#!/usr/bin/perl
# Logchecker - perl script to check unix logfiles and notify by email
# if entries appear not covered by the whitelist
# Copyright (C) long time ago by Peter, peters-webcorner.de
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
require 'logcheck.conf';
$mode="run";
sub head() {
print "\n";
print "-----------------------------\n";
print "This is logcheck.pl V1.0.4\n";
print "https://peters-webcorner.de\n";
print "project hosted on github\n";
print "https://github.com/pstimpel/logcheck\n\n";
print "Logchecker - Copyright (C) long time ago by Peter\n";
print "This program comes with ABSOLUTELY NO WARRANTY; for details run `-l'.\n";
print "This is free software, and you are welcome to redistribute it\n";
print "under certain conditions. Check license for details.\n";
print "-----------------------------\n\n";
}
if (($ARGV[0] ne "") && ($ARGV[0] ne "debug") && ($ARGV[0] ne "-l")) {
head();
print "Parameters:\n";
print "logcheck.pl normal run, parse logfiles and fire email if needed\n";
print "logcheck.pl debug prevents script from sending mail\n";
print "logcheck.pl -l prints license to console\n";
exit 0;
}
if ($ARGV[0] eq "-l") {
head();
print "Content of license\n\n\n";
system('cat LICENSE | more');
exit 0;
}
if ($ARGV[0] eq "debug") {
head();
print "debug mode on...\n";
$mode="debug";
}
if (-e $file_whitelist) {
if($mode eq "debug") {
print "whitelist found...\n";
}
}
else
{
open(ADR, ">$file_whitelist");
print ADR "";
close(ADR);
print "Please edit ".$file_whitelist." first...\n";
exit 1;
}
if (-e $file_logfilelist) {
if($mode eq "debug") {
print "list of logfiles found...\n";
}
} else {
open(ADR, ">$file_logfilelist");
print ADR "";
close(ADR);
print "Please edit ".$file_logfilelist." first...\n";
exit 1;
}
$read=0;
open(ADR, "<$file_whitelist");
while()
{
chop($_);
if(length($_) > 1) {
if (substr($_,0,1) ne "#")
{
$read++;
push @whitelisted, $_;
}
}
}
close(ADR);
if ($read > 0) {
if($mode eq "debug") {
print $read." entries in whitelist found\n";
}
}
else
{
if($mode eq "debug") {
print "no entries in whitelist found, may be not normal...\n";
}
}
$read=0;
open(ADR, "<$file_logfilelist");
while()
{
chop($_);
if(length($_) > 1) {
if (substr($_,0,1) ne "#")
{
$read++;
push @logfiles, $_;
}
}
}
close(ADR);
if ($read > 0) {
if($mode eq "debug") {
print $read." entries in logfile list found\n";
}
}
else
{
print "there must be at least one entry in "..$file_logfilelist."\n";
print "ABORTING NOW!!!\n";
exit 1;
}
foreach $thisfile (@logfiles) {
$outtext="";
$noffset="";
$offset;
$jumpover;
if($mode eq "debug") {
print "processing ".$thisfile."\n";
}
if(-e $thisfile)
{
$useoffset=0;
$thisoffset="";
if(-e $thisfile.".offset") {
if($mode eq "debug") {
print "using ".$thisfile.".offset\n";
}
$useoffset=1;
open(OFF,"<$thisfile.offset");
while()
{
$offset=$_;
if($mode eq "debug") {
print "offset is $_\n";
}
}
close(OFF);
}
$jumpover=1;
check();
if($jumpover==1) {
unlink($thisfile.".offset");
if($mode eq "debug") {
print "offset not found, reparsing without offset\n";
}
$jumpover=0;
$offset="";
check();
}
if ($outtext ne "") {
if($mode eq "debug") {
print "mail not sent, cause debug is enabled\n";
print "content of mail to $emailaddress would be:\n---------------------------------\n";
print $outtext;
print "\n---------------------------------\nend of mail\n";
} else {
$Jetztwert = time();
$Jetztzeit = localtime($Jetztwert);
$mailer = '/usr/sbin/sendmail';
$Sender = $senderaddress;
open(MAIL, "|$mailer -t") || die "Can't open $mailer!\n";
print MAIL "To: ".$emailaddress."\n";
print MAIL "Subject: ($thisfile) violation report $Jetztzeit\n\n\n";
print MAIL $outtext;
close(MAIL);
$command="\/usr\/bin\/logger -p warn logcheckprint";
system($command);
}
} else {
if($mode eq "debug") {
print "nothing to send, $thisfile seems to be ok\n";
}
}
if ($noffset ne "") {
if($mode eq "debug") {
print "new offset written in ".$thisfile.".offset\n";
}
open(ADR, ">$thisfile.offset");
print ADR $noffset;
close(ADR);
}
}
else
{
print STDERR "logfile $thisfile not found...ignoring\n";
}
}
exit 0;
sub check() {
# checks the logfile itself
open(LOG,"<$thisfile");
while()
{
if ($jumpover == 0) {
$wl=0;
foreach $wltext (@whitelisted)
{
if($_ =~/$wltext/)
{
$wl=1;
}
}
if($wl==0)
{
$outtext=$outtext.$_;
}
}
$noffset = substr($_,0,15,);
if(substr($_,0,15) eq $offset) {
$jumpover=0;
if($mode eq "debug") {
print "offset found\n";
}
}
}
close(LOG);
}