3 # Logchecker - perl script to check unix logfiles and notify by email
4 # if entries appear not covered by the whitelist
5 # Copyright (C) long time ago by Peter, peters-webcorner.de
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <https://www.gnu.org/licenses/>.
22 $dirname = File::Spec->rel2abs(dirname(__FILE__));
24 require $dirname.'/logcheck.conf';
27 if (defined($logcheckpath)) {
29 print "There was change in the configuration starting from version 1.0.5!\n";
31 print '$file_whitelist=$logcheckpath."logcheck.whitelist"; is now'."\n";
32 print '$file_whitelist="logcheck.whitelist";'."\n";
34 print '$file_logfiles=$logcheckpath."logcheck.logfiles"; is now'."\n";
35 print '$file_logfilelist="logcheck.logfiles";'."\n";
37 print '$logcheckpath="/your/path/"; is now'."\n";
38 print '#$logcheckpath="/your/path/";'."\n";
39 print "\nPlease make these changes before you continue using logcheck.pl\n";
43 $file_pidfile = $dirname."/logcheck.pid";
45 $file_whitelist = $dirname."/".$file_whitelist;
46 $file_logfilelist = $dirname."/".$file_logfilelist;
50 print "-----------------------------\n";
51 print "This is logcheck.pl V1.0.8\n";
52 print "https://peters-webcorner.de\n";
53 print "project hosted on github\n";
54 print "https://github.com/pstimpel/logcheck\n\n";
55 print "Logchecker - Copyright (C) long time ago by Peter\n";
56 print "This program comes with ABSOLUTELY NO WARRANTY; for details run `-l'.\n";
57 print "This is free software, and you are welcome to redistribute it\n";
58 print "under certain conditions. Check license for details.\n";
59 print "-----------------------------\n\n";
62 if (($ARGV[0] ne "") && ($ARGV[0] ne "debug") && ($ARGV[0] ne "-l") && ($ARGV[0] ne "-r") && ($ARGV[0] ne "-d")) {
64 print "Parameters:\n";
65 print "logcheck.pl normal run, parse logfiles and fire email if needed\n";
66 print "logcheck.pl debug prevents script from sending mail\n";
67 print "logcheck.pl -d prevents script from sending mail\n";
68 print "logcheck.pl -l prints license to console\n";
69 print "logcheck.pl -p removes existing pid-file with no further checks\n";
70 print "logcheck.pl -h this screen\n";
71 print "PID: ".$$." \n";
72 print "DIR: ".$dirname."\n";
74 if($pidstring ne "unknown") {
75 print "!!! PID-file existing, created by process ".$pidstring." !!!\n";
81 if ($ARGV[0] eq "-l") {
83 print "Content of license\n\n\n";
84 system('cat LICENSE | more');
88 if ($ARGV[0] eq "-r") {
90 unlink($file_pidfile);
95 if ($ARGV[0] eq "debug" || $ARGV[0] eq "-d") {
97 print "debug mode on...\n";
102 if (-e $file_whitelist) {
103 if($mode eq "debug") {
104 print "whitelist found...\n";
109 open(ADR, ">$file_whitelist");
112 print "Please edit ".$file_whitelist." first...\n";
116 if (-e $file_logfilelist) {
117 if($mode eq "debug") {
118 print "list of logfiles found...\n";
121 open(ADR, ">$file_logfilelist");
124 print "Please edit ".$file_logfilelist." first...\n";
131 open(ADR, "<$file_whitelist");
136 if (substr($_,0,1) ne "#")
139 push @whitelisted, $_;
145 if($mode eq "debug") {
146 print $read." entries in whitelist found\n";
151 if($mode eq "debug") {
152 print "no entries in whitelist found, may be not normal...\n";
159 open(ADR, "<$file_logfilelist");
164 if (substr($_,0,1) ne "#")
173 if($mode eq "debug") {
174 print $read." entries in logfile list found\n";
179 print "there must be at least one entry in "..$file_logfilelist."\n";
180 print "ABORTING NOW!!!\n";
184 if (-e $file_pidfile) {
185 if($mode eq "debug") {
186 print "There is a pid-file already, ".$file_pidfile.", abort execution\n";
190 $psstring = `ps fax`;
192 $Jetztzeit = localtime($Jetztwert);
193 $mailer = '/usr/sbin/sendmail';
194 $Sender = $senderaddress;
195 open(MAIL, "|$mailer -t") || die "Can't open $mailer!\n";
196 print MAIL "To: ".$emailaddress."\n";
197 print MAIL "Subject: Logs NOT CHECKED report $Jetztzeit\n\n\n";
198 print MAIL "There is a pid-file already at ".$file_pidfile.", and the execution of logcheck was aborted!\n\nRemove the pid-file, but make sure logcheck is not running anymore. See output of ps fax below\n\n";
199 print MAIL "Pid of this (the aborted process) is: ".$$."\n";
200 print MAIL "Pid of blocking process is: ".$pidstring."\n\n";
202 print MAIL $psstring."\n\n";
208 open(ADR, ">$file_pidfile");
213 foreach $thisfile (@logfiles) {
218 if($mode eq "debug") {
219 print "processing ".$thisfile."\n";
225 if(-e $thisfile.".offset") {
226 if($mode eq "debug") {
227 print "using ".$thisfile.".offset\n";
230 open(OFF,"<$thisfile.offset");
234 if($mode eq "debug") {
235 print "offset is $_\n";
243 unlink($thisfile.".offset");
244 if($mode eq "debug") {
245 print "offset not found, reparsing without offset\n";
251 if ($outtext ne "") {
252 if($mode eq "debug") {
253 print "mail not sent, cause debug is enabled\n";
254 print "content of mail to $emailaddress would be:\n---------------------------------\n";
256 print "\n---------------------------------\nend of mail\n";
259 $Jetztzeit = localtime($Jetztwert);
260 $mailer = '/usr/sbin/sendmail';
261 $Sender = $senderaddress;
262 open(MAIL, "|$mailer -t") || die "Can't open $mailer!\n";
263 print MAIL "To: ".$emailaddress."\n";
264 print MAIL "Subject: ($thisfile) violation report $Jetztzeit\n\n\n";
267 $command="\/usr\/bin\/logger -p warn logcheckprint";
271 if($mode eq "debug") {
272 print "nothing to send, $thisfile seems to be ok\n";
275 if ($noffset ne "") {
276 if($mode eq "debug") {
277 print "new offset written in ".$thisfile.".offset\n";
279 open(ADR, ">$thisfile.offset");
286 print STDERR "logfile $thisfile not found...ignoring\n";
290 unlink($file_pidfile);
296 # checks the logfile itself
297 open(LOG,"<$thisfile");
300 if ($jumpover == 0) {
302 foreach $wltext (@whitelisted)
311 $outtext=$outtext.$_;
314 $noffset = substr($_,0,15,);
315 if(substr($_,0,15) eq $offset) {
317 if($mode eq "debug") {
318 print "offset found\n";
325 sub getpidfilecontent() {
326 $pidstring="unknown";
327 open(ADR, "<$file_pidfile");
332 if (substr($_,0,1) ne "#")