README.md added for github

[logcheck] / logcheck.pl

#!/usr/bin/perl

#    Logchecker - perl script to check unix logfiles and notify by email
#    if entries appear not covered by the whitelist
#    Copyright (C) long time ago by Peter, peters-webcorner.de
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <https://www.gnu.org/licenses/>.

require 'logcheck.conf';
$mode="run";


sub head() {
        print "\n";
        print "-----------------------------\n";
        print "This is logcheck.pl V1.0.4\n";
        print "https://peters-webcorner.de\n";
        print "project hosted on github\n";
        print "https://github.com/pstimpel/logcheck\n\n";
        print "Logchecker - Copyright (C) long time ago by Peter\n";
    print "This program comes with ABSOLUTELY NO WARRANTY; for details run `-l'.\n";
    print "This is free software, and you are welcome to redistribute it\n";
    print "under certain conditions. Check license for details.\n";
        print "-----------------------------\n\n";
}

if (($ARGV[0] ne "") && ($ARGV[0] ne "debug") && ($ARGV[0] ne "-l")) {
        head();
        print "Parameters:\n";
        print "logcheck.pl         normal run, parse logfiles and fire email if needed\n";
        print "logcheck.pl debug   prevents script from sending mail\n";
        print "logcheck.pl -l      prints license to console\n";
        exit 0;

}

if ($ARGV[0] eq "-l") {
        head();
        print "Content of license\n\n\n";
        system('cat LICENSE | more');
        exit 0;
}

if ($ARGV[0] eq "debug") {
        head();
        print "debug mode on...\n";
        $mode="debug";

}

if (-e $file_whitelist) {
        if($mode eq "debug") {
                print "whitelist found...\n";
        }
} 
else 
{
        open(ADR, ">$file_whitelist");
        print ADR "";
        close(ADR);
        print "Please edit ".$file_whitelist." first...\n";
        exit 1;
              
}
if (-e $file_logfilelist) {
        if($mode eq "debug") {
                print "list of logfiles found...\n";
        }
} else {
        open(ADR, ">$file_logfilelist");
        print ADR "";
        close(ADR);
        print "Please edit ".$file_logfilelist." first...\n";
        exit 1;
              
}


$read=0;
open(ADR, "<$file_whitelist");
while(<ADR>)
{
        chop($_);
        if(length($_) > 1) {
                if (substr($_,0,1) ne "#") 
                {
                $read++;
                push @whitelisted, $_;
                }
        }
}
close(ADR);
if ($read > 0) {
        if($mode eq "debug") {
                print $read." entries in whitelist found\n";
        }
}
else
{
        if($mode eq "debug") {
                print "no entries in whitelist found, may be not normal...\n";
        }
}



$read=0;
open(ADR, "<$file_logfilelist");
while(<ADR>)
{
        chop($_);
        if(length($_) > 1) {
                if (substr($_,0,1) ne "#") 
                {
                $read++;
                push @logfiles, $_;
                }       
        }
}
close(ADR);
if ($read > 0) {
        if($mode eq "debug") {
                print $read." entries in logfile list found\n";
        }
}
else
{
        print "there must be at least one entry in "..$file_logfilelist."\n";
        print "ABORTING NOW!!!\n";
        exit 1;
}


foreach $thisfile (@logfiles) {
        $outtext="";
        $noffset="";
        $offset;
        $jumpover;
        if($mode eq "debug") {
                print "processing ".$thisfile."\n";
        }
        if(-e $thisfile) 
        {
                $useoffset=0;
                $thisoffset="";
                if(-e $thisfile.".offset") {
                        if($mode eq "debug") {
                                print "using ".$thisfile.".offset\n";
                        }
                        $useoffset=1;
                        open(OFF,"<$thisfile.offset");
                        while(<OFF>)
                        {
                                $offset=$_;
                                if($mode eq "debug") {
                                        print "offset is $_\n"; 
                                }
                        }
                        close(OFF);
                }       
                $jumpover=1;    
                check();
                if($jumpover==1) {
                        unlink($thisfile.".offset");
                        if($mode eq "debug") {
                                print "offset not found, reparsing without offset\n";   
                        }
                        $jumpover=0;
                        $offset="";
                        check();
                }
                if ($outtext ne "") {
                        if($mode eq "debug") {
                                print "mail not sent, cause debug is enabled\n";        
                                print "content of mail to $emailaddress would be:\n---------------------------------\n";
                                print $outtext;
                                print "\n---------------------------------\nend of mail\n";
                        } else {
                                $Jetztwert = time();
                                $Jetztzeit = localtime($Jetztwert);
                                $mailer = '/usr/sbin/sendmail';
                                $Sender = $senderaddress;
                                open(MAIL, "|$mailer -t") || die "Can't open $mailer!\n";
                                print MAIL "To: ".$emailaddress."\n";
                                print MAIL "Subject: ($thisfile) violation report $Jetztzeit\n\n\n";
                                print MAIL $outtext;
                                close(MAIL);
                                $command="\/usr\/bin\/logger -p warn logcheckprint";
                system($command);
                        }
                } else {
                        if($mode eq "debug") {
                                print "nothing to send, $thisfile seems to be ok\n";    
                        }
                }
                if ($noffset ne "") {
                        if($mode eq "debug") {
                                print "new offset written in ".$thisfile.".offset\n";   
                        }
                        open(ADR, ">$thisfile.offset");
                               print ADR $noffset;
                        close(ADR);
                }
        }
        else
        {
                print STDERR "logfile $thisfile not found...ignoring\n";
        }       
}
exit 0;


sub check() {
        # checks the logfile itself
        open(LOG,"<$thisfile");
        while(<LOG>) 
        {
                if ($jumpover == 0) {
                        $wl=0;
                        foreach $wltext (@whitelisted) 
                        {
                                if($_ =~/$wltext/) 
                                {
                                        $wl=1;
                                }
                        }
                        if($wl==0) 
                        {
                                $outtext=$outtext.$_;
                        }
                }       
                $noffset = substr($_,0,15,);
                if(substr($_,0,15) eq $offset) {
                        $jumpover=0;
                        if($mode eq "debug") {
                                print "offset found\n"; 
                        }
                }
        }
        close(LOG);
}