5k, etc.
LR_SCALE_BYTES=1

# Controls if the seconds are scaled into more human 
# readable format : 2m, 1.1h, etc.
LR_SCALE_SEC=1

# Controls if the number are scaled into more human 
# readable format : 5M, 1k, etc.
LR_SCALE_NUMBER=0

# The default user for which the reports are targetted. This can be one of:
# manager, sysadmin.  This variable controls the amount and style of
# explanation in the reports
LR_TARGET_USER="sysadmin"

# The default level of this user. This can be one of:
# normal, advanced
LR_USERLEVEL="normal"

####################################################################
#
#  variables about performance issues
#
####################################################################

# Normally, Lire computes reports in RAM. This can cause problems when
# processing big log files. This variable determine the maximum log
# file size which will be processed in RAM. Bigger files will be
# processed using temporary disk space.
LR_MAX_MEMORY="40Megs"

########################################################################
#
#  XML/SGML Configuration - variables pointing to various external tools
#
########################################################################

# Where can we find jade or openjade on this system ? Jade or 
# OpenJade are needed to generate HTML and PDF reports.
JADE="/usr/bin/jade"

# Where can we find pdfjadetex on this system ? This is needed
# to generate PDF reports.
PDFJADETEX="/usr/bin/pdfjadetex"

# Path to DocBook XML 4.1 DTD, as distributed with e.g. libxslt.
# This is needed to generate PDF and HTML reports.
DBK_XML_DTD="/usr/share/sgml/docbook/dtd/xml/4.1.2/docbookx.dtd"

# Paths to Norman Walsh's DocBook DSSSL Style sheets 
# as distributed with docbook-dsssl. The Print
# stylesheet is needed to generate PDF reports.
DBK_PRINT_STYLESHEET="/usr/share/sgml/docbook/stylesheet/dsssl/modular/print/docbook.dsl"

# Paths to Norman Walsh's DocBook XSL style sheets for
# HTML and XHTML output.
DBK_HTML_XSL="/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/html/chunk.xsl"
DBK_XHTML_XSL="/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/xhtml/chunk.xsl"
DBK_FO_XSL="/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/fo/docbook.xsl"

# This sets the XSLT process to use. If we ever will support alternatives to
# libxslt's xsltproc, like xalan-c or sablotron (they currenlty cause 
# problems), this could be set here.  When none is used, a builtin convertor
# for XML is used to generate the ASCII reports. HTML, RTF or PDF reports are
# not available in this case.
XSLT_PROCESSOR="xsltproc"

# Path to Xalan-C on this system.
# XALAN_C="@PATHTOXALANC@"
# Path to Sablotron on this system
# SABLOTRON="@PATHTOSABLOTRON@"

# Path to XsltProc on this system
XSLTPROC="/usr/bin/xsltproc"

########################################################################
#
#  variables about paths to some programs
#
########################################################################

# gzip and tar are used to bundle images with HTML or DocBook reports.
GZIP="/bin/gzip"

TAR="/bin/tar"

# Zip is used to bundle the images with the RTF report.
ZIP="/usr/bin/zip"

########################################################################
#
#  variables about the Lire online responder
#
########################################################################

# where the emails sent to the responder are spooled
LR_SPOOLDIR="/var/spool/lire"

# 'FAILEDDIR', where emails which failed to get processed get stored, gets
# constructed from LR_ARCHIVEDIR.  see the end of this file

# seconds to wait between spoolruns
#
# LR_SPOOLINTERVAL=10
LR_SPOOLINTERVAL=300


########################################################################
#
#  variables about the emails Lire sents, containing the reports
#
########################################################################

# explanation on how to handle raw anon reports
EXPLANATIONFILE="/etc/lire/explanation"

# disclaimer to append to the email we sent
DISCLAIMERFILE="/etc/lire/disclaimer"

# signature to append to the email we sent
SIGNATUREFILE="/etc/lire/signature"



#########################################################################

if test xno = xyes
then
    if test -z "$LD_LIBRARY_PATH"
    then
	LD_LIBRARY_PATH="${exec_prefix}/lib"
    else
	LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${exec_prefix}/lib"
    fi
    export LD_LIBRARY_PATH
fi

if test -d "/usr/lib/perl5"
then
    eval `/usr/bin/perl -V:myarchname`
    if test -z "$PERL5LIB"
    then
	PERL5LIB="/usr/lib/perl5:/usr/lib/perl5/$myarchname"
    else
	PERL5LIB="$PERL5LIB:/usr/lib/perl5:/usr/lib/perl5/$myarchname"
    fi
    export PERL5LIB
fi

# xsltproc doesn't seems to like non-existent file in that variable
LR_XML_CATALOG="/etc/lire/catalog.xml"
if test -r "$LR_XML_CATALOG"
then
    # It is possible for LR_XML_CATALOG to be non-existent when
    # running lr_xslt from the source tree
    if test -z "$XML_CATALOG_FILES"
    then
	XML_CATALOG_FILES="$LR_XML_CATALOG"
#    else
	# Altough the name of the variable is _FILES, it seems that
	# libxslt 1.0.4 doesn't understand the colon
#	XML_CATALOG_FILES="$LR_XML_CATALOG $LR_XML_CATALOG"
    fi
    export XML_CATALOG_FILES
fi

# one can override the variables set here in defaults.local. this file
# will not be overwritten during upgrade or reinstall
localfile="/etc/lire/defaults.local"

if test -n "$SERVICE"
then
    case $SERVICE in
#
# www related stuff
#

#   Backward compatibility
    apache)
        TODLF="apache-access_log2dlf"
        ;;
#   Backward compatibility
    apachemodgzip)
        TODLF="modgzip2dlf"
        ;;
#   Backward compatibility
    boa)
        TODLF="combined2dlf"
        ;;
    modgzip)
	TODLF="modgzip2dlf"
	;;
    combined)
	TODLF="combined2dlf"
	;;
    common)
	TODLF="common2dlf"
	;;
    referer)
	TODLF="referer2dlf"
	;;
    w3c_extended)
	TODLF="w3c_extended2dlf"
	;;

#
# database related stuff
#

    mysql)
        TODLF="mysql2dlf"
        ;;

#
# dns related stuff
#

    bind8)
        TODLF="bind8-query2dlf"
        ;;
    bind9)
        TODLF="bind9-query2dlf"
        ;;

#
# ftp related stuff
#

    iis_ftp)
	TODLF="iis_ftp2dlf"
	;;
    xferlog)
        TODLF="xferlog2dlf"
        ;;

#
# firewall related stuff
#

    cisco)
        TODLF="acl_cisco_log2dlf"
        ;;
    ipchains)
        TODLF="ipchains2dlf"
        ;;
    ipfilter)
        TODLF="ipmon2dlf"
        ;;
    iptables)
        TODLF="iptables2dlf"
        ;;
    welf)
        TODLF="welf2dlf"
        ;;

#
# email related stuff
#

    exim)
        TODLF="exim2dlf"
        ;;
    nms)
        TODLF="nms2dlf"
        ;;
    postfix)
        TODLF="postfix2dlf"
        ;;
    qmail)
        TODLF="qmail2dlf"
        ;;
    sendmail)
        TODLF="sendmail2dlf"
        ;;
#
# print related stuff
#

    cups)
        TODLF="cups_pagelog2dlf"
        ;;
    lprng)
        TODLF="lprng_account2dlf"
        ;;

#
# proxy related stuff
#

    ms_isa)
        TODLF="ms_isa2dlf"
        ;;
    squid)
        TODLF="squid2dlf"
        ;;

    welf_proxy)
        TODLF="welf_proxy2dlf"
        ;;
#
# fall through
#

    *)
        TODLF=
        ;;
    esac
    export TODLF
    export SUPERSERVICE
fi


if test -r "$localfile"
then
    . $localfile
fi

if test -r $HOME/.lirerc
then
    . $HOME/.lirerc
    echo >&2 "all all none defaults warning you have a file $HOME/.lirerc . this is deprecated. please move its contents to $HOME/.lire/etc/defaults"
fi

# will this fail miserably when there's no directory $HOME/.lire/etc ?
if test -r $HOME/.lire/etc/defaults
then
    . $HOME/.lire/etc/defaults
fi

# find out if we are able to write to LR_DBFILE

LR_DBDIR="$LR_ARCHIVEDIR/meta"
LR_DBFILE="$LR_DBDIR/index"

# BEWARE! this might break on solaris, since it's shell is more picky on -e..
if touch "$LR_DBFILE" 2>/dev/null
then
    # everything is fine
    :
else
    if test ! -d "$LR_DBDIR"
    then
        mkdir -p "$LR_DBDIR" 2>/dev/null || true
    fi

    if touch "$LR_DBFILE" 2>/dev/null
    then
        # seems we've fixed it
        :
    else
        # we probably have no write access.  choose another directory
        if test -n "$ARCHIVE"
        then
            LR_ARCHIVEDIR=$HOME/.lire/data
        else
            LR_ARCHIVEDIR=$TMPDIR
        fi
        echo >&2 "all all none defaults warning LR_ARCHIVEDIR is changed to $LR_ARCHIVEDIR.  please set this variable explicitly by doing e.g. ' echo LR_ARCHIVEDIR=$LR_ARCHIVEDIR >> ~/.lire/etc/defaults '."
    fi
fi

# build LR_DBDIR, LR_DBFILE and FAILEDDIR from LR_ARCHIVEDIR
LR_DBDIR="$LR_ARCHIVEDIR/meta"
LR_DBFILE="$LR_DBDIR/index"
FAILEDDIR="$LR_ARCHIVEDIR/email/raw/failed"

export DEBUG
export KEEP
export ARCHIVE
export TMPDIR
export DISCLAIMERFILE
export SIGNATUREFILE

export LR_TARGET_USER
export LR_USERLEVEL

export LR_SCALE_BYTES
export LR_SCALE_NUMBER
export LR_SCALE_SEC

export LR_ARCHIVEDIR
export LR_DBDIR
export LR_DBFILE

export LR_MAX_MEMORY

export FAILEDDIR

export jobfiles_daily
export jobfiles_weekly

# The security check for root
if test -x /usr/xpg4/bin/id
then
    # solaris' /usr/bin/id doesn't grok -u
    # don't you just love it...
    runid=/usr/xpg4/bin/id
else
    runid=id
fi

if test -z "$SKIP_ID_TEST"
then
    if test "`$runid -u`" -eq 0 -o "`$runid -ru`" -eq 0
    then
	cat >&2 <<EOF
Lire isn't made to run as root.
Please run it as an unprivileged user.

If you need root access to read the log file, you can 
pipe the log file to $PROGRAM :

su -c 'cat /path/to/logfile' root | $PROGRAM ...

Alternatively, if you don't care about somebody compromising your
system, you can add "SKIP_ID_TEST=1" to $HOME/.lire/etc/defaults
EOF
	exit 1
    fi
fi

# Local Variables:
# mode: sh
# End:
