xp-dev.com Git - logcheck/blob - logcheck.pl

   1 #!/usr/bin/perl
   2
   3
   4 require 'logcheck.conf';
   5 $mode="run";
   6
   7
   8 sub head() {
   9         print "\n";
  10         print "-----------------------------\n";
  11         print "This is logcheck.pl V1.0.3\n";
  12         print "http://peters-webcorner.de\n";
  13         print "project hosted on origo\n";
  14         print "http://logcheck.origo.ethz.ch\n";
  15         print "-----------------------------\n\n";
  16 }
  17
  18 if (($ARGV[0] ne "") && ($ARGV[0] ne "debug")) {
  19         head();
  20         print "you can use 'logcheck.pl debug' or 'logcheck.pl' without any parameters\n";
  21         print "hint: using debug will prevent script from sending mail...\n";
  22         exit 0;
  23
  24 }
  25
  26 if ($ARGV[0] eq "debug") {
  27         head();
  28         print "debug mode on...\n";
  29         $mode="debug";
  30
  31 }
  32
  33 if (-e $file_whitelist) {
  34         if($mode eq "debug") {
  35                 print "whitelist found...\n";
  36         }
  37 }
  38 else
  39 {
  40         open(ADR, ">$file_whitelist");
  41         print ADR "";
  42         close(ADR);
  43         print "Please edit ".$file_whitelist." first...\n";
  44         exit 1;
  45
  46 }
  47 if (-e $file_logfilelist) {
  48         if($mode eq "debug") {
  49                 print "list of logfiles found...\n";
  50         }
  51 } else {
  52         open(ADR, ">$file_logfilelist");
  53         print ADR "";
  54         close(ADR);
  55         print "Please edit ".$file_logfilelist." first...\n";
  56         exit 1;
  57
  58 }
  59
  60
  61 $read=0;
  62 open(ADR, "<$file_whitelist");
  63 while(<ADR>)
  64 {
  65         chop($_);
  66         if(length($_) > 1) {
  67                 if (substr($_,0,1) ne "#")
  68                 {
  69                 $read++;
  70                 push @whitelisted, $_;
  71                 }
  72         }
  73 }
  74 close(ADR);
  75 if ($read > 0) {
  76         if($mode eq "debug") {
  77                 print $read." entries in whitelist found\n";
  78         }
  79 }
  80 else
  81 {
  82         if($mode eq "debug") {
  83                 print "no entries in whitelist found, may be not normal...\n";
  84         }
  85 }
  86
  87
  88
  89 $read=0;
  90 open(ADR, "<$file_logfilelist");
  91 while(<ADR>)
  92 {
  93         chop($_);
  94         if(length($_) > 1) {
  95                 if (substr($_,0,1) ne "#")
  96                 {
  97                 $read++;
  98                 push @logfiles, $_;
  99                 }
 100         }
 101 }
 102 close(ADR);
 103 if ($read > 0) {
 104         if($mode eq "debug") {
 105                 print $read." entries in logfile list found\n";
 106         }
 107 }
 108 else
 109 {
 110         print "there must be at least one entry in "..$file_logfilelist."\n";
 111         print "ABORTING NOW!!!\n";
 112         exit 1;
 113 }
 114
 115
 116 foreach $thisfile (@logfiles) {
 117         $outtext="";
 118         $noffset="";
 119         $offset;
 120         $jumpover;
 121         if($mode eq "debug") {
 122                 print "processing ".$thisfile."\n";
 123         }
 124         if(-e $thisfile)
 125         {
 126                 $useoffset=0;
 127                 $thisoffset="";
 128                 if(-e $thisfile.".offset") {
 129                         if($mode eq "debug") {
 130                                 print "using ".$thisfile.".offset\n";
 131                         }
 132                         $useoffset=1;
 133                         open(OFF,"<$thisfile.offset");
 134                         while(<OFF>)
 135                         {
 136                                 $offset=$_;
 137                                 if($mode eq "debug") {
 138                                         print "offset is $_\n";
 139                                 }
 140                         }
 141                         close(OFF);
 142                 }
 143                 $jumpover=1;
 144                 check();
 145                 if($jumpover==1) {
 146                         unlink($thisfile.".offset");
 147                         if($mode eq "debug") {
 148                                 print "offset not found, reparsing without offset\n";
 149                         }
 150                         $jumpover=0;
 151                         $offset="";
 152                         check();
 153                 }
 154                 if ($outtext ne "") {
 155                         if($mode eq "debug") {
 156                                 print "mail not sent, cause debug is enabled\n";
 157                                 print "content of mail to $emailaddress would be:\n---------------------------------\n";
 158                                 print $outtext;
 159                                 print "\n---------------------------------\nend of mail\n";
 160                         } else {
 161                                 $Jetztwert = time();
 162                                 $Jetztzeit = localtime($Jetztwert);
 163                                 $mailer = '/usr/sbin/sendmail';
 164                                 $Sender = $senderaddress;
 165                                 open(MAIL, "|$mailer -t") || die "Can't open $mailer!\n";
 166                                 print MAIL "To: ".$emailaddress."\n";
 167                                 print MAIL "Subject: ($thisfile) violation report $Jetztzeit\n\n\n";
 168                                 print MAIL $outtext;
 169                                 close(MAIL);
 170                                 $command="\/usr\/bin\/logger -p warn logcheckprint";
 171                 system($command);
 172                         }
 173                 } else {
 174                         if($mode eq "debug") {
 175                                 print "nothing to send, $thisfile seems to be ok\n";
 176                         }
 177                 }
 178                 if ($noffset ne "") {
 179                         if($mode eq "debug") {
 180                                 print "new offset written in ".$thisfile.".offset\n";
 181                         }
 182                         open(ADR, ">$thisfile.offset");
 183                                print ADR $noffset;
 184                         close(ADR);
 185                 }
 186         }
 187         else
 188         {
 189                 print STDERR "logfile $thisfile not found...ignoring\n";
 190         }
 191 }
 192 exit 0;
 193
 194
 195 sub check() {
 196         # checks the logfile itself
 197         open(LOG,"<$thisfile");
 198         while(<LOG>)
 199         {
 200                 if ($jumpover == 0) {
 201                         $wl=0;
 202                         foreach $wltext (@whitelisted)
 203                         {
 204                                 if($_ =~/$wltext/)
 205                                 {
 206                                         $wl=1;
 207                                 }
 208                         }
 209                         if($wl==0)
 210                         {
 211                                 $outtext=$outtext.$_;
 212                         }
 213                 }
 214                 $noffset = substr($_,0,15,);
 215                 if(substr($_,0,15) eq $offset) {
 216                         $jumpover=0;
 217                         if($mode eq "debug") {
 218                                 print "offset found\n";
 219                         }
 220                 }
 221         }
 222         close(LOG);
 223 }
 224
 225