commit 46e1d76089e80a269827f38bb4c8796bbca93f3b Author: Fish <> Date: Fri Sep 10 11:31:11 2004 +0000 initial import of CLF project for CSC diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..08e0572 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,341 @@ +* text=auto !eol +html/.htaccess -text +html/1stalertview.php -text +html/1stcustomer.php -text +html/1stequiptype.php -text +html/1stfilter.php -text +html/1sthost.php -text +html/1stlaunch.php -text +html/1stmaint.php -text +html/1stprocessor.php -text +html/1streports.php -text +html/1strule.php -text +html/1stsaves.php -text +html/1stview.php -text +html/2ndreports.php -text +html/ChangeLog.txt -text +html/admin/.htaccess -text +html/admin/ChangeLog.txt -text +html/admin/app.php -text +html/admin/data/commands -text +html/admin/data/convertpw.php -text +html/admin/data/install.txt -text +html/admin/data/pgsql.secframe -text +html/admin/faq.txt -text +html/admin/group.php -text +html/admin/images/background.gif -text +html/admin/images/tile.gif -text +html/admin/images/title.gif -text +html/admin/index.php -text +html/admin/license.txt -text +html/admin/scripts/php/queue.php -text +html/admin/secversion -text +html/admin/user.php -text +html/alert.php -text +html/background.html -text +html/background.php -text +html/calendar.php -text +html/config.php -text +html/customer.php -text +html/data/install -text +html/data/pgsql.msyslog -text +html/data/pgsql.secframe -text +html/equiptype.php -text +html/faq.txt -text +html/filter.php -text +html/header.php -text +html/host.php -text +html/images/Exclamation.gif -text +html/images/IEWin.css -text +html/images/Px_Clear.gif -text +html/images/background.gif -text +html/images/bg2.gif -text +html/images/bg3.gif -text +html/images/blue.gif -text +html/images/csc_name.gif -text +html/images/no.gif -text +html/images/ok.gif -text +html/images/over_nav_qing.gif -text +html/images/tile.gif -text +html/images/title.png -text +html/include_main.css -text +html/index.php -text +html/launch.php -text +html/license.txt -text +html/logout.php -text +html/logwatch.php -text +html/maintenance.php -text +html/menu.php -text +html/old1stview.php -text +html/processor.php -text +html/reports/cisco-pix-bandwidthbreakdown.php -text +html/reports/severity-facility.php -text +html/reports/vpnuserusage.php -text +html/rule.php -text +html/runlog.txt -text +html/scripts/bin/analyzetsyslog -text +html/scripts/bin/archivelogs -text +html/scripts/bin/autovac -text +html/scripts/bin/convertlogtosyslog -text +html/scripts/bin/createtmpoutputfiles -text +html/scripts/bin/expirelogs -text +html/scripts/bin/logbreakout -text +html/scripts/bin/nightlyroguecheck -text +html/scripts/bin/pgsqlhealth -text +html/scripts/bin/pgsqllogin -text +html/scripts/bin/processlogs -text +html/scripts/bin/rebuild.php -text +html/scripts/bin/vacuumdb -text +html/scripts/bin/vacuumtsyslog -text +html/scripts/bin/weeklyindexrebuild -text +html/scripts/crontab/root -text +html/scripts/php/analyzetsyslog.php -text +html/scripts/php/archive.php -text +html/scripts/php/autovac.php -text +html/scripts/php/expire.php -text +html/scripts/php/nightlyroguecheck.php -text +html/scripts/php/processlogs.php -text +html/scripts/php/vacuumdb.php -text +html/scripts/php/vacuumtsyslog.php -text +html/scripts/php/weeklyindexrebuild.php -text +html/smtversion -text +html/template.php -text +html/view.php -text +html/viewsaves.php -text +lib/generalweb.php -text +lib/pgsql.php -text +lib/pix.php -text +lib/secframe.php -text +log.d/.db.conf.swo -text +log.d/.db.conf.swp -text +log.d/CENTRAL_LOGSERVER -text +log.d/bin/dumplog.pl -text +log.d/bin/getconfig -text +log.d/bin/listconfigs -text +log.d/bin/logwatch.pl -text +log.d/bin/parselog.sh -text +log.d/bin/storelog.pl -text +log.d/configs/linux.tar.gz -text +log.d/configs/linux/conf/logfiles/messages.conf -text +log.d/configs/linux/conf/logwatch.conf -text +log.d/configs/linux/conf/services/arpwatch.conf -text +log.d/configs/linux/conf/services/automount.conf -text +log.d/configs/linux/conf/services/cisco.conf -text +log.d/configs/linux/conf/services/clam-update.conf -text +log.d/configs/linux/conf/services/courier.conf -text +log.d/configs/linux/conf/services/cron.conf -text +log.d/configs/linux/conf/services/dhcpd.conf -text +log.d/configs/linux/conf/services/exim.conf -text +log.d/configs/linux/conf/services/ftpd-messages.conf -text +log.d/configs/linux/conf/services/identd.conf -text +log.d/configs/linux/conf/services/imapd.conf -text +log.d/configs/linux/conf/services/in.qpopper.conf -text +log.d/configs/linux/conf/services/init.conf -text +log.d/configs/linux/conf/services/ipop3d.conf -text +log.d/configs/linux/conf/services/kernel.conf -text +log.d/configs/linux/conf/services/mailscanner.conf -text +log.d/configs/linux/conf/services/modprobe.conf -text +log.d/configs/linux/conf/services/mountd.conf -text +log.d/configs/linux/conf/services/named.conf -text +log.d/configs/linux/conf/services/oidentd.conf -text +log.d/configs/linux/conf/services/pam.conf -text +log.d/configs/linux/conf/services/pam_pwdb.conf -text +log.d/configs/linux/conf/services/pam_unix.conf -text +log.d/configs/linux/conf/services/pluto.conf -text +log.d/configs/linux/conf/services/pop3.conf -text +log.d/configs/linux/conf/services/portsentry.conf -text +log.d/configs/linux/conf/services/postfix.conf -text +log.d/configs/linux/conf/services/pound.conf -text +log.d/configs/linux/conf/services/proftpd-messages.conf -text +log.d/configs/linux/conf/services/pureftpd.conf -text +log.d/configs/linux/conf/services/qmail.conf -text +log.d/configs/linux/conf/services/raid.conf -text +log.d/configs/linux/conf/services/rt314.conf -text +log.d/configs/linux/conf/services/samba.conf -text +log.d/configs/linux/conf/services/secure.conf -text +log.d/configs/linux/conf/services/sendmail-largeboxes.conf -text +log.d/configs/linux/conf/services/sendmail.conf -text +log.d/configs/linux/conf/services/shaperd.conf -text +log.d/configs/linux/conf/services/smartd.conf -text +log.d/configs/linux/conf/services/sshd.conf -text +log.d/configs/linux/conf/services/sshd2.conf -text +log.d/configs/linux/conf/services/stunnel.conf -text +log.d/configs/linux/conf/services/sudo.conf -text +log.d/configs/linux/conf/services/syslogd.conf -text +log.d/configs/linux/conf/services/up2date.conf -text +log.d/configs/linux/conf/services/vpopmail.conf -text +log.d/configs/linux/conf/services/vsftpd.conf -text +log.d/configs/linux/conf/services/yum.conf -text +log.d/configs/linux/conf/services/zz-disk_space.conf -text +log.d/configs/linux/conf/services/zz-fortune.conf -text +log.d/configs/linux/scripts/logfiles/autorpm/applydate -text +log.d/configs/linux/scripts/logfiles/cron/applydate -text +log.d/configs/linux/scripts/logfiles/samba/applydate -text +log.d/configs/linux/scripts/logfiles/samba/removeheaders -text +log.d/configs/linux/scripts/logfiles/up2date/applydate -text +log.d/configs/linux/scripts/logfiles/up2date/removeheaders -text +log.d/configs/linux/scripts/logfiles/xferlog/applydate -text +log.d/configs/linux/scripts/logfiles/xferlog/removeheaders -text +log.d/configs/linux/scripts/logwatch.pl -text +log.d/configs/linux/scripts/services/arpwatch -text +log.d/configs/linux/scripts/services/automount -text +log.d/configs/linux/scripts/services/cisco -text +log.d/configs/linux/scripts/services/clam-update -text +log.d/configs/linux/scripts/services/clamav -text +log.d/configs/linux/scripts/services/clamav-milter -text +log.d/configs/linux/scripts/services/courier -text +log.d/configs/linux/scripts/services/cron -text +log.d/configs/linux/scripts/services/dhcpd -text +log.d/configs/linux/scripts/services/disk_space -text +log.d/configs/linux/scripts/services/exim -text +log.d/configs/linux/scripts/services/ftpd-messages -text +log.d/configs/linux/scripts/services/ftpd-xferlog -text +log.d/configs/linux/scripts/services/http -text +log.d/configs/linux/scripts/services/identd -text +log.d/configs/linux/scripts/services/imapd -text +log.d/configs/linux/scripts/services/in.qpopper -text +log.d/configs/linux/scripts/services/init -text +log.d/configs/linux/scripts/services/ipop3d -text +log.d/configs/linux/scripts/services/kernel -text +log.d/configs/linux/scripts/services/mailscanner -text +log.d/configs/linux/scripts/services/modprobe -text +log.d/configs/linux/scripts/services/mountd -text +log.d/configs/linux/scripts/services/named -text +log.d/configs/linux/scripts/services/oidentd -text +log.d/configs/linux/scripts/services/pam -text +log.d/configs/linux/scripts/services/pam_pwdb -text +log.d/configs/linux/scripts/services/pam_unix -text +log.d/configs/linux/scripts/services/pluto -text +log.d/configs/linux/scripts/services/pop3 -text +log.d/configs/linux/scripts/services/portsentry -text +log.d/configs/linux/scripts/services/postfix -text +log.d/configs/linux/scripts/services/pound -text +log.d/configs/linux/scripts/services/proftpd-messages -text +log.d/configs/linux/scripts/services/pureftpd -text +log.d/configs/linux/scripts/services/qmail -text +log.d/configs/linux/scripts/services/raid -text +log.d/configs/linux/scripts/services/rt314 -text +log.d/configs/linux/scripts/services/samba -text +log.d/configs/linux/scripts/services/secure -text +log.d/configs/linux/scripts/services/sendmail -text +log.d/configs/linux/scripts/services/sendmail-largeboxes -text +log.d/configs/linux/scripts/services/shaperd -text +log.d/configs/linux/scripts/services/smartd -text +log.d/configs/linux/scripts/services/sshd -text +log.d/configs/linux/scripts/services/sshd2 -text +log.d/configs/linux/scripts/services/stunnel -text +log.d/configs/linux/scripts/services/sudo -text +log.d/configs/linux/scripts/services/syslogd -text +log.d/configs/linux/scripts/services/tac_acc -text +log.d/configs/linux/scripts/services/up2date -text +log.d/configs/linux/scripts/services/vpopmail -text +log.d/configs/linux/scripts/services/vsftpd -text +log.d/configs/linux/scripts/services/yum -text +log.d/configs/linux/scripts/services/zz-disk_space -text +log.d/configs/linux/scripts/services/zz-fortune -text +log.d/configs/linux/scripts/shared/applyhttpdate -text +log.d/configs/linux/scripts/shared/applystddate -text +log.d/configs/linux/scripts/shared/applyusdate -text +log.d/configs/linux/scripts/shared/expandrepeats -text +log.d/configs/linux/scripts/shared/hostlist -text +log.d/configs/linux/scripts/shared/multiservice -text +log.d/configs/linux/scripts/shared/onlycontains -text +log.d/configs/linux/scripts/shared/onlyhost -text +log.d/configs/linux/scripts/shared/onlyservice -text +log.d/configs/linux/scripts/shared/remove -text +log.d/configs/linux/scripts/shared/removeheaders -text +log.d/configs/linux/scripts/shared/removeservice -text +log.d/db.conf -text +log.d/lib/Logwatch.pm -text +msyslog-v1.08a+smac/AUTHORS -text +msyslog-v1.08a+smac/COPYING -text +msyslog-v1.08a+smac/ChangeLog -text +msyslog-v1.08a+smac/INSTALL -text +msyslog-v1.08a+smac/Makefile -text +msyslog-v1.08a+smac/Makefile.in -text +msyslog-v1.08a+smac/NEWS -text +msyslog-v1.08a+smac/QUICK_INSTALL -text +msyslog-v1.08a+smac/README -text +msyslog-v1.08a+smac/config.log -text +msyslog-v1.08a+smac/config.status -text +msyslog-v1.08a+smac/configure -text +msyslog-v1.08a+smac/configure.in -text +msyslog-v1.08a+smac/doc/HOW-TO-UPGRADE -text +msyslog-v1.08a+smac/doc/HOW_TO_WRITE_A_MODULE -text +msyslog-v1.08a+smac/doc/README.mysql -text +msyslog-v1.08a+smac/doc/copyright -text +msyslog-v1.08a+smac/install-sh -text +msyslog-v1.08a+smac/src/Makefile -text +msyslog-v1.08a+smac/src/Makefile.in -text +msyslog-v1.08a+smac/src/TODO -text +msyslog-v1.08a+smac/src/config.h -text +msyslog-v1.08a+smac/src/config.h.in -text +msyslog-v1.08a+smac/src/examples/im_mymodule.c -text +msyslog-v1.08a+smac/src/examples/om_mymodule.c -text +msyslog-v1.08a+smac/src/examples/syslog.conf.classic -text +msyslog-v1.08a+smac/src/examples/syslog.conf.mysql -text +msyslog-v1.08a+smac/src/examples/syslog.conf.peo -text +msyslog-v1.08a+smac/src/examples/syslog.conf.pgsql -text +msyslog-v1.08a+smac/src/examples/syslog.conf.regex -text +msyslog-v1.08a+smac/src/man/BSDmakefile -text +msyslog-v1.08a+smac/src/man/BSDmakefile.in -text +msyslog-v1.08a+smac/src/man/GNUmakefile -text +msyslog-v1.08a+smac/src/man/GNUmakefile.in -text +msyslog-v1.08a+smac/src/man/Makefile -text +msyslog-v1.08a+smac/src/man/Makefile.in -text +msyslog-v1.08a+smac/src/man/im_bsd.8 -text +msyslog-v1.08a+smac/src/man/im_doors.8 -text +msyslog-v1.08a+smac/src/man/im_file.8 -text +msyslog-v1.08a+smac/src/man/im_linux.8 -text +msyslog-v1.08a+smac/src/man/im_streams.8 -text +msyslog-v1.08a+smac/src/man/im_tcp.8 -text +msyslog-v1.08a+smac/src/man/im_udp.8 -text +msyslog-v1.08a+smac/src/man/im_unix.8 -text +msyslog-v1.08a+smac/src/man/om_classic.8 -text +msyslog-v1.08a+smac/src/man/om_mysql.8 -text +msyslog-v1.08a+smac/src/man/om_peo.8 -text +msyslog-v1.08a+smac/src/man/om_pgsql.8 -text +msyslog-v1.08a+smac/src/man/om_regex.8 -text +msyslog-v1.08a+smac/src/man/om_tcp.8 -text +msyslog-v1.08a+smac/src/man/om_udp.8 -text +msyslog-v1.08a+smac/src/man/peochk.8 -text +msyslog-v1.08a+smac/src/man/syslog.conf.5 -text +msyslog-v1.08a+smac/src/man/syslogd.8 -text +msyslog-v1.08a+smac/src/modules.c -text +msyslog-v1.08a+smac/src/modules.h -text +msyslog-v1.08a+smac/src/modules/Makefile -text +msyslog-v1.08a+smac/src/modules/Makefile.in -text +msyslog-v1.08a+smac/src/modules/im_bsd.c -text +msyslog-v1.08a+smac/src/modules/im_doors.c -text +msyslog-v1.08a+smac/src/modules/im_file.c -text +msyslog-v1.08a+smac/src/modules/im_linux.c -text +msyslog-v1.08a+smac/src/modules/im_streams.c -text +msyslog-v1.08a+smac/src/modules/im_tcp.c -text +msyslog-v1.08a+smac/src/modules/im_udp.c -text +msyslog-v1.08a+smac/src/modules/im_unix.c -text +msyslog-v1.08a+smac/src/modules/ip_misc.c -text +msyslog-v1.08a+smac/src/modules/om_classic.c -text +msyslog-v1.08a+smac/src/modules/om_mysql.c -text +msyslog-v1.08a+smac/src/modules/om_peo.c -text +msyslog-v1.08a+smac/src/modules/om_pgsql.c -text +msyslog-v1.08a+smac/src/modules/om_regex.c -text +msyslog-v1.08a+smac/src/modules/om_tcp.c -text +msyslog-v1.08a+smac/src/modules/om_udp.c -text +msyslog-v1.08a+smac/src/modules/sql_misc.c -text +msyslog-v1.08a+smac/src/modules/sql_misc.h -text +msyslog-v1.08a+smac/src/modules/ttymsg.c -text +msyslog-v1.08a+smac/src/peo/Makefile -text +msyslog-v1.08a+smac/src/peo/Makefile.in -text +msyslog-v1.08a+smac/src/peo/TODO -text +msyslog-v1.08a+smac/src/peo/hash.c -text +msyslog-v1.08a+smac/src/peo/hash.h -text +msyslog-v1.08a+smac/src/peo/md5.h -text +msyslog-v1.08a+smac/src/peo/md5c.c -text +msyslog-v1.08a+smac/src/peo/peochk.c -text +msyslog-v1.08a+smac/src/peo/rmd160.c -text +msyslog-v1.08a+smac/src/peo/rmd160.h -text +msyslog-v1.08a+smac/src/peo/sha1.c -text +msyslog-v1.08a+smac/src/peo/sha1.h -text +msyslog-v1.08a+smac/src/peo/typedefs.h -text +msyslog-v1.08a+smac/src/syslogd.c -text +msyslog-v1.08a+smac/src/syslogd.h -text diff --git a/html/.htaccess b/html/.htaccess new file mode 100644 index 0000000..0988402 --- /dev/null +++ b/html/.htaccess @@ -0,0 +1,18 @@ + AuthName "CLF Login" + AuthType basic + + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user secframe + Auth_PG_pwd voQ3jV1x + #Auth_PG_encrypted off + Auth_PG_encrypted on + Auth_PG_hash_type MD5 + Auth_PG_nopasswd off + Auth_PG_database securityframework + Auth_PG_pwd_table SecFrame_TLogin + Auth_PG_uid_field TLogin_Username + Auth_PG_pwd_field TLogin_Password + + require valid-user + diff --git a/html/1stalertview.php b/html/1stalertview.php new file mode 100644 index 0000000..65870a9 --- /dev/null +++ b/html/1stalertview.php @@ -0,0 +1,110 @@ +"; + + openform("alert.php","post",2,1,0); + formfield("viewtype","Hidden",3,1,0,10,10,2); + + + echo "View Alerts for Specific Hosts
\n"; + echo "1. Select View Type:
\n "; + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo "
Host: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,0); + echo "
By Customer User and By Host Type
Host Type: "; + premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid); + echo "
Customer User: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid); + echo "
\n2. Date: "; + monthdropdown ("month",0,0,0,1,$month); + echo "/"; + daydropdown("day",0,0,0,1,$day); + echo "/"; + yeardropdown("year",0,0,0,1,$year); + crbr(1,1); + echo "3. Aggregate Results: Yes No
\n"; + formsubmit("View",3,1,0); + closeform(); + + echo ""; + if ( $group >= 2 ) { + echo "View All Alerts for a Given Day
\n"; + openform("alert.php","post",2,1,0); + formfield("viewtype","Hidden",3,1,0,10,10,1); + echo "1. Date: "; + monthdropdown ("month",0,0,0,1,$month); + echo "/"; + daydropdown("day",0,0,0,1,$day); + echo "/"; + yeardropdown("year",0,1,1,1,$year); + echo "2. Aggregate Results: Yes No
\n"; + formsubmit("View",3,1,0); + closeform(); + } + echo "\n"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stcustomer.php b/html/1stcustomer.php new file mode 100644 index 0000000..7e0e677 --- /dev/null +++ b/html/1stcustomer.php @@ -0,0 +1,80 @@ +"; + + echo "Customer Accounts
\n"; + openform("customer.php","post",2,1,0); + echo "1. Select Customer: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid); + formsubmit("Modify",3,1,0); + + echo ""; + + echo "Clone Accounts
\n"; + echo ""; + formfield("clone","hidden",3,1,0,200,200,"1"); + echo "
"; + closeform(); + openform("customer.php","post",2,1,0); + echo "1. Source Customer: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid); + echo "
2. Destination Customer: "; + userdropdownbox ($sec_dbsocket,"duserid",2,1,1,1,"",$groupid); + echo "
"; + formsubmit("Clone",3,1,0); + closeform(); + + echo "
\n"; + + echo "\n"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stequiptype.php b/html/1stequiptype.php new file mode 100644 index 0000000..7524e84 --- /dev/null +++ b/html/1stequiptype.php @@ -0,0 +1,62 @@ +Equipment Type
\n"; + echo "1. Choose Type: "; + premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid); + formsubmit("Add",3,1,0); + formsubmit("Modify",3,1,0); + formsubmit("Delete",3,1,0); + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stfilter.php b/html/1stfilter.php new file mode 100644 index 0000000..b1a0217 --- /dev/null +++ b/html/1stfilter.php @@ -0,0 +1,77 @@ +"; + openform("filter.php","post",2,1,0); + echo "Filter Entries
\n"; + echo "1. Choose Filter: "; + filterdropdown ($dbsocket,"filterid",$REMOTE_ID,3,1,1,1,"",1); + formsubmit("Add",3,1,0); + formsubmit("Modify",3,1,0); + formsubmit("Delete",3,1,0); + formfield("filtermain","Hidden",3,1,0,10,10,1); + closeform(); + if ( $group >= 3 ) { + echo ""; + openform("filter.php","post",2,1,0); + echo "Delete User Filters
\n"; + echo "1. Select User: "; + userdropdownbox ($sec_dbsocket,"userid",2,1,1,1); + formfield("filtermain","Hidden",3,1,0,10,10,1); + formsubmit("Delete User Filters",3,1,0); + closeform(); + } + echo "\n"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +?> diff --git a/html/1sthost.php b/html/1sthost.php new file mode 100644 index 0000000..365fbb1 --- /dev/null +++ b/html/1sthost.php @@ -0,0 +1,59 @@ +Host Entries
\n"; + echo "1. Choose Host: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,1); + formsubmit("Add",3,1,0); + formsubmit("Modify",3,1,0); + formsubmit("Delete",3,1,0); + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stlaunch.php b/html/1stlaunch.php new file mode 100644 index 0000000..5788398 --- /dev/null +++ b/html/1stlaunch.php @@ -0,0 +1,62 @@ +Launch Programs
\n"; + echo "1. Choose Program: "; + launchdropdown ($dbsocket, "launchid",0,1,1,1,$launchid,0); + formsubmit("Add",3,1,0); + formsubmit("Modify",3,1,0); + formsubmit("Delete",3,1,0); + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stmaint.php b/html/1stmaint.php new file mode 100644 index 0000000..6ad2964 --- /dev/null +++ b/html/1stmaint.php @@ -0,0 +1,102 @@ +Maintenance Options

\n"; + echo ""; + + echo ""; + + echo ""; + closeform(); + + openform("maintenance.php","post",2,1,0); + formfield("skip","hidden",3,1,0,200,200,1); + echo ""; + closeform(); + + openform("maintenance.php","post",2,1,0); + echo ""; + + echo "
DB Table Analyzing
"; + + openform("maintenance.php","post",2,1,0); + formsubmit("Analyze TSyslog Table",3,0,0); + echo "Analyze TSyslog to re-optimize index.
"; + formsubmit("Analyze Syslog_TArchive Table",3,0,0); + echo "Analyze Syslog_TArchive to re-optimize index.
DB Table Vacuuming
"; + formsubmit("Vacuum Entire Database",3,0,0); + echo "Vacuum entire database to re-optimize index and re-use deleted record space
"; + formsubmit("FULL Vacuum Entire Database",3,0,0); + echo "This is a last resort vacuum that releases unused disk space. This can take hours!
Basic Table Stats
"; + formsubmit("View Archive Log Breakdown",3,0,0); + echo "Display hosts and their relavent log counts that are archived in the database. RUN WITH CARE!
"; + formsubmit("View Unprocessed Log Breakdown",3,0,0); + echo "Display hosts and their relavent log counts that are waiting to be processed
Reindexing Tables
"; + formsubmit("Reindex TSyslog",3,0,0); + echo "Reindex the TSyslog table
"; + formsubmit("Reindex Syslog_TArchive",3,0,0); + echo "Reindex the Syslog_TArchive table
"; + formsubmit("Reindex SMT Instance",3,0,0); + echo "Reindex the entire SMT database instance
Basic Table Disk Usage
"; + formsubmit("Display Index Usage",3,0,0); + echo "Show how much disk space indexes are taking up
"; + formsubmit("Display SMT Table Usage",3,0,0); + echo "Show how much disk space SMT Tables are taking up
"; + formsubmit("Display Relavent Table Usage",3,0,0); + echo "Show how much disk space the Postgresql SMT Instance is taking up
Configuration Performance Management
"; + formfield("skip","hidden",3,1,0,200,200,1); + formsubmit("Display Current Locks",3,0,0); + echo "Provide detailed view of current locks on database.
"; + formsubmit("Display Database Confguration",3,0,0); + echo "View all of the configuration settings for the database.
"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stprocessor.php b/html/1stprocessor.php new file mode 100644 index 0000000..9c4c9ed --- /dev/null +++ b/html/1stprocessor.php @@ -0,0 +1,59 @@ +Modify Processor
\n"; + echo "1. Select Processor Account: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid); + formsubmit("Modify",3,1,0); + formsubmit("Clear Stale Processor",3,1,0); + + echo "
\n"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1streports.php b/html/1streports.php new file mode 100644 index 0000000..73af594 --- /dev/null +++ b/html/1streports.php @@ -0,0 +1,69 @@ +Reports

\n"; + $FooterText="
Version " . SMTVER . "
© Jeremy M. Guthrie All rights reserved.\n"; + $PageTitle="Syslog Management Tool"; + +php?> + + + +<?php echo $PageTitle; php?> + + +Available Reports:
\n"; + openform("2ndreports.php","post",2,1,0); + reporttypedropdown("reporttype",1,1,1,1); + formsubmit("Next",3,1,0); + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + echo $FooterText; +php?> + + + diff --git a/html/1strule.php b/html/1strule.php new file mode 100644 index 0000000..196432c --- /dev/null +++ b/html/1strule.php @@ -0,0 +1,103 @@ +Pre-made rulesHost Rules\n"; + echo ""; + openform("rule.php","post",2,1,0); + echo "1. Choose Rule: "; + pixruledropdown ($dbsocket, "id",2,1,0,1); + crbr(1,1); + formfield("ruletype","Hidden",3,1,0,10,10,1); + formsubmit("Add",3,1,0); + formsubmit("Modify",3,1,0); + formsubmit("Delete",3,1,0); + closeform(); + + echo ""; + openform("rule.php","post",2,1,0); + formfield("ruletype","Hidden",3,1,0,10,10,2); + echo "1. Modify Host Rules: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,1); + formsubmit("Modify",3,1,0); + closeform(); + + echo "
"; + if ( numberofrecords($dbsocket,"THost_ID","syslog_thost") > 1 ) { + echo "Clone Rules\n"; + openform("rule.php","post",2,1,0); + formfield("ruletype","Hidden",3,1,0,10,10,3); + echo "1. Clone Source:\n"; + hostdropdown ($dbsocket, $sec_dbsocket, "source", $REMOTE_ID,$group); + echo "
2. Clone Destination:\n"; + hostdropdown ($dbsocket, $sec_dbsocket, "destination", $REMOTE_ID,$group); + crbr(1,1); + formsubmit("Clone",3,1,0); + } + echo ""; + + echo "\n"; + echo "\n"; + } else { + openform("rule.php","post",2,1,0); + formfield("ruletype","Hidden",3,1,0,10,10,2); + echo "1. Modify Host Rules: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,1); + formsubmit("Modify",3,1,0); + closeform(); + } + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stsaves.php b/html/1stsaves.php new file mode 100644 index 0000000..0aaa55f --- /dev/null +++ b/html/1stsaves.php @@ -0,0 +1,70 @@ += 1 ) { + if ( numberofrecords($dbsocket,"TSave_ID","syslog_tsave","$REMOTE_ID") >= 1 ) { + echo "
"; + openform("viewsaves.php","post",2,1,0); + echo "Select Saved Logs: "; + savesdropdown ($dbsocket,"saveid",$REMOTE_ID); + crbr(1,1); + formsubmit("View",3,1,1); + closeform(); + echo "
\n"; + } else { + echo "
You have no saved results in database
\n"; + } + } + + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/1stview.php b/html/1stview.php new file mode 100644 index 0000000..c84865d --- /dev/null +++ b/html/1stview.php @@ -0,0 +1,149 @@ += 1 ) { + openform("view.php","post",2,1,0); + echo "View Specific Time Frame

\n"; + echo "1. Select View Type: "; + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo "
Host: "; + hostdropdown1 ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,0); + echo "
By Group and By Host Type (Select Below)
Host Type: "; + if (! isset($typeid)) { + $typeid = ''; + } + premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid); + echo "
Group: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid); + echo "
2. Select Time Range:
"; + echo "Start Date:"; + monthdropdown ("month",0,0,0,1,$month); + echo "/"; + daydropdown("day",0,0,0,1,$day); + echo "/"; + yeardropdown("year",0,0,0,1,$year); + echo " Time: "; + hourdropdown("hour", 0, 0, 0, 1, $hour); + echo ":"; + minutedropdown("minute", 0, 1, 1, $lines=1, $minute); + echo "
Duration:"; + durationdropdown("duration"); + echo "
"; + echo "End Date:"; + monthdropdown ("emonth",0,0,0,1,$month); + echo "/"; + daydropdown("eday",0,0,0,1,$day); + echo "/"; + yeardropdown("eyear",0,0,0,1,$year); + echo " Time: "; + hourdropdown("ehour", 0, 0, 0, 1, $hour); + echo ":"; + minutedropdown("eminute", 0, 1, 1, $lines=1, $minute); + echo "
"; + echo "RealTime View
"; + echo "3. Format Options:
"; + echo ""; + echo "
Page Breaks:Yes"; + echo " No
Lines/Page:"; + pagesize("pagesize",2,1); + echo "
"; + + formfield("viewtype","Hidden",3,1,0,10,10,2); + echo "Choose Filter Type(Optional)
"; + echo "Exclude "; + echo "Include
\n"; + echo "Regular Expression Filter: "; + formfield("regexp[]","text",3,1,1,20,40); + echo "
\n"; + echo "Use Premade Filter: "; + filterdropdown ($dbsocket,"filterid",$REMOTE_ID); + echo "
Filter Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity"; + echo "
"; + echo "Facility Range: "; + facilitydropdown("startfacility[]",1,0,0,1,0); + echo " to "; + facilitydropdown("stopfacility[]",1,0,0,1,23); + echo "
Severity Range: "; + severitydropdown("startseverity[]",1,0,0,1,0); + echo " to "; + severitydropdown("stopseverity[]",1,0,0,1,7); + + echo "
\n"; + formsubmit("View",3,1,1); + closeform(); + crbr(1,1); + } + $endtime=time(); + echo "Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); +?> + + + diff --git a/html/2ndreports.php b/html/2ndreports.php new file mode 100644 index 0000000..aa5158a --- /dev/null +++ b/html/2ndreports.php @@ -0,0 +1,172 @@ +Reports

\n"; + $FooterText="
Version " . SMTVER . "
© Jeremy M. Guthrie All rights reserved.\n"; + $PageTitle="Syslog Management Tool"; + + /* set what report options are available */ + $hostselect=0; /* allow selecting the host */ + $dateselect=0; /* allow selecting the date */ + $timeselect=0; /* allow selecting the time */ + $stopdateselect=0; /* allow selecting the stop date */ + $stoptimeselect=0; /* allow selecting the stop time */ + $timeintervalselect=0; /* allow selecting the time interval */ + $severityselect=0; + $facilityselect=0; + $stopseverityselect=0; + $stopfacilityselect=0; + $steps=0; /* reset the number of steps in a process */ + + if ( ! isset($reporttype) ) { $reporttype == 1 ; } + if ( $reporttype <= 4 ) { + $hostselect=1; + $dateselect=1; + $timeselect=1; + $stopdateselect=1; + $stoptimeselect=1; + $timeintervalselect=1; + } + +php?> + + + +<?php echo $PageTitle; php?> + + +Report Type: " . reporttypename($reporttype) . "

\n"; + formfield("reporttype","hidden",3,1,0,200,200,$reporttype); + if ( $hostselect ) { + $steps++; + echo "Step #$steps:
\n"; + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo "
Host: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,0); + echo "
By User and By Host Type
Host Type: "; + premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid); + echo "
User: "; + userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid); + echo "
\n"; + } + if ( $dateselect ) { + $steps++; + $month=date("M",time()); + $day=date("d",time()); + $year=date("Y",time()); + echo "Step #$steps: Date: "; + monthdropdown ("month",0,0,0,1,$month); + daydropdown("day",0,0,0,1,$day); + yeardropdown("year",0,1,1,1,$year); + } + if ( $timeselect ) { + $steps++; + $hour=date("G",time()); + $minute=date("i",time()); + echo "Step #$steps: Time: "; + hourdropdown("hour",0,0,0,1,$hour); + echo ":"; + minutedropdown("minute",0,1,1,1,$minute); + } + if ( $stopdateselect ) { + $steps++; + $month2=date("M",time()); + $day2=date("d",time()); + $year2=date("Y",time()); + echo "Step #$steps: Stop Date: "; + monthdropdown ("month2",0,0,0,1,$month2); + daydropdown("day2",0,0,0,1,$day2); + yeardropdown("year2",0,1,1,1,$year2); + } + if ( $stoptimeselect ) { + $steps++; + $hour2=date("G",time()); + $minute2=date("i",time()); + echo "Step #$steps: Stop Time: "; + hourdropdown("hour2",0,0,0,1,$hour2); + echo ":"; + minutedropdown("minute2",0,1,1,1,$minute2); + } + if ( $severityselect ) { + $steps++; + echo "Step #$steps: Severity: "; + severitydropdown("facility",1,1,1,1,0); + } + if ( $facilityselect ) { + $steps++; + echo "Step #$steps: Facility: "; + facilitydropdown("facility",1,1,1,1,0); + } + + formsubmit("View Report",3,1,0); + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + echo $FooterText; +php?> + + + diff --git a/html/ChangeLog.txt b/html/ChangeLog.txt new file mode 100644 index 0000000..626a237 --- /dev/null +++ b/html/ChangeLog.txt @@ -0,0 +1,445 @@ +$Id$ + +Feature Request: + +Bugs: +1. Change code to allow for tailing spaces when looking at the expression field + +3/10/2004 + - Removing any reference to company name + +3/9/2004 + - Changed out company logo + - Added GPL notice to all libraries + +1/21/2004 + - Found a bug where a host would email off an alert with no text. I've put a stop gap fix in. + +1/13/2004 + - Fixed bug with msyslog.pgsql where SET STORAGE didn't have a space before it. + - Fixed bug where hour in time of rules would default to 18:00 for no good reason + - Fixed two problems with cloning rules: 1) order was not preserved 2) an imported version of the database couldn't clone because fields that were empty needed to have non-null defaults applied + - Forgot to merge in latest VPN reports + +1/6/2004 + - Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8) + +1/6/2004 + - Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8) + +1/1/2004 + - Fixed spelling error in with the word 'threshold' in the rules schema + - Fixed a bug in vacuumdb where it was 'ANALYZ' not 'ANALYZE' + +12/19/2003 + - Updated code to look into /opt/apache + +12/10/2003 + - Updated database to schema to not use compressed text fields(we'll see how this performs) + - working on adding interfaces to more lock data and other new stats with PostgreSQL V7.4 + - cleaned up some button descriptions on the maintenance page, also added a lock view as well as a settings view + +12/9/2003 + - Finished rule.php support for basic timer maintenance. Need to add another page to graft timers onto rules. + - processlogs.php is now setup to support rule timers + - need to write rule expiration process + - started converting away from compressed text in hopes of providing faster data retrieval.... also pulled OIDs from DB definition + +12/8/2003 + - Adding support for date and time based rules with date ranges, day of week selections, as well as deleted rules, need to add interface to control rule timestamp properties + +12/7/2003 + - finished adding accumulation thresholds + +12/3/2003 + - adding support for both types of thresholds. Need to update web pages to reflect new radio buttons. + - added web configuration support for supression thresholds and accumulating thresholds, now onto updating the log processor + - basic supression works(kinda), need to verify functionality + +12/2/2003 + - customer profiles can now have multiple hosts added at once. + - fixed a stupid bug where didn't behave right. next would stop working if you started at oct-26-2003 and it would stay on oct-26-2003 + - Added web-based framework and database schema to support alert supression thresholds + +12/1/2003 + - Updated processlogs.php code to better deal with single entry/no rules vs mutliple rules + +11/19/2003 + - Updated mail table to enforce unique login ids(effectively stopping two processes from running at the same time, one will crash and die(safely)) + - Updated openmail and closeopenmail to use transaction support since PostgreSQL no longer does server-side auto-commit(ie. convert everything to transactions) + - Transaction support should now be officially added, will do some testing + +11/18/2003 + - Updating program for support with PostGreSQL V7.4 + - Fixed host process table to reflect the fact that multiple hosts are in there by default + +10/13/2003 + - Added alert total to bottom of alert aggregation + +10/6/2003 + - finished support for alert aggregation + - updated 1stview to pull the current time and date + - fixed host.php bug where you could expire syslogs but not be forced to expire syslogs + +10/5/2003 + - still adding support for alert aggregation. Basic aggregation works plus alert zooming but need to add support for across the board for other alert queries + +10/3/2003 + - added ability to un/suspend log processors from the web interface + - updated maintenance to rebuild all indexes in an better manner(ie. grab the index list from the DB rather then by hand) + - added additional framework to do alert aggregation interface. Need to add 'aggregation code' for display + +9/24/2003 + - weeklyindexrebuild.php now pulls all indexes from the system and rebuilds them. The result is that the system will now rebuild any new indexes without manual reconfiguration. + +9/15/2003 + - launchid was not initiated correctly in the clonerule. + +9/2/2003 + - Fixed a bug where '\'s at the end of a line caused problems because we were not properly dealing with them in general. Fixed that. + +8/23/2003 + - Created another bug when fixing 5000 line paging. Timestamp was thrown off in view.php + +8/18/2003 + - Syncing changes from production smt environment: vacuumtsyslog.php + - Updated weeklyindexrebuild.php to account for the correct indexes + - Updated maint.php to account for the three new indexes for the launch program section + +8/13/2003 + - view.php has had several updates. Paging should now be fixed. Multiple searches appeared not to be working correctly. + - Needed to add lastid as hidden var if the variable was set + - Needed to use urlencode on top of htmlspecialcharacters, filters were broken because of it + +8/11/2003 + - 1stfilter.php doesn't list 'global' filters that you down own + - modified view.php to not let the user save a filter with no description + - added support to delete all of a user's filters(ie. do before delete) + - another problem popped up with filter.php when I added the delete user filter option + +8/1/2003 + - processlogs.php now supports launching external programs! + +7/31/2003 + - Updated vacuumdb.php to do a full vacuum of the TSyslog table. Why? Because the system doesn't reclaim disk space or use old delete space for some reason + - Almost finished adding launch program code, need to test. + +7/27/2003 + - Added weeklyindexrebuild.php which rebuilds all indexes at 5am Sunday morning + +7/23/2003 + - Continue the programming of the 'launch' ability into the system. Will need to touch code for clearing stale processors + - Adding another maintenance option for viewing the log volume breakout of every host in the Syslog_TArchive table + - Just shoot me: I have added reindexing support to the maintenance page. I have also updated vacuumdb to reindex before the vacuum + - Updating maintenance displays to show what the object types are, views, tables, etc.. + - Can now reindex the all of the SMT-related/created indexes from the maintenance page + +7/22/2003 + - Updating software to include a basic maintenance page + - Create script to do 'vacuum analyze TSyslog', the system will attempt to vacuum every hour + - Added maintenance section to allow for web-based manual db vacuum + - Cleaned up maintance page to do 'analyze'. + - Adjusted 'hourly' script to analyze, not vacuum + +7/21/2003 + - Updated processor.php to allow clearing of stale processors via the web browser + - Updated processlogs.php to update processed ID's via the same delete transaction + - processlogs.php no longer can clear stale processes, it now issues alerts in the event the system is taking longer than an hour between runs + - 1stequiptype.php did not properly exit if user did not have permissions 8( + - Found a bug in the BottomQuery portion of the distinction section for view.php. It was requesting entries from TSyslog, not tarchive. 8( + - Basic launch administration is finished. Need to extend rules to support launching. + - Updated rule.php to allow for the launch field. + - Fixed a problem where using premade rules only pulled the description + expression. Updated to pull severity, facility, rule-or-level, and launchid + +7/20/2003 + - Found BIG BUG with how the system pulls syslogs. It turns out that some systems are able to force SMT to think it is learning data @ 1/1/2003. In any case, the system is inserting records but it is not accounting for them. It was alerting but not deleting them. 8( I fixed it. + - I also fixed how the system calculates timeframes. + - Added new index to TSyslog for host & TSyslog_ID to hopefully allow for faster searching + +7/16/2003 + - processlogs.php is more vocal about cleanup + - changed page access so the system checks to see if the client connection is coming on a port < 443, if so then error + - there was a bug with view.php asking for BottomTopQuery instead of BottomQuery. Fixed + +7/9/2003 + - processlogs.php wasn't queueing to 64K before migrating logs over. The system now dumps out debug output for every 64K block + +7/8/2003 + - alert.php now adjusted to join both tables + - Found an issue with hosts.php where deleting a host deleted syslogs but not alerts related to those logs. Fixed that problem. 8) + - Processlogs.php is alsmost finished. 8) + - processlogs.php is done. Time to load another build onto dangermen.com! + - Fixed expirelogs.php to expire off of the archive table, nightlyroguecheck also checks both tables + +7/7/2003 + - Will be working to have TSyslog archive logs to a different table after processing. The result should be a giant speed up! Starting after 0.212 + - Created an archive table. view.php now pulls from the archive table & current table + - alert.php needs to be adjusted. + - processlogs.php needs to push from one table to another + - Initial results are very positive + +6/13/2003 + - Found a but where host.php doesn't delete a processor association for a host that has been deleted. 8( + +3/31/2003 + - Fixed a bug in processlogs.php where it was submitting emails w/ subject using $host instead of $loghost + +3/20/2003 + - Finished adding 'per host' rate alerting + - Cleaned up rate-warning emails include the hostname in the subject line of the email + - Updated processor.php to only list those hosts where that have not been assigned. 8) + - We don't just make the syslog product you buy, we make the syslog product you buy better! + +3/19/2003 + - Found a bug in view.php where saving filters was not saving 'facility & severity' rules + - Update to pgsql.msyslog table to re-include premade hosts for SMT + - Modifed customer.php to allow setting 'edit' attribute on a per-host basis + - Added support for users to edit rules assuming they have 'permission' to do so. 8) + - Broke user cloning, forgot to adjust for destination user as well as new attributes, all fixed + - Added individual host log rate warnings, added per host rate warnings to host.php, need to do processlogs.php + +2/21/2003 + - Updated view.php as it was not having difficulties marking lines in red when multiple matches would be happening + +2/3/2003 + - Finished basic function comments in pix.php, should probably rename the library + +1/27/2003 + - Fixed a problem with numberofmonth where it was not going up to December. + +1/14/2003 + - Updated processlogs to be a little more carefull about 'divide by zero' errors when calculating speed numbers + - Updated vacuumdb script to vacuumdb the securityframework instance as well as SMT. + +1/13/2003 + - Included default host 'localhost' with one rule that responds to root@localhost + +1/12/2003 + - Made sure smt will work with mod_auth_pgsql + +12/4/2002 + - addmail function was missing a appostrophe protection for SQL insertion + - Took out a debug message in the clonedenial rules section + +11/26/2002 + - Removed dropdenials as I already had dropdenial. dropdenails was referenced in rule.php + - Adding lots of comments, need to finish this task + +10/23/2002 + - vacuumdb now does the vacuum inside PHP as cleanpgsqlnightly isn't working quite right. + +10/1/2002 + - emails issued by processlogs now append the name of the box for which the alert belongs + - the alert page now has a 'refresh' option + - discovered another bug in alert.php where viewing alerts by host doesn't work anymore 8( + - making alerts available to customers, that was the problem. + - alerts should now be viewable by users + +9/29/2002 + - Pulled some debugging code + - Made more premade rule adjustments + +9/23/2002 + - still working on the reporting engine + +9/20/2002 + - expire.php, archive.php, nightlyroguecheck.php, processlogs.php all use php-cli mode 8) + - working on reports to breakdown data procesing into smaller chunks + +9/2/2002 + - Finished first report: cisco-pix-bandwidthbreakdown.php + - Updated nightlyroguecheck.php to check logs from the last day to now + +9/1/2002 + - More work on the reporting framework + +8/31/2002 + - Begin adding support for pix utilization reports + +8/30/2002 + - Updated database indexes to have cencatenated index for TSyslog on host,date, & time + - Updated the customer view so that the filter type wasn't a text box but hidden as it should be. + +8/28/2002 + - Fixed yet another bug with the customer view where hostdropdown where logincanseehost as we were passing it host instead of hostid + +8/28/2002 + - Fixed a bug with SMT w/ view.php and filters using facility & severity, the code even mentioned it was broken + +8/27/2002 + - Missing a bunch of indexes on alerts & syslogs, we want indexs for time and date + +8/26/2002 + - Updated processlogs to provide more details about time frames + +8/24/2002 + - Fixed a problem with the premade rules not correctly saving the rule type. + +8/23/2002 + - Fixed a problem with using facility & severity and not matching rules correctly in both view.php & processlogs.php + - Added hostname as part of subject line in SMT report + - Found more problems with facility & severity with view, appears processlogs.php is also flawed + - Okay, so major fixes were made to processlogs.php and to view to finish up proper support for facility and severity + +8/22/2002 + - Took out an 'Expression:' debug statement + - Did some adjustment to the time stamping of 'processlogs.php' + +8/13/2002 + - Added support for 's and \'s in the filtering code + - Premade rules now supports 's and \'s. Also fixed new problems with rules page. Filters appears good as well + - Started updating premade hosts for cloning + - Pixes, LocalDirectors, CatOS Switches, and IOS Routers are now ready for cloning + - IOS Switches and VPN devices remain + +8/12/2002 + - Took out all of the premade rules from the Syslog_TPremade as they were overkill and unnecessary + +8/10/2002 + - Updated rule.php & processlogs.php to correctly support \'s & "'"s + +8/8/2002 + - nightlyroguecheck had a few bugs, fixed + - view.php was missing an AND for viewing syslogs for hosts assigned to a customer + +8/5/2002 + - Added pagma no-cache and 300 second refresh to alert.php + - Displays time & date of last syslog message when query generates logs > 5000 alerts, provides info in relation to query timeframe + +7/28/2002 + - Added the ability to view the next 5000 lines should someone want to. + +7/26/2002 + - added the ability to administer equipment types + - Fixed bug with emails where there wasn't an \r issues with each \n + - Fixed bug where emails contained HTML color codes + - ViewSaves would enable after anyone saved a syslog entry. Now it only enables after the logged in user saves something + +7/24/2002 + - There was an issue with filterid not being set correctly so filter.php could not properly tell between an add and a modfiy + - Added navigation buttons to alerts page + - Cloning of rules only appears if there is more than one host + - Delete page slimmed down to only allow optional deletion of syslog messages + - Saved results page displays error if there are no saved syslogs in the savedata table + - Changed version number to V0.99.20B + - SecurityFramework while a separate package has been sufficiently integrated into SMT + +7/23/2002 + - Filters are broken in that setting filters to facility & severity only 'includes' regardless of setting + - Fixed problem with filters, they were 'half implemented' + +7/21/2002 + - All users of the appropriate security level will see the saved syslog option + - Had to change Filter Type: Rule, etc... + +7/15/2002 + - Changed 'Rule Type: Rule, Log Level, and Both' to 'expression, facility + severity, and expression, facility & severity" + - Added scripts directory w/ expire, processlogs, and a /tmp debug tool + - Fixed renaming so that only syslogs may be renamed. 8) + - Added nightlyroguecheck script to call the nightlyroguecheck.php script(checks for hosts who log but aren't defined) + - I though "Multiple filter expressions appear to be broken when viewing syslogs", I was wrong. + - Fixed 'color' problem with alert.php + +7/10/2002 + - Adjusted pgsql.msyslog so we do not use 'char' but 'varchar' + +5/29/2002 + - Still working on processlogs.php to update processed ids for those hosts w/ no rules + - View.php line 321 appears to have issues + +5/28/2002 + - began work on processlogs.php to cover those hosts who are assigned to a processor but have no rules assigned. + - customer.php and processor.php now check for duplicates/single assignments as appropriate + +5/12/2002 + - processlogs.php is finished(in terms of configuration) + +5/11/2002 + - Started working on processlogs.php + +5/10/2002 + - expire.php was only written to support a single expiration time and not a time per host. + +5/9/2002 + - view.php updated to start supporting thost_id + +5/8/2002 + - 1sthost.php and hosts.php should be converted to support thost_id + - 1stcustomer.php and customer.php should be converted to support thost_id + - 1stprocessor.php and processor.php should be converted to support thost_id + +5/7/2002 + - Started working on converting the system from using _host as a key to THost_ID + +4/11/2002 + - Fixed 1stcustomer.php as the form did not 'close' for either form + - Fixed alert.php color coding + - I had to install 'distinct on' in the SQL log selection as some log entries appeared more than once. + +4/4/2002 + - Added code to fix duplicate entries in emails + - Changed version to V0.99.01B + +3/18/2002 + - Log data is color coded + - A new version of processlogs.php is out w/ debug msgs in it. Working good on Harley. + - Took debug out of 'saving syslogs'. + - Save Syslogs now supports using "'" 8( Much work left to do w/ 's + - Can now view data by 'user and host type' + - Started work on deleting hosts from the system and accounting for host rules + - adding a host no longer shows the 'renaming fields' + +2/24/2002 + - Hosts menu allows synchronizing other tables when renaming hosts + - Fixed paging + +2/22/2002 + - Denial chains are complete. 8) + +2/19/2002 + - working on processlogsnew.php which cache's host rules & denial rules at the beginning to minimize DB access + +2/18/2002 + - Updated pages to announce how long they took to process + - Clone rules broken, sequence not working + - Fixed cloned rules as they were calling for the premade sequence number not the rule sequence number + +2/17/2002 + - Final support included for priority & severity + - Created archive, supports dumping data to std out for bzip2 8) + - Denial chain support added to system, processlogs.php all that remains + +2/16/2002 + - View, Alerts, and View Saves all use colors to convey severity + - Filters support severity + +2/15/2002 + - Changed named to Syslog Management Tool(for now) + - Viewer now supports filters using facility and severity + +2/13/2002 + - Updated view to look like a Berbee product. 8) + +2/12/2002 + - Made some progress on using filters w/ facilty & severity. Very buggy + +2/11/2002 + - View logs produces repeates... think unnecessary Syslog_TRules invovled. + - Process logs was a bit messaged up, the old delvierymessage variable instead of deliverymessage + - Per host/per person email now works + - Added code to msyslog to support writing facility & severity to the log messages + - Working on scheme where rules & filters can be filter/rules,filter/rules & log levels, or just log levels + +2/10/2002 + - Can now clone customer accounts + - Added stale processor auto-cleaning code so the system will clean up 'old processors' after 30 minutes + - System sends an alert email if the system recieves some 3000+ log entries in a given sample. + - Nightly system issues emails notifying for hosts who are logging to the system but are not defined as hosts in the system + +2/9/2002 + - Updated code to use PGSQL V7.2 8) Can you say bigserial, no table lock vacuum, and much more? 8) + - Looking into using the transaction interface. + - host properties isn't properly keeping the alert log expiration time <= syslog expiration time + - View host had a issue with 'view data from last five minutes' + - View Saves had the group context wrong, denying access to the page if the group >= 2(ie noc or better) + - Filter administration is should be finished diff --git a/html/admin/.htaccess b/html/admin/.htaccess new file mode 100644 index 0000000..922c2ca --- /dev/null +++ b/html/admin/.htaccess @@ -0,0 +1,23 @@ + AuthName "System Login" + AuthType basic + + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user secframe + Auth_PG_pwd voQ3jV1x + Auth_PG_encrypted on + Auth_PG_hash_type MD5 + Auth_PG_nopasswd off + Auth_PG_database securityframework + Auth_PG_pwd_table SecFrame_TLogin + Auth_PG_uid_field TLogin_Username + Auth_PG_pwd_field TLogin_Password + + require valid-user + +#Deny from all +#AuthType Basic +#AuthUserFile /usr/apache/conf/.htpass +#AuthName "System Login" +#Require valid-user +#Satisfy any diff --git a/html/admin/ChangeLog.txt b/html/admin/ChangeLog.txt new file mode 100644 index 0000000..a0520f2 --- /dev/null +++ b/html/admin/ChangeLog.txt @@ -0,0 +1,44 @@ +Things to add: + +Things Broken: +1. Deleting stuff sometimes barks about failing but doesn't really fail + +12/19/2003 + - changed software to use /opt/apache instead of /usr/apache + +8/18/2003 + - changed software to support http via ports > than 443 + +8/13/2003 + - Updated generalweb.php to use urlencode.php + +8/10/2003 + - SecFrame now uses md5 passwords! + +1/15/2003 + - Updated password support to check for minimum length as well as a mixed case or single-case + symbols password + - Added md5pass.php from http://limonez.net/~jure/php/ to the package. Will use it to sync passwords to shadow + +1/14/2003 + - Updated to include Secframe_TQueue table for adding/deleting users + changing passwords, other functions to come + +1/13/2003 + - Updated to include msyslog application in ACL + - Now includes three users: msyslog, noc, and sample + - Users are setup to default in msyslog application. + +1/12/2003 + - Included .htaccess file for mod_auth_pgsql + +8/26/2002 + - Stripped out debug code from generalweb.php + +8/8/2002 + - fixed calls in .php files to /usr/apache/htdocs/inst, instead of /usr/apache/htdocs/login + +7/24/2002 + - Integrated interface into SMT + - Cleaned up interfaces to be more fluid + - Main interface(index.php) no longer has click-on links for add users, all functions are button drive + - Delete page slimmed down to only allow optional deletion of syslog messages + diff --git a/html/admin/app.php b/html/admin/app.php new file mode 100644 index 0000000..fc536f7 --- /dev/null +++ b/html/admin/app.php @@ -0,0 +1,344 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../config.php'); + + $dbsocket=sec_dbconnect(); + + $REMOTE_ID=sec_usernametoid($dbsocket,$REMOTE_USER); + $ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators'); + + if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) { + dbdisconnect($dbsocket); + exit; + } + + $PageTitle="Application Membership"; + do_header($PageTitle, 'adminapp'); + if ( ! isset($appfunction)) { + $appfunction = 0; + }; + if ( ( ( $action == "Modify") || ( $appfunction == 1 ) ) && ( isset($TApp_ID) ) ) { + $appfunction = 1 ; + echo "

Modify Application


\n"; + if ( $SaveID == 1 ) { + $Results = sec_updateapp ($dbsocket, $TApp_ID, $TApp_Name, $TApp_Desc); + if ( $Results ) { + echo "Save successfull
\n"; + } else { + echo "Save failed!
\n"; + } + } + $SQLQuery="select * from SecFrame_TApp where TApp_ID=$TApp_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TApp_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_name)); + $TApp_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_desc)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TApp_Name=""; + $Tapp_Desc=""; + } + openform("app.php","post",2,1,0); + formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID); + formfield("appfunction","Hidden",3,1,0,10,10,$appfunction); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "Application Name: "; + formfield("TApp_Name","TEXT",3,1,1,30,30,$TApp_Name); + echo "Application Description: "; + formfield("TApp_Desc","TEXT",3,1,1,30,80,$TApp_Desc); + formsubmit("Save",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + if ( ( ( $action == "Delete") || ( $appfunction == 2 ) ) && ( isset($TApp_ID) ) ) { + $appfunction = 2; + echo "

Delete Application


\n"; + if ( $DeleteID == 1 ) { + $ResultsApp = sec_delid($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID); + $ResultsAppPerm = sec_delid($dbsocket,"SecFrame_TAppPerm","TApp_ID",$TApp_ID); + if ( ( $ResultsApp ) && ( $ResultsAppPerm ) ) { + echo "Delete successfull
\n"; + } else { + echo "Delete failed!
\n"; + } + } else { + $SQLQuery="select * from SecFrame_TApp where TApp_ID=$TApp_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TApp_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_name)); + $TApp_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_desc)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TApp_Name=""; + $TApp_Desc=""; + } + openform("app.php","post",2,1,0); + formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID); + formfield("appfunction","Hidden",3,1,0,10,10,$appfunction); + /* formfield("DeleteID","Hidden",3,1,0,10,10,"1"); */ + echo "Are you sure you want to delete $TApp_Desc? "; +%> + Yes + No
+<% + formsubmit("Delete",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + } + if ( ( ( $action == "Adjust ACL") || ( $appfunction == 3 ) ) && ( isset($TApp_ID) ) && ( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) { + $appfunction = 3 ; + if ( ( $action == "Up" ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) && + ( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) { + $SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $ACLID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id)); + $ACLUserGroup[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup)); + $ACLUGID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid)); + $ACLAllowAccess[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess)); + $ACLAppID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id)); + $ACLPriority[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_priority)); + array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID); + } + $found=0; + for ( $loop = $SQLNumRows ; $loop != 0 ; $loop-- ) { + if ( $loop != 0 ) { + if ( $ACLID[$loop] == $TAppPerm_ID ) { $found=$loop; } + } + } + if ( $found > 0 ) { + $swap=$ACLID[$found]; + $ACLID[$found]=$ACLID[$found-1]; + $ACLID[$found-1]=$swap; + + $swap=$ACLUserGroup[$found]; + $ACLUserGroup[$found]=$ACLUserGroup[$found-1]; + $ACLUserGroup[$found-1]=$swap; + + $swap=$ACLUGID[$found]; + $ACLUGID[$found]=$ACLUGID[$found-1]; + $ACLUGID[$found-1]=$swap; + + $swap=$ACLAllowAccess[$found]; + $ACLAllowAccess[$found]=$ACLAllowAccess[$found-1]; + $ACLAllowAccess[$found-1]=$swap; + + $swap=$ACLAppID[$found]; + $ACLAppID[$found]=$ACLAppID[$found-1]; + $ACLAppID[$found-1]=$swap; + + /*$swap=$ACLPriority[$found]; + $ACLPriority[$found]=$ACLPriority[$found-1]; + $ACLPriority[$found-1]=$swap;*/ + + array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID); + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + sec_updateappperm ($dbsocket, $ACLID[$loop], $ACLUserGroup[$loop], + $ACLUGID[$loop], $ACLAllowAccess[$loop], $ACLAppID[$loop], $ACLPriority[$loop]); + } + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + if ( ( $action == "Down" ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) && + ( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) { + $SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $ACLID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id)); + $ACLUserGroup[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup)); + $ACLUGID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid)); + $ACLAllowAccess[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess)); + $ACLAppID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id)); + $ACLPriority[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_priority)); + array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID); + } + $found=0; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + if ( $loop != $SQLNumRows ) { + if ( $ACLID[$loop] == $TAppPerm_ID ) { $found=$loop; } + } + } + if ( $found < $SQLNumRows ) { + $swap=$ACLID[$found]; + $ACLID[$found]=$ACLID[$found+1]; + $ACLID[$found+1]=$swap; + + $swap=$ACLUserGroup[$found]; + $ACLUserGroup[$found]=$ACLUserGroup[$found+1]; + $ACLUserGroup[$found+1]=$swap; + + $swap=$ACLUGID[$found]; + $ACLUGID[$found]=$ACLUGID[$found+1]; + $ACLUGID[$found+1]=$swap; + + $swap=$ACLAllowAccess[$found]; + $ACLAllowAccess[$found]=$ACLAllowAccess[$found+1]; + $ACLAllowAccess[$found+1]=$swap; + + $swap=$ACLAppID[$found]; + $ACLAppID[$found]=$ACLAppID[$found+1]; + $ACLAppID[$found+1]=$swap; + + /*$swap=$ACLPriority[$found]; + $ACLPriority[$found]=$ACLPriority[$found+1]; + $ACLPriority[$found+1]=$swap;*/ + + array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID); + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + sec_updateappperm ($dbsocket, $ACLID[$loop], $ACLUserGroup[$loop], + $ACLUGID[$loop], $ACLAllowAccess[$loop], $ACLAppID[$loop], $ACLPriority[$loop]); + } + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + if ( $action == "Save" ) { + if ( $add == "user" ) { + $usergroup=1; + $ugid=$TLogin_ID; + } else { + $usergroup=2; + $ugid=$TGroup_ID; + } + $priority= sec_getpriority($dbsocket,$TApp_ID); + $Results = sec_addappperm($dbsocket,$usergroup,$ugid,$AllowAccess,$TApp_ID,$priority); + if ( $Results ) { + echo "Add successfull
\n"; + } else { + echo "Add failed!
\n"; + } + } + if ( ( $action == "Remove" ) && ( isset($TAppPerm_ID) ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) ) { + $Results = sec_delid($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID); + if ( $Results ) { + echo "ACL removal successfull
\n"; + } else { + echo "ACL removal failed!
\n"; + } + } + openform("app.php","post",2,1,0); + formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID); + formfield("appfunction","Hidden",3,1,0,10,10,$appfunction); + echo "Access-List: " . sec_appname($dbsocket,$TApp_ID) . "
\n"; + echo "\n"; + echo "\n"; + echo "
User/GroupUser/Group NamePermit/DenySave or Reset
Group: Group: "; + groupdropdownbox ($dbsocket,"TGroup_ID",3,1,1,1,""); + echo "
\nUser: "; + userdropdownbox ($dbsocket,"TLogin_ID",3,1,1,1,""); + echo "		Action: "; + echo "\n"; + echo ""; + formsubmit("Save",3,1,0); + formreset("Reset",3,1,1); + echo "
User: "; + echo "
\n"; + + $SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + echo ""; + echo "\n"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $tappperm_id=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id)); + $tapp_id=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id)); + $tappperm_ugid=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid)); + $tappperm_usergroup=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup)); + $tappperm_allowaccess=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess)); + echo ""; + if ( $tappperm_usergroup == 1 ) { + echo ""; + } else { + echo ""; + } + if ( $tappperm_allowaccess ) { + echo "\n"; + } else { + echo "\n"; + } + } + echo ""; + echo "
ACL EntryUser/Group NameUser/GroupPermit/Deny
" . sec_username($dbsocket,$tappperm_ugid) . "User" . sec_groupname($dbsocket,$tappperm_ugid) . "GroupPermit
Deny
"; + formsubmit("Remove",3,1,0); + echo ""; + formsubmit("Up",3,1,0); + formsubmit("Down",3,1,1); + echo "
\n"; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + closeform(1); + } + if ( $appfunction == 0 ) { + echo "

Add an Application


\n"; + if ( $SaveID == 1 ) { + $Results = sec_addapp($dbsocket,$TApp_Name,$TApp_Desc); + if ( $Results ) { + echo "Add successfull
\n"; + } else { + echo "Add failed!
\n"; + } + } else { + openform("app.php","post",2,1,0); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "Application Name: "; + formfield("TApp_Name","TEXT",3,1,1,30,30,""); + echo "Application Description: "; + formfield("TApp_Desc","TEXT",3,1,1,30,80,""); + formsubmit("Save",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + } + do_footer(); + dbdisconnect($dbsocket); +%> diff --git a/html/admin/data/commands b/html/admin/data/commands new file mode 100644 index 0000000..767ae79 --- /dev/null +++ b/html/admin/data/commands @@ -0,0 +1,33 @@ +CREATE TABLE SecFrame_TQueue ( + TQueue_ID integer DEFAULT nextval('TQueue_Seq'), + TQueue_Command varchar(16) NOT NULL, + TQueue_Date date NOT NULL, + TQueue_Time time NOT NULL, + TQueue_DateProcessed date, + TQueue_TimeProcessed time, + TQueue_Processed integer, + TQueue_Data1 text, + TQueue_Data2 text +)\g + + +Commands: + +adduser + data1: username + +deluser + data1: username + +moduser + data1: current username + data2: new username + +changepass + data1: newpassword + + +TQueue_Processed: + 0: not processed + 1: done + 2: aborted diff --git a/html/admin/data/convertpw.php b/html/admin/data/convertpw.php new file mode 100755 index 0000000..3369135 --- /dev/null +++ b/html/admin/data/convertpw.php @@ -0,0 +1,48 @@ +#!/opt/bin/php +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + $dbsocket=sec_dbconnect(); + + $SQLQuery="select TLogin_ID,TLogin_Username,TLogin_Password from SecFrame_TLogin;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + for ( $loop =0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $md5pass=md5($SQLQueryResultsObject->tlogin_password); + echo "$SQLQueryResultsObject->tlogin_id: $SQLQueryResultsObject->tlogin_username: " . md5($SQLQueryResultsObject->tlogin_password) . "\n"; + $SQLQuery="update SecFrame_TLogin set TLogin_Password='$md5pass' where TLogin_ID=$SQLQueryResultsObject->tlogin_id"; + $NewSQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($NewSQLQueryResults) or + die(pg_errormessage()."
\n"); + } + + + + + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + +%> + diff --git a/html/admin/data/install.txt b/html/admin/data/install.txt new file mode 100644 index 0000000..ded3c22 --- /dev/null +++ b/html/admin/data/install.txt @@ -0,0 +1,5 @@ +Simple list for installing Security Framework. + +1. Create the db, securityframework +2. cat pgsql.framework | psql securityframework +3. Adjust passwords as necessary diff --git a/html/admin/data/pgsql.secframe b/html/admin/data/pgsql.secframe new file mode 100644 index 0000000..3929aca --- /dev/null +++ b/html/admin/data/pgsql.secframe @@ -0,0 +1,113 @@ +CREATE SEQUENCE TQueue_Seq\g +CREATE TABLE SecFrame_TQueue ( + TQueue_ID integer DEFAULT nextval('TQueue_Seq'), + TQueue_Command varchar(16) NOT NULL, + TQueue_Date date NOT NULL, + TQueue_Time time NOT NULL, + TQueue_DateProcessed date, + TQueue_TimeProcessed time, + TQueue_Processed integer, + TQueue_Data1 text, + TQueue_Data2 text +)\g +CREATE UNIQUE INDEX TQueue_ID_Idx on SecFrame_TQueue (TQueue_ID)\g +CREATE INDEX TQueue_Command_Idx on SecFrame_TQueue (TQueue_Command)\g +grant all on TQueue_Seq to secframe\g +grant all on SecFrame_TQueue to secframe\g + +CREATE SEQUENCE TLogin_Seq\g +CREATE TABLE SecFrame_TLogin ( + TLogin_ID integer DEFAULT nextval('TLogin_Seq'), + TLogin_Username varchar(128) NOT NULL, + TLogin_Password varchar(32) NOT NULL, + TLogin_Name varchar(40) NOT NULL, + TLogin_Email varchar(40) NOT NULL, + TLogin_Home varchar(20), + TLogin_Work varchar(20), + TLogin_Cell varchar(20), + TLogin_Pager varchar(20), + TLogin_Address1 varchar(40), + TLogin_Address2 varchar(40), + TLogin_City varchar(40), + TLogin_State varchar(2), + TLogin_Zip varchar(12) +) \g +CREATE UNIQUE INDEX TLogin_ID_Idx on SecFrame_TLogin (TLogin_ID)\g +CREATE UNIQUE INDEX TLogin_Username_Idx on SecFrame_TLogin (TLogin_Username)\g +grant all on TLogin_Seq to secframe\g +grant all on SecFrame_TLogin to secframe\g +insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('sample','password','Sample User','samplemail@yahoo.com','','','','','','','','','')\g +insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('noc','password','NOC User','root@localhost','','','','','','','','','')\g +insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('msyslog','password','msyslog User','root@localhost','','','','','','','','','')\g + +CREATE SEQUENCE TGroup_Seq\g +CREATE TABLE SecFrame_TGroup ( + TGroup_ID integer DEFAULT nextval('TGroup_Seq'), + TGroup_Name varchar(30) NOT NULL, + TGroup_Desc varchar(80) NOT NULL +) \g +CREATE UNIQUE INDEX TGroup_ID_Idx on SecFrame_TGroup (TGroup_ID)\g +grant all on TGroup_Seq to secframe\g +grant all on SecFrame_TGroup to secframe\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Everyone','All Users')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Administrators','System Administrators')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Normal Users','Standard System Users')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Customer','Customers of Syslog System')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Analyst','NOC Analyst')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Administrators','Syslog Adminstrator')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog msyslog','Syslog Processor')\g + +CREATE SEQUENCE TGroupMembers_Seq\g +CREATE TABLE SecFrame_TGroupMembers ( + TGroupMembers_ID integer DEFAULT nextval('TGroupMembers_Seq'), + TLogin_ID integer not null, + TGroup_ID integer not null +) \g +CREATE UNIQUE INDEX TGroupMembers_ID_Idx on SecFrame_TGroupMembers (TGroupMembers_ID)\g +grant all on TGroupMembers_Seq to secframe\g +grant all on SecFrame_TGroupMembers to secframe\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,1)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (2,1)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (3,1)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (6,1)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,2)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (3,2)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (5,2)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,3)\g +insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (7,3)\g + +CREATE SEQUENCE TApp_Seq\g +CREATE TABLE SecFrame_TApp ( + TApp_ID integer DEFAULT nextval('TApp_Seq'), + TApp_Name varchar(30) NOT NULL, + TApp_Desc varchar(80) NOT NULL +) \g +CREATE UNIQUE INDEX TApp_ID_Idx on SecFrame_TApp (TApp_ID)\g +grant all on TApp_Seq to secframe\g +grant all on SecFrame_TApp to secframe\g +insert into SecFrame_TApp (TApp_Name,TApp_Desc) values ('Administrators','Administrators Access-List')\g + +insert into SecFrame_TApp (TApp_Name,TApp_Desc) values ('SyslogOp','Syslog Access-List')\g + +CREATE SEQUENCE TAppPerm_Seq\g +CREATE TABLE SecFrame_TAppPerm ( + TAppPerm_ID integer DEFAULT nextval('TAppPerm_Seq'), + TAppPerm_UserGroup integer not null, + TAppPerm_UGID integer not null, + TAppPerm_AllowAccess integer not null, + TAppPerm_Priority integer not null, + TApp_ID integer not null +) \g +CREATE UNIQUE INDEX TAppPerm_ID_Idx on SecFrame_TAppPerm (TAppPerm_ID)\g +CREATE INDEX TAppPerm_UserGroup_Idx on SecFrame_TAppPerm (TAppPerm_UserGroup)\g +CREATE INDEX TAppPerm_UGID_Idx on SecFrame_TAppPerm (TAppPerm_UGID)\g +CREATE INDEX TAppPerm_AllowAccess_Idx on SecFrame_TAppPerm (TAppPerm_AllowAccess)\g +CREATE INDEX TAppPerm_TApp_ID_Idx on SecFrame_TAppPerm (TApp_ID)\g +grant all on TAppPerm_Seq to secframe\g +grant all on SecFrame_TAppPerm to secframe\g + +insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,1,0,1,2); +insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,6,1,2,2); +insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,5,1,3,2); +insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,4,1,4,2); +insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,7,1,5,2); diff --git a/html/admin/faq.txt b/html/admin/faq.txt new file mode 100644 index 0000000..6716a59 --- /dev/null +++ b/html/admin/faq.txt @@ -0,0 +1,102 @@ +1. Licensing + +Modular Syslog and Cisco's TACACS+ Daemon have thier own licenses. READ THEM! +SMT and the Security Framework are covered under the GPL. + +2. What is up with the versions of your software? + +If you haven't noticed already, the version numbers reported in the tar.bz2 archives doesn't reflect the file names, this is because I'm moving from a crusty source management system to a better one. Real versioning via CVS is coming shortly. + +3. What is the Syslog Management tool & the Security Framework? + +The idea is quite simple, SMT uses Modular Syslog to collect syslog messages and dump them to a SQL server(PostGreSQL). SMT then grabs logs and runs rules consisting of regular expressions, facility & severity ranges, and other parameters such as time to determine who, when, and how to alert. + +4. How much log volume can SMT handle? + +Our system is an IBM 335 w/ Dual SCSI-160 36gig mirrored drives. I can sustain 28 megabytes per second reading and about 18 megabytes per second writing. All told, the highest volume my system has run was about 800 megabytes of logs in a given day. My calculations seem to indicate that our system could handle 4-5 gigabytes a day without showing significant lag on the web interface side. + +5. What are the components of a working SMT System? + +# I'll reserve the good detail for the docs but the components of a working SMT system are as follows: One or more log processors +# A log expiration process +# A reindexer +# A log archiver +# One or more web consoles +# The database +# One or more syslog servers +# The TACACS+ daemon to collect command accounting + +6. What are the minimums? + +Frankly, I run my software on my personal firewall at home(486 DX25 w/ 48MB of RAM). So you can get away with running it on a fairly slim system, problem: IDE sucks. If you run it on an IDE subsystem, don't complain to me when it doesn't perform. I do recommend a dual processor system for sites where there is a decent amount of use going on. Why? Because one processor can be involved dealing with the database and the other can handle everything else. V2.4 Linux Kernel CPU affinity isn't great but 2.6 shows better results(from my initial testing). + +7. Great, how much RAM will I need? + +That is a very good question. If you are serious about this, I'd recommend a gig of RAM. File system caching will use a LOT of it up. For example, we run about a 5 gig foot print and we have a gig and a half of RAM. PostgreSQL is acting using about 800megabytes of it. The rest is OS caching and the like. + +8. PostgreSQL looks like it could use some tuning.... can you help? + +Sure. Down below are some snippets from my postgresql.conf file(mind you, I have a 1.5gig of RAM): + +DO NOT USE ALL OF YOUR FREE RAM FOR SHARED BUFFERS, YOUR PERFORMANCE WILL PAY! +shared_buffers = 29400 # min 16, at least max_connections*2, 8KB each +Default amount available for sorting each query +sort_mem = 4096 # min 64, size in KB + +How much memory vacuum will have available to it(and it will need it) +vacuum_mem = 196608 # min 1024, size in KB + +YOU MUST TUNE YOUR FSM PAGES! The Free space map is used to track free space within the existing table space. The FSM tracks free space, as soon as you have more slots free then FSM space, FSM will start losing free space withing your database. Thus it will start to grow and grow and grow till you either increase your FSM AND VACUUM or perform a FULL VACUUM. +max_fsm_pages = 40000000 # min max_fsm_relations*16, 6 bytes each + +PostgreSQLs default action is to 'sync' after every write. This is too expensive. The downside is that you can suffer data corruption if the system crashes. Reality: I've never lost data to a crash but there is always a first time for everything +fsync = false # turns forced synchronization on or off + +wal_buffers = 128 # min 4, 8KB each + +If memory serves me correctly, this tells PostgreSQL about how much the system cache will typically run at. 8) +effective_cache_size = 48400 # typically 8KB each + +Hey, it's a logging system, log dag nabit! +syslog = 1 # range 0-2; 0=stdout; 1=both; 2=syslog +syslog_facility = 'LOCAL0' +syslog_ident = 'postgres' + +I've added profiling code to dump some stats about PostgreSQL. As a result we need to make sure PostGreSQL is actually collecting stats! +log_timestamp = true +stats_start_collector = true +stats_command_string = true +stats_block_level = true +stats_row_level = true +stats_reset_on_server_start = true + +One other change to make but this is a system option not a PostgreSQL option +sysctl kernel.shmmax=1342177280 + +9. What OS does this run on? + +Frankly, I've run it on RedHat but I prefer Slackware. However the limitations of my software would be more based on Modular Syslog and PostGreSQL. ie. of Modular Syslog compiles on FreeBSD, should work fine on FreeBSD. + +10. How can I tell how large of Free Space Map I'll need for PostgreSQL? + +Run a 'vacuum full analyze verbose' and it will tell you the number of pages your database is using. Make sure you do that after you have roughly the amount of data you want to maintain in your database. + +11. Why is your software better then anyone elses? + +a. Because anyone can manage it, not just the one sysadmin who is never around when his pager goes off and no one else knows. +b. It is scalable in that it can be centrally managed and grown. +c. It can interface with systems such as HP Service Desk. +d. It allows for better event correllation as all events are available via one console. + +12. I noticed that you don't have your database doing a lot of bounds checking on data... what gives? + +Database IO is a precious thing. I reserve all of the overhead other than IO for other hosts(in a distributed system). As a result, I leave data bounds checking mainly to the application and not the database. + +13. What authentication mechanisms can I use? + +You can use pretty much any authentication mechanism you want. My software looks for the REMOTE_USER variable. I recommend mod_auth_pgsql so you can use the Security Framework password database but you could use SecurID, ActiveDirectory, or any other native Apache authentication module. + +14. What about MySQL? + +Time dictates I have twenty four hours a day. Six hours of that is sleep, 10 hours of that is work, that leaves me a few hours to exercise and be with my wife. If you want MySQL support, I gladly welcome it but I do not have the time to write for it. 8( + diff --git a/html/admin/group.php b/html/admin/group.php new file mode 100644 index 0000000..d6fb686 --- /dev/null +++ b/html/admin/group.php @@ -0,0 +1,180 @@ +

Modify Group


\n"; + if ( $SaveID == 1 ) { + $Results = sec_updategroup ($dbsocket, $TGroup_ID, $TGroup_Name, $TGroup_Desc); + if ( $Results ) { + echo "Save successfull
\n"; + } else { + echo "Save failed!
\n"; + } + } + $SQLQuery="select * from SecFrame_TGroup where TGroup_ID=$TGroup_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TGroup_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_name)); + $TGroup_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_desc)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TGroup_Name=""; + $TGroup_Desc=""; + } + openform("group.php","post",2,1,0); + formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID); + formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "Group Name: "; + formfield("TGroup_Name","TEXT",3,1,1,30,30,$TGroup_Name); + echo "Group Description: "; + formfield("TGroup_Desc","TEXT",3,1,1,30,80,$TGroup_Desc); + formsubmit("Save",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + if ( ( ( $_POST['action'] == "Delete" ) || ( $groupfunction == 2 ) ) && ( isset($TGroup_ID) ) ) { + $groupfunction = 2 ; + echo "

Delete Group


\n"; + if ( $DeleteID == 1 ) { + $Results = sec_delid($dbsocket,"SecFrame_TGroup","TGroup_ID",$TGroup_ID); + $ResultsGroupMembers = sec_delid($dbsocket,"SecFrame_TGroupMembers","TGroup_ID",$TGroup_ID); + if ( ( $Results ) && ( $ResultsGroupMembers ) ) { + $SQLQuery="delete from SecFrame_TAppPerm where TAppPerm_UserGroup=2 and TAppPerm_UGID=$TGroup_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Delete successfull
\n"; + } else { + echo "Delete failed!
\n"; + } + } else { + $SQLQuery="select * from SecFrame_TGroup where TGroup_ID=$TGroup_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TGroup_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_name)); + $TGroup_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_desc)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TGroup_Name=""; + $TGroup_Desc=""; + } + openform("group.php","post",2,1,0); + formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID); + formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction); + /* formfield("DeleteID","Hidden",3,1,0,10,10,"1"); */ + echo "Are you sure you want to delete $TGroup_Desc? "; +?> + Yes + No
+

Modify Membership


\n"; + if ( $_POST['action'] == "Remove" ) { + if ( count($TLogin_ID) != 0 ) { + for ( $loop = 0 ; $loop != count($TLogin_ID) ; $loop++ ) { + $Results = sec_dropgroupmembers($dbsocket,$TLogin_ID[$loop],$TGroup_ID); + } + } + } + if ( $_POST['action'] == "Add" ) { + if ( count($TLogin_ID) != 0 ) { + for ( $loop = 0 ; $loop != count($TLogin_ID) ; $loop++ ) { + $Results = sec_addgroupmembers($dbsocket,$TLogin_ID[$loop],$TGroup_ID); + } + } + } + openform("group.php","post",2,1,0); + formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID); + formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction); + echo "Group: " . sec_groupname($dbsocket,$TGroup_ID) . "
\n"; + echo tabs(2) . "\n\n\n
\n"; + echo "Non-Members:Members
"; + groupmemberdropdownbox ($dbsocket,"TLogin_ID[]",$TGroup_ID,0,0,1,1,5,1); + echo tabs(2) . "\n"; + groupmemberdropdownbox ($dbsocket,"TLogin_ID[]",$TGroup_ID,1,0,1,1,5,1); + echo tabs(2) . "
"; + formsubmit("Add",3,1,0); + echo tabs(2) . ">>> <<<"; + formsubmit("Remove",3,1,0); + echo tabs(2) . "
\n"; + closeform(1); + } + if ( $groupfunction == 0 ) { + echo "

Add a Group


\n"; + if ( $SaveID == 1 ) { + $Results = sec_addgroup($dbsocket,$TGroup_Name,$TGroup_Desc); + if ( $Results ) { + echo "Add successfull
\n"; + } else { + echo "Add failed!
\n"; + } + } else { + openform("group.php","post",2,1,0); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "Group Name: "; + formfield("TGroup_Name","TEXT",3,1,1,30,30,""); + echo "Group Description: "; + formfield("TGroup_Desc","TEXT",3,1,1,30,80,""); + formsubmit("Save",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + } + + + do_footer(); + dbdisconnect($dbsocket); +?> diff --git a/html/admin/images/background.gif b/html/admin/images/background.gif new file mode 100644 index 0000000..2e8f791 Binary files /dev/null and b/html/admin/images/background.gif differ diff --git a/html/admin/images/tile.gif b/html/admin/images/tile.gif new file mode 100644 index 0000000..d4e30c1 Binary files /dev/null and b/html/admin/images/tile.gif differ diff --git a/html/admin/images/title.gif b/html/admin/images/title.gif new file mode 100644 index 0000000..28dbdec Binary files /dev/null and b/html/admin/images/title.gif differ diff --git a/html/admin/index.php b/html/admin/index.php new file mode 100644 index 0000000..9753353 --- /dev/null +++ b/html/admin/index.php @@ -0,0 +1,80 @@ + + + + +
+ Group Administration
+ + 		+ Application Administration
+ +
+
User Administration
+ + 		+
+ diff --git a/html/admin/license.txt b/html/admin/license.txt new file mode 100644 index 0000000..5b6e7c6 --- /dev/null +++ b/html/admin/license.txt @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/html/admin/scripts/php/queue.php b/html/admin/scripts/php/queue.php new file mode 100755 index 0000000..d37610c --- /dev/null +++ b/html/admin/scripts/php/queue.php @@ -0,0 +1,67 @@ +#!/usr/bin/php +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + +/* +CREATE TABLE SecFrame_TQueue ( + TQueue_ID integer DEFAULT nextval('TQueue_Seq'), + TQueue_Command varchar(16) NOT NULL, + TQueue_Date date NOT NULL, + TQueue_Time time NOT NULL, + TQueue_DateProcessed date, + TQueue_TimeProcessed time, + TQueue_Processed integer, + TQueue_Data1 text, + TQueue_Data2 text +)\g +*/ + require_once('/opt/apache/htdocs/login/lib/pgsql.php'); + require_once('/opt/apache/htdocs/login/lib/generalweb.php'); + require_once('/opt/apache/htdocs/login/lib/secframe.php'); + + $sec_dbsocket=sec_dbconnect(); + + $date=date("M-d-Y",(time() - 86400)); + + $SQLQuery="select TSyslog.TSyslog_ID,TSyslog.host,TSyslog.date,TSyslog.time,TSyslog.message,TSyslog.Facility,TSyslog.Severity" ; + + $SQLQueryResults = pg_exec($sec_dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows != 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + + $results=shell_exec($command); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->message)); + $vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity))); + $vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility))); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + + dbdisconnect($sec_dbsocket); +%> diff --git a/html/admin/secversion b/html/admin/secversion new file mode 100644 index 0000000..9459d4b --- /dev/null +++ b/html/admin/secversion @@ -0,0 +1 @@ +1.1 diff --git a/html/admin/user.php b/html/admin/user.php new file mode 100644 index 0000000..d2726f1 --- /dev/null +++ b/html/admin/user.php @@ -0,0 +1,260 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../config.php'); + + $dbsocket=sec_dbconnect(); + + $REMOTE_ID=sec_usernametoid($dbsocket,$REMOTE_USER); + $ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators'); + + if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) { + dbdisconnect($dbsocket); + exit; + } + + $PageTitle="User Membership"; + do_header($PageTitle, 'adminuser'); + + if ( ! isset($userfunction)) { + $userfunction = 0; + } + if ( ( ( $userfunction == 1 ) || ( $action == "Modify" ) ) && ( isset($TLogin_ID) ) ) { + $userfunction = 1 ; + echo "
Modify User

\n"; + if ( isset($SaveID) && $SaveID == 1 ) { + $reason=""; + if ( $TLogin_Password == $TLogin_Password2 ) { + if ( strlen($TLogin_Password) >= 8 ) { + if ( sec_verifypassword($TLogin_Password) || ( strlen($TLogin_Password) > 31 ) ) { + + $Results = sec_updatelogin ($dbsocket,$TLogin_ID,$TLogin_Username,$TLogin_Password, + $TLogin_Name,$TLogin_Email,$TLogin_Home,$TLogin_Work,$TLogin_Cell,$TLogin_Pager, + $TLogin_Address1,$TLogin_Address2,$TLogin_City,$TLogin_State,$TLogin_Zip); + } else { + $reason = "Password requires a mix of uppercase or lowercase letters with numbers or symbols"; + } + } else { + $reason = "Password not log enough!"; + } + } else { + $reason = "Password mismatch!"; + } + if ( isset($Results) ) { + echo "Save successfull
\n"; + } else { + echo "Save failed! $reason
\n"; + } + } + $SQLQuery="select * from SecFrame_TLogin where TLogin_ID=$TLogin_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TLogin_Username = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_username)); + $TLogin_Password = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_password)); + $TLogin_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_name)); + $TLogin_Email = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_email)); + $TLogin_Work = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_work)); + $TLogin_Home = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_home)); + $TLogin_Cell = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_cell)); + $TLogin_Pager = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_pager)); + $TLogin_Address1 = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_address1)); + $TLogin_Address2 = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_address2)); + $TLogin_City = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_city)); + $TLogin_State = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_state)); + $TLogin_Zip = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_zip)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TLogin_Username=""; + $TLogin_Password=""; + $TLogin_Name=""; + $TLogin_Email=""; + $TLogin_Work=""; + $TLogin_Home=""; + $TLogin_Cell=""; + $TLogin_Pager=""; + $TLogin_Address1=""; + $TLogin_Address2=""; + $TLogin_City=""; + $TLogin_State=""; + $TLogin_Zip=""; + } + openform("user.php","post",2,1,0); + formfield("TLogin_ID","Hidden",3,1,0,10,10,$TLogin_ID); + formfield("userfunction","Hidden",3,1,0,10,10,$userfunction); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "
"; + echo "*User Name: "; + formfield("TLogin_Username","TEXT",3,1,1,16,16,$TLogin_Username); + echo "*Password: "; + formfield("TLogin_Password","Password",3,1,1,16,32,$TLogin_Password); + echo " *Confirm Password: "; + formfield("TLogin_Password2","Password",3,1,1,16,32,$TLogin_Password); + echo "
*Name: "; + formfield("TLogin_Name","TEXT",3,1,1,40,128,$TLogin_Name); + echo "*Email:"; + formfield("TLogin_Email","TEXT",3,1,1,30,40,$TLogin_Email); + echo "
Home Phone: "; + formfield("TLogin_Home","TEXT",3,1,1,20,20,$TLogin_Home); + echo "Cell Phone: "; + formfield("TLogin_Cell","TEXT",3,1,1,20,20,$TLogin_Cell); + echo "
Work Phone: "; + formfield("TLogin_Work","TEXT",3,1,1,20,20,$TLogin_Work); + echo "Pager: "; + formfield("TLogin_Pager","TEXT",3,1,1,20,20,$TLogin_Pager); + echo "
Address 1: "; + formfield("TLogin_Address1","TEXT",3,1,1,40,40,$TLogin_Address1); + echo "Address 2: "; + formfield("TLogin_Address2","TEXT",3,1,1,40,40,$TLogin_Address2); + echo "City: "; + formfield("TLogin_City","TEXT",3,0,0,40,40,$TLogin_City); + echo " State: "; + formfield("TLogin_State","TEXT",3,0,0,2,2,$TLogin_State); + echo " Zip: "; + formfield("TLogin_Zip","TEXT",3,1,1,12,12,$TLogin_Zip); + echo "
"; + formsubmit("Save",3,1,0); + echo ""; + formreset("Reset",3,1,1); + echo "

\n* - Denotes required field
"; + closeform(1); + } + if ( ( ( $userfunction == 2 ) || ( $action == "Delete" ) ) && ( isset($TLogin_ID) ) ) { + $userfunction = 2; + echo "

Delete User


\n"; + if ( $DeleteID == 1 ) { + $Results = sec_delid($dbsocket,"SecFrame_TLogin","TLogin_ID",$TLogin_ID); + $ResultsGroupMembers = sec_delid($dbsocket,"SecFrame_TGroupMembers","TLogin_ID",$TLogin_ID); + if ( ( $Results ) && ( $ResultsGroupMembers ) ) { + $SQLQuery="delete from SecFrame_TAppPerm where TAppPerm_UserGroup=1 and TAppPerm_UGID=$TLogin_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Delete successfull
\n"; + } else { + echo "Delete failed!
\n"; + } + } else { + $SQLQuery="select * from SecFrame_TLogin where TLogin_ID=$TLogin_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $TLogin_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_name)); + $TLogin_Username = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_username)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } else { + $TLogin_Name=""; + $TLogin_Username=""; + } + openform("user.php","post",2,1,0); + formfield("TLogin_ID","Hidden",3,1,0,10,10,$TLogin_ID); + formfield("userfunction","Hidden",3,1,0,10,10,$userfunction); + echo "Are you sure you want to delete $TLogin_Name? "; +%> + Yes + No
+<% + formsubmit("Delete",3,1,0); + formreset("Reset",3,1,1); + closeform(1); + } + } + if ($userfunction == 0 ) { + echo "

Add a User


\n"; + if ( isset($SaveID) && ($SaveID == 1) ) { + $reason=""; + $Results=0; + if ( $TLogin_Password == $TLogin_Password2 ) { + if ( strlen($TLogin_Password) >= 8 ) { + if ( sec_verifypassword($TLogin_Password) ) { + $Results = sec_addlogin($dbsocket,$TLogin_Username,$TLogin_Password,$TLogin_Name, + $TLogin_Email,$TLogin_Home,$TLogin_Work,$TLogin_Cell,$TLogin_Pager, + $TLogin_Address1,$TLogin_Address2,$TLogin_City,$TLogin_State,$TLogin_Zip); + $TempTLogin_ID=sec_usernametoid($dbsocket,$TLogin_Username); + $EVERYONEGROUP_ID=sec_groupnametoid($dbsocket,'Everyone'); + $Results2 = sec_addgroupmembers($dbsocket,$TempTLogin_ID,$EVERYONEGROUP_ID); + } else { + $reason = "Password requires a mix of uppercase or lowercase letters with numbers or symbols"; + } + } else { + $reason = "Password not log enough!"; + } + } else { + $reason = "Password mismatch!"; + } + if ( ( $Results ) && ( $Results2 ) ) { + echo "Add successfull
\n"; + } else { + echo "Add failed! $reason
\n"; + } + } else { + openform("user.php","post",2,1,0); + formfield("SaveID","Hidden",3,1,0,10,10,"1"); + echo "
"; + echo "*User Name: "; + formfield("TLogin_Username","TEXT",3,1,1,16,16,""); + echo "*Password: "; + formfield("TLogin_Password","Password",3,1,1,16,32,""); + echo " *Confirm Password: "; + formfield("TLogin_Password2","Password",3,1,1,16,32,""); + echo "
*Name: "; + formfield("TLogin_Name","TEXT",3,1,1,40,40,""); + echo "*Email: "; + formfield("TLogin_Email","TEXT",3,1,1,40,40,""); + echo "
Home Phone: "; + formfield("TLogin_Home","TEXT",3,1,1,20,20,""); + echo "Cell Phone: "; + formfield("TLogin_Cell","TEXT",3,1,1,20,20,""); + echo "
Work Phone: "; + formfield("TLogin_Work","TEXT",3,1,1,20,20,""); + echo "Pager: "; + formfield("TLogin_Pager","TEXT",3,1,1,20,20,""); + echo "
Address 1: "; + formfield("TLogin_Address1","TEXT",3,1,1,40,40,""); + echo "Address 2: "; + formfield("TLogin_Address2","TEXT",3,1,1,40,40,""); + echo "City: "; + formfield("TLogin_City","TEXT",3,0,0,40,40,""); + echo "State: "; + formfield("TLogin_State","TEXT",3,0,0,2,2,""); + echo "Zip: "; + formfield("TLogin_Zip","TEXT",3,1,1,12,12,""); + echo "
"; + formsubmit("Save",3,1,0); + echo ""; + formreset("Reset",3,1,1); + echo "

\n* - Denotes required field
"; + closeform(1); + } + } + + + do_footer(); + dbdisconnect($dbsocket); +%> diff --git a/html/alert.php b/html/alert.php new file mode 100644 index 0000000..e1f5434 --- /dev/null +++ b/html/alert.php @@ -0,0 +1,271 @@ +\n"; + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + } + + /***************************************************************************/ + /* Add aggregate interface: */ + /* select count(tsyslog_id), host from TSyslog group by host order by host */ + /***************************************************************************/ + + if ( $group == 1 ) { + $userid=$REMOTE_ID; + } + + if ( ( $group == 1 ) && ( $viewtype == 2 ) && ( $datatype == 2 ) ) { + $datatype = 4; + $userid=$REMOTE_ID; + } + if ( $viewtype == 1 ) { + if ( ! $aggregate ) { + $SQLQuery="select TSyslog.TSyslog_id,Syslog_TAlert.TAlert_Date,Syslog_TAlert.TAlert_Time,Syslog_TAlert.TAlert_Info,TSyslog.date,TSyslog.time,TSyslog.host,TSyslog.message,TSyslog.Facility,TSyslog.Severity from TSyslog,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id union select Syslog_TArchive.TSyslog_id,Syslog_TAlert.TAlert_Date,Syslog_TAlert.TAlert_Time,Syslog_TAlert.TAlert_Info,Syslog_TArchive.date,Syslog_TArchive.time,Syslog_TArchive.host,Syslog_TArchive.message,Syslog_TArchive.Facility,Syslog_TArchive.Severity from Syslog_TArchive,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id order by date,time desc"; + } else { + $SQLQuery="select tsyslog.host, count(distinct(TSyslog.TSyslog_id)) from TSyslog,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id group by host union select syslog_tarchive.host,count(distinct(syslog_tarchive.TSyslog_id)) from Syslog_TArchive,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id group by host order by host"; + } + } else { + $SQLQuery=""; + if ( ! $aggregate ) { + $TopSQLQuery="select TSyslog.TSyslog_id, Syslog_TAlert.TAlert_Date, Syslog_TAlert.TAlert_Time, Syslog_TAlert.TAlert_Info, TSyslog.date, TSyslog.time, TSyslog.host, TSyslog.message, TSyslog.Facility, TSyslog.Severity from TSyslog, Syslog_TAlert"; + $BottomSQLQuery="select Syslog_TArchive.TSyslog_id, Syslog_TAlert.TAlert_Date, Syslog_TAlert.TAlert_Time, Syslog_TAlert.TAlert_Info, Syslog_TArchive.date, Syslog_TArchive.time, Syslog_TArchive.host, Syslog_TArchive.message, Syslog_TArchive.Facility, Syslog_TArchive.Severity from Syslog_TArchive, Syslog_TAlert"; + } else { + $TopSQLQuery="select tsyslog.host, count(distinct(TSyslog.TSyslog_id)) from TSyslog, Syslog_TAlert"; + $BottomSQLQuery="select syslog_tarchive.host, count(distinct(Syslog_TArchive.TSyslog_id)) from Syslog_TArchive, Syslog_TAlert"; + } + if ( $datatype == 1 ) { + $host=gethost($dbsocket,$hostid); + $TopSQLQuery = $TopSQLQuery . ",Syslog_THost where TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id and Syslog_TAlert.TAlert_Date='$month-$day-$year' "; + if ( $aggregate ) { + $TopSQLQuery = $TopSQLQuery . " group by host union "; + } else { + $TopSQLQuery = $TopSQLQuery . " union "; + } + $BottomSQLQuery = $BottomSQLQuery . ",Syslog_THost where Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id and Syslog_TAlert.TAlert_Date='$month-$day-$year' "; + if ( $aggregate ) { + $BottomSQLQuery = $BottomSQLQuery . " group by host order by host"; + } else { + $BottomSQLQuery = $BottomSQLQuery . " order by date,time desc"; + } + $SQLQuery=$TopSQLQuery . $BottomSQLQuery; + } + if ( $datatype == 2 ) { + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id "; + if ( $aggregate ) { + $TopSQLQuery = $TopSQLQuery . " group by host union "; + } else { + $TopSQLQuery = $TopSQLQuery . " union "; + } + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TArchive.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id "; + if ( $aggregate ) { + $BottomSQLQuery = $BottomSQLQuery . " group by host order by host"; + } else { + $BottomSQLQuery = $BottomSQLQuery . " order by date,time desc"; + } + $SQLQuery=$TopSQLQuery . $BottomSQLQuery; + } + if ( $datatype == 3 ) { + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id ) and ". + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( TSyslog.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) "; + if ( $aggregate ) { + $TopSQLQuery = $TopSQLQuery . " group by host union "; + } else { + $TopSQLQuery = $TopSQLQuery . " union "; + } + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id ) and ". + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) "; + if ( $aggregate ) { + $BottomSQLQuery = $BottomSQLQuery . " group by host order by host"; + } else { + $BottomSQLQuery = $BottomSQLQuery . " order by date,time desc"; + } + $SQLQuery=$TopSQLQuery . $BottomSQLQuery; + } + if ( $datatype == 4 ) { + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id ) and ". + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( TSyslog.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid ) and ". + "( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) "; + if ( $aggregate ) { + $TopSQLQuery = $TopSQLQuery . " group by host union "; + } else { + $TopSQLQuery = $TopSQLQuery . " union "; + } + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id ) and ". + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid ) and ". + "( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) " ; + if ( $aggregate ) { + $BottomSQLQuery = $BottomSQLQuery . " group by host order by host"; + } else { + $BottomSQLQuery = $BottomSQLQuery . " order by date,time desc"; + } + $SQLQuery=$TopSQLQuery . $BottomSQLQuery; + } + } + + + /* Create the 'previous' and 'next' day date parameters */ + $todayseconds=mktime(12,0,0,numberofmonth($month),$day,$year); + $priorday=$todayseconds - 86400; + $nextday=$todayseconds + 86400; + + $pmonth=strftime("%b",$priorday); + $pday=strftime("%d",$priorday); + $pyear=strftime("%Y",$priorday); + + $nmonth=strftime("%b",$nextday); + $nday=strftime("%d",$nextday); + $nyear=strftime("%Y",$nextday); + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $PageTitle="Syslog Management Tool"; + do_header($PageTitle, 'alert'); + + if ( $aggregate ) { + $numhosts = 0; + $hosts = ""; + $alerttotal=0; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $found = 0; + for ( $subloop = 1 ; $subloop != ($numhosts + 1 ) ; $subloop++ ) { + if ( $SQLQueryResultsObject->host == $hosts[$subloop] ) { + $found++; + $count[$subloop] = $count[$subloop] + $SQLQueryResultsObject->count; + } + } + if ( ! $found ) { + $numhosts++; + $hosts[$numhosts]=$SQLQueryResultsObject->host; + $count[$numhosts]=$SQLQueryResultsObject->count; + $alerttotal = $alerttotal + $SQLQueryResultsObject->count; + } + } + } + echo "Date: $month-$day-$year

\n"; + if ( $viewtype == 1 ) { + echo "\n" . + "". + "
Previous DayRefreshNext Day

\n"; + } + if ( $viewtype == 2 ) { + $append="&viewtype=$viewtype&datatype=$datatype&hostid=$hostid&typeid=$typeid&&userid=$userid&aggregate=$aggregate"; + echo "\n" . + "". + "
Previous DayRefreshNext Day

\n"; + } + if ( $SQLNumRows ) { + if ( ! $aggregate ) { + echo "\n"; + echo "\n"; + + for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + if ( $bgcolor == "#EEEEEE" ) { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#EEEEEE";} + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->message)); + $alertdate=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_date)); + $alerttime=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_time)); + $alertinfo=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_info)); + $severity=stripslashes(pgdatatrim($SQLQueryResultsObject->severity)); + $facility=stripslashes(pgdatatrim($SQLQueryResultsObject->facility)); + $fontcolor='#000000'; + if ( ( $severity == 4 ) || ( $severity == 3 ) ) { $fontcolor='#FF8800'; } + if ( $severity <= 2 ) { $fontcolor='#FF0000'; } + $severity=verboseseverity($severity); + $facility=verbosefacility($facility); + + echo "\n"; + echo "\n"; + } + echo "
Syslog IDAlarm DateAlarm TimeLearned DateLearned TimeFacilitySeverityHostAlert Rule
$id$alertdate$alerttime$date$time$facility$severity$host
$alertinfo
$message
\n"; + } else { + echo "\n"; + echo "\n"; + for ( $loop = 1 ; $loop != ($numhosts+1) ; $loop ++ ) { + $hostid=relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$hosts[$loop]'"); + $href="alert.php?viewtype=2&datatype=1&hostid=$hostid&typeid=6&month=$month&day=$day&year=$year&aggregate=0&action=View"; + echo "\n"; + } + echo "\n"; + echo "
Host Name# of Alerts
$hosts[$loop]$count[$loop]
Total:$alerttotal alerts
\n"; + } + } else { echo "No alerts for given day.

\n"; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/background.html b/html/background.html new file mode 100644 index 0000000..d7361eb --- /dev/null +++ b/html/background.html @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/html/background.php b/html/background.php new file mode 100644 index 0000000..f191230 --- /dev/null +++ b/html/background.php @@ -0,0 +1,7 @@ + + + diff --git a/html/calendar.php b/html/calendar.php new file mode 100644 index 0000000..c2069d6 --- /dev/null +++ b/html/calendar.php @@ -0,0 +1,52 @@ +. See http://diveintomark.org/archives/2002/07/03 + $calendar = ''."\n".'\n"; + + if($day_name_length){ #if the day names should be shown ($day_name_length > 0) + #if day_name_length is >3, the full name of the day will be printed + foreach($day_names as $day) $calendar .= ''; + $calendar .= "\n"; + } + + if($weekday > 0) $calendar .= ''; #initial 'empty' days + for($day=1,$days_in_month=gmdate('t', $first_of_month); $day<=$days_in_month; $day++,$weekday++){ + if($weekday == 7){ + $weekday = 0; #start a new week + $calendar .= "\n"; + } + if(isset($days[$day]) and is_array($days[$day])){ + @list($link, $classes, $content) = $days[$day]; + if(is_null($content)) $content = $day; + $calendar .= '' : '>'). + ($link ? ''.$content.'' : $content).''; + } + else $calendar .= ""; + } + if($weekday != 7) $calendar .= ''; #remaining "empty" days + + return $calendar."\n
'. + ($month_href ? ''.$title.'' : $title). + "
'. + htmlentities($day_name_length < 4 ? substr($day,0,$day_name_length) : $day). + '
 
$day 
\n"; +} +?> \ No newline at end of file diff --git a/html/config.php b/html/config.php new file mode 100644 index 0000000..2422fbc --- /dev/null +++ b/html/config.php @@ -0,0 +1,12 @@ + \ No newline at end of file diff --git a/html/customer.php b/html/customer.php new file mode 100644 index 0000000..f059d28 --- /dev/null +++ b/html/customer.php @@ -0,0 +1,136 @@ + 0 ) ) { + dropcustomerhost($dbsocket,$id); + } + if ( ( $action == "Add" ) && ( count($hostid) >= 1 ) && ( $userid != "" ) ) { + for ( $loop=0 ; $loop != count($hostid) ; $loop++ ) { + if ( $hostid != "" ) { + if ( idexist($dbsocket,"Syslog_THost","THost_ID",$hostid[$loop]) ) { + if ( ! assignedtouser ($dbsocket,$userid,$hostid[$loop]) ) { addcustomerhost($dbsocket,$hostid[$loop],$userid,$allowedit); } + } + } + } + } + if ( ( $action == "Save" ) && ( $assignedhostid != "" ) ) { + if ( assignedtouser ($dbsocket,$userid,$assignedhostid) ) { + dropcustomerhost($dbsocket,$id); + addcustomerhost($dbsocket,$assignedhostid,$userid,$existallowedit); + } + } + if ( ( $action == "Clone") && ( idexist($dbsocket,"Syslog_TCustomerProfile","TLogin_ID",$userid) ) ) { + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + if ( ( sec_groupmember($sec_dbsocket,$userid,$groupid) ) && + ( sec_groupmember($sec_dbsocket,$duserid,$groupid) ) ) { + $SQLQuery="select TCustomerProfile_EditRules,THost_ID from Syslog_TCustomerProfile where Syslog_TCustomerProfile.TLogin_ID=$userid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $hostid=pgdatatrim($SQLQueryResultsObject->thost_id); + $allowedit=$SQLQueryResultsObject->tcustomerprofile_editrules; + if ( ! assignedtouser ($dbsocket,$duserid,$hostid) ) { addcustomerhost($dbsocket,$hostid,$duserid,$allowedit); } + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + $userid=$duserid; + } + + $PageTitle="Syslog Management Tool"; + do_header($PageTitle, 'customer'); + + echo "Customer: " . sec_username($sec_dbsocket,$userid) . "
\n"; + $SQLQuery="select THost_ID,TCustomerProfile_EditRules,TCustomerProfile_ID,Syslog_THost.THost_Host from Syslog_TCustomerProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and Syslog_TCustomerProfile.THost_ID=Syslog_THost.THost_ID order by Syslog_THost.THost_Host"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + openform("customer.php","post",2,1,0); + formfield("host","Hidden",3,1,0,10,10,$host); + formfield("userid","Hidden",3,1,0,10,10,$userid); + echo "\n"; + echo ""; + echo "\n"; + closeform(); + if ( $SQLNumRows ) { + echo ""; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tcustomerprofile_id)); + $host=pgdatatrim($SQLQueryResultsObject->thost_host); + $assignedhostid=pgdatatrim($SQLQueryResultsObject->thost_id); + $allowedit=$SQLQueryResultsObject->tcustomerprofile_editrules; + openform("customer.php","post",2,1,0); + formfield("userid","Hidden",3,1,0,10,10,$userid); + formfield("id","Hidden",3,1,0,10,10,$id); + echo "'; + echo ""; + closeform(); + echo "\n"; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + echo "
ActionHostAllow Host Rule Edits
" ; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid[]", $REMOTE_ID,$group,0,0,0,5); + echo "
ActionHost
"; + echo ''; + echo '$host"; + formfield("assignedhostid","Hidden",3,1,0,10,10,$assignedhostid); + if ( $allowedit ) { + echo ""; + } else { + echo ""; + } + echo "
\n"; + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/data/install b/html/data/install new file mode 100644 index 0000000..9e4979d --- /dev/null +++ b/html/data/install @@ -0,0 +1,10 @@ +$Id$ + +1. cat pgsql.secframe | psql -Upostgres securityframework +2. createdb TSyslog +3. cat pgsql.msyslog | psql -Upostgres TSyslog +4. adjust php.ini + sendmail_path = /usr/sbin/sendmail -i -t -fmailfromsmac@yourdomain.com + max_execution_time = 295 + memory_limit = 16M +5. put the .htaccess file into the correct directory diff --git a/html/data/pgsql.msyslog b/html/data/pgsql.msyslog new file mode 100644 index 0000000..b804445 --- /dev/null +++ b/html/data/pgsql.msyslog @@ -0,0 +1,499 @@ +/* $Id$ */ + +/****************************************************/ +/* */ +/* Table: Syslog_TMail */ +/* */ +/* Purpose: A TMail entry is made per processor to */ +/* watch for stale processors, duplicate */ +/* processors, and processor overlap */ +/* */ +/****************************************************/ +CREATE TABLE Syslog_TMail ( + TMail_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TMail_Open integer, + TMail_Date date not null, + TMail_Time time not null, + TLogin_ID bigint not null +)\g +grant all on Syslog_TMail to msyslog\g +grant all on syslog_tmail_tmail_id_seq to msyslog\g +CREATE UNIQUE INDEX Syslog_TMail_TLogin_ID on Syslog_TMail (TLogin_ID)\g +ALTER TABLE Syslog_TMail OWNER TO msyslog\g +ALTER TABLE Syslog_TMail SET WITHOUT OIDS\g + +/****************************************************/ +/* */ +/* Table: Syslog_TLaunchQueue */ +/* */ +/* Purpose: Store launch entries to be run at the */ +/* end of processing */ +/* */ +/****************************************************/ +CREATE TABLE Syslog_TLaunchQueue ( + TLaunchQueue_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TLaunchQueue_Desc varchar(256), + TLaunch_ID bigint not null, + TMail_ID bigint not null, + TSyslog_ID bigint not null +)\g +grant all on Syslog_TLaunchQueue to msyslog\g +grant all on syslog_tlaunchqueue_tlaunchqueue_id_seq to msyslog\g +ALTER TABLE Syslog_TLaunchQueue OWNER TO msyslog\g +ALTER TABLE Syslog_TLaunchQueue SET WITHOUT OIDS\g +ALTER TABLE syslog_tlaunchqueue alter column tlaunchqueue_desc SET STORAGE EXTERNAL\g + +/****************************************************/ +/* */ +/* Table: Syslog_TSuspend */ +/* */ +/* Purpose: The table is used to store the suspend */ +/* status for log processors */ +/* */ +/****************************************************/ +CREATE TABLE Syslog_TSuspend ( + TSuspend_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TSuspend_Status integer not null, + TLogin_ID bigint not null +)\g +ALTER TABLE Syslog_TSuspend OWNER TO msyslog\g +ALTER TABLE Syslog_TSuspend SET WITHOUT OIDS\g +grant all on syslog_tsuspend_tsuspend_id_seq to msyslog\g + +/****************************************************/ +/* */ +/* Table: Syslog_TEMail */ +/* */ +/* Purpose: Store email entries to be shipped out */ +/* at the end of processing */ +/* */ +/****************************************************/ +CREATE TABLE Syslog_TEmail ( + TEmail_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TEmail_Email varchar(80) not null, + TEmail_Desc varchar(256), + TMail_ID bigint not null, + TSyslog_ID bigint not null +)\g +grant all on Syslog_TEmail to msyslog\g +grant all on Syslog_TEmail_temail_id_seq to msyslog\g +ALTER TABLE Syslog_TEmail OWNER TO msyslog\g +ALTER TABLE Syslog_TEmail SET WITHOUT OIDS\g +ALTER TABLE syslog_temail alter column temail_email SET STORAGE EXTERNAL\g +ALTER TABLE syslog_temail alter column temail_desc SET STORAGE EXTERNAL\g + +/****************************************************/ +/* */ +/* Table: TSyslog */ +/* */ +/* Purpose: Syslog messages are submitted directly */ +/* to this table. Once messages are processed they */ +/* are moved to the archive table */ +/* */ +/****************************************************/ +CREATE TABLE TSyslog ( + TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + facility integer, + severity integer, + date date, + time time, + host varchar(128), + message text +)\g +CREATE INDEX host_Idx on TSyslog (host)\g +CREATE INDEX TSyslogDateTime_IDX on TSyslog (date,time)\g +CREATE INDEX TSyslHostID_Idx on TSyslog (TSyslog_ID,host)\g +grant all on TSyslog to msyslog\g +grant all on TSyslog_TSyslog_ID_Seq to msyslog\g +ALTER TABLE TSyslog OWNER TO msyslog\g +ALTER TABLE TSyslog SET WITHOUT OIDS\g +ALTER TABLE tsyslog alter column host SET STORAGE EXTERNAL\g +ALTER TABLE tsyslog alter column message SET STORAGE EXTERNAL\g + +/****************************************************/ +/* */ +/* Table: Syslog_TArchive */ +/* */ +/* Purpose: Syslog messages are moved from the */ +/* primary table to the secondary table for long */ +/* term storage */ +/* */ +/****************************************************/ +CREATE TABLE Syslog_TArchive ( + TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + facility integer, + severity integer, + date date, + time time, + host varchar(128), + message text +)\g + +CREATE INDEX ArchHost_Idx on Syslog_TArchive (host)\g +CREATE INDEX TArchDateTime_IDX on Syslog_TArchive (date,time)\g +CREATE INDEX TArchHostID_IDX on Syslog_TArchive (TSyslog_ID,host)\g +grant all on Syslog_TArchive to msyslog\g +grant all on syslog_tarchive_tsyslog_id_seq to msyslog\g +ALTER TABLE Syslog_TArchive OWNER TO msyslog\g +ALTER TABLE Syslog_TArchive SET WITHOUT OIDS\g + +CREATE TABLE Syslog_TFilter ( + TFilter_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TFilter_UserOrGlobal integer not null, + TFilter_Desc varchar(128) not null, + TLogin_ID integer not null +)\g +grant all on Syslog_TFilter to msyslog\g +grant all on Syslog_TFilter_TFilter_ID_Seq to msyslog\g +ALTER TABLE Syslog_TFilter OWNER TO msyslog\g +ALTER TABLE Syslog_TFilter SET WITHOUT OIDS\g +ALTER TABLE syslog_tfilter alter column tfilter_desc SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TFilterData ( + TFilterData_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TFilterData_Filter varchar(80), + TFilterData_Include integer, + TFilterData_FilterOrLevel integer, + TFilterData_StartFacility integer, + TFilterData_StopFacility integer, + TFilterData_StartSeverity integer, + TFilterData_StopSeverity integer, + TFilter_ID bigint not null +)\g +grant all on syslog_tfilte_tfilterdata_i_seq to msyslog\g +grant all on Syslog_TFilterData to msyslog\g +ALTER TABLE Syslog_TFilterData OWNER TO msyslog\g +ALTER TABLE Syslog_TFilterData SET WITHOUT OIDS\g +ALTER TABLE syslog_tfilterdata alter column tfilterdata_filter SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TSave ( + TSave_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TSave_ExpireDate date not null, + TSave_Desc varchar(128), + TSave_Time time not null, + TSave_Date date not null, + TLogin_ID integer not null +)\g +grant all on Syslog_TSave_TSave_ID_Seq to msyslog\g +grant all on Syslog_TSave to msyslog\g +ALTER TABLE Syslog_TSave OWNER TO msyslog\g +ALTER TABLE Syslog_TSave SET WITHOUT OIDS\g +ALTER TABLE syslog_tsave alter column tsave_desc SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TSaveData ( + TSaveData_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TSaveData_Date date not null, + TSaveData_Time time not null, + TSaveData_Host varchar(128) not null, + TSaveData_Message text not null, + TSaveData_Facility integer, + TSaveData_Severity integer, + TSave_ID bigint not null +)\g +CREATE INDEX TSaveData_SaveID_Idx on Syslog_TSaveData (TSave_ID)\g +grant all on syslog_tsaveda_tsavedata_id_seq to msyslog\g +grant all on Syslog_TSaveData to msyslog\g +ALTER TABLE Syslog_TSaveData OWNER TO msyslog\g +ALTER TABLE Syslog_TSaveData SET WITHOUT OIDS\g +ALTER TABLE syslog_tsavedata alter column tsavedata_host SET STORAGE EXTERNAL\g +ALTER TABLE syslog_tsavedata alter column tsavedata_message SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TProcess ( + TProcess_ID bigint, + THost_ID bigint not null +)\g +grant all on Syslog_TProcess to msyslog\g +ALTER TABLE Syslog_TProcess OWNER TO msyslog\g +ALTER TABLE Syslog_TProcess SET WITHOUT OIDS\g + +insert into Syslog_TProcess values (0,1); +insert into Syslog_TProcess values (0,2); +insert into Syslog_TProcess values (0,3); +insert into Syslog_TProcess values (0,4); +insert into Syslog_TProcess values (0,5); +insert into Syslog_TProcess values (0,6); +insert into Syslog_TProcess values (0,7); + +CREATE TABLE Syslog_THost ( + THost_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + THost_Host varchar(128) not null, + THost_AlertExpire integer, + THost_LogExpire integer, + THost_Rate bigint, + TPremadeType_ID bigint not null +)\g +grant all on Syslog_THost to msyslog\g +grant all on Syslog_THost_THost_ID_Seq to msyslog\g +ALTER TABLE Syslog_THost OWNER TO msyslog\g +ALTER TABLE Syslog_THost SET WITHOUT OIDS\g +ALTER TABLE syslog_thost alter column thost_host SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TProcessorProfile ( + TProcessorProfile_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + THost_ID bigint not null, + TLogin_ID bigint not null +)\g +CREATE INDEX TProcessorProfile_TLogin_ID_Idx on Syslog_TProcessorProfile (TLogin_ID)\g +grant all on syslog_tproce_tprocessorpro_seq to msyslog\g +grant all on Syslog_TProcessorProfile to msyslog\g +ALTER TABLE Syslog_TProcessorProfile OWNER TO msyslog\g +ALTER TABLE Syslog_TProcessorProfile SET WITHOUT OIDS\g + +insert into syslog_tprocessorprofile (THost_ID,TLogin_ID) values (7,3); + +CREATE TABLE Syslog_TCustomerProfile ( + TCustomerProfile_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TCustomerProfile_EditRules bigint, + THost_ID bigint not null, + TLogin_ID bigint not null +)\g +CREATE INDEX TCustomerProfile_TLogin_ID_Idx on Syslog_TCustomerProfile (TLogin_ID)\g +grant all on syslog_tcusto_tcustomerprof_seq to msyslog\g +grant all on Syslog_TCustomerProfile to msyslog\g +ALTER TABLE Syslog_TCustomerProfile OWNER TO msyslog\g +ALTER TABLE Syslog_TCustomerProfile SET WITHOUT OIDS\g + +CREATE TABLE Syslog_TLaunch ( + TLaunch_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TLaunch_Program text not null, + TLaunch_LongDesc text not null, + TLaunch_ShortDesc varchar(30) not null +)\g +CREATE UNIQUE INDEX TLaunch_ShortDesc_Idx on Syslog_TLaunch (TLaunch_ShortDesc)\g +grant all on syslog_tlaunch_tlaunch_id_seq to msyslog\g +grant all on Syslog_TLaunch to msyslog\g +ALTER TABLE Syslog_TLaunch OWNER TO msyslog\g +ALTER TABLE Syslog_TLaunch SET WITHOUT OIDS\g +ALTER TABLE syslog_tlaunch alter column tlaunch_program SET STORAGE EXTERNAL\g +ALTER TABLE syslog_tlaunch alter column tlaunch_longdesc SET STORAGE EXTERNAL\g +ALTER TABLE syslog_tlaunch alter column tlaunch_shortdesc SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TAlert ( + TAlert_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TAlert_Date date, + TAlert_Time time, + TAlert_Info varchar(80), + TSyslog_ID bigint +)\g +CREATE UNIQUE INDEX TAlert_TSyslog_ID_idx on Syslog_TAlert (TSyslog_ID)\g +grant all on Syslog_TAlert_TAlert_ID_Seq to msyslog\g +grant all on Syslog_TAlert to msyslog\g +ALTER TABLE Syslog_TAlert OWNER TO msyslog\g +ALTER TABLE Syslog_TAlert SET WITHOUT OIDS\g +ALTER TABLE syslog_talert alter column talert_info SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TRuleDeny ( + TRuleDeny_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TRuleDeny_Expression varchar(80) not null, + TRuleDeny_StartFacility integer, + TRuleDeny_StopFacility integer, + TRuleDeny_StartSeverity integer, + TRuleDeny_StopSeverity integer, + TRule_ID bigint +)\g +grant all on syslog_trulede_truledeny_id_seq to msyslog\g +grant all on Syslog_TRuleDeny to msyslog\g +CREATE INDEX TRule_ID_DENY_Idx on Syslog_TRuleDeny (TRule_ID)\g +ALTER TABLE Syslog_TRuleDeny OWNER TO msyslog\g +ALTER TABLE Syslog_TRuleDeny SET WITHOUT OIDS\g +ALTER TABLE syslog_truledeny alter column truledeny_expression SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TRule ( + TRule_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TRule_LogAlert integer, + TRule_Email varchar(80), + TRule_Expression varchar(80), + TRule_Desc varchar(256), + TRule_RuleOrLevel integer, + TRule_StartFacility integer, + TRule_StopFacility integer, + TRule_StartSeverity integer, + TRule_StopSeverity integer, + TRule_Threshold integer, + TRule_ThresholdType integer, + TRule_StartTime bigint, + TRule_EndTime bigint, + TRule_TimerType integer, + TRule_DaysofWeek integer, + TLaunch_ID bigint, + THost_ID bigint not null +)\g +CREATE INDEX TRule_host_Idx on Syslog_TRule (THost_ID)\g +grant all on Syslog_TRule_TRule_ID_Seq to msyslog\g +grant all on Syslog_TRule to msyslog\g +ALTER TABLE Syslog_TRule OWNER TO msyslog\g +ALTER TABLE Syslog_TRule SET WITHOUT OIDS\g +ALTER TABLE syslog_trule alter column trule_email SET STORAGE EXTERNAL\g +ALTER TABLE syslog_trule alter column trule_expression SET STORAGE EXTERNAL\g +ALTER TABLE syslog_trule alter column trule_desc SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TPremadeType ( + TPremadeType_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TPremadeType_Desc varchar(40) not null +)\g +grant all on syslog_tprema_tpremadetype__seq to msyslog\g +grant all on Syslog_TPremadeType to msyslog\g +ALTER TABLE Syslog_TPremadeType OWNER TO msyslog\g +ALTER TABLE Syslog_TPremadeType SET WITHOUT OIDS\g +ALTER TABLE syslog_tpremadetype alter column tpremadetype_desc SET STORAGE EXTERNAL\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Firewalls')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Routers')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Switches')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco VPN Devices')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Local Directors')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Content Services Switch')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Linux Host')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Solaris Host')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Windows Host')\g +insert into Syslog_TPremadeType (TPremadeType_Desc) values ('NetApp')\g + +CREATE TABLE Syslog_TPremadeDeny ( + TPremadeDeny_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TPremadeDeny_Expression varchar(80) not null, + TPremadeDeny_StartFacility integer, + TPremadeDeny_StopFacility integer, + TPremadeDeny_StartSeverity integer, + TPremadeDeny_StopSeverity integer, + TPremade_ID bigint +)\g +grant all on syslog_tprema_tpremadedeny__seq to msyslog\g +grant all on Syslog_TPremadeDeny to msyslog\g +CREATE INDEX TPremade_ID_DENY_Idx on Syslog_TPremadeDeny (TPremade_ID)\g +ALTER TABLE Syslog_TPremadeDeny OWNER TO msyslog\g +ALTER TABLE Syslog_TPremadeDeny SET WITHOUT OIDS\g +ALTER TABLE syslog_tpremadedeny alter column tpremadedeny_expression SET STORAGE EXTERNAL\g + +CREATE TABLE Syslog_TPremade ( + TPremade_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + TPremade_Code varchar(80) not null, + TPremade_Desc text, + TPremade_PremadeOrLevel integer, + TPremade_StartFacility integer, + TPremade_StopFacility integer, + TPremade_StartSeverity integer, + TPremade_StopSeverity integer, + TPremadeType_ID bigint, + TPremade_Threshold integer, + TPremade_ThresholdType integer, + TLaunch_ID bigint +)\g +CREATE INDEX TPremadeType_ID2_Idx on Syslog_TPremade (TPremadeType_ID)\g +ALTER TABLE Syslog_TPremade OWNER TO msyslog\g +ALTER TABLE Syslog_TPremade SET WITHOUT OIDS\g +ALTER TABLE syslog_tpremade alter column tpremade_code SET STORAGE EXTERNAL\g +ALTER TABLE syslog_tpremade alter column tpremade_desc SET STORAGE EXTERNAL\g +grant all on Syslog_TPremade to msyslog\g +grant all on Syslog_TPremade_TPremade_ID_Seq to msyslog\g +insert into Syslog_TPremade (TPremadeType_ID,TPremade_Code,TPremade_Desc) values (1,'%PIX-1-101002:','(Primary) Bad failover cable.')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V6.X Cisco Pix Rules',0,0,1)\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-1-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-2-201003')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-201008')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-202001')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-211001')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-211003')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-5-199001')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-6-199002')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-6-199005')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V4.2 Cisco LocalDirector Rules',0,0,5)\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Error reading cable status')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Failover communications failure')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Link status')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Lost Failover communications with mate')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Mate reporting failure')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Mate says *.* failed')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'No response from mate')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Power failure other side')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'SYN attack')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Switching to')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Testing on interface')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V5.X Cisco Content Switch Rules',0,0,6)\g +#insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,3,'')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco IOS Router Rules',0,0,2)\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%BGP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C5RSP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6KENV-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6KPWR-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6MSFC-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C7200')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%CONTROLLER-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%CRYPTO-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DHCPD-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DIALER-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DMA-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DTP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DUAL-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DVMRP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%EC-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ENVM-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FIB-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FILESYS-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FLASH-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FR-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FW-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FX1000-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%GRP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%GRPGE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%HW_VPN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%I82543-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IDS-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPC-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPFAST-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPFLOW-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPRT-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IP_SNMP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ISA-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ISDN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%LINK-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%MCAST-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%MEMSCAN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OIR-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OOBP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OSPF-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PA-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PLATFORM-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PPP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PQUICC_ETHER-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PQUICC_FE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%QUICC_ETHER-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%QUICC_SERIAL-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SERVICE_MODULE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SNMP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SPANTREE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%STANDBY-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SW_VLAN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYS-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYSCTLR-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYSMGT_RPC-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TBRIDGE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TCP-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TR-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TUN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%UCODE-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%UDLD-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%VPDN-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%WCCP-5-CACHEFOUND')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,3,0,23,0,7,4,'')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco IOS Switch Rules',0,0,3)\g +#insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,5,'')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco CatOS Switch Rules',0,0,3)\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%IP-[346]')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%EARL-')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%KERNEL-1-CREATEPROCESSFAILED')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SECURITY-[1357]')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SYS-[0-7]')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%CDP-4-DUPLEXMISMATCH')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SNMP-5-COLDSTART')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SNMP-5-WARMSTART')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%PAGP-5-PORTTOSTP')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%PAGP-5-PORTFROMSTP')\g +insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,3,0,23,0,7,6,'')\g + +insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('localhost',2419200,2419200,7); +insert into Syslog_TRule (TRule_LogAlert,TRule_Email,TRule_Expression,TRule_Desc,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID) values (1,'root@localhost','',' Default catch-most rule',3,0,23,0,3,7); diff --git a/html/data/pgsql.secframe b/html/data/pgsql.secframe new file mode 100644 index 0000000..ba20587 --- /dev/null +++ b/html/data/pgsql.secframe @@ -0,0 +1,5 @@ +/* $Id$ */ +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Customer','Customers of Syslog System')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Analyst','NOC Analyst')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Administrators','Syslog Adminstrator')\g +insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog msyslog','Syslog Processor')\g diff --git a/html/equiptype.php b/html/equiptype.php new file mode 100644 index 0000000..e74e154 --- /dev/null +++ b/html/equiptype.php @@ -0,0 +1,119 @@ +New record saved
\n"; + $typeid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_ID","TPremadeType_Desc='$typedesc'"))); + $action = "Modify"; + } + if ( ( $subaction == 2 ) && ( $action == "Save" ) && ( idexist($dbsocket,"Syslog_TPremadeType","TPremadeType_ID",$typeid) ) && + ( pgdatatrim($typedesc) != "" ) ) { + updateequiptype($dbsocket,$typeid,$typedesc, $logwatch); + $actiontext="Record updated
\n"; + } + if ( ( $DeleteID == 1 ) && ( $subaction == 3 ) && ( $action == "Delete" ) && + ( idexist($dbsocket,"Syslog_TPremadeType","TPremadeType_ID",$typeid) ) ) { + if ( numberofhostsusingtype($dbsocket,$typeid) < 1 ) { + dropequiptype($dbsocket,$typeid); + $actiontext="Record deleted
\n"; + } else { + $actiontext="Cannot delete record because hosts already reference premade type
\n"; + } + $action="Deleted"; + } + if ( $action == "Add" ) { + $subaction = 1; + $typeid = ""; + } + if ( $action == "Modify" ) { + $subaction = 2; + $typedesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_Desc","TPremadeType_ID=$typeid"))); + $logwatch=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","logwatch_cmd","TPremadeType_ID=$typeid"))); + + } + if ( $action == "Delete" ) { + $subaction = 3; + $typedesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_Desc","TPremadeType_ID=$typeid"))); + $logwatch=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","logwatch_cmd","TPremadeType_ID=$typeid"))); + } + openform("equiptype.php","post",2,1,0); + echo "Equipment Type
\n"; + if ( $subaction != 3 ) { + echo "1. Enter Equipment Type: "; + formfield("typedesc","text",3,1,1,40,40,$typedesc); + echo "2. Enter Logwatch Command Line: "; + formfield("logwatch","text",3,1,1,40,40,$logwatch); + formsubmit("Save",3,1,0); + formfield("subaction","hidden",3,1,0,200,200,$subaction); + if ( $typeid != "" ) { formfield("typeid","hidden",3,1,0,200,200,$typeid); } + closeform(); + } else { + if ( ( $subaction == 3 ) && ( $action == "Delete" ) ) { + openform("equiptype.php","post",2,1,0); + formfield("typeid","Hidden",3,1,0,200,200,$typeid); + formfield("subaction","Hidden",3,1,0,10,10,$subaction); + echo "Are you sure you want to delete $typedesc? "; + php?> + Yes + No
+ Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/faq.txt b/html/faq.txt new file mode 100644 index 0000000..6716a59 --- /dev/null +++ b/html/faq.txt @@ -0,0 +1,102 @@ +1. Licensing + +Modular Syslog and Cisco's TACACS+ Daemon have thier own licenses. READ THEM! +SMT and the Security Framework are covered under the GPL. + +2. What is up with the versions of your software? + +If you haven't noticed already, the version numbers reported in the tar.bz2 archives doesn't reflect the file names, this is because I'm moving from a crusty source management system to a better one. Real versioning via CVS is coming shortly. + +3. What is the Syslog Management tool & the Security Framework? + +The idea is quite simple, SMT uses Modular Syslog to collect syslog messages and dump them to a SQL server(PostGreSQL). SMT then grabs logs and runs rules consisting of regular expressions, facility & severity ranges, and other parameters such as time to determine who, when, and how to alert. + +4. How much log volume can SMT handle? + +Our system is an IBM 335 w/ Dual SCSI-160 36gig mirrored drives. I can sustain 28 megabytes per second reading and about 18 megabytes per second writing. All told, the highest volume my system has run was about 800 megabytes of logs in a given day. My calculations seem to indicate that our system could handle 4-5 gigabytes a day without showing significant lag on the web interface side. + +5. What are the components of a working SMT System? + +# I'll reserve the good detail for the docs but the components of a working SMT system are as follows: One or more log processors +# A log expiration process +# A reindexer +# A log archiver +# One or more web consoles +# The database +# One or more syslog servers +# The TACACS+ daemon to collect command accounting + +6. What are the minimums? + +Frankly, I run my software on my personal firewall at home(486 DX25 w/ 48MB of RAM). So you can get away with running it on a fairly slim system, problem: IDE sucks. If you run it on an IDE subsystem, don't complain to me when it doesn't perform. I do recommend a dual processor system for sites where there is a decent amount of use going on. Why? Because one processor can be involved dealing with the database and the other can handle everything else. V2.4 Linux Kernel CPU affinity isn't great but 2.6 shows better results(from my initial testing). + +7. Great, how much RAM will I need? + +That is a very good question. If you are serious about this, I'd recommend a gig of RAM. File system caching will use a LOT of it up. For example, we run about a 5 gig foot print and we have a gig and a half of RAM. PostgreSQL is acting using about 800megabytes of it. The rest is OS caching and the like. + +8. PostgreSQL looks like it could use some tuning.... can you help? + +Sure. Down below are some snippets from my postgresql.conf file(mind you, I have a 1.5gig of RAM): + +DO NOT USE ALL OF YOUR FREE RAM FOR SHARED BUFFERS, YOUR PERFORMANCE WILL PAY! +shared_buffers = 29400 # min 16, at least max_connections*2, 8KB each +Default amount available for sorting each query +sort_mem = 4096 # min 64, size in KB + +How much memory vacuum will have available to it(and it will need it) +vacuum_mem = 196608 # min 1024, size in KB + +YOU MUST TUNE YOUR FSM PAGES! The Free space map is used to track free space within the existing table space. The FSM tracks free space, as soon as you have more slots free then FSM space, FSM will start losing free space withing your database. Thus it will start to grow and grow and grow till you either increase your FSM AND VACUUM or perform a FULL VACUUM. +max_fsm_pages = 40000000 # min max_fsm_relations*16, 6 bytes each + +PostgreSQLs default action is to 'sync' after every write. This is too expensive. The downside is that you can suffer data corruption if the system crashes. Reality: I've never lost data to a crash but there is always a first time for everything +fsync = false # turns forced synchronization on or off + +wal_buffers = 128 # min 4, 8KB each + +If memory serves me correctly, this tells PostgreSQL about how much the system cache will typically run at. 8) +effective_cache_size = 48400 # typically 8KB each + +Hey, it's a logging system, log dag nabit! +syslog = 1 # range 0-2; 0=stdout; 1=both; 2=syslog +syslog_facility = 'LOCAL0' +syslog_ident = 'postgres' + +I've added profiling code to dump some stats about PostgreSQL. As a result we need to make sure PostGreSQL is actually collecting stats! +log_timestamp = true +stats_start_collector = true +stats_command_string = true +stats_block_level = true +stats_row_level = true +stats_reset_on_server_start = true + +One other change to make but this is a system option not a PostgreSQL option +sysctl kernel.shmmax=1342177280 + +9. What OS does this run on? + +Frankly, I've run it on RedHat but I prefer Slackware. However the limitations of my software would be more based on Modular Syslog and PostGreSQL. ie. of Modular Syslog compiles on FreeBSD, should work fine on FreeBSD. + +10. How can I tell how large of Free Space Map I'll need for PostgreSQL? + +Run a 'vacuum full analyze verbose' and it will tell you the number of pages your database is using. Make sure you do that after you have roughly the amount of data you want to maintain in your database. + +11. Why is your software better then anyone elses? + +a. Because anyone can manage it, not just the one sysadmin who is never around when his pager goes off and no one else knows. +b. It is scalable in that it can be centrally managed and grown. +c. It can interface with systems such as HP Service Desk. +d. It allows for better event correllation as all events are available via one console. + +12. I noticed that you don't have your database doing a lot of bounds checking on data... what gives? + +Database IO is a precious thing. I reserve all of the overhead other than IO for other hosts(in a distributed system). As a result, I leave data bounds checking mainly to the application and not the database. + +13. What authentication mechanisms can I use? + +You can use pretty much any authentication mechanism you want. My software looks for the REMOTE_USER variable. I recommend mod_auth_pgsql so you can use the Security Framework password database but you could use SecurID, ActiveDirectory, or any other native Apache authentication module. + +14. What about MySQL? + +Time dictates I have twenty four hours a day. Six hours of that is sleep, 10 hours of that is work, that leaves me a few hours to exercise and be with my wife. If you want MySQL support, I gladly welcome it but I do not have the time to write for it. 8( + diff --git a/html/filter.php b/html/filter.php new file mode 100644 index 0000000..8ba67c1 --- /dev/null +++ b/html/filter.php @@ -0,0 +1,271 @@ + 0 ) && + ( ( $userorglobal == 1 ) || ( $userorglobal == 2 ) ) ) { + if ( $group < 2 ) { $userorglobal=1; } + if ( isset($filterid) ) { + updatefilter($dbsocket,$filterid,$filtertitle,$userorglobal) ; + } else { + addfilterheader($dbsocket,$userorglobal,$filtertitle,$REMOTE_ID) ; + $filterid=relatedata ($dbsocket,"Syslog_TFilter","TFilter_ID","TFilter_Desc='$filtertitle'"); + } + } + + if ( ( $filtermain != "1" ) || ( ( $filtermain == "1" ) && ( $action != "Add" ) ) ) { + if ( isset($filterid) && $filterid >= 1 ) { + $filterowner=relatedata ($dbsocket,"Syslog_TFilter","TLogin_ID","TFilter_ID=$filterid"); + } + if ( isset($filterdataid) && $filterdataid >= 1 ) { + $filterdataowner=relatedata ($dbsocket,"Syslog_TFilter,Syslog_TFilterData","TLogin_ID","Syslog_TFilter.TFilter_ID=Syslog_TFilterData.TFilter_ID and Syslog_TFilterData.TFilterData_ID=$filterdataid"); + } + if ( ( $action != "Delete User Filters" ) && ( ( isset($filterowner) && ($filterowner != $REMOTE_ID )) || ( ( isset($filterdataowner) && ($filterdataowner != $REMOTE_ID) ) && ( $filterdataid >= 1 ) && ( isset($filterdataid) ) ) ) ) { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + + if ( isset($filterid) ) { + $userorglobal=relatedata ($dbsocket,"Syslog_TFilter","TFilter_UserOrGlobal","TFilter_ID=$filterid"); + $filtertitle=relatedata ($dbsocket,"Syslog_TFilter","TFilter_Desc","TFilter_ID=$filterid"); + } + + $deletestatus="FAILED"; + if ( $action == "Delete" ) { + if (!isset($filtermod) || (isset($filtermod) && ($filtermod != 1)) ) { + if ( ( dropallfilterdata($dbsocket,$filterid) ) && ( dropfilter($dbsocket,$filterid) ) ) { $deletestatus="Success"; } + } else { + if ( dropfilterdata($dbsocket,$filterdataid) ) { $deletestatus="Success"; } + } + } + if ( ( $group >= 3 ) && ( $action == "Delete User Filters" ) ) { + $SQLQuery="begin;delete from syslog_tfilterdata where syslog_tfilterdata.tfilter_id=syslog_tfilter.tfilter_id and syslog_tfilter.tlogin_id=$userid; delete from syslog_tfilter where syslog_tfilter.tlogin_id=$userid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + if ( $SQLQueryResults ) { $deletestatus="Success"; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + + if ( isset($filteradd) ) { + if ( $startfacility > $stopfacility ) { + $temp=$startfacility; + $startfacility=$stopfacility; + $stopfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$startseverity; + $startseverity=$stopseverity; + $stopseverity=$temp; + } + + if ( ( strlen($filter) > 0 ) || ( $filterorlevel == 3 ) ) { addfilter($dbsocket,$filter,$filterid,$include,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity); } + } + + if ( ( $action == "Save" ) && ( $filtermod ) && ( strval($filterdataid) > 0 ) ) { + if ( $startfacility > $stopfacility ) { + $temp=$startfacility; + $startfacility=$stopfacility; + $stopfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$startseverity; + $startseverity=$stopseverity; + $stopseverity=$temp; + } + updatefilterdata($dbsocket,$filterdataid,$filter,$include,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity) ; + } + + if ( ( $deletestatus == "FAILED" ) || ( ( $deletestatus == "Success" ) && ( $action == "Delete" ) && ( ! isset($filtermain) ) ) ) { + $SQLQuery="select * from Syslog_TFilterData where TFilter_ID='$filterid' order by TFilterData_ID"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + } + } else { + $SQLNumRows = 0; + } + $PageTitle="Syslog Management Tool"; + do_header($PageTitle, 'filter'); + + if ( ( ( $group >= 3 ) && ( $action == "Delete User Filters" ) ) || ( ( $action == "Delete" ) && ((isset($filterdataid) && $filterdataid < 1 ) ) ) ) { + echo "
Delete: $deletestatus
\n"; + } else { + echo "\n"; + echo ""; + if ( $group >= 2 ) { + if ( isset($userorglobal) && ($userorglobal == 1) ) { + echo ""; + } else { + echo ""; + } + } else { + formfield("userorglobal","hidden",3,1,1,40,40,1); + } + echo ""; + closeform(); + echo "
"; + openform("filter.php","post",2,1,0); + if ( ( $filtermain ) && ( $action == "Add" ) ) { + formfield("newfilter","Hidden",3,1,0,10,10,1); + } else { + formfield("filterid","Hidden",3,1,0,10,10,$filterid); + } + echo "Filter Description: "; + if (! isset($filtertitle)) { + $filtertitle = ''; + } + formfield("filtertitle","text",3,1,1,40,128,$filtertitle); + echo "
Private "; + echo "Global
Private "; + echo "Global
"; + formsubmit("Save Filter Header",3,1,0); + echo "

\n"; + if ( ( ( isset($filterid) && ($filterid > 0) ) && ( $filtermain != 1 ) ) || ( ( $filtermain == 1 ) && ( $action != "Add" ) ) ) { + echo "New Entry:
\n"; + echo "\n"; + echo ""; + echo "
"; + openform("filter.php","post",2,1,0); + formsubmit("Add",3,1,0); + formfield("filterid","Hidden",3,1,0,10,10,$filterid); + formfield("filteradd","Hidden",3,1,0,10,10,"1"); + echo ""; + echo "Include"; + echo "ExcludeFilter: "; + formfield("filter","text",3,1,1,40,128,""); + echo "
"; + echo "Filter Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity
"; + + echo "Facility Range: "; + facilitydropdown("startfacility",1,0,0,1,0); + echo " to "; + facilitydropdown("stopfacility",1,0,0,1,23); + echo "Severity Range: "; + severitydropdown("startseverity",1,0,0,1,0); + echo " to "; + severitydropdown("stopseverity",1,0,0,1,7); + closeform(); + echo "

\n"; + } + if ( $SQLNumRows > 0 ) { + echo "\n"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + echo ""; + } else { + echo "Include"; + } + echo ""; + + closeform(); + } + echo "
"; + openform("filter.php","post",2,1,0); + + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $filterdataid=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_id)); + echo "Filter ID: $filterdataid
"; + formsubmit("Save",3,1,0); + formsubmit("Delete",3,1,0); + $filter=pgdatatrim($SQLQueryResultsObject->tfilterdata_filter); + $include=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_include)); + $filterorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_filterorlevel)); + $startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startfacility)); + $stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopfacility)); + $startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startseverity)); + $stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopseverity)); + formfield("filterid","Hidden",3,1,0,10,10,$filterid); + formfield("filterdataid","Hidden",3,1,0,10,10,$filterdataid); + formfield("filtermod","Hidden",3,1,0,10,10,"1"); + echo ""; + if ( $include ) { + echo "Include"; + echo "Exclude"; + echo "ExcludeFilter: "; + formfield("filter","text",3,1,1,40,128,$filter); + echo "
"; + echo "Rule Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity"; + echo "
"; + echo "Facility Range: "; + facilitydropdown("startfacility",1,0,0,1,$startfacility); + echo " to "; + facilitydropdown("stopfacility",1,1,1,1,$stopfacility); + echo "Severity Range: "; + severitydropdown("startseverity",1,0,0,1,$startseverity); + echo " to "; + severitydropdown("stopseverity",1,1,1,1,$stopseverity); + echo "
\n"; + } + if ( $SQLNumRows > 0 ) { + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + } + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + + do_footer(); +?> + + + diff --git a/html/header.php b/html/header.php new file mode 100644 index 0000000..47d9133 --- /dev/null +++ b/html/header.php @@ -0,0 +1,68 @@ + + + + + + + <?php echo $title ?> + + + + + + + +
+ + + +
+ + + + + + +
 
+ + + + + +
  
+
+ + + + + + + + + + + + +
  CSC.COM  +  Help  
+
+
+ + + +
  + + +
+

©Copyright 2004, Computer Sciences Corporation. All rights reserved. Legal.

+
+ \ No newline at end of file diff --git a/html/host.php b/html/host.php new file mode 100644 index 0000000..c9ec701 --- /dev/null +++ b/html/host.php @@ -0,0 +1,156 @@ + 0 ) ) ) { + if ( $rensyslogs ) { + renamehosts($dbsocket,"TSyslog","host='$oldhost'","host",$host); + renamehosts($dbsocket,"Syslog_TArchive","host='$oldhost'","host",$host); + } + } + + if ( $action == "Delete" ) { + $hosttype=2; + } + if ( $action == "Add" ) { + $hostid=""; + unset($host); + } + + if ( $group != 3 ) { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + if ( $alertexpire > $syslogexpire ) { + $alertexpire=$syslogexpire; + } + + if ( ( $alertexpire == 0 ) && ( $syslogexpire != 0 ) ) { + $alertexpire = $syslogexpire ; + } + + if ( ( $hostadd ) && ( $host != "" ) ) { + addhost($dbsocket,$host,$syslogexpire,$alertexpire,$typeid,$hostrate); + $hostid = stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$host'"))); + addhostprocess($dbsocket,$hostid); + } + if ( ( $hostmod ) && ( isset($hostid) ) && ( $host != "" ) ) { + updatehost($dbsocket,$hostid,$host,$syslogexpire,$alertexpire,$typeid,$hostrate); + } + + $PageTitle="Syslog Management Tool"; + do_header($PageTitle, 'host'); + if ( isset($hostid) && ( $hostid > 0 ) ) { + $host=gethost($dbsocket,$hostid); + $syslogexpire=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_LogExpire","THost_ID=$hostid"))); + $alertexpire=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_AlertExpire","THost_ID=$hostid"))); + $typeid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","TPremadeType_ID","THost_ID=$hostid"))); + $hostrate=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_Rate","THost_ID=$hostid"))); + if ( $hostid == 0 ) { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + } else { + $host=""; + } + + echo $HeaderText; + if ( $hosttype != 2 ) { + openform("host.php","post",2,1,0); + if ( $hostid > 0 ) { + formfield("hostid","Hidden",3,1,0,10,10,$hostid); + formfield("hostmod","Hidden",3,1,0,10,10,"1"); + formfield("oldhost","Hidden",3,1,0,10,10,$host); + } else { + formfield("hostadd","Hidden",3,1,0,10,10,"1"); + } + formfield("hosttype","Hidden",3,1,0,10,10,$hosttype); + echo "Host name: "; + formfield("host","text",3,1,1,40,128,$host); + echo "Expire Syslogs: "; + expiredropdown("syslogexpire",2,0,0,1,$syslogexpire); + echo "Expire Alerts: "; + expiredropdown("alertexpire",2,1,1,1,$alertexpire); + echo "Host Type: "; + premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid); + echo "Log Rate Warning Threshold: "; + logratesthreshold("hostrate",2,1,1,1,$hostrate); + if ( strval($hostid) > 0 ) { + echo "Rename Syslogs
\n"; + } + formsubmit("Save",3,1,0); + formreset("Reset",3,1,0); + closeform(); + } else { + if ( $confirmdelete ) { + if ( $delsyslogs ) { + /* Remove any alerts in the system that are tied to the host */ + drophostalerts($dbsocket,$hostid); + + /* Remove any syslogs in the TSyslog table */ + drophostsyslogs($dbsocket,$hostid); + + /* Remove any syslogs in the archive table */ + drophostarchivesyslogs($dbsocket,$hostid); + } + drophostprocess($dbsocket,$hostid); + dropprocessorhostfromprofile($dbsocket,$hostid); + $delresults=drophostid($dbsocket,$hostid); + if ( $delresults ) { + echo "Delete Successfull
\n"; + } else { + echo "Delete Failed!
\n"; + } + } else { + openform("host.php","post",2,1,0); + formfield("hostid","Hidden",3,1,0,10,10,$hostid); + formfield("confirmdelete","Hidden",3,1,0,10,10,1); + echo "Are you sure you wish to delete $host?
\n"; + echo "Delete Syslogs
\n"; + formsubmit("Delete",3,1,0); + closeform(); + openform("background.php","post",2,1,0); + formsubmit("Do NOT delete",3,1,1); + closeform(); + } + } + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/images/Exclamation.gif b/html/images/Exclamation.gif new file mode 100644 index 0000000..d496e4a Binary files /dev/null and b/html/images/Exclamation.gif differ diff --git a/html/images/IEWin.css b/html/images/IEWin.css new file mode 100644 index 0000000..0eb84f0 --- /dev/null +++ b/html/images/IEWin.css @@ -0,0 +1,175 @@ +.copy {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000;} +.sup {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#CC0000;} + +.copy1 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000;} +.copy1b {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:80%; font-weight:bold; color:#003399;} +.copy2 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#000000;} +.copy3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#FFFFFF;} +.copy4 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:85%; font-weight:bold; color:#CC0000;} +.copy5 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:80%; color:#CC0000;} + +.copyright {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF;} +.byline {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#FFFFFF;} + +.headline1 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#FFFFFF;}/* same as headline8 but CSC people are using it */ +.headline2 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:85%; font-weight:bold; color:#000000;} +.headline2a {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:20px; font-weight:bold; color:#003399;} +.headline2b {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:20px; font-weight:bold; color:#696969;} +.headline2c {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#003399;} +.headline2d {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:10px; font-weight:bold; color:#696969;} + +.headline3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:14px; font-weight:bold; color:#000000;} +.headline4 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#FFFF99;} +.headline5 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#FFFFFF;} +.headline6 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:95%; font-weight:bold; color:#000000;} +.headline7 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#003366;} +.headline8 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#FFFFFF;} + +a:link {color:#003366} +a:visited {color:#003366} + +a.link1:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#FFFFFF;} +a.link1:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000;} + + +a.link2:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} + +a.link2a:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2a:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2a:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} + +a.link2b:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2b:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} +a.link2b:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;} + +a.link2c:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;} +a.link2c:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;} +a.link2c:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;} + +a.link3:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:none;} +a.link3:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:none;} +a.link3:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:underline;} + +a.link4:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#003366; font-weight:bold; text-decoration:underline;} +a.link4:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#993333; font-weight:bold; text-decoration:underline;} + +a.link5:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#003366; text-decoration:underline;} +a.link5:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#993333; text-decoration:underline;} + +a.link6:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#003366; text-decoration:underline;} +a.link6:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#993333; text-decoration:underline;} + +a.link7:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:none;} +a.link7:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:none;} +a.link7:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:underline;} + +a.link8:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:9px; color:#FFFFFF;} +a.link8:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:9px; color:#FFFFFF;} + +a.link9:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:90%; color:#CC0000;} +a.link9:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:90%; color:#CC0000;} + +a.linksmap:link {font-family:verdana,arial; font-size:55%; color:003366; text-decoration:none; font-weight:bold;} +a.linksmap:visited {font-family:verdana,arial; font-size:55%; color:993333; text-decoration:none; font-weight:bold;} +a.linksmap:hover {font-family:verdana,arial; font-size:55%; color:003366; text-decoration:underline; font-weight:bold; } + +a.linksmaphead:link {font-family:verdana,arial; font-size:65%; color:000000; text-decoration:none; font-weight:bold;} +a.linksmaphead:visited {font-family:verdana,arial; font-size:65%; color:993333; text-decoration:none; font-weight:bold;} +a.linksmaphead:hover {font-family:verdana,arial; font-size:65%; color:000000; text-decoration:underline; font-weight:bold; } + +a.crumb1:link {color:#003366; text-decoration:underline; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;} +a.crumb1:visited {color:#003366; text-decoration:underline; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;} +.crumb2 {color:#000000; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;} + +TD.pipe {font-family:verdana,arial; font-size:10px; color:#FFFFFF; font-weight:bold;} + +.error {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; font-weight:bold; color:#990000;} +.errormessage {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#990000;} + +#aboutbrandPop {position:absolute; left: 159px; top: 105px; visibility:hidden;z-index:100;} +#guidelinesPop {position:absolute; left: 159px; top: 127px; visibility:hidden;z-index:100;} +#printPop {position:absolute; left: 159px; top: 149px; visibility:hidden;z-index:100;} +#electronicPop {position:absolute; left: 169px; top: 171px; visibility:hidden;z-index:100;} +#contentPop {position:absolute; left: 159px; top: 193px; visibility:hidden;z-index:100;} +#photographyPop {position:absolute; left: 169px; top: 215px; visibility:hidden;z-index:100;} +#promotionalPop {position:absolute; left: 159px; top: 237px; visibility:hidden;z-index:100;} +#tradeshowsPop {position:absolute; left: 159px; top: 259px; visibility:hidden;z-index:100;} +#alliancesPop {position:absolute; left: 159px; top: 281px; visibility:hidden;z-index:100;} + +/* For CSC descretionary pages only */ +.cookies { color:#000000; font-size:9px; font-family:verdana,arial} +a.cookieLinks:link { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial} +a.cookieLinks:visited { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial} +a.cookieLinks:hover { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial} + +P { + FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +P.heading { + FONT-WEIGHT: bold; FONT-SIZE: 11px; MARGIN: 4px 6px; COLOR: #ffffff +} +P.text { + MARGIN: 4px 6px +} +P.globalH { + FONT-WEIGHT: bold; FONT-SIZE: 11px; MARGIN: 0px 6px 2px 16px; COLOR: #ffff99 +} +P.global { + MARGIN: 0px 16px 5px +} +P.globalT { + FONT-SIZE: 10px; MARGIN: 0px 6px 5px 16px; COLOR: #000000; LINE-HEIGHT: 12px +} +P.topNav { + MARGIN: 0px 6px; COLOR: #ffffff +} +A.tNav:link { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none +} +A.tNav:visited { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none +} +A.tNav:hover { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: underline +} +A.head1:link { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: none +} +A.head1:visited { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: none +} +A.head1:hover { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: underline +} +A.head2:link { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none +} +A.head2:visited { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none +} +A.head2:hover { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: underline +} +A.more:link { + FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +A.more:visited { + FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +TD.pipe { + FONT-WEIGHT: bold; FONT-SIZE: 10px; COLOR: #ffffff; FONT-FAMILY: verdana,arial +} +.globalH { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffff99; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +.globalT { + FONT-SIZE: 10px; COLOR: #000000; LINE-HEIGHT: 12px; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +.copyr { + FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +#countryDiv { + LEFT: 154px; VISIBILITY: hidden; POSITION: absolute; TOP: 80px +} \ No newline at end of file diff --git a/html/images/Px_Clear.gif b/html/images/Px_Clear.gif new file mode 100644 index 0000000..a5a9982 Binary files /dev/null and b/html/images/Px_Clear.gif differ diff --git a/html/images/background.gif b/html/images/background.gif new file mode 100644 index 0000000..c95d02f Binary files /dev/null and b/html/images/background.gif differ diff --git a/html/images/bg2.gif b/html/images/bg2.gif new file mode 100644 index 0000000..9c32732 Binary files /dev/null and b/html/images/bg2.gif differ diff --git a/html/images/bg3.gif b/html/images/bg3.gif new file mode 100644 index 0000000..abf30bd Binary files /dev/null and b/html/images/bg3.gif differ diff --git a/html/images/blue.gif b/html/images/blue.gif new file mode 100644 index 0000000..c95709f Binary files /dev/null and b/html/images/blue.gif differ diff --git a/html/images/csc_name.gif b/html/images/csc_name.gif new file mode 100644 index 0000000..f76859e Binary files /dev/null and b/html/images/csc_name.gif differ diff --git a/html/images/no.gif b/html/images/no.gif new file mode 100644 index 0000000..b271a01 Binary files /dev/null and b/html/images/no.gif differ diff --git a/html/images/ok.gif b/html/images/ok.gif new file mode 100644 index 0000000..6adfe53 Binary files /dev/null and b/html/images/ok.gif differ diff --git a/html/images/over_nav_qing.gif b/html/images/over_nav_qing.gif new file mode 100644 index 0000000..5bc7e2d Binary files /dev/null and b/html/images/over_nav_qing.gif differ diff --git a/html/images/tile.gif b/html/images/tile.gif new file mode 100644 index 0000000..d4e30c1 Binary files /dev/null and b/html/images/tile.gif differ diff --git a/html/images/title.png b/html/images/title.png new file mode 100644 index 0000000..2ff9e32 Binary files /dev/null and b/html/images/title.png differ diff --git a/html/include_main.css b/html/include_main.css new file mode 100644 index 0000000..9df9c6d --- /dev/null +++ b/html/include_main.css @@ -0,0 +1,209 @@ +.header-top {background-color: #C8D0E0; color: black;} +.header-bottom {background-color: #98A0B8; color: black;} +.footer-top {background-color: #98A0B8; color: black;} /*same as header_bottom*/ +.footer-bottom {background-color: #C8D0E0; color: black;} /*same as header_top*/ +.footer-button {vertical-align: bottom; text-align: center; padding-left: 2px; font-size: 8pt} + +.layout-separator {background-color: #333366; height: 1px} + +.hilite{background-color: yellow; color: black} + +img{border: 0} +kbd{color: #003366; + font-family: Courier, monospace;} + +body{margin: 0; padding:0; background-color: white} +body, td, th { + font-family: arial,helvetica,sans-serif; + font-size: 8pt} + +blockquote{font-family: verdana, sans-serif; margin-bottom: 0; font-size: 9pt; margin-left: 2em; margin-right: 2em} +.breadcrumbs{border: 1px dashed #98A0B8; padding: 2px} + +.small { + font-family: arial,helvetica,sans-serif; + font-size: 5pt;} +.small a { + text-decoration: none;} + +a:link {color: #000099} +a:active {color: #0000ff} +a:visited {color: #000055} + +label {cursor: pointer} +ul.st-markup,ol.st-markup{margin-top: .25em} +ul.st-markup li, ol.st-markup li{margin-bottom: .25em} + +p.st-markup {margin-top: 1em; margin-bottom: .2em} +blockquote.st-markup{margin-bottom: 1em; border: 1px dashed #C8D0E0} +blockquote.st-markup p{margin: 0} +code{margin-top: 1em; margin-bottom: 1em;} +/*hr.st-markup{margin-top: -.3em; margin-bottom: -.7em; display: block}*/ +h1.st-markup,h2.st-markup,h3.st-markup,h4.st-markup,h5.st-markup,h6.st-markup{ + margin-top: 0;} +/* End Markup Styles */ + +input.FormHelper-invalid, select.FormHelper-invalid, textarea.FormHelper-invalid {background-color: #ffc0cb} +label.FormHelper-invalid{color: red; font-weight: bold} +label.FormHelper-invalid:after{color: red; font-size: smaller;content: ' (required)'} +input.Formation-invalid, select.Formation-invalid, textarea.Formation-invalid {background-color: #ffc0cb} +label.Formation-invalid{color: red; font-weight: bold} +label.Formation-invalid:after{color: red; font-size: smaller;content: ' (required)'} + +table.calendar {border: 0} +table.calendar td, th {text-align: center; border: 0} +table.calendar th {height: 10px; font-size: 7pt;} +table.calendar td {width: 19px; height: 10px; font-size: 9pt;} +table.calendar .month {font-weight: bold; margin-top: 3px; font-size: 12pt; text-align: center} +table.calendar .month a{text-decoration: none} +table.calendar th {color: green; text-align: center;} +table.calendar td.linked-day {font-size: 11pt;} +table.calendar td.highlight-day {font-size: 11pt; background-color: red} +table.calendar td.light-day {font-size: 11pt; background-color: green} + +.content-main, .header, .footer{ width: 100% } + +.content-left { + background-color: #f0f0f0; + font-size: 10pt; + width: 110px; + padding: 4px; + vertical-align: top; + text-align: left; +/* padding-right: 15px;*/ + border-right: thin dashed #CCC}/*this is the same color as "dark_grey" above*/ +.content-middle{ + vertical-align: top; + width: 625px; + padding: 10px;} +.content-right{ + vertical-align: top; + border-left: thin dashed #CCC; + background-color: #eee; + padding-left: .8ex; +} + +h1, h2, h3, h4 { + font-family: arial,helvetica,sans-serif; + font-weight: bold; + color: #006;} + +h1{font-size: 140%; margin-top: .2em} +h2{font-size: 125%} +h3{font-size: 110%} +h4{font-size: 100%} + +input {font-family: arial, helvetica, sans-serif} +input.small, select.small { + font-size: 9pt;} + +textarea {font-family: "andale mono", "monotype.com", "courier new", monospace; font-size: 10pt} +textarea.small { + font-size: 9pt;} + +pre,code,tt { + font-family: "andale mono", "monotype.com", "courier new", monospace; + font-size: 90%; +} +code{ + background-color: #f0f0f0; + border: thin dashed #C8D0E0; + display: block; + margin-right: 15px; + margin-left: 10px; + + font-size: 8pt; + line-height: 1.3em; + /* + width:95%; + overflow: auto; + +/* font-size: 85%; +*/ } + + +ul.tab-navigation{ + margin: 0; + padding: 0; + margin-top: 4px; + line-height: 1.2em; + list-style: none; + border: none; + clear: both; +} +ul.tab-navigation li{ + margin: 0; + padding: 0; + float: left; + width: auto; +} +ul.tab-navigation a, ul.tab-navigation a:visited{ + display: block; + width: auto; + white-space: nowrap; + color: white; + font-family: verdana; + + border: 1px solid; + border-color: white #B7C0D0 #B7C0D0 white; + + -moz-border-radius: .5em .5em 0em 0em; + border-radius: .5em .5em 0em 0em; + border-top-right-radius: .5em; + border-bottom-right-radius: .5em; + + background-color: #98A0B8; + padding: 2px 5px; + margin-bottom: -3px; + + font-size: smaller; + text-decoration: none; +} +ul.tab-navigation a:hover{ + background-color: #C8D0E0; +} +ul.tab-navigation a.active, ul.tab-navigation a.active:visited { + background-color: #C8D0E0; + color: black; +} + +ul.flat-list{ + margin: 0; + padding: 0; + border: 0; +} +ul.flat-list li:before { + display: marker; + marker-offset: 0; +} +ul.flat-list li{ + list-style-position: inside; + padding: 0; + margin: 0; + border: 0; +} + +.delPost{font-size: smaller; margin-bottom: .5em} +.delPost p{margin-top: 0; margin-bottom: 0} +.delTag {font-style: italic; text-decoration: none} +.delExtended{margin-left: 1em; margin-top:0} + + + +/* ok stuff */ +A.tNav:link { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: +verdana,arial; TEXT-DECORATION: none +} +A.tNav:visited { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: +verdana,arial; TEXT-DECORATION: none +} +A.tNav:hover { + FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: +verdana,arial; TEXT-DECORATION: underline +} +.copyr { + FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default +} +.headline3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:14px; font-weight:bold; color:#000000;} diff --git a/html/index.php b/html/index.php new file mode 100644 index 0000000..0e9fce9 --- /dev/null +++ b/html/index.php @@ -0,0 +1,61 @@ + + + + + Centralized Logging Framework + + + + + + + + + +

+ + + + + + diff --git a/html/launch.php b/html/launch.php new file mode 100644 index 0000000..0dc97a5 --- /dev/null +++ b/html/launch.php @@ -0,0 +1,132 @@ +New record saved
\n"; + $launchid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ID","TLaunch_LongDesc='$longdesc'"))); + $action = "Modify"; + } + if ( ( $subaction == 2 ) && ( $action == "Save" ) && ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) && + ( pgdatatrim($shortdesc) != "" ) ) { + updatelaunch($dbsocket,$launchid,$shortdesc,$longdesc,$program); + $actiontext="Record updated
\n"; + } + if ( ( $DeleteID == 1 ) && ( $subaction == 3 ) && ( $action == "Delete" ) && + ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) ) { + if ( droplaunch($dbsocket,$launchid) ) { + $actiontext="Record deleted
\n"; + } else { + $actiontext="Delete FAILED!
\n"; + } + $action="Deleted"; + } + if ( $action == "Add" ) { + $subaction = 1; + $launchid = ""; + } + if ( $action == "Modify" ) { + if ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) { + $subaction = 2; + $shortdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ShortDesc","TLaunch_ID=$launchid"))); + $longdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_LongDesc","TLaunch_ID=$launchid"))); + $program=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_Program","TLaunch_ID=$launchid"))); + } else { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + } + if ( $action == "Delete" ) { + if ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) { + $subaction = 3; + $shortdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ShortDesc","TLaunch_ID=$launchid"))); + } else { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + } + do_header($PageTitle, 'launch'); + openform("launch.php","post",2,1,0); + echo "Equipment Type
\n"; + if ( $subaction != 3 ) { + echo "1. Enter Short Description(ie. HP Service Desk): "; + formfield("shortdesc","text",3,1,1,30,30,$shortdesc); + echo "1. Enter Long Description: "; + formfield("longdesc","text",3,1,1,40,250,$longdesc); + echo "1. Enter Program w/ Arguments: "; + formfield("program","text",3,1,1,40,128,$program); + formsubmit("Save",3,1,0); + formfield("subaction","hidden",3,1,0,200,200,$subaction); + if ( $launchid != "" ) { formfield("launchid","hidden",3,1,0,200,200,$launchid); } + closeform(); + } else { + if ( ( $subaction == 3 ) && ( $action == "Delete" ) ) { + openform("launch.php","post",2,1,0); + formfield("launchid","Hidden",3,1,0,200,200,$launchid); + formfield("subaction","Hidden",3,1,0,10,10,$subaction); + echo "Are you sure you want to delete $shortdesc? "; + php?> + Yes + No
+ Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/license.txt b/html/license.txt new file mode 100644 index 0000000..5b6e7c6 --- /dev/null +++ b/html/license.txt @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/html/logout.php b/html/logout.php new file mode 100644 index 0000000..23f9260 --- /dev/null +++ b/html/logout.php @@ -0,0 +1,5 @@ + +

Logged Out

\ No newline at end of file diff --git a/html/logwatch.php b/html/logwatch.php new file mode 100644 index 0000000..b5fb300 --- /dev/null +++ b/html/logwatch.php @@ -0,0 +1,235 @@ +"; + } else { + return "$done"; + } +} + if ($month < 1) { + $year = $year -1; + $month = 12 + $month; + } + if ($month > 12) { + $year = $year+1; + $month = $month - 12; + } + +?> + + + +"; + } + echo ""; + if (($loop1 == -3) || ($loop1 == 0)) { + echo ""; + } + } + if (isset($day)) { + $tmp2 = $month + 1; + $sql = "select date_part('day', date) as day, date_part('month', date) as month, * from syslog_tsummary lw, syslog_thost h where lw.host = h.thost_host and (date >= '$year/$month/01' and date < '$year/$tmp2/01') order by date;"; + $SQLQueryResults = pg_exec($dbsocket,$sql) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo "

Available Logwatch Reports on $day/$month/$year for ".sec_username($sec_dbsocket, $REMOTE_ID)."

"; + echo ""; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $host = $SQLQueryResultsObject->thost_id; + $hostname = $SQLQueryResultsObject->thost_host; + $reportid = $SQLQueryResultsObject->tsummary_id; + $revreq = $SQLQueryResultsObject->log_reviewers; + $sql2 = "select * from syslog_treview where tsummary_id = $reportid"; + $SQLQueryResults2 = pg_exec($dbsocket, $sql2) or + die(pg_errormessage()."
"); + $cnt = @pg_numrows($SQLQueryResults2); + if ($SQLQueryResultsObject->day == $day) { + if ( ( $group >= 2 ) || ( (logincanseehost($dbsocket,$REMOTE_ID,$host)) && $group == 1 ) ) { + echo ""; + } + } + } + } + } + if (isset($view)) { + if (isset($action)) { + if ($action == 'Complete Review') { + if ($donerev == 0) { + $sql = "insert into syslog_treview (reviewer, date, tsummary_id, comments) values ($REMOTE_ID, 'NOW()', $view, '$comment')"; + echo ""; + } else { + $sql = "update syslog_treview set comments='$comment' where id=$donerev"; + echo ""; + } + + pg_exec($dbsocket, $sql) or + die(pg_errormessage()."
"); + } else { + echo ""; + } + } + $sql = "select * from syslog_tsummary ts, syslog_thost h where ts.tsummary_id = $view and ts.host=h.thost_host order by ts.date"; + $SQLQueryResults = pg_exec($dbsocket,$sql) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ($SQLNumRows > 0) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
\n"); + $hostname = $SQLQueryResultsObject->thost_host; + $report = stripslashes(nl2br($SQLQueryResultsObject->data)); + $date = $SQLQueryResultsObject->date; + $sql = "select * from syslog_treview where tsummary_id=$SQLQueryResultsObject->tsummary_id order by date"; + $SQLQueryResults = pg_exec($dbsocket, $sql) or + die(pg_errormessage()."
"); + $numrows = pg_numrows($SQLQueryResults); + $mycomment = ""; + $donerev = 0; + if ($numrows > 0 ) { + echo ""; + } + for ($loop = 0; $loop != $numrows; $loop++) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults, $loop) or + die(pg_errormessage()."
"); + if ($SQLQueryResultsObject->reviewer == $REMOTE_ID) { + $mycomment = stripslashes($SQLQueryResultsObject->comments); + $donerev = $SQLQueryResultsObject->id; + } + $reviewer = sec_username($sec_dbsocket, $SQLQueryResultsObject->reviewer); + $comments = stripslashes(nl2br($SQLQueryResultsObject->comments)); + $date = $SQLQueryResultsObject->date; + echo ""; + } + echo ""; + echo ""; + } + + /* now the feedback form only to update or insert one comment per reviewer*/ + echo ""; + + + + + + } + + +?> +
< PreviousNext >
"; + $myear = $year; + $tmp2 = $month + $loop1; + if ($tmp2 < 1) { + $myear = $myear -1; + $tmp2 = 12 + $tmp2; + } + if ($tmp2 > 12) { + $myear = $myear +1; + $tmp2 = $tmp2 - 12; + } + $myear2 = $myear; + $tmp = $tmp2 + 1; + if ($tmp > 12) { + $tmp = $tmp - 12; + } + + $sql = "select date_part('day', date) as day, date_part('month', date) as month, * from syslog_tsummary lw, syslog_thost h where lw.host = h.thost_host and (date >= '$myear/$tmp2/01' and date < '$myear2/$tmp/01') order by date;"; + $SQLQueryResults = pg_exec($dbsocket,$sql) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $days = array(); + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $host = $SQLQueryResultsObject->thost_id; + $tsid = $SQLQueryResultsObject->tsummary_id; + $sql2 = "select * from syslog_treview where tsummary_id = $tsid"; + $SQLQueryResults2 = pg_exec($dbsocket, $sql2) or + die(pg_errormessage()."
"); + if ( ( $group >= 2 ) || ( (logincanseehost($dbsocket,$REMOTE_ID,$host)) && $group == 1 ) ) { + $myday = $SQLQueryResultsObject->day; + $today = date('d', $time); + $mnt2 = date('m', time()); + if (($tmp2 < $mnt2) || ($today - $myday > 2)) { + if (@pg_numrows($SQLQueryResults2) < $SQLQueryResultsObject->log_reviewers) { + $var = array("?".echo_datelink($year, $tmp2, $myday), 'highlight-day'); + } else { + $var = array("?".echo_datelink($year, $tmp2, $myday), 'light-day'); + } + } else { + $var = array("?".echo_datelink($year, $tmp2, $myday), 'linked-day'); + } + $days[$myday] = $var; + } + } + echo generate_calendar($myear, $tmp2, $days, 3); + echo "
HostReviews RequiredReviews Performed
$hostname".$revreq."".display_ticks($revreq, $cnt)."

Review Completed

Review Updated

Review Aborted

ReviewerCommentsDate
$reviewer$comments$date

Logwatch report for $hostname on $date

$report
"; + openform("logwatch.php", "post", 0, 0, 0); + formfield("donerev", "hidden", 3, 1, 0, 200, 200, $donerev); + formfield("view", "hidden", 3, 1, 0, 200, 200, $view); + if ($donerev > 0) { + echo "Update "; + } + echo "Reviewer Comments:
"; + formsubmit("Complete Review"); + echo "
"; + formsubmit("Abort Review"); + closeform(); + echo "
+ \ No newline at end of file diff --git a/html/maintenance.php b/html/maintenance.php new file mode 100644 index 0000000..9eb85d4 --- /dev/null +++ b/html/maintenance.php @@ -0,0 +1,274 @@ +\n"; + if ( $action == "Reindex SMT Instance" ) { + echo "Reindexing all indexes...."; + $SQLQuery="select indexrelname from pg_statio_all_indexes where pg_statio_all_indexes.schemaname='public' order by indexrelname"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $starttime=time(); + $SQLQuery="reindex index $SQLQueryResultsObject->indexrelname;"; + $TempSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($TempSQLQueryResults) or + die(pg_errormessage() . "
\n"); + $endtime=time(); + echo "Reindex of $SQLQueryResultsObject->indexrelname done in " . ($starttime - $begintime) . " seconds.
\n " ; + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "Reindex TSyslog" ) { + echo "Reindexing TSyslog...."; + $SQLQuery="reindex index tsyslog_pkey ; reindex index host_Idx ;reindex index TSyslogDateTime_IDX ; reindex index TSyslHostID_Idx ; "; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "Reindex Syslog_TArchive" ) { + echo "Reindexing Syslog_TArchive...."; + $SQLQuery="reindex index syslog_tarchive_pkey ; reindex index archhost_idx ; reindex index tarchdatetime_idx ;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "Vacuum Entire Database" ) { + echo "Conducting Vacuum...."; + $SQLQuery="vacuum ANALYZE"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "Analyze TSyslog Table" ) { + echo "Conducting Analyze of TSyslog...."; + $SQLQuery="ANALYZE TSyslog"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "Analyze Syslog_TArchive Table" ) { + echo "Conducting Analyze of Syslog_TArchive...."; + $SQLQuery="ANALYZE Syslog_TArchive"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( $action == "FULL Vacuum Entire Database" ) { + echo "Conducting Full Vacuum of Entire Database...."; + $SQLQuery="VACUUM FULL ANALYZE"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery); + die(pg_errormessage() . "
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + echo "Finished!
\n"; + } + if ( ( $action == "View Unprocessed Log Breakdown" ) || ( $action == "View Archive Log Breakdown" ) ) { + if ( $action == "View Unprocessed Log Breakdown" ) { + $SQLQuery="select count(tsyslog_id), host from TSyslog group by host order by host"; + } + if ( $action == "View Archive Log Breakdown" ) { + $SQLQuery="select count(tsyslog_id), host from Syslog_TArchive group by host order by host"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + echo "\n"; + for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + $HostID=$hostid = relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$SQLQueryResultsObject->host'"); + if ( $HostID > 0 ) { + $HostProcessed=relatedata($dbsocket,"syslog_tprocessorprofile","THost_ID","THost_ID='$HostID'"); + } else { + $HostProcessed=0; + } + if ( $HostID > 0 ) { + if ( $HostProcessed > 0 ) { + echo "\n"; + } else { + echo "\n"; + } + } else { + echo "\n"; + } + } + echo "
Host# of Records
$SQLQueryResultsObject->host$SQLQueryResultsObject->count
$SQLQueryResultsObject->host$SQLQueryResultsObject->count
$SQLQueryResultsObject->host$SQLQueryResultsObject->count

\n"; + } + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + + if ( $action == "Display Database Confguration" ) { + echo "$action
\n"; + $SQLQuery="select * from pg_settings"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + echo "\n"; + for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + echo "\n"; + } + echo "
NameSettingContextVartypeSourceMin_ValMax_Val
$SQLQueryResultsObject->name$SQLQueryResultsObject->setting$SQLQueryResultsObject->context$SQLQueryResultsObject->vartype$SQLQueryResultsObject->source$SQLQueryResultsObject->min_val$SQLQueryResultsObject->max_val

\n"; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + + } + if ( $action == "Display Current Locks" ) { + echo "$action
\n"; + $SQLQuery="select * from pg_locks;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + echo "\n"; + for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + echo "\n"; + } + echo "
RelationDatabaseTransactionPIDModeGranted
$SQLQueryResultsObject->relation$SQLQueryResultsObject->database$SQLQueryResultsObject->transaction$SQLQueryResultsObject->pid$SQLQueryResultsObject->mode$SQLQueryResultsObject->granted

\n"; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + + } + + if ( ( $action == "Display Index Usage" ) || ( $action == "Display Relavent Table Usage" ) || ( $action == "Display SMT Table Usage" ) ) { + echo "$action
\n"; + $condition=""; + $total=0; + if ( $action == "Display Index Usage" ) { + $SQLQuery="SELECT c2.relname, c2.relpages, c2.relkind FROM pg_class c, pg_class c2, pg_index i where c.oid = i.indrelid AND c2.oid = i.indexrelid ORDER BY c2.relname"; + $title="Index Name"; + } + if ( $action == "Display SMT Table Usage" ) { + $SQLQuery="select relname, relpages,relkind from pg_class where relkind='r' order by relname;"; + $condition = "syslog"; + $title="Table Name"; + } + if ( $action == "Display Relavent Table Usage" ) { + $SQLQuery="SELECT relname, relpages,relkind FROM pg_class ORDER BY relpages;"; + $title="Object Name"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + echo "\n"; + for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
\n"); + if ( $condition != "" ) { + if ( ereg($condition,$SQLQueryResultsObject->relname) ) { + echo "\n"; + $total = $total + $SQLQueryResultsObject->relpages * 8192; + } + } else { + echo "\n"; + $total = $total + $SQLQueryResultsObject->relpages * 8192; + } + } + echo "\n"; + echo "
$titleSize(bytes)Type
$SQLQueryResultsObject->relname" . number_format($SQLQueryResultsObject->relpages * 8192) . ""; + if ( $SQLQueryResultsObject->relkind == 'r' ) { echo "Table";} + if ( $SQLQueryResultsObject->relkind == 'i' ) { echo "Index";} + if ( $SQLQueryResultsObject->relkind == 'S' ) { echo "Sequence";} + if ( $SQLQueryResultsObject->relkind == 'v' ) { echo "View";} + if ( $SQLQueryResultsObject->relkind == 'c' ) { echo "Composite";} + if ( $SQLQueryResultsObject->relkind == 's' ) { echo "Special";} + if ( $SQLQueryResultsObject->relkind == 't' ) { echo "Toast";} + echo "
$SQLQueryResultsObject->relname" . number_format($SQLQueryResultsObject->relpages * 8192) . ""; + if ( $SQLQueryResultsObject->relkind == 'r' ) { echo "Table";} + if ( $SQLQueryResultsObject->relkind == 'i' ) { echo "Index";} + if ( $SQLQueryResultsObject->relkind == 'S' ) { echo "Sequence";} + if ( $SQLQueryResultsObject->relkind == 'v' ) { echo "View";} + if ( $SQLQueryResultsObject->relkind == 'c' ) { echo "Composite";} + if ( $SQLQueryResultsObject->relkind == 's' ) { echo "Special";} + if ( $SQLQueryResultsObject->relkind == 't' ) { echo "Toast";} + echo "
Total:" . number_format($total) . "

\n"; + } + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
\n"); + } + closeform(); + $endtime=time(); + echo "
Page loaded in " . ($endtime - $begintime) . " seconds.
\n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/menu.php b/html/menu.php new file mode 100644 index 0000000..0deb656 --- /dev/null +++ b/html/menu.php @@ -0,0 +1,143 @@ +

"; + $FooterText="
Version " . SMTVER . "
© Copyright 2004 Computer Sciences Corporation\n"; + $PageTitle="Centralized Logging Server"; +?> + + + +<?php echo $PageTitle; ?> + + + + + + + + + + + "; + echo tabs(2) . ""; + echo tabs(2) . ""; + echo tabs(2) . ""; + if ( userhasruleaccess ($dbsocket,$REMOTE_ID) ) { + echo ""; + echo tabs(2) . "\n"; + } + } + if ( $group >= 2 ) { + echo tabs(2) . ""; + } + echo ""; + if ( $group >= 3 ) { + echo ""; + echo tabs(2) . ""; + echo tabs(2) . "\n"; + echo tabs(2) . ""; + echo tabs(2) . "\n"; + echo tabs(2) . "\n"; + echo tabs(2) . "\n"; + echo tabs(2) . "\n"; + } + if ( $group >= 4 ) { + echo tabs(2) . "\n"; + } + if ( $mrtg || $acid ) { + echo ""; + if ( $mrtg ) { + echo tabs(2) . ""; + } + if ( $acid ) { + echo tabs(2) . ""; + } + } + echo tabs(2) . ""; + + echo $FooterText; + echo "
+ + + + + + +
CSC Home Page
+ + + +
+"; + echo "
Log Options
"; + if ( $group >= 1 ) { + echo tabs(2) . "
  • Syslogs
  • Filters
  • Reports
  • Alerts

    • Administration
  • Rules
  • View Saved Logs

    • Administration
  • Hosts
  • Rules
  • Customers
  • Processors
  • Equip. Types
  • Launch Programs
  • System Maint.
  • Security Framework

    • Other Applications
  • MRTG Graphs
  • A.C.I.D.
  • Logout
    • \n"; + +?> + + + + + + + + + diff --git a/html/old1stview.php b/html/old1stview.php new file mode 100644 index 0000000..80c585a --- /dev/null +++ b/html/old1stview.php @@ -0,0 +1,159 @@ +Syslog Management

    "; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; +?> + + + +<?php echo $PageTitle; ?> + + += 1 ) { + openform("view.php","post",2,1,0); + echo "View Specific Time Frame

    \n"; + echo "1. Select View Type: "; + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo ""; + if ( $group >= 2 ) { + echo "\n"; + } + echo "
    Host: "; + hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group); + crbr(1,0); + echo "
    By Group and By Host Type (Select Below)
    Host Type: "; + if (! isset($typeid)) { + $typeid = ''; + } + premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid); + echo "
    Group: "; + $groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid); + echo "
    2. Select Time Range:
    "; + echo "
    "; + echo "Start Date:"; + monthdropdown ("month",0,0,0,1,$month); + echo "/"; + daydropdown("day",0,0,0,1,$day); + echo "/"; + yeardropdown("year",0,0,0,1,$year); + echo " Time: "; + hourdropdown("hour", 0, 0, 0, 1, $hour); + echo ":"; + minutedropdown("minute", 0, 1, 1, $lines=1, $minute); + echo "
    Duration:"; + durationdropdown("duration"); + echo "
    "; + echo "End Date:"; + monthdropdown ("emonth",0,0,0,1,$month); + echo "/"; + daydropdown("eday",0,0,0,1,$day); + echo "/"; + yeardropdown("eyear",0,0,0,1,$year); + echo " Time: "; + hourdropdown("ehour", 0, 0, 0, 1, $hour); + echo ":"; + minutedropdown("eminute", 0, 1, 1, $lines=1, $minute); + echo "
    View Data From Last Minutes:
    "; + + echo ""; + echo "
    Page Breaks:Yes"; + echo " No
    Lines/Page:"; + pagesize("pagesize",2,1); + echo "
    "; + + formfield("viewtype","Hidden",3,1,0,10,10,2); + echo "Choose Filter Type(Optional)
    "; + echo "Exclude "; + echo "Include
    \n"; + echo "Regular Expression Filter: "; + formfield("regexp[]","text",3,1,1,20,40); + echo "
    \n"; + echo "Use Premade Filter: "; + filterdropdown ($dbsocket,"filterid",$REMOTE_ID); + echo "
    Filter Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity"; + echo "
    "; + echo "Facility Range: "; + facilitydropdown("startfacility[]",1,0,0,1,0); + echo " to "; + facilitydropdown("stopfacility[]",1,0,0,1,23); + echo "
    Severity Range: "; + severitydropdown("startseverity[]",1,0,0,1,0); + echo " to "; + severitydropdown("stopseverity[]",1,0,0,1,7); + + echo "
    \n"; + formsubmit("View",3,1,1); + closeform(); + crbr(1,1); + } + $endtime=time(); + echo "Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + echo $FooterText; +?> + + + diff --git a/html/processor.php b/html/processor.php new file mode 100644 index 0000000..3a66e4e --- /dev/null +++ b/html/processor.php @@ -0,0 +1,182 @@ +Processor Account: " . sec_username($sec_dbsocket,$userid) . "
    \n"; + echo "
    Status: "; + if ( idexist($dbsocket,"Syslog_TSuspend","TLogin_ID",$userid) ) { + echo "SUSPENDED

    \n"; + } else { + echo "Not Suspended

    \n"; + } + + if ( $action == "Clear Stale Processor" ) { + + if ( ($testmailid = ismailopen($dbsocket,$userid) ) && ( idexist($sec_dbsocket,"Secframe_TLogin","TLogin_ID",$userid) ) ) { + if ( ! $subaction ) { + openform("processor.php","post",2,1,0); + formfield("userid","Hidden",3,1,0,200,200,$userid); + formfield("subaction","Hidden",3,1,0,10,10,1); + echo "Are you sure you want to clear stale processor : " . sec_username($sec_dbsocket,$userid) . "? "; + php?> + Yes + No
    + tprocess_id)); + $cleanhost=gethost($dbsocket,stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id))); + $PurgeQuery = $PurgeQuery . "delete from Syslog_TAlert where Syslog_TAlert.TSyslog_ID=TSyslog.TSyslog_ID and TSyslog.TSyslog_ID > $cleanid and TSyslog.host='$cleanhost' ; "; + $PurgeQuery = $PurgeQuery . "delete from Syslog_TArchive where TSyslog_ID > $cleanid and host='$cleanhost' ; "; + } + $PurgeQuery = $PurgeQuery . "commit ; "; + $PurgeSQLQueryResults = pg_exec($dbsocket,$PurgeQuery) or + die(pg_errormessage()."\n"); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + cleanemail($dbsocket,$testmailid); + clearlaunchqueue($dbsocket,$testmailid); + closeopenmail($dbsocket,$testmailid); + } + if ( $PurgeSQLQueryResults ) { + echo "
    SUCCESS!!
    \n"; + pg_freeresult($PurgeSQLQueryResults) or + die(pg_errormessage() . "\n"); + } else { + echo "
    FAIlED!!
    \n"; + pg_freeresult($PurgeSQLQueryResults) or + die(pg_errormessage() . "\n"); + } + } + } else { + echo "
    The processor you've selected is not stale!

    \n"; + } + } else { + openform("processor.php","post",2,1,0); + formfield("userid","Hidden",3,1,0,200,200,$userid); + formsubmit("Toggle Suspension",3,1,1); + closeform(); + echo ""; + echo "\n\n"; + formfield("userid","Hidden",3,0,0,10,10,$userid); + closeform(); + + /* $SQLQuery="select * from Syslog_TProcessorProfile where TLogin_ID=$userid"; */ + $SQLQuery="select TProcessorProfile_ID,Syslog_THost.THost_Host from Syslog_TProcessorProfile where Syslog_TProcessorProfile.TLogin_ID=$userid and Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID order by Syslog_THost.THost_Host"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + echo "\n"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tprocessorprofile_id)); + $host=pgdatatrim($SQLQueryResultsObject->thost_host); + echo ""; + formfield("userid","Hidden",3,1,0,10,10,$userid); + formfield("id","Hidden",3,1,0,10,10,$id); + formfield("host","Hidden",3,1,0,10,128,$host); + closeform(); + } + } + echo "
    ActionHost
    "; + openform("processor.php","post",2,1,0); + formsubmit("Save",3,1,0); + echo ""; + + hostdropdown ($dbsocket, $sec_dbsocket,"hostid",$REMOTE_ID,$group,0,0,0,1,"",1); + echo "
    ActionHost
    "; + openform("processor.php","post",2,1,0); + echo ''; + echo "$host
    "; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/reports/cisco-pix-bandwidthbreakdown.php b/html/reports/cisco-pix-bandwidthbreakdown.php new file mode 100644 index 0000000..dfe4dd4 --- /dev/null +++ b/html/reports/cisco-pix-bandwidthbreakdown.php @@ -0,0 +1,533 @@ +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + $begintime=time(); + if ( $SERVER_PORT != 443 ) { + echo "This page must be accessed with SSL
    \n"; + exit; + } + require_once('/opt/apache/htdocs/login/lib/pgsql.php'); + require_once('/opt/apache/htdocs/login/lib/generalweb.php'); + require_once('/opt/apache/htdocs/login/lib/secframe.php'); + require_once('/opt/apache/htdocs/login/lib/pix.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp'); + if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $group=0; + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $HeaderText="Reports

    \n"; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; + + $totalrows=0; + $ftpcount=0; + $ftp=0; + $httpcount=0; + $http=0; + $https=0; + $httpscount=0; + $dnsudpcount=0; + $dnsudp=0; + $dnstcpcount=0; + $dnstcp=0; + $telnet=0; + $telnetcount=0; + $ssh=0; + $sshcount=0; + + /* Port 25 tcp */ + $smtp=0; + $smtpcount=0; + + /* Port 465 tcp */ + $smtps=0; + $smtpscount=0; + + /* Port 161 udp */ + $snmp=0; + $snmpcount=0; + + /* Port 162 udp */ + $snmptrap=0; + $snmptrapcount=0; + + $gopher=0; + $gophercount=0; + + /* Port 110 tcp */ + $pop3=0; + $pop3count=0; + + /* Port 995 tcp */ + $pop3s=0; + $pop3scount=0; + + $nntp=0; + $nntpcount=0; + $ntp=0; + $ntpcount=0; + + /* 69 udp */ + $tftp=0; + $tftpcount=0; + + /* Port 143 */ + $imap=0; + $imapcount=0; + + /* Port 993 */ + $imaps=0; + $imapscount=0; + + /* Port 135 */ + $locservudp=0; + $locservudpcount=0; + $locservtcp=0; + $locservtcpcount=0; + + /* Port 137 */ + $netbiosnsudp=0; + $netbiosnsudpcount=0; + $netbiosnstcp=0; + $netbiosnstcpcount=0; + + /* Port 138 */ + $netbiosdgmudp=0; + $netbiosdgmudpcount=0; + $netbiosdgmtcp=0; + $netbiosdgmtcpcount=0; + + /* Port 139 */ + $netbiosssnudp=0; + $netbiosssnudpcount=0; + $netbiosssntcp=0; + $netbiosssntcpcount=0; + + /* Other */ + $othertcp=0; + $othertcpcount=0; + $otherudp=0; + $otherudpcount=0; + $other=0; + $othercount=0; + + $goodrows=0; + if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; } + + $time1=$hour . ":" . $minute . ":00"; + $date1=$month . "-" . $day . "-" . $year; + $date2=$month2 . "-" . $day2 . "-" . $year2; + $time2=$hour2 . ":" . $minute2 . ":00"; + + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp=mktime($hour,$minute,0,$loop,$day,$year); + } + } + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2); + } + } + + $BaseSQLQuery="select TSyslog_ID, TSyslog.date, TSyslog.Time, TSyslog.host, TSyslog.message, TSyslog.Severity, TSyslog.Facility from TSyslog"; + $alldata=0; + +%> + + + +<% echo $PageTitle; %> + + +<% + $firsttimethrough=1; + + while ( ! $alldata ) { + $SQLQuery = $BaseSQLQuery; + if ( $datatype == 1 ) { + $host=gethost($dbsocket,$hostid); + $SQLQuery = $SQLQuery . " where host='$host' and "; + } + if ( $datatype == 2 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and "; + } + if ( $datatype == 3 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and "; + } + if ( $datatype == 4 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( TSyslog.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid ) and "; + } + if ( ! $firsttimethrough ) { + $date1=$newstartdate; + $time1=$newstarttime; + $temphour=substr($time1,0,2); + $tempmin=substr($time1,3,2); + $tempsec=substr($time1,6,2); + $tempyear=substr($date1,0,4); + $tempmonth=substr($date1,5,2); + $tempday=substr($date1,8,2); + $tempday=$tempday + 1 ; + $tempday=$tempday - 1 ; + $timestamp=mktime($temphour,$tempmin,$tempsec,$tempmonth,$tempday,$tempyear); + $tempmonth = date("M",mktime(0,0,0,$tempmonth,1,2002)); + + $date1=$tempmonth . "-" . $tempday . "-" . $tempyear; + } + + if ( $date1 == $date2 ) { + $SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')"; + } + + if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year1 == $year2 ) ) { + $SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " . + "( date = '$date2' and time <= '$time2' ) ) "; + } + if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) { + $SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " . + "( date > '$date1' and date < '$date2' ) or " . + "( date = '$date2' and time <= '$time2' ) )"; + } + if ( ! $firsttimethrough ) { + $SQLQuery = $SQLQuery . $SQLQueryDate . " and tsyslog_id > $lastid order by date, time, TSyslog_ID limit 50"; + } else { + $SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID limit 50"; + } + + echo " "; + + if ( $timestamp <= $timestamp2 ) { + echo "SQL Query: $SQLQuery
    \n"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + } else { + $SQLNumRows = 0; + } + $totalrows = $totalrows + $SQLNumRows; + if ( ( $SQLNumRows == 0 ) || ( $SQLNumRows < 50 ) ) { + $alldata = 1 ; + } else { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,49) or + die(pg_errormessage()."
    \n"); + $newstartdate=pgdatatrim($SQLQueryResultsObject->date); + $newstarttime=pgdatatrim($SQLQueryResultsObject->time); + $lastid=pgdatatrim($SQLQueryResultsObject->tsyslog_id); + } + $firsttimethrough=0; + + + if ( $SQLNumRows != 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $host=pgdatatrim($SQLQueryResultsObject->host); + $message=pgdatatrim($SQLQueryResultsObject->message); + $date=pgdatatrim($SQLQueryResultsObject->date); + $time=pgdatatrim($SQLQueryResultsObject->time); + if ( $reporttype == 3 ) { + if ( ereg("^%PIX-6-302002",$message) ) { + $goodrows++; + $stringtoken = strtok($message," \\"); + $count=0; + while ( $stringtoken ) { + $count++; + $stringtoken = strtok(" \\"); + switch ($count) { + case 2: + $protocol=$stringtoken; + break; + case 6: + $faddr=$stringtoken; + $faddrport=substr(strstr($faddr,'/'),1); + $faddr=substr($faddr,0,(strlen($faddr) - (strlen($faddrport) + 1))); + break; + case 8: + $gaddr=$stringtoken; + $gaddrport=substr(strstr($gaddr,'/'),1); + $gaddr=substr($gaddr,0,(strlen($gaddr) - (strlen($gaddrport) + 1))); + break; + case 10: + $laddr=$stringtoken; + $laddrport=substr(strstr($laddr,'/'),1); + $laddr=substr($laddr,0,(strlen($laddr) - (strlen($laddrport) + 1))); + break; + case 12: + $duration=$stringtoken; + break; + case 14: + $bytes=$stringtoken; + break; + } + } + + $workport=0; + if ( $laddrport < 1024 ) { $workport = $laddrport; + } else { + if ( $faddrport < 1024 ) { $workport = $faddrport; } + } + if ( $workport == 0 ) { $workport = $laddrport; } + /* Time to Add Protocols Up */ + $counted=0; + if ( $protocol == "TCP" ) { + switch ($workport) { + case 20: + case 21: + $ftpcount++; + $ftp = $ftp + $bytes; + $counted=1; + break; + case 22: + $sshcount++; + $ssh = $ssh + $bytes; + $counted=1; + break; + case 23: + $telnetcount++; + $telnet = $telnet + $bytes; + $counted=1; + break; + case 25: + $smtpcount++; + $smtp = $smtp + $bytes; + $counted=1; + break; + case 53: + $dnstcpcount++; + $dnstcp = $dnstcp + $bytes; + $counted=1; + break; + case 70: + $gophercount++; + $gopher = $gopher + $bytes; + $counted=1; + $break; + case 80: + $httpcount++; + $http = $http + $bytes; + $counted=1; + break; + case 110: + $pop3count++; + $pop3 = $pop3 + $bytes; + $counted=1; + break; + case 119: + $nntpcount++; + $nntp = $nntp + $bytes; + $counted=1; + break; + case 135: + $locservtcpcount++; + $locservtcp = $locservtcp + $bytes; + $counted=1; + break; + case 137: + $netbiosnstcpcount++; + $netbiosnstcp = $netbiosnstcp + $bytes; + $counted=1; + break; + case 138: + $netbiosdgmtcpcount++; + $netbiosdgmtcp = $netbiosdgmtcp + $bytes; + $counted=1; + break; + case 139: + $netbiosssntcpcount++; + $netbiosssntcp = $netbiosssntcp + $bytes; + $counted=1; + break; + case 143: + $imapcount++; + $imap = $imap + $bytes; + $counted=1; + break; + case 443: + $httpscount++; + $https = $https + $bytes; + $counted=1; + break; + case 465: + $smtpscount++; + $smtps = $smtps + $bytes; + $counted=1; + break; + case 993: + $imapscount++; + $imaps = $imaps + $bytes; + $counts=1; + break; + case 995: + $pop3scount++; + $pop3s = $pop3s + $bytes; + $counted=1; + break; + default: + $counted=1; + $othertcpcount++; + $othertcp = $othertcp + $bytes ; + break; + } + } + if ( $protocol == "UDP" ) { + switch ($workport) { + case 53: + $dnsudpcount++; + $dnsudp = $dnsudp + $bytes; + $counted=1; + break; + case 69: + $tftpcount++; + $tftp = $tftp + $bytes; + $counted=1; + break; + case 135: + $locservudpcount++; + $locservudp = $locservudp + $bytes; + $counted=1; + break; + case 137: + $netbiosnsudpcount++; + $netbiosnsudp = $netbiosnsudp + $bytes; + $counted=1; + break; + case 138: + $netbiosdgmudpcount++; + $netbiosdgmudp = $netbiosdgmudp + $bytes; + $counted=1; + break; + case 139: + $netbiosssnudpcount++; + $netbiosssnudp = $netbiosssnudp + $bytes; + $counted=1; + break; + case 161: + $snmpcount++; + $snmp = $snmp + $bytes; + $counted=1; + break; + case 162: + $snmptrapcount++; + $snmptrap = $snmptrap + $bytes; + $counted=1; + break; + default: + $counted=1; + $otherudpcount++; + $otherudp = $otherudp + $bytes ; + break; + } + } + if ( ! $counted ) { + $othercount++; + $other = $other + $bytes; + } + } + } + } + } + if ( $SQLNumRows > 0 ) { + pg_freeresult($SQLQueryResults) or + die(pg_errormessage()."
    \n"); + } + } + startbody(); + echo $HeaderText; + echo "Report Type: " . reporttypename($reporttype) . "

    \n"; + + echo "Report Timeframe: $date1 $time1 to $date2 $time2
    \n"; + echo "$goodrows rows valid in data set of $totalrows.

    \n"; + + echo "" . + "\n"; + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo "
    ProtocolTCP/UDP/Other# of ConnectionsBytes TX'd/RX'dProtocolTCP/UDP/Other# of ConnectionsBytes TX'd/RX'd
    FTPTCP$ftpcount$ftpSSHTCP$sshcount$ssh
    TelnetTCP$telnetcount$telnetTFTPUDP$tftpcount$tftp
    HTTPTCP$httpcount$httpHTTPSTCP$httpscount$https
    GopherTCP$gophercount$gopherNNTPTCP$nntpcount$nntp
    SMTPTCP$smtpcount$smtpSMTPSTCP$smtpscount$smtps
    POP3TCP$pop3count$pop3POP3STCP$pop3scount$pop3s
    IMAPTCP$imapcount$imapIMAPSTCP$imapscount$imaps
    LocServeTCP$locservtcpcount$locservtcpLocServeUDP$locservudpcount$locservudp
    Netbios-NSTCP$netbiosnstcpcount$netbiosnstcpNetbios-NSUDP$netbiosnsudpcount$netbiosnsudp
    Netbios-DGMTCP$netbiosdgmtcpcount$netbiosdgmtcpNetbios-DGMUDP$netbiosdgmudpcount$netbiosdgmudp
    Netbios-SSNTCP$netbiosssntcpcount$netbiosssntcpNetbios-SSNUDP$netbiosssnudpcount$netbiosssnudp
    DNSTCP$dnstcpcount$dnstcpDNSUDP$dnsudpcount$dnsudp
    SNMPUDP$snmpcount$snmptrapSNMP TrapUDP$snmptrapcount$snmptrap
    OtherTCP$othertcpcount$othertcpOtherUDP$otherudpcount$otherudp
    Other ProtocolsOther$othercount$other
    "; + + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + echo $FooterText; +%> + + +<% + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/reports/severity-facility.php b/html/reports/severity-facility.php new file mode 100644 index 0000000..f38bb95 --- /dev/null +++ b/html/reports/severity-facility.php @@ -0,0 +1,488 @@ +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + $begintime=time(); + if ( $SERVER_PORT != 443 ) { + echo "This page must be accessed with SSL
    \n"; + exit; + } + require_once('/opt/apache/htdocs/login/lib/pgsql.php'); + require_once('/opt/apache/htdocs/login/lib/generalweb.php'); + require_once('/opt/apache/htdocs/login/lib/secframe.php'); + require_once('/opt/apache/htdocs/login/lib/pix.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp'); + if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $group=0; + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $HeaderText="Reports

    \n"; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; + + if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; } + + $time1=$hour . ":" . $minute . ":00"; + $date1=$month . "-" . $day . "-" . $year; + $date2=$month2 . "-" . $day2 . "-" . $year2; + $time2=$hour2 . ":" . $minute2 . ":00"; + + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp=mktime($hour,$minute,0,$loop,$day,$year); + } + } + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2); + } + } + + $SQLQuery="select host,count(severity),severity from TSyslog group by host,severity "; + if ( $datatype == 1 ) { + $host=gethost($dbsocket,$hostid); + $SQLQuery = $SQLQuery . " where host='$host' and "; + } + if ( $datatype == 2 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and "; + } + if ( $datatype == 3 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and "; + } + if ( $datatype == 4 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( TSyslog.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid ) and "; + } + + if ( $date1 == $date2 ) { + $SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')"; + } + + if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year1 == $year2 ) ) { + $SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " . + "( date = '$date2' and time <= '$time2' ) ) "; + } + if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) { + $SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " . + "( date > '$date1' and date < '$date2' ) or " . + "( date = '$date2' and time <= '$time2' ) )"; + } + $SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID"; + + if ( $timestamp <= $timestamp2 ) { + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + } else { + $SQLNumRows = 0; + } + + if ( $reporttype == 3 ) { + $ftpcount=0; + $ftp=0; + $httpcount=0; + $http=0; + $https=0; + $httpscount=0; + $dnsudpcount=0; + $dnsudp=0; + $dnstcpcount=0; + $dnstcp=0; + $telnet=0; + $telnetcount=0; + $ssh=0; + $sshcount=0; + + /* Port 25 tcp */ + $smtp=0; + $smtpcount=0; + + /* Port 465 tcp */ + $smtps=0; + $smtpscount=0; + + /* Port 161 udp */ + $snmp=0; + $snmpcount=0; + + /* Port 162 udp */ + $snmptrap=0; + $snmptrapcount=0; + + $gopher=0; + $gophercount=0; + + /* Port 110 tcp */ + $pop3=0; + $pop3count=0; + + /* Port 995 tcp */ + $pop3s=0; + $pop3scount=0; + + $nntp=0; + $nntpcount=0; + $ntp=0; + $ntpcount=0; + + /* 69 udp */ + $tftp=0; + $tftpcount=0; + + /* Port 143 */ + $imap=0; + $imapcount=0; + + /* Port 993 */ + $imaps=0; + $imapscount=0; + + /* Port 135 */ + $locservudp=0; + $locservudpcount=0; + $locservtcp=0; + $locservtcpcount=0; + + /* Port 137 */ + $netbiosnsudp=0; + $netbiosnsudpcount=0; + $netbiosnstcp=0; + $netbiosnstcpcount=0; + + /* Port 138 */ + $netbiosdgmudp=0; + $netbiosdgmudpcount=0; + $netbiosdgmtcp=0; + $netbiosdgmtcpcount=0; + + /* Port 139 */ + $netbiosssnudp=0; + $netbiosssnudpcount=0; + $netbiosssntcp=0; + $netbiosssntcpcount=0; + + /* Other */ + $othertcp=0; + $othertcpcount=0; + $otherudp=0; + $otherudpcount=0; + $other=0; + $othercount=0; + + } +%> + + + +<% echo $PageTitle; %> + + +<% + startbody(); + echo $HeaderText; + echo "Report Type: " . reporttypename($reporttype) . "

    \n"; + + echo "Report Timeframe: $date1 $time1 to $date2 $time2
    \n"; + + if ( $SQLNumRows != 0 ) { + $goodrows=0; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $host=pgdatatrim($SQLQueryResultsObject->host); + $message=pgdatatrim($SQLQueryResultsObject->message); + $date=pgdatatrim($SQLQueryResultsObject->date); + $time=pgdatatrim($SQLQueryResultsObject->time); + if ( $reporttype == 3 ) { + if ( ereg("^%PIX-6-302002",$message) ) { + $goodrows++; + $stringtoken = strtok($message," \\"); + $count=0; + while ( $stringtoken ) { + $count++; + $stringtoken = strtok(" \\"); + switch ($count) { + case 2: + $protocol=$stringtoken; + break; + case 6: + $faddr=$stringtoken; + $faddrport=substr(strstr($faddr,'/'),1); + $faddr=substr($faddr,0,(strlen($faddr) - (strlen($faddrport) + 1))); + break; + case 8: + $gaddr=$stringtoken; + $gaddrport=substr(strstr($gaddr,'/'),1); + $gaddr=substr($gaddr,0,(strlen($gaddr) - (strlen($gaddrport) + 1))); + break; + case 10: + $laddr=$stringtoken; + $laddrport=substr(strstr($laddr,'/'),1); + $laddr=substr($laddr,0,(strlen($laddr) - (strlen($laddrport) + 1))); + break; + case 12: + $duration=$stringtoken; + break; + case 14: + $bytes=$stringtoken; + break; + } + } + + $workport=0; + if ( $laddrport < 1024 ) { $workport = $laddrport; + } else { + if ( $faddrport < 1024 ) { $workport = $faddrport; } + } + if ( $workport == 0 ) { $workport = $laddrport; } + /* Time to Add Protocols Up */ + $counted=0; + if ( $protocol == "TCP" ) { + switch ($workport) { + case 20: + case 21: + $ftpcount++; + $ftp = $ftp + $bytes; + $counted=1; + break; + case 22: + $sshcount++; + $ssh = $ssh + $bytes; + $counted=1; + break; + case 23: + $telnetcount++; + $telnet = $telnet + $bytes; + $counted=1; + break; + case 25: + $smtpcount++; + $smtp = $smtp + $bytes; + $counted=1; + break; + case 53: + $dnstcpcount++; + $dnstcp = $dnstcp + $bytes; + $counted=1; + break; + case 70: + $gophercount++; + $gopher = $gopher + $bytes; + $counted=1; + $break; + case 80: + $httpcount++; + $http = $http + $bytes; + $counted=1; + break; + case 110: + $pop3count++; + $pop3 = $pop3 + $bytes; + $counted=1; + break; + case 119: + $nntpcount++; + $nntp = $nntp + $bytes; + $counted=1; + break; + case 135: + $locservtcpcount++; + $locservtcp = $locservtcp + $bytes; + $counted=1; + break; + case 137: + $netbiosnstcpcount++; + $netbiosnstcp = $netbiosnstcp + $bytes; + $counted=1; + break; + case 138: + $netbiosdgmtcpcount++; + $netbiosdgmtcp = $netbiosdgmtcp + $bytes; + $counted=1; + break; + case 139: + $netbiosssntcpcount++; + $netbiosssntcp = $netbiosssntcp + $bytes; + $counted=1; + break; + case 143: + $imapcount++; + $imap = $imap + $bytes; + $counted=1; + break; + case 443: + $httpscount++; + $https = $https + $bytes; + $counted=1; + break; + case 465: + $smtpscount++; + $smtps = $smtps + $bytes; + $counted=1; + break; + case 993: + $imapscount++; + $imaps = $imaps + $bytes; + $counts=1; + break; + case 995: + $pop3scount++; + $pop3s = $pop3s + $bytes; + $counted=1; + break; + default: + $counted=1; + $othertcpcount++; + $othertcp = $othertcp + $bytes ; + break; + } + } + if ( $protocol == "UDP" ) { + switch ($workport) { + case 53: + $dnsudpcount++; + $dnsudp = $dnsudp + $bytes; + $counted=1; + break; + case 69: + $tftpcount++; + $tftp = $tftp + $bytes; + $counted=1; + break; + case 135: + $locservudpcount++; + $locservudp = $locservudp + $bytes; + $counted=1; + break; + case 137: + $netbiosnsudpcount++; + $netbiosnsudp = $netbiosnsudp + $bytes; + $counted=1; + break; + case 138: + $netbiosdgmudpcount++; + $netbiosdgmudp = $netbiosdgmudp + $bytes; + $counted=1; + break; + case 139: + $netbiosssnudpcount++; + $netbiosssnudp = $netbiosssnudp + $bytes; + $counted=1; + break; + case 161: + $snmpcount++; + $snmp = $snmp + $bytes; + $counted=1; + break; + case 162: + $snmptrapcount++; + $snmptrap = $snmptrap + $bytes; + $counted=1; + break; + default: + $counted=1; + $otherudpcount++; + $otherudp = $otherudp + $bytes ; + break; + } + } + if ( ! $counted ) { + $othercount++; + $other = $other + $bytes; + } + } + } + } + } + echo "$goodrows rows valid in data set of $SQLNumRows.

    \n"; + + echo "" . + "\n"; + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo ""; + echo "\n"; + + echo "
    ProtocolTCP/UDP/Other# of ConnectionsBytes TX'd/RX'dProtocolTCP/UDP/Other# of ConnectionsBytes TX'd/RX'd
    FTPTCP$ftpcount$ftpSSHTCP$sshcount$ssh
    TelnetTCP$telnetcount$telnetTFTPUDP$tftpcount$tftp
    HTTPTCP$httpcount$httpHTTPSTCP$httpscount$https
    GopherTCP$gophercount$gopherNNTPTCP$nntpcount$nntp
    SMTPTCP$smtpcount$smtpSMTPSTCP$smtpscount$smtps
    POP3TCP$pop3count$pop3POP3STCP$pop3scount$pop3s
    IMAPTCP$imapcount$imapIMAPSTCP$imapscount$imaps
    LocServeTCP$locservtcpcount$locservtcpLocServeUDP$locservudpcount$locservudp
    Netbios-NSTCP$netbiosnstcpcount$netbiosnstcpNetbios-NSUDP$netbiosnsudpcount$netbiosnsudp
    Netbios-DGMTCP$netbiosdgmtcpcount$netbiosdgmtcpNetbios-DGMUDP$netbiosdgmudpcount$netbiosdgmudp
    Netbios-SSNTCP$netbiosssntcpcount$netbiosssntcpNetbios-SSNUDP$netbiosssnudpcount$netbiosssnudp
    DNSTCP$dnstcpcount$dnstcpDNSUDP$dnsudpcount$dnsudp
    SNMPUDP$snmpcount$snmptrapSNMP TrapUDP$snmptrapcount$snmptrap
    OtherTCP$othertcpcount$othertcpOtherUDP$otherudpcount$otherudp
    Other ProtocolsOther$othercount$other
    "; + + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + echo $FooterText; +%> + + +<% + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/reports/vpnuserusage.php b/html/reports/vpnuserusage.php new file mode 100644 index 0000000..ca524bb --- /dev/null +++ b/html/reports/vpnuserusage.php @@ -0,0 +1,229 @@ +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + $begintime=time(); + if ( $SERVER_PORT < 443 ) { + echo "This page must be accessed with SSL
    \n"; + exit; + } + require_once('/opt/apache/htdocs/login/lib/pgsql.php'); + require_once('/opt/apache/htdocs/login/lib/generalweb.php'); + require_once('/opt/apache/htdocs/login/lib/secframe.php'); + require_once('/opt/apache/htdocs/login/lib/pix.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp'); + if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $group=0; + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators'); + if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $HeaderText="Reports

    \n"; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; + + if ( ! $datatype ) { $datatype = 1; } + if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; } + + $time1=$hour . ":" . $minute . ":00"; + $date1=$month . "-" . $day . "-" . $year; + $date2=$month2 . "-" . $day2 . "-" . $year2; + $time2=$hour2 . ":" . $minute2 . ":59"; + + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp=mktime($hour,$minute,0,$loop,$day,$year); + } + } + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2); + } + } + + $SQLQuery="select host,date,time,message,tsyslog_id from Syslog_TArchive "; + if ( $datatype == 1 ) { + $host=gethost($dbsocket,$hostid); + $SQLQuery = $SQLQuery . " where host='$host' and "; + } + if ( $datatype == 2 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TArchive.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and "; + } + if ( $datatype == 3 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and "; + } + if ( $datatype == 4 ) { + $SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid ) and "; + } + + if ( $date1 == $date2 ) { + $SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')"; + } + + if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year == $year2 ) ) { + echo "HI
    \n"; + $SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " . + "( date = '$date2' and time <= '$time2' ) ) "; + } + if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) { + $SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " . + "( date > '$date1' and date < '$date2' ) or " . + "( date = '$date2' and time <= '$time2' ) )"; + } + $SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID"; + + if ( $timestamp <= $timestamp2 ) { + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + } else { + $SQLNumRows = 0; + } + +%> + + + +<% echo $PageTitle; %> + + +<% + startbody(); + echo $HeaderText; + echo "Report Type: " . reporttypename($reporttype) . "

    \n"; + + echo "Report Timeframe: $date1 $time1 to $date2 $time2
    \n"; + + if ( $SQLNumRows != 0 ) { + echo "\n"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $host=pgdatatrim($SQLQueryResultsObject->host); + $message=pgdatatrim($SQLQueryResultsObject->message); + $date=pgdatatrim($SQLQueryResultsObject->date); + $time=pgdatatrim($SQLQueryResultsObject->time); + if ( ( ereg("Bytes xmt",$message) ) && ( ereg("Bytes rcv",$message) ) ) { + $break=0; + $stringtoken = strtok($message," "); + $stage=0; + $ip=0; + $user=""; + $ip=0; + $duration=0; + $group=0; + $groupdesc=""; + $rx=-98132984712; + $tx=0; + $reason=0; + /* Parse the message */ + $countarrayelements=count(split(" ",$message)); + /* echo "\n"; */ + while ( $break != $countarrayelements ) { + $break++; + $token = strtok(" "); + if ( ( $stage ) && ( ! $ip ) ) { + $ip=$token; + } + if ( ( $stage ) && ( $user == 1 ) ) { + $user=substr($token,1,strlen($token) -3 ) ; + } + if ( ( $stage ) && ( $group == 2 ) && ( $token != "disconnected:" ) ) { + $groupdesc=$groupdesc . " $token"; + } + if ( ( $stage ) && ( $group == 2 ) && ( $token == "disconnected:" ) ) { + $group = 0; + } + if ( ( $stage ) && ( $group == 1 ) ) { + $groupdesc=$token; + $group=2; + } + if ( ( $stage ) && ( $duration == "1" ) ) { + $duration=$token; + } + if ( ( $stage ) && ( $tx == 1 ) ) { + $tx=$token; + } + if ( ( $stage ) && ( $token != "Reason:" ) && ( $reason != "0" ) ) { + $reason = $reason . " " . $token; + } + if ( ( $stage ) && ( $rx == -98132984712 ) ) { + $rx=$token; + $reason=""; + } + if ( $stage ) { + if ( ( $token == "User" ) && ( strlen($user) <= 1 ) ) { $user=1; } + if ( $token == "Duration:" ) { $duration=1; } + if ( $token == "Group" ) { $group=1; } + if ( $token == "xmt:" ) { $tx=1; } + if ( $token == "rcv:" ) { $rx=-98132984712; } + } + if ( substr($token,0,4) == "RPT=" ) { + $stage=1; + } + } + /* sanitize data based on different vpn software versions */ + + /* Remove trailing ":" */ + if ( substr($ip,strlen($ip)-1,1) == ":" ) { + $ip = substr($ip,0,strlen($ip)-1); + } + /* Remove [s */ + if ( substr($groupdesc,0,1) == "[" ) { + $groupdesc = substr($groupdesc,1,strlen($groupdesc)); + } + /* Remove ]s */ + if ( substr($groupdesc,strlen($groupdesc)-1,1) == "]" ) { + $groupdesc = substr($groupdesc,0,strlen($groupdesc)-1); + } + echo "\n"; + } + } + echo "
    Disconnect Date & TimeVPN DeviceUserGroupIP AddressDurationTX BytesRX BytesDisconnect Reason
    message: $message
    $date $time$host$user$groupdesc$ip$duration$tx$rx$reason
    "; + } + if ( $SQLNumRows > 0 ) { + pg_freeresult($SQLQueryResults) or + die(pg_errormessage()."
    \n"); + } + + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + echo $FooterText; +%> + + +<% + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/rule.php b/html/rule.php new file mode 100644 index 0000000..65a6ce8 --- /dev/null +++ b/html/rule.php @@ -0,0 +1,602 @@ +\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id)); + $alert=pgdatatrim($SQLQueryResultsObject->trule_logalert); + $email=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email)); + $expression=pgdatatrim($SQLQueryResultsObject->trule_expression); + $desc=pgdatatrim($SQLQueryResultsObject->trule_desc); + $startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity)); + $stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity)); + $startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility)); + $stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility)); + $ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel)); + $launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id)); + $newid=getnextid ($dbsocket, "syslog_trule_trule_id_seq"); + $threshold=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold)); + $thresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype)); + $starttime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime)); + $endtime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime)); + $timertype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype)); + $daysofweek=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek)); + + clonehostrule($dbsocket,$newid,$destination,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek); + if ( numdenials($dbsocket,1,$id) ) { + clonedenials($dbsocket,$id,$newid); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + $hostid=$destination; + $ruletype=2; + } + + if ( $ruletype == 1 ) { + if ( $subaction == "save" ) { + if ( strval($id) < 1 ) { + addpremaderule($dbsocket,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype); + $id=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_ID',"TPremade_Desc='".$desc."'"))); + } else { + updatepremaderule($dbsocket,$id,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype); + } + } + if ( ( $action == "Add Deny Rule" ) && ( strval($id) > 0 ) ){ + addblankdenypremade($dbsocket,$id); + } + if ( $subaction == "savedeny" ) { + if ( $action == "Save" ) { + updatedenial($dbsocket,2,$denyid,$denyexp,$denystartfacility,$denystopfacility,$denystartseverity,$denystopseverity); + } + } + if ( ( $id != "" ) && ( $action != "Add" ) ) { + $SQLQuery="select * from Syslog_TPremade where TPremade_ID=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $code=pgdatatrim($SQLQueryResultsObject->tpremade_code); + $desc=pgdatatrim($SQLQueryResultsObject->tpremade_desc); + $typeid=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremadetype_id)); + $ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_premadeorlevel)); + $startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_startseverity)); + $stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_stopseverity)); + $startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_startfacility)); + $stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_stopfacility)); + $launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id)); + $threshold=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_threshold)); + $thresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_thresholdtype)); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } else { + $id=""; + $code=""; + $desc=""; + } + } + + if ( $ruletype == 2 ) { + if ( $action == "Save New" ) { + $host = gethost($dbsocket,$hostid); + if ( $alert != 1 ) { $alert=0; } + if ( $exptype == 2 ) { + $cnt=count($premadeid); + for ( $loop = 0 ; $loop != $cnt ; $loop ++ ) { + $preid=$premadeid[($loop)]; + $expression=pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Code',"TPremade_ID=$preid")); + $desc=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Desc',"TPremade_ID=$preid"))); + $ruleorlevel=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_premadeorlevel',"TPremade_ID=$preid"))); + $startseverity=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StartSeverity',"TPremade_ID=$preid"))); + $stopseverity=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StopSeverity',"TPremade_ID=$preid"))); + $startfacility=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StartFacility',"TPremade_ID=$preid"))); + $stopfacility=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Stopfacility',"TPremade_ID=$preid"))); + $launchid=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TLaunch_ID',"TPremade_ID=$preid"))); + $threshold=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Threshold',"TPremade_ID=$preid"))); + $thresholdtype=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_ThresholdType',"TPremade_ID=$preid"))); + + $starttime=mktime($starthour,$startminute,0,numberofmonth($startmonth),$startday,$startyear); + $endtime=mktime($stophour,$stopminute,0,numberofmonth($stopmonth),$stopday,$stopyear); + + $newdaysofweek=0; + for ( $dayloop=0; $dayloop != count($daysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$daysofweek[$dayloop]; } + $daysofweek=$newdaysofweek; + + addhostrule($dbsocket,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek); + + } + } else { + $starttime=mktime($starthour,$startminute,0,numberofmonth($startmonth),$startday,$startyear); + $endtime=mktime($stophour,$stopminute,0,numberofmonth($stopmonth),$stopday,$stopyear); + $newdaysofweek=0; + for ( $dayloop=0; $dayloop != count($daysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$daysofweek[$dayloop]; } + $daysofweek=$newdaysofweek; + addhostrule($dbsocket,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek); + } + } + if ( ( $action == "Delete" ) && ( $subaction != "ruledeny" ) ) { + dropruleid($dbsocket,$ruleid); + dropdenial($dbsocket,1,$ruleid); + } + if ( ( $action == "Save" ) && ( $subaction != "ruledeny" ) ) { + if ( $alert != 1 ) { $alert=0; } + + $rulestarttime=mktime($rulestarthour,$rulestartminute,0,numberofmonth($rulestartmonth),$rulestartday,$rulestartyear); + $ruleendtime=mktime($rulestophour,$rulestopminute,0,numberofmonth($rulestopmonth),$rulestopday,$rulestopyear); + $newdaysofweek=0; + for ( $dayloop=0; $dayloop != count($ruledaysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$ruledaysofweek[$dayloop]; } + $ruledaysofweek=$newdaysofweek; + updatehostrule($dbsocket,$ruleid,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$rulethreshold,$rulethresholdtype,$rulestarttime,$ruleendtime,$ruletimertype,$ruledaysofweek); + } + if ( $subaction == "ruledeny" ) { + if ( $action == "Delete" ) { dropdenial($dbsocket,1,$denyid); } + if ( $action == "Save" ) { + updatedenial($dbsocket,1,$denyid,$denyexp,$denystartfacility,$denystopfacility,$denystartseverity,$denystopseverity); + } + } + } + + $PageTitle="Syslog Management Tool"; + do_header($PageTitle, 'rule'); + if ( $ruletype == 1 ) { + + /* This section is for manipulating premade rules */ + + if ( ( $action == "Delete" ) && ( $subaction == "savedeny" ) ) { dropdenial($dbsocket,2,$denyid); } + if ( ( $action == "Delete" ) && ( $subaction != "savedeny" ) ) { + if ( droppremade($dbsocket,$id) ) { + dropdenial($dbsocket,2,$id); + echo "Delete Successfull
    \n"; + } else { + echo "Delete Failed!
    \n"; + } + } else { + if ( $startfacility == "" ) { + $startfacility=0; + $stopfacility=23; + $startseverity=0; + $stopseverity=7; + } + openform("rule.php","post",2,1,0); + formfield("ruletype","Hidden",3,1,0,10,10,1); + formfield("id","Hidden",3,1,0,10,10,$id); + formfield("subaction","Hidden",3,1,0,10,10,"save"); + echo "Expression: "; + formfield("code","text",3,1,1,60,80,$code); + echo "Problem/Resolution Description: "; + formfield("desc","text",3,1,1,60,256,$desc); + echo "Premade Type: "; + premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid); + echo "Facility Range: "; + facilitydropdown("startfacility",1,0,0,1,$startfacility); + echo " to "; + facilitydropdown("stopfacility",1,1,1,1,$stopfacility); + echo "Severity Range: "; + severitydropdown("startseverity",1,0,0,1,$startseverity); + echo " to "; + severitydropdown("stopseverity",1,1,1,1,$stopseverity); + echo "Rule Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity
    "; + echo "Launch External Program: "; + launchdropdown ($dbsocket, "launchid",0,1,1,1,$launchid); + echo "Threshold Type: None "; + echo "Supression Threshold "; + echo "Accumulating Threshold
    \n"; + + echo "Threshold: "; + thresholddropdown('threshold', 0, 0, 1, 1,$threshold); + formsubmit("Add Deny Rule",3,1,0); + formsubmit("Save",3,1,0); + formreset("Reset",3,1,0); + closeform(); + if ( numdenials($dbsocket,2,$id) ) { + $SQLQuery="select * from Syslog_TPremadeDeny where TPremade_ID=$id order by TPremadeDeny_ID"; + $DenySQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $DenySQLNumRows = pg_numrows($DenySQLQueryResults); + if ( $DenySQLNumRows ) { + for ( $denyloop=0 ; $denyloop != $DenySQLNumRows ; $denyloop++ ) { + $DenySQLQueryResultsObject = pg_fetch_object($DenySQLQueryResults,$denyloop) or + die(pg_errormessage()."
    \n"); + $denyid=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_id)); + $denyexp=pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_expression); + $denystartfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_startfacility)); + $denystopfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_stopfacility)); + $denystartseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_startseverity)); + $denystopseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_stopseverity)); + echo "\n"; + openform("rule.php","post",2,1,0); + formfield("id","Hidden",3,1,0,10,10,$id); + formfield("denyid","Hidden",3,1,0,10,10,$denyid); + formfield("ruletype","Hidden",3,1,0,10,10,1); + formfield("subaction","Hidden",3,1,0,10,10,"savedeny"); + echo ""; + echo "
    ID: $denyid
    "; + echo "Reg. Expression Code: "; + formfield("denyexp","text",3,1,1,60,80,$denyexp); + echo "
    Facility Range: "; + facilitydropdown("denystartfacility",1,0,0,1,$denystartfacility); + echo " to "; + facilitydropdown("denystopfacility",1,1,1,1,$denystopfacility); + echo "Severity Range: "; + severitydropdown("denystartseverity",1,0,0,1,$denystartseverity); + echo " to "; + severitydropdown("denystopseverity",1,1,1,1,$denystopseverity); + echo "
    "; + formsubmit("Save",3,1,0); + formsubmit("Delete",3,1,0); + formreset("Reset",3,1,0); + closeform(); + echo "
    \n"; + } + } + pg_freeresult($DenySQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + } + if ( $ruletype == 2 ) { + + /* This section is for adding new rules to a host */ + + $host = gethost($dbsocket,$hostid); + if ( ( $action == "Add Denial" ) && ( strval($ruleid) > 0 ) ){ + addblankdenyrule($dbsocket,$ruleid); + } + + echo "Host: $host
    \n"; + $SQLQuery="select * from Syslog_TRule where THost_ID = $hostid order by TRule_ID"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + openform("rule.php","post",2,1,0); + formfield("hostid","Hidden",3,1,0,10,10,$hostid); + formfield("ruletype","Hidden",3,1,0,10,10,2); + echo "\n"; + echo "" . + ""; + echo "\n\n\n\n\n"; + echo ""; + echo ""; + + echo "\n"; + echo "\n"; + echo "
    ActionLog AlertEmail AddressExpressionPre-made Rule
    " . + "
    		\n" . + "" . + ""; + pixruledropdown ($dbsocket, "premadeid[]",2,1,0,5,"multiple"); + echo "
    Facility Range: "; + facilitydropdown("startfacility",1,0,0,1,0); + echo " to "; + facilitydropdown("stopfacility",1,0,0,1,23); + echo "Severity Range: "; + severitydropdown("startseverity",1,0,0,1,0); + echo " to "; + severitydropdown("stopseverity",1,0,0,1,7); + echo "
    "; + echo "Rule Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity
    Launch External Program: "; + launchdropdown ($dbsocket, "launchid",0,0,0,1,""); + echo "
    Threshold Type: None "; + echo "Supression Threshold "; + echo "Accumulating Threshold "; + + echo " Threshold: "; + thresholddropdown('threshold', 0, 0, 0, 1,$threshold); + echo "
    Problem/Resolution Description: "; + formfield("desc","text",3,1,0,80,256,""); + echo "
    Rule Timer: None "; + echo "Suspend "; + echo "Delete & Suspend "; + echo "Specified Suspend
    Rule Start:
    Time: " ; + hourdropdown("starthour") ; + echo ":" ; + minutedropdown("startminute") ; + echo "
    \nDate: "; + monthdropdown("startmonth"); + echo "/"; + daydropdown("startday"); + echo "/"; + yeardropdown("startyear"); + echo "    		Rule End:
    Time: "; + hourdropdown("stophour") ; + echo ":" ; + minutedropdown("stopminute") ; + echo "
    Date: "; + monthdropdown("stopmonth"); + echo "/"; + daydropdown("stopday"); + echo "/"; + yeardropdown("stopyear"); + echo "
    "; + dayofweekboxes("daysofweek",0,0,0,$daysofweek) . "\n"; + closeform(); + echo "

    \n"; + if ( $SQLNumRows ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + + /* This section shows rules that are already assigned to the host */ + + echo "\n"; + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id)); + $alert=pgdatatrim($SQLQueryResultsObject->trule_logalert); + $email=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email)); + $expression=pgdatatrim($SQLQueryResultsObject->trule_expression); + $desc=pgdatatrim($SQLQueryResultsObject->trule_desc); + $launchid=pgdatatrim($SQLQueryResultsObject->tlaunch_id); + $startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity)); + $stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity)); + $startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility)); + $stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility)); + $ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel)); + $rulethreshold=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold)); + $rulethresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype)); + $rulestarttime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime)); + $ruleendtime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime)); + $ruletimertype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype)); + $ruledaysofweek=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek)); + + if ( strval($rulestarttime) > 0 ) { + $rulestartmonth=date("M",$rulestarttime); + $rulestartyear=date("Y",$rulestarttime); + $rulestartday=date("j",$rulestarttime); + $rulestarthour=date("G",$rulestarttime); + $rulestartminute=date("i",$rulestarttime); + } + if ( strval($ruleendtime) > 0 ) { + $rulestopmonth=date("M",$ruleendtime); + $rulestopyear=date("Y",$ruleendtime); + $rulestopday=date("j",$ruleendtime); + $rulestophour=date("G",$ruleendtime); + $rulestopminute=date("i",$ruleendtime); + } + + openform("rule.php","post",2,1,0); + formfield("hostid","Hidden",3,1,0,10,10,$hostid); + formfield("ruletype","Hidden",3,1,0,10,10,2); + formfield("ruleid","Hidden",3,1,0,10,10,$id); + echo "'; + echo ""; + echo ""; + echo ""; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
    "; + echo ''; + echo ''; + echo 'ID: $idLog Alert: "; + if ( $alert ) { + echo ""; + } else { + echo ""; + } + echo "EMail: "; + formfield("email","Text",3,1,1,20,80,$email); + echo "Expression: "; + formfield("expression","Text",3,1,1,20,80,$expression); + echo "
    Facility Range: "; + facilitydropdown("startfacility",1,0,0,1,$startfacility); + echo " to "; + facilitydropdown("stopfacility",1,0,0,1,$stopfacility); + echo "Severity Range: "; + severitydropdown("startseverity",1,0,0,1,$startseverity); + echo " to "; + severitydropdown("stopseverity",1,0,0,1,$stopseverity); + echo "
    "; + echo "Rule Type: Expression "; + echo "Facility & Severity "; + echo "Expression w/ Facility & Severity
    Launch External Program: "; + launchdropdown ($dbsocket, "launchid",0,0,0,1,$launchid); + echo "
    Threshold Type: None "; + echo "Supression Threshold "; + echo "Accumulating Threshold "; + + echo " Threshold: "; + thresholddropdown('rulethreshold', 0, 0, 0, 1,$rulethreshold); + echo "
    Problem/Resolution Description: "; + formfield("desc","text",3,1,0,80,256,$desc) ; + + echo "
    Rule Timer: None "; + echo "Suspend "; + echo "Delete & Suspend "; + echo "Specified Suspend
    Rule Start:
    Time: "; + hourdropdown("rulestarthour",0,0,0,1,$rulestarthour) ; + echo ":" ; + minutedropdown("rulestartminute",0,0,0,1,$rulestartminute) ; + echo "
    Date: "; + monthdropdown("rulestartmonth",0,0,0,1,$rulestartmonth); + echo "/"; + daydropdown("rulestartday",0,0,0,1,$rulestartday); + echo "/"; + yeardropdown("rulestartyear",0,0,0,1,$rulestartyear); + echo "    		Rule End:
    Time: "; + hourdropdown("rulestophour",0,0,0,1,$rulestophour) ; + echo ":" ; + minutedropdown("rulestopminute",0,0,0,1,$rulestopminute) ; + echo "
    Date: "; + monthdropdown("rulestopmonth",0,0,0,1,$rulestopmonth); + echo "/"; + daydropdown("rulestopday",0,0,0,1,$rulestopday); + echo "/"; + yeardropdown("rulestopyear",0,0,0,1,$rulestopyear); + echo "
    "; + dayofweekboxes("ruledaysofweek",0,0,0,$ruledaysofweek) . "\n"; + closeform(); + echo "
    \n"; + + if ( numdenials($dbsocket,1,$id) ) { + + /* This section is for handling denial rules */ + + $SQLQuery="select * from Syslog_TRuleDeny where TRule_ID=$id order by TRuleDeny_ID" ; + $DenySQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $DenySQLNumRows = pg_numrows($DenySQLQueryResults); + if ( $DenySQLNumRows ) { + for ( $denyloop=0 ; $denyloop != $DenySQLNumRows ; $denyloop++ ) { + $DenySQLQueryResultsObject = pg_fetch_object($DenySQLQueryResults,$denyloop) or + die(pg_errormessage()."
    \n"); + $denyid=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_id)); + $denyexp=pgdatatrim($DenySQLQueryResultsObject->truledeny_expression); + $denystartfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_startfacility)); + $denystopfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_stopfacility)); + $denystartseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_startseverity)); + $denystopseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_stopseverity)); + echo "\n"; + formfield("denyid","Hidden",3,1,0,10,10,$denyid); + formfield("hostid","Hidden",3,1,0,10,10,$hostid); + formfield("ruletype","Hidden",3,1,0,10,10,2); + formfield("ruleid","Hidden",3,1,0,10,10,$id); + formfield("subaction","Hidden",3,1,0,10,10,"ruledeny"); + echo ""; + closeform(); + echo ""; + echo "
    DENIAL ID: $denyid "; + openform("rule.php","post",2,0,0); + formsubmit("Save",3,1,0); + formsubmit("Delete",3,1,0); + formreset("Reset",3,1,0); + echo "
    "; + echo "Expression: "; + formfield("denyexp","text",3,1,1,60,80,$denyexp); + echo "
    Facility Range: "; + facilitydropdown("denystartfacility",1,0,0,1,$denystartfacility); + echo " to "; + facilitydropdown("denystopfacility",1,1,1,1,$denystopfacility); + echo "Severity Range: "; + severitydropdown("denystartseverity",1,0,0,1,$denystartseverity); + echo " to "; + severitydropdown("denystopseverity",1,1,1,1,$denystopseverity); + echo "
    \n"; + } + echo "
    \n"; + } + pg_freeresult($DenySQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +php?> diff --git a/html/runlog.txt b/html/runlog.txt new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/html/runlog.txt @@ -0,0 +1 @@ + diff --git a/html/scripts/bin/analyzetsyslog b/html/scripts/bin/analyzetsyslog new file mode 100644 index 0000000..7a9ccb1 --- /dev/null +++ b/html/scripts/bin/analyzetsyslog @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/vacuumtsyslog.php >& $file diff --git a/html/scripts/bin/archivelogs b/html/scripts/bin/archivelogs new file mode 100755 index 0000000..1c8879f --- /dev/null +++ b/html/scripts/bin/archivelogs @@ -0,0 +1,8 @@ +#!/bin/tcsh +#$Id$ +set currentlog="/tmp/smt.log.`date +"%y%m%d"`" +touch $currentlog +chown root.users $currentlog +chmod 640 $currentlog +setenv REMOTE_USER msyslog +/var/www/html/scripts/php/archive.php diff --git a/html/scripts/bin/autovac b/html/scripts/bin/autovac new file mode 100644 index 0000000..c84a85d --- /dev/null +++ b/html/scripts/bin/autovac @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/autovac.php >& $file diff --git a/html/scripts/bin/convertlogtosyslog b/html/scripts/bin/convertlogtosyslog new file mode 100644 index 0000000..e8ea0da --- /dev/null +++ b/html/scripts/bin/convertlogtosyslog @@ -0,0 +1,28 @@ +#!/bin/tcsh +#$Id$ +set loop=0 +set host=$2 +if ( ! -e $1 ) then + exit +endif +set count=`wc -l $1 | tr -s " " "\t" | cut -f2` +while ( $loop != $count ) + set loop=`expr $loop + 1` + set results=`getline $1 $loop | tr -s " " "\t" | cut -f3,5-` + set msgtime=`echo $results | tr -s " " "\t" | cut -f1` + set message=`echo $results | tr -s " " "\t" | cut -f2- | tr "\t" " "` + echo "insert into TSyslog (facility,severity,date,time,host,message) values (4,21,'8/31/2002','$msgtime','$host','$message');" +end +exit + + +CREATE TABLE TSyslog ( + TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY, + facility integer, + severity integer, + date date, + time time, + host varchar(128), + message text +)\g + diff --git a/html/scripts/bin/createtmpoutputfiles b/html/scripts/bin/createtmpoutputfiles new file mode 100644 index 0000000..aaa6c48 --- /dev/null +++ b/html/scripts/bin/createtmpoutputfiles @@ -0,0 +1,12 @@ +#!/bin/tcsh +#$Id$ +# this script can be used to create output files in /tmp so expirelogs.php and processlogs.php +# can both have their debug output saved to disk + +set loop=0 +while ( $loop != 5 ) + set loop=`expr $loop + 1` + cp /dev/null /tmp/webresults.html.$loop + chmod 640 /tmp/webresults.html.$loop + chown root.users /tmp/webresults.html.$loop +end diff --git a/html/scripts/bin/expirelogs b/html/scripts/bin/expirelogs new file mode 100644 index 0000000..203924a --- /dev/null +++ b/html/scripts/bin/expirelogs @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/expire.php >& $file diff --git a/html/scripts/bin/logbreakout b/html/scripts/bin/logbreakout new file mode 100644 index 0000000..372dc95 --- /dev/null +++ b/html/scripts/bin/logbreakout @@ -0,0 +1,8 @@ +#!/bin/tcsh +#$Id$ +set hosts=`cat $1 | tr -s " " "\t" | cut -f4 | sort -u` +foreach host ( $hosts ) + echo -n "Host: $host " + set results=`egrep " $host " $1 | wc | tr -s " " "\t" | cut -f 2,4` + echo "Lines: $results[1] Bytes: $results[2]" +end diff --git a/html/scripts/bin/nightlyroguecheck b/html/scripts/bin/nightlyroguecheck new file mode 100755 index 0000000..5838a2d --- /dev/null +++ b/html/scripts/bin/nightlyroguecheck @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +php /var/www/html/scripts/php/nightlyroguecheck.php >& $file diff --git a/html/scripts/bin/pgsqlhealth b/html/scripts/bin/pgsqlhealth new file mode 100644 index 0000000..37a2fac --- /dev/null +++ b/html/scripts/bin/pgsqlhealth @@ -0,0 +1,7 @@ +#!/bin/tcsh +#$Id$ +set file=/tmp/pgsqlhealthcheck.$$ +pgsqllogin >& $file +set results=`grep ^'TSyslog=>' $file | wc -l | tr -s " " "\t" | cut -f2` +echo $results +rm -f $file diff --git a/html/scripts/bin/pgsqllogin b/html/scripts/bin/pgsqllogin new file mode 100644 index 0000000..cb5d70b --- /dev/null +++ b/html/scripts/bin/pgsqllogin @@ -0,0 +1,7 @@ +#!/usr/bin/expect -f +#$Id$ +spawn su - postgres -c "/usr/pgsql/bin/psql -U msyslog TSyslog" +expect assword +send "31xrmfOH\n" +expect "TSyslog=>" +send "\q" diff --git a/html/scripts/bin/processlogs b/html/scripts/bin/processlogs new file mode 100755 index 0000000..ae8b085 --- /dev/null +++ b/html/scripts/bin/processlogs @@ -0,0 +1,4 @@ +#!/bin/tcsh +#$Id$ +setenv REMOTE_USER msyslog +php /var/www/html/scripts/php/processlogs.php >& /tmp/webresults.1 diff --git a/html/scripts/bin/rebuild.php b/html/scripts/bin/rebuild.php new file mode 100644 index 0000000..0286f64 --- /dev/null +++ b/html/scripts/bin/rebuild.php @@ -0,0 +1,3 @@ +#!/bin/tcsh +#$Id$ +./configure --prefix=/usr --sysconfdir=/usr/php/conf --with-config-file-path=/usr/php/conf --with-safe-mode --enable-calendar --enable-memory-limit --enable-debug --with-pgsql=/usr/pgsql --with-gd --with-snmp --with-openssl --with-png-dir=/usr/lib --with-zlib-dir=/usr/lib --enable-cli --without-mysql diff --git a/html/scripts/bin/vacuumdb b/html/scripts/bin/vacuumdb new file mode 100644 index 0000000..fe807a0 --- /dev/null +++ b/html/scripts/bin/vacuumdb @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/vacuumdb.php >& $file diff --git a/html/scripts/bin/vacuumtsyslog b/html/scripts/bin/vacuumtsyslog new file mode 100644 index 0000000..7a9ccb1 --- /dev/null +++ b/html/scripts/bin/vacuumtsyslog @@ -0,0 +1,5 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/vacuumtsyslog.php >& $file diff --git a/html/scripts/bin/weeklyindexrebuild b/html/scripts/bin/weeklyindexrebuild new file mode 100644 index 0000000..a2fcb3d --- /dev/null +++ b/html/scripts/bin/weeklyindexrebuild @@ -0,0 +1,6 @@ +#!/bin/tcsh +#$Id$ +set file=`ls -t /tmp/webresults.html.* | tail -n 1` +setenv REMOTE_USER msyslog +/opt/apache/htdocs/login/smt/scripts/php/weeklyindexrebuild.php +#>& $file diff --git a/html/scripts/crontab/root b/html/scripts/crontab/root new file mode 100644 index 0000000..8c0e50e --- /dev/null +++ b/html/scripts/crontab/root @@ -0,0 +1,24 @@ +#$Id$ + +#batch process logs every five minutes +0,5,10,15,20,25,30,35,40,45,50,55 * * * * /opt/apache/htdocs/login/smt/scripts/bin/processlogs + +#Full-vacuum the TSyslog table if it is less than 10 megs in size or vacuum if the table is 20 megs or less +3,8,13,18,23,28,33,38,43,48,53,58 * * * * /opt/apache/htdocs/login/smt/scripts/bin/autovac + +#expire old logs once a day +6 0 * * * /opt/apache/htdocs/login/smt/scripts/bin/expirelogs + +#check for hosts who log to this box but are not setup +2 23 * * * /opt/apache/htdocs/login/smt/scripts/bin/nightlyroguecheck + +#re-optimize the db at 4am, this recovers deleted space but leaves it allocated on the disk +#2 1 * * * /opt/apache/htdocs/login/smt/scripts/bin/vacuumdb +2 3 * * * /opt/apache/htdocs/login/smt/scripts/bin/vacuumdb + +#rebuild & clean up all indexes at 3am sunday morning +3 3 * * sun /opt/apache/htdocs/login/smt/scripts/bin/weeklyindexrebuild + +#every hour re-analyze the whole DB +59 * * * * /opt/apache/htdocs/login/smt/scripts/bin/analyze + diff --git a/html/scripts/php/analyzetsyslog.php b/html/scripts/php/analyzetsyslog.php new file mode 100755 index 0000000..3c6a7e8 --- /dev/null +++ b/html/scripts/php/analyzetsyslog.php @@ -0,0 +1,42 @@ +#!/usr/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $SQLQuery="ANALYZE TSyslog;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/archive.php b/html/scripts/php/archive.php new file mode 100755 index 0000000..1f58c90 --- /dev/null +++ b/html/scripts/php/archive.php @@ -0,0 +1,64 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $date=date("M-d-Y",(time() - 86400)); + + $SQLQuery="select TSyslog.TSyslog_ID,TSyslog.host,TSyslog.date,TSyslog.time,TSyslog.message,TSyslog.Facility,TSyslog.Severity" . + " from TSyslog,Syslog_TProcess,Syslog_TProcessorProfile where ( " . + " ( Syslog_TProcess.TProcess_Host=TSyslog.host )" . + " and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " . + " ( TSyslog.host=Syslog_TProcessorProfile.TProcessorProfile_Host) and ( TSyslog.date = '$date' ) ) order by host,date,time,TSyslog_ID"; + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows != 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->message)); + $vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity))); + $vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility))); + echo "$date $time $host $vfacility $vseverity $message\n"; + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/autovac.php b/html/scripts/php/autovac.php new file mode 100755 index 0000000..2386f29 --- /dev/null +++ b/html/scripts/php/autovac.php @@ -0,0 +1,86 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp'); + if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $reindex='reindex index tsyslog_pkey; reindex index host_idx; reindex index tsyslhostid_idx;reindex index tsyslogdatetime_idx; analyze tsyslog;'; + + $starttime=time(); + $output=pgdatatrim(shell_exec('/usr/bin/uptime | /usr/bin/tr -s " ," "\t" | /bin/cut -f11')); + $endtime=time(); + + $SQLQuery="SELECT (relpages*8192) as size FROM pg_class where relname='tsyslog' ORDER BY relpages"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $size=$SQLQueryResultsObject->size; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + echo "Load: $output Size: $size\n"; + + $starttime=time(); + if ( ( strval($output) < 3.5 ) && ( ($endtime - $starttime) < 3 ) ) { + if ( ( $size < 60000000 ) && ( $size > 50000000 ) ) { + echo "Vacuum Size: $size Load: $output\n"; + $SQLQuery="vacuum analyze tsyslog;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + if ( $size <= 50000000 ) { + echo "Vacuum Full Size: $size Load: $output\n"; + $SQLQuery="vacuum full analyze tsyslog; $reindex;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + if ( $size > 20000000 ) { + echo "Size: $size Load: $output\n"; + } + } else { + echo "Size: $size Load: $output\n"; + } + $endtime=time(); + + echo "Autovac operation took " . ($endtime - $starttime) . " seconds.\n"; + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/expire.php b/html/scripts/php/expire.php new file mode 100755 index 0000000..758b569 --- /dev/null +++ b/html/scripts/php/expire.php @@ -0,0 +1,130 @@ +#!/usr/bin/php -q +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,'msyslog'); + $APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp'); + if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) { + dbdisconnect($sec_dbsocket); + echo "Access Denined\n"; + exit; + } + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + echo "Access Denined\n"; + exit; + } + + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $HeaderText=""; + $FooterText=""; + $PageTitle=""; + + $SQLQuery="select * from Syslog_THost"; + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + $count=$SQLNumRows; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $alertexpire[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_alertexpire)); + $logexpire[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_logexpire)); + $hosts[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host)); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + if ( $count ) { + for ( $loop = 0 ; $loop != $count ; $loop++ ) { + $dropdate=date("M-d-Y",(time() - $alertexpire[$loop])); + if ( $alertexpire[$loop] != 0 ) { + $SQLQuery="begin;delete from Syslog_TAlert where TAlert_Date <= '$dropdate' and Syslog_TAlert.TSyslog_ID=Syslog_TArchive.TSyslog_ID and Syslog_TArchive.host='$hosts[$loop]';commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + $dropdate=date("M-d-Y",(time() - $logexpire[$loop])); + if ( $logexpire[$loop] != 0 ) { + $SQLQuery = "select * from Syslog_TArchive where date <= '$dropdate' and host='$hosts[$loop]';"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $count2 = pg_numrows($SQLQueryResults); + if ($count2 > 0) { + $mydate = date("d-M-y", time()); + $handle = fopen($archivedir.'/LogArchive-'.$mydate.'.smt', "a") or + die("Failed To open Archive File\n"); + for ( $myloop = 0 ; $myloop != $count2 ; $myloop++) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$myloop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->message)); + $vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity))); + $vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility))); + fwrite($handle, "$date $time $host $vfacility $vseverity $message\n"); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + $SQLQuery="begin;delete from Syslog_TArchive where date <= '$dropdate' and host='$hosts[$loop]';commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + } + if ($handle) { + fclose($handle); + $cmd = "md5sum ".$archivedir."/LogArchive-".$mydate.".smt"; + $md5log = $archivedir."/MD5ChkSum-".$mydate.".txt"; + $handle = fopen($md5log, "a"); + @fwrite($handle, @system(escapeshellcmd($cmd))."\n"); + fclose($handle); + } + + $dropdate=date("M-d-Y",(time())); + $SQLQuery="begin;delete from Syslog_TSaveData where Syslog_TSaveData.TSave_ID=Syslog_TSave.TSave_ID and Syslog_TSave.TSave_ExpireDate <= '$dropdate';commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + + + $SQLQuery="begin;delete from Syslog_TSave where Syslog_TSave.TSave_ExpireDate <= '$dropdate';commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/nightlyroguecheck.php b/html/scripts/php/nightlyroguecheck.php new file mode 100755 index 0000000..bfbbb1a --- /dev/null +++ b/html/scripts/php/nightlyroguecheck.php @@ -0,0 +1,60 @@ +#!/usr/bin/php -q +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,'msyslog'); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $month=date("M",(time()-86400)); + $day=date("d",(time()-86400)); + $year=date("Y",(time()-86400)); + + $date="$month-$day-$year"; + + $SQLQuery="select distinct host from TSyslog where date >= '$date' except select THost_Host as host from Syslog_THost union select distinct host from Syslog_TArchive where date >= '$date' except select THost_Host as host from Syslog_THost"; + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + $hosttext="The following hosts are logging to SMT but are not defined:\n\r"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $hosttext=$hosttext . stripslashes(pgdatatrim($SQLQueryResultsObject->host)) . "\n\r" ; + } + echo $hosttext; + mail(WARNINGADDRESS,"SMT Rogue Warning",$hosttext); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/processlogs.php b/html/scripts/php/processlogs.php new file mode 100755 index 0000000..7f67b6d --- /dev/null +++ b/html/scripts/php/processlogs.php @@ -0,0 +1,564 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + echo "Authenticated\n"; + + if ( idexist($dbsocket,"Syslog_TSuspend","TLogin_ID",$REMOTE_ID) ) { + echo "Processor Suspended! Quitting....\n"; + dbdisconnect($dbsocket); + dbdisconnect($sec_dbsocket); + exit; + } + + if ( ($testmailid = ismailopen($dbsocket,$REMOTE_ID)) ) { + echo "Found what appears to be a stale connection.\n"; + $maildate=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Date","TMail_ID=$testmailid"))); + $mailtime=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Time","TMail_ID=$testmailid"))); + $testhour=substr($mailtime,0,2); + $testminute=substr($mailtime,3,2); + $testsecond=substr($mailtime,6,2); + $testmonth=substr($maildate,5,2); + $testday=substr($maildate,8,2); + $testyear=substr($maildate,0,4); + $mailunixtime=mktime($testhour,$testminute,$testsecond,$testmonth,$testday,$testyear); + $currentunixtime=time(); + if ( ( $currentunixtime - $mailunixtime ) > 3600 ) { + mail(WARNINGADDRESS,"SMT WARNING: Stale or Overrun Processor","SMT Processor: $REMOTE_ID\nThe SMT system cannot process logs at the moment.\nThis could be caused by one of three things:\n1. Regularlary scheduled maintenance is keeping the database busy afterwhich you should not longer see this warning.\n2. The log processor crashed and will require manual fixing.\n3. The overall load of the box is too great and may need to be resized.\n\nPlease see the appropriate support documentation to help determine which of these three it is.\n\nSincerely, SMT-Auto Message"); + } + dbdisconnect($dbsocket); + dbdisconnect($sec_dbsocket); + exit; + } else { + echo "No stale data, proceeding.\n"; + $maildate=date("M-d-Y",time()); + $mailtime=date("G:i:s",time()); + $mailid=openmail($dbsocket,$maildate,$mailtime,$REMOTE_ID); + } + + $SQLQuery="select Syslog_THost.THost_ID,Syslog_THost.THost_Rate,Syslog_THost.THost_Host from Syslog_THost,syslog_tprocessorprofile where ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and ( Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID ) and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID )"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + + $SQLNumRows = pg_numrows($SQLQueryResults); + $numhosts=0; + if ( $SQLNumRows > 0 ) { + $numhosts = $SQLNumRows; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $hostname[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host)); + $hostnameids[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id)); + $hostrate[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_rate)); + if ( $hostrate[$loop] < 100 ) { $hostrate[$loop] = 100; } + } + } + + echo "Building host rule cache\n"; + $SQLQuery="select TRule_ID,TRule_LogAlert,TRule_Email,TRule_Expression,TRule_Desc,TRule_RuleOrLevel,TRule_StartFacility," . + "TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,Syslog_THost.THost_Host,Syslog_THost.THost_ID,Syslog_TRule.TLaunch_ID,TRule_Threshold,TRule_ThresholdType,TRule_StartTime,TRule_EndTime," . + "TRule_TimerType,TRule_DaysofWeek from Syslog_TRule,Syslog_TProcessorProfile,Syslog_THost where ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " . + "( Syslog_TProcessorProfile.THost_ID=Syslog_TRule.THost_ID ) and ( Syslog_TRule.THost_ID=Syslog_THost.THost_ID) order by THost_Host,TRule_ID"; + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + + echo "Found $SQLNumRows rules\n"; + $NumRules=$SQLNumRows; + $ruleemailcount=""; + if ( $SQLNumRows > 0 ) { + $workhost=""; + $numrules=$SQLNumRows; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $temphost=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host)); + $temphostids=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id)); + if ( $workhost != $temphost ) { + $workhost = $temphost; + echo "$numhosts Host: $temphost\n"; + + for ( $hostloop = 0 ; $hostloop != count($hostname) ; $hostloop++ ) { + if ( $hostname[$hostloop] == $workhost ) { $workhostid=$hostloop; } + } + $toprule[$workhostid]=$loop; + $bottomrule[$workhostid]=$loop; + $hostprocid[$workhostid]=0; + $hosttotalproc[$workhostid]=0; + } else { $bottomrule[$workhostid]=$loop; } + $ruleid[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id)); + $rulelogalert[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_logalert)); + $ruleemail[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email)); + $ruleemailcount1 = array ( $ruleemail[$loop] => 0 ); + $ruleemailcount=array_merge($ruleemailcount,$ruleemailcount1); + $ruleexpression[$loop]=pgdatatrim($SQLQueryResultsObject->trule_expression); + $ruledesc[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_desc)); + $ruleruleorlevel[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel)); + $rulestartfacility[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility)); + $rulestopfacility[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility)); + $rulestartseverity[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity)); + $rulestopseverity[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity)); + $rulehost[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $rulelaunchid[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id)); + $rulethreshold[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold)); + $rulethresholdtype[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype)); + $rulethresholdcount[$loop]=0; + $rulestarttime[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime)); + $ruleendtime[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime)); + $ruletimertype[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype)); + $ruledaysofweek[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek)); + $ruledenytop[$loop]==""; + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + + echo "Loading denial rules\n"; + + $SQLQuery="select syslog_truledeny.truledeny_expression,syslog_truledeny.truledeny_startfacility," . + "syslog_truledeny.truledeny_stopfacility,syslog_truledeny.truledeny_startseverity," . + "syslog_truledeny.truledeny_stopseverity,syslog_truledeny.trule_id from Syslog_TRule," . + "Syslog_TProcessorProfile,Syslog_TRuleDeny where " . + "( Syslog_TProcessorProfile.THost_ID=Syslog_TRule.THost_ID ) and " . + "( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " . + "( Syslog_TRule.TRule_ID=Syslog_TRuleDeny.TRule_ID ) order by syslog_truledeny.trule_id"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo "Found $SQLNumRows deny rules\n"; + + if ( $SQLNumRows > 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $newid=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id)); + if ( $ruledenytop[$newid] == "" ) { + echo "Rule ID: $newid start deny ID: " . $loop+1 . "\n"; + $ruledenytop[$newid]=$loop+1; + } + $ruledenybottom[$newid]=$loop+1; + $ruledenyexp[$loop+1]=pgdatatrim($SQLQueryResultsObject->truledeny_expression); + echo $loop+1 . " Deny Rule Expression: " . $ruledenyexp[$loop+1] . "\n"; + $ruledenystartfacility[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startfacility)); + $ruledenystopfacility[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopfacility)); + $ruledenystartseverity[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startseverity)); + $ruledenystopseverity[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopseverity)); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + + $SQLQuery="select distinct on ( host, TSyslog_ID ) TSyslog.TSyslog_ID, TSyslog.host, TSyslog.date, TSyslog.time, TSyslog.message" . + ", TSyslog.severity, TSyslog.facility from TSyslog,syslog_thost,Syslog_TProcess,Syslog_TProcessorProfile where ( " . + "( TSyslog_ID > Syslog_TProcess.TProcess_ID ) and ( Syslog_TProcess.THost_ID = Syslog_THost.THost_ID ) and " . + "( Syslog_THost.THost_Host = TSyslog.host ) and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " . + " ( TSyslog.host = Syslog_THost.THost_Host ) and ( Syslog_TProcessorProfile.THost_ID = Syslog_THost.THost_ID ) ) order by host, TSyslog_ID"; + echo "SQL Query: $SQLQuery
    \n"; + echo "Grabbing Syslog data..."; + + $begintime=time(); + + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $SyslogRows = $SQLNumRows; + if ( $SQLNumRows == 0 ) { + echo "Done.\n Found $SQLNumRows rows.\n"; + closeopenmail($dbsocket,$mailid); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + dbdisconnect($dbsocket); + dbdisconnect($sec_dbsocket); + exit; + } + echo "Done.\n Found $SQLNumRows rows.\n"; + + $endtime=time(); + if ( ($endtime - $begintime) != 0 ) { + echo "Data loaded in " . ($endtime - $begintime) . " seconds. " . ( $SQLNumRows / ($endtime - $begintime) ) . " rows/sec\n"; + } else { + echo "Data loaded in 0 seconds. Loaded $SQLNumRows.\n"; + } + $begintime=time(); + + $email=0; + $alert=0; + $workhost=""; + $rulehostid=""; + + $archivecommit="begin; "; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $globalalert=0; + $globalmatchedexpression=""; + $globalid=0; + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=pgdatatrim($SQLQueryResultsObject->message); + $severity=pgdatatrim($SQLQueryResultsObject->severity); + $facility=pgdatatrim($SQLQueryResultsObject->facility); + + if ( strlen($archivecommit) < 64000 ) { + $tempmessage=str_replace("\\", "\\\\", $message); + $tempmessage=str_replace("'", "''", $tempmessage); + $archivecommit = $archivecommit . " insert into Syslog_TArchive values ($id,$facility,$severity,'$date','$time','$host','$tempmessage'); "; + } else { + $archivecommit = $archivecommit . " commit; "; + echo "Committing data block: " . strlen($archivecommit) . " bytes. Row $loop of $SQLNumRows.\n"; + $TempSQLQueryResults = pg_exec($dbsocket,$archivecommit) or + die(pg_errormessage()."\n"); + pg_freeresult($TempSQLQueryResults) or + die(pg_errormessage() . "\n"); + $archivecommit = "begin;"; + } + if ( $workhost != $host ) { + echo "New Host: $host\n"; + $workhost=$host; + $rulehostid=""; + for ( $hostloop = 0 ; $hostloop != (count($hostname)) ; $hostloop++ ) { + if ( $hostname[$hostloop] == $host ) { $rulehostid=$hostloop; } + } + } + $email=0; + $alert=0; + $launch=0; + + if ( strlen($toprule[$rulehostid]) > 0 ) { + $loop1=$toprule[$rulehostid]; + while ( $loop1 <= $bottomrule[$rulehostid] ) { + $matchedrule=$ruleexpression[$loop1]; + $ruleorlevel=$ruleruleorlevel[$loop1]; + $startfacility=$rulestartfacility[$loop1]; + $stopfacility=$rulestopfacility[$loop1]; + $startseverity=$rulestartseverity[$loop1]; + $stopseverity=$rulestopseverity[$loop1]; + $logalerts=$rulelogalert[$loop1]; + $emails=$ruleemail[$loop1]; + $descs=$ruledesc[$loop1]; + $launchid=$rulelaunchid[$loop1]; + $timertype=$ruletimertype[$loop1]; + $starttime=$rulestarttime[$loop1]; + $endtime=$ruleendtime[$loop1]; + $daysofweek=$ruledaysofweek[$loop1]; + if ( $matchedrule != "" ) { + $regresults=ereg($matchedrule,$message); + } else { + $regresults=0; + } + + /* $regresults=ereg($matchedrule,$message); */ + $bounds=withinbounds($facility,$severity,$startfacility,$stopfacility,$startseverity,$stopseverity); + if ( ( ( $ruleorlevel == 1 ) && ( $regresults ) ) || + ( ( $ruleorlevel == 2 ) && ( $regresults ) && ( $bounds ) ) || + ( ( $ruleorlevel == 3 ) && ( $bounds ) ) ) { + + $matchedexpression=$matchedrule; + if ( $logalerts ) { $alert= 1; } + if ( $launchid ) { $launch= 1; } + if ( $emails != "" ) { + $email=1; + $emailaddress=$emails; + $desc=$descs; + } + $postdate=date("M-d-Y",time()); + $posttime=date("G:i:s",time()); + } + + /* convert date & time to obtain seconds since 1970 so that we may pass that to suppressruleresults */ + $dateyear=substr($date,0,4); + $datemonth=substr($date,5,2); + $dateday=substr($date,8,2); + $timehour=substr($time,0,2); + $timeminute=substr($time,3,2); + $timesec=substr($time,6,2); + + $timestamp=mktime($timehour,$timeminute,$timesec,$datemonth,$dateday,$dateyear); + + if ( ( $alert ) || ( $email ) || ( $launch ) ) { + if ( supressruleresults($starttime,$endtime,$daysofweek,$timertype,$timestamp) ) { + $alert=0; + $email=0; + $launch=0; + } + } + if ( ( ( $alert ) || ( $email ) || ( $launch ) ) && ( ! supressruleresults($starttime,$endtime,$daysofweek,$timertype,$timestamp) ) ) { + $rid=$ruleid[$loop1]; + + if ( $rulethresholdtype[$loop1] ) { + $rulethresholdcount[$loop1]++; + } + + if ( $ruledenytop[$rid] != "" ) { + $loop2=$ruledenytop[$rid]; + while ( $loop2 <= $ruledenybottom[$rid] ) { + $bounds=withinbounds($facility,$severity, + $ruledenystartfacility[$loop2], + $ruledenystopfacility[$loop2], + $ruledenystartseverity[$loop2], + $ruledenystopseverity[$loop2]); + if ( $ruledenyexp[$loop2] != "" ) { + $denyresults=ereg($ruledenyexp[$loop2],$message); + } else { + $denyresults=""; + } + if ( ( $bounds ) && ( $denyresults ) ) { + /* echo "Supressing $message matched by '$matchedrule' with Deny ID: $loop2\n"; */ + $alert=0; + $email=0; + $launch=0; + $loop2=$ruledenybottom[$rid]; + } + $loop2++; + } + } + echo "Type: $rulethresholdtype[$loop1] Count: $rulethresholdtype[$loop1]\n"; + if ( ( ! $alert ) && ( ! $email ) && ( ! $launch ) && ( $rulethresholdtype[$loop1] ) ) { + echo "No alerts, no emails, no launch... decrementing\n"; + $rulethresholdcount[$loop1]--; + } + if ( ( $rulethresholdcount[$loop1] != $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 2 ) ) { + $email=0; + $launch=0; + } + if ( ( $rulethresholdcount[$loop1] == $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 2 ) ) { + $desc=$desc . "\nThe rule matched $rulethreshold[$loop1] message(s).\n"; + $rulethresholdcount[$loop1]=0; + } + if ( ( $rulethresholdcount[$loop1] == $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 1 ) ) { + $desc=$desc . "\nFurther rule hits will be supressed after this log entry. Supress after $rulethreshold[$loop1] match(es).\n"; + } + if ( ( $rulethresholdcount[$loop1] > $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 1 ) && ( $rulethreshold[$loop1] > 0 ) ) { + $email=0; + $launch=0; + } + } + if ( $launch ) { + if ( ! launchassociated($dbsocket,$launchid,$id,$mailid) ) { + addlaunchdataentry($dbsocket,$launchid,$id,$mailid,$desc); + } + } + if ( $alert ) { + $globalalert=1; + $globalmatchedexpression=$matchedexpression; + $globalid=$id; + } + if ( $email ) { + if ( $ruleemailcount[$emailaddress] != $id ) { + echo "Last ID $emailaddress was emailed was $ruleemailcount[$emailaddress]\n"; + addmail($dbsocket,$emailaddress,$mailid,$id,$desc); + $ruleemailcount[$emailaddress] = $id; + echo "$emailaddress processed $ruleemailcount[$emailaddress]\n"; + } + } + $loop1++; + } + } + $hostprocid[$rulehostid]=$id; + $hosttotalproc[$rulehostid]=$hosttotalproc[$rulehostid] + 1; + if ( $globalalert ) { + echo "Adding Alert $globalid $loop\n"; + addalert($dbsocket,$postdate,$posttime,$globalmatchedexpression,$globalid); + } + } + /* Commit the last set of logs over to the table */ + echo "Committing data block: " . strlen($archivecommit) . " bytes\n"; + $archivecommit = $archivecommit . " commit; "; + $TempSQLQueryResults = pg_exec($dbsocket,$archivecommit) or + die(pg_errormessage()."\n"); + pg_freeresult($TempSQLQueryResults) or + die(pg_errormessage() . "\n"); + + $purgesyslogtable="begin; "; + + echo "Host Count: " . count($hostname) . "\n"; + for ( $hostloop = 0 ; $hostloop != (count($hostname)) ; $hostloop++ ) { + echo "$hostname[$hostloop] Total Lines Processed: $hosttotalproc[$hostloop] Last Entry: $hostprocid[$hostloop]\n"; + if ( $hostprocid[$hostloop] != 0 ) { + echo "Updating $hostname[$hostloop]: $hostnameids[$hostloop]\n"; + /* updateprocessid($dbsocket,$hostprocid[$hostloop],$hostnameids[$hostloop]); */ + $purgesyslogtable = $purgesyslogtable . "update Syslog_TProcess set TProcess_ID=$hostprocid[$hostloop] where THost_ID='$hostnameids[$hostloop]'; "; + + $purgesyslogtable = $purgesyslogtable . "delete from TSyslog where TSyslog_ID <= $hostprocid[$hostloop] and host='$hostname[$hostloop]'; "; + } + + if ( $hosttotalproc[$hostloop] >= $hostrate[$hostloop] ) { + echo "Sending warning that $hostname[$hostloop] has sent $hosttotalproc[$hostloop] since last check\n"; + mail(WARNINGADDRESS,"SMT WARNING: Log Rate Warning: $hostname[$hostloop]","$hostname[$hostloop] produced $hosttotalproc[$hostloop] log entries since last sample. Threshold set to $hostrate[$hostloop].\nPlease check host as this could be a sign of a serious problem.\n\nSincerely, SMT-Auto Message"); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + + echo "Finished processing syslogs, switching to emails\n"; + if ( numemailrecords($dbsocket,$mailid) ) { + $SQLQuery = "select distinct TEmail_Email from Syslog_TEmail where TMail_ID=$mailid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $clientemail=stripslashes(pgdatatrim($SQLQueryResultsObject->temail_email)); + echo "Sending email to $clientemail\n"; + + $SQLQuery = "select TSyslog.TSyslog_ID,TSyslog.date,TSyslog.time,TSyslog.host,message,temail_desc from TSyslog,Syslog_TEmail where Syslog_TEmail.TEmail_Email='$clientemail' and TSyslog.TSyslog_ID=Syslog_TEmail.TSyslog_ID order by TSyslog.host,Syslog_TEmail.TSyslog_ID"; + $EmailSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $EmailSQLNumRows = pg_numrows($EmailSQLQueryResults); + $loghost=""; + for ( $loop1 = 0 ; $loop1 != $EmailSQLNumRows ; $loop1++ ) { + $EmailSQLQueryResultsObject = pg_fetch_object($EmailSQLQueryResults,$loop1) or + die(pg_errormessage()."\n"); + $logid=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->tsyslog_id)); + $host=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->host)); + $date=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->time)); + $message=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->message)); + $desc=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->temail_desc)); + if ( $loghost == "" ) { + $loghost=$host; + $deliverymessage=""; + }; + if ( $loghost != $host ) { + $results=mail($clientemail,"SMT Report: $loghost",$deliverymessage); + $deliverymessage=""; + $loghost=$host; + } + $deliverymessage=$deliverymessage . "$date $time $host $logid $message\nProblem Description/Resolution: $desc\n"; + } + pg_freeresult($EmailSQLQueryResults) or + die(pg_errormessage() . "\n"); + if ( $EmailSQLNumRows > 0 ) { + $results=mail($clientemail,"SMT Report: $host",$deliverymessage); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + } + echo "Cleaning up email\n"; + cleanemail($dbsocket,$mailid); + /* Delete mail that would have been sent, equivalent to a mail queue */ + + echo "Finished emails, switching to launch section\n"; + if ( numlaunchrecords($dbsocket,$mailid) ) { + $SQLQuery = "select distinct TLaunch_ID from Syslog_TLaunchQueue where TMail_ID=$mailid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."\n"); + $launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id)); + $execprogram=relatedata($dbsocket,"Syslog_TLaunch","TLaunch_Program","TLaunch_ID=$launchid"); + echo "Going to launch '$execprogram'."; + + $SQLQuery = "select TSyslog.TSyslog_ID,TSyslog.date,TSyslog.time,TSyslog.host,message,TLaunchQueue_Desc from TSyslog,Syslog_TLaunchQueue where Syslog_TLaunchQueue.TLaunch_ID='$launchid' and TSyslog.TSyslog_ID=Syslog_TLaunchQueue.TSyslog_ID order by TSyslog.host,Syslog_TLaunchQueue.TSyslog_ID"; + $LaunchSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."\n"); + $LaunchSQLNumRows = pg_numrows($LaunchSQLQueryResults); + $loghost=""; + for ( $loop1 = 0 ; $loop1 != $LaunchSQLNumRows ; $loop1++ ) { + $LaunchSQLQueryResultsObject = pg_fetch_object($LaunchSQLQueryResults,$loop1) or + die(pg_errormessage()."\n"); + $logid=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->tsyslog_id)); + $host=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->host)); + $date=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->time)); + $message=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->message)); + $desc=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->tlaunchqueue_desc)); + if ( $loghost == "" ) { + $loghost=$host; + $deliverymessage="Target Host: $host\n"; + $file="/tmp/launchprogram." . rand(0,262144) . "." . rand(0,262144); + $fd = fopen ("$file", "w+"); + }; + if ( $loghost != $host ) { + fwrite ( $fd, $deliverymessage , strlen($deliverymessage)); + fclose($fd); + exec("$execprogram $file"); + + $deliverymessage="Target Host: $host\n"; + $loghost=$host; + $file="/tmp/launchprogram." . rand(0,262144) . "." . rand(0,262144); + $fd = fopen ("$file", "w+"); + } + $deliverymessage=$deliverymessage . "$date $time $host $logid $message\nProblem Description/Resolution: $desc\n"; + } + pg_freeresult($LaunchSQLQueryResults) or + die(pg_errormessage() . "\n"); + fwrite ( $fd, $deliverymessage , strlen($deliverymessage)); + fclose($fd); + exec("$execprogram $file"); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + } + echo "Cleaning up launched programs\n"; + clearlaunchqueue($dbsocket,$mailid); + /* Time to finally delete the log messages in the TSyslog table that we are done with. */ + /* Note that the system tries to process this as a whole 'delete' transaction. If it fails, */ + /* the logs will be kept in even though the system is finished. This will cause problems if the */ + /* system attempts to rerun */ + + $endtime=time(); + if ( ($endtime - $begintime) != 0 ) { + echo "Page loaded in " . ($endtime - $begintime) . " seconds. " . ($SyslogRows / ($endtime - $begintime) ) . " rows/sec\n"; + } else { + echo "Page loaded in " . ($endtime - $begintime) . " seconds. $SyslogRows rows/sec\n"; + } + + echo "Purging TSyslog table\n"; + $purgebegintime=time(); + $purgesyslogtable = $purgesyslogtable . "commit;"; + echo "SQL Query: $purgesyslogtable
    \n"; + $SQLQueryResults = pg_exec($dbsocket,$purgesyslogtable) or + die(pg_errormessage()."\n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "\n"); + $purgeendtime=time(); + if ( ($purgeendtime - $purgebegintime) != 0 ) { + echo "Data purged @ " . ($purgeendtime - $purgebegintime) . " seconds. " . ($SyslogRows / ($purgeendtime - $purgebegintime) ) . " rows/sec\n"; + } else { + echo "Data purged @ " . ($purgeendtime - $purgebegintime) . " seconds. $SyslogRows rows/sec\n"; + } + + clearlaunchqueue($dbsocket,$testmailid); + closeopenmail($dbsocket,$mailid); + echo "Finished cleaning up email\n"; + + dbdisconnect($dbsocket); + dbdisconnect($sec_dbsocket); +%> diff --git a/html/scripts/php/vacuumdb.php b/html/scripts/php/vacuumdb.php new file mode 100755 index 0000000..c2a02a1 --- /dev/null +++ b/html/scripts/php/vacuumdb.php @@ -0,0 +1,48 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $SQLQuery="vacuum ANALYZE ; VACUUM FULL ANALYZE TSyslog; reindex index tsyslog_pkey ; reindex index host_Idx ;reindex index TSyslogDateTime_IDX ; reindex index TSyslHostID_Idx ;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + $SQLQuery="vacuum ANALYZE;"; + $SQLQueryResults = pg_exec($sec_dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +%> diff --git a/html/scripts/php/vacuumtsyslog.php b/html/scripts/php/vacuumtsyslog.php new file mode 100755 index 0000000..e2f8ab8 --- /dev/null +++ b/html/scripts/php/vacuumtsyslog.php @@ -0,0 +1,47 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $begintime=time(); + + $SQLQuery="ANALYZE TSyslog;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + + $endtime=time(); + echo "Analyze TSyslog done in " . ($endtime - $begintime) . " seconds. " ; +%> diff --git a/html/scripts/php/weeklyindexrebuild.php b/html/scripts/php/weeklyindexrebuild.php new file mode 100755 index 0000000..ccd7b32 --- /dev/null +++ b/html/scripts/php/weeklyindexrebuild.php @@ -0,0 +1,62 @@ +#!/opt/bin/php +<% +/*============================================================================= + * $Id$ + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + + require_once('../../config.php'); + + $sec_dbsocket=sec_dbconnect(); + $REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER); + $GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog'); + if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { + dbdisconnect($sec_dbsocket); + exit; + } + $dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS); + + $begintime=time(); + + $SQLQuery="select indexrelname from pg_statio_all_indexes where pg_statio_all_indexes.schemaname='public' order by indexrelname"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $starttime=time(); + $SQLQuery="reindex index $SQLQueryResultsObject->indexrelname;"; + $TempSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($TempSQLQueryResults) or + die(pg_errormessage() . "
    \n"); + $endtime=time(); + echo "Reindex of $SQLQueryResultsObject->indexrelname done in " . ($endtime - $starttime) . " seconds.\n " ; + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + + $endtime=time(); + echo "Reindex of entire database done in " . ($endtime - $begintime) . " seconds.\n " ; +%> diff --git a/html/smtversion b/html/smtversion new file mode 100644 index 0000000..9459d4b --- /dev/null +++ b/html/smtversion @@ -0,0 +1 @@ +1.1 diff --git a/html/template.php b/html/template.php new file mode 100644 index 0000000..033eba0 --- /dev/null +++ b/html/template.php @@ -0,0 +1,65 @@ +XXX Administration

    \n"; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; + +php?> + + + +<?php echo $PageTitle; php?> + + +Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + echo $FooterText; +php?> + + + diff --git a/html/view.php b/html/view.php new file mode 100644 index 0000000..bb32eea --- /dev/null +++ b/html/view.php @@ -0,0 +1,437 @@ +Syslog Management

    "; + $FooterText="
    Version " . SMTVER . "
    © Jeremy M. Guthrie All rights reserved.    \n"; + $PageTitle="Syslog Management Tool"; + + if ( $group == 0 ) { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + + if (($hostid != -1) && ( ! logincanseehost($dbsocket,$REMOTE_ID,$hostid) ) && ( $group == 1) ) { + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); + exit; + } + if ( ! isset($startdate) ) { + $startdate=strtotime("$day-$month-$year $hour:$minute"); + } + if ( $durtype == 1) { + if (! isset($enddate) ) { + $enddate = $startdate + $duration; + } + } if ( $durtype == 2 ) { + if (! isset($enddate) ) { + $enddate = strtotime("$eday-$emonth-$eyear $ehour:$eminute"); + } + } + $month=date("M",$startdate); + $year=date("Y",$startdate); + $day=date("j",$startdate); + $hour=date("G",$startdate); + $minute=date("i",$startdate); + +if (0) { + if ( $viewtype == 2 ) { +echo "view2
    "; + if ( ! isset($startdate) ) { + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) { + $startdate=mktime($hour,$minute,0,$loop,$day,$year); + } + } + } else { +echo "ehh
    "; + $month=date("M",$startdate); + $year=date("Y",$startdate); + $day=date("j",$startdate); + $hour=date("G",$startdate); + $minute=date("i",$startdate); + } + $enddate=$startdate + $duration; + } +} + $time1=$hour . ":" . $minute . ":00"; + $date1=$month . "-" . $day . "-" . $year; + + $month2=date("M",$enddate); + $year2=date("Y",$enddate); + $day2=date("j",$enddate); + $hour2=date("G",$enddate); + $minute2=date("i",$enddate); + + $date2=$month2 . "-" . $day2 . "-" . $year2; + $time2=$hour2 . ":" . $minute2 . ":00"; + $regexpcount=count($filterorlevel); + $orig=$regexpcount; + if ( isset($filter) && ( $filter == 1 ) && ( $filterid > 0 ) ) { + $SQLQuery = "select * from Syslog_TFilterData where TFilter_ID=$filterid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $regexp[$orig + $loop]=$SQLQueryResultsObject->tfilterdata_filter; + $regexpinclude[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_include)); + $filterorlevel[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_filterorlevel)); + $startfacility[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startfacility)); + $stopfacility[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopfacility)); + $startseverity[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startseverity)); + $stopseverity[$orig + $loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopseverity)); + $regexpcount++; + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + if ( ( $action == "Save Results" ) and ( $savedesc == "" ) ) { + $saveerr=1; + $action="View"; + } else { $saveerr=0; } + if ( ( $action == "Save Results" ) && ( $group >= 2 ) && ( $saveerr != 1 ) ) { + $newtimestamp=time(); + $exptimestamp=$newtimestamp + ( 86400 * 30 ) ; + $savedate=date("m-d-Y",$newtimestamp); + $expdate=date("m-d-Y",$exptimestamp); + $savetime=date("G:i:s",$newtimestamp); + $savedesc=stripslashes($savedesc); + $saveid=addsaveheader($dbsocket,$expdate,$savedesc,$savetime,$savedate,$REMOTE_ID); + } + + if ( ( $action == "Save Filter" ) && ( strlen(pgdatatrim($filtername)) > 1 ) ) { + if ( $group == 1 ) { $filtertype=1; } + $filterid=addfilterheader($dbsocket,$filtertype,$filtername,$REMOTE_ID); + for ( $loop = ($regexpcount - 1) ; $loop != -1 ; $loop-- ) { + if ( ( ( strlen(pgdatatrim($regexp[$loop])) > 0 ) && ( $filterorlevel[$loop] <= 2 ) ) || ( $filterorlevel[$loop] == 3 ) ) { + addfilter($dbsocket,$regexp[$loop],$filterid,$regexpinclude[$loop], + $filterorlevel[$loop],$startfacility[$loop],$stopfacility[$loop], + $startseverity[$loop],$stopseverity[$loop]); + } + } + } + do_header($PageTitle, 'view'); + if ( $durtype == 3 ) { + $header = "view.php?pagebreak=$pagebreak$appendurl&durtype=$durtype&viewtype=$viewtype&pagenum=$pagenums&startdate=$startdate&enddate=$enddate&hostid=" . fixspace($hostid) . "&pagesize=$pagesize&datatype=$datatype&userid=$userid&typeid=$typeid&lastid=$lastid"; + echo ""; + } + formfield("viewtype","hidden",3,1,0,200,200,$viewtype); + formfield("pagebreak","hidden",3,1,0,200,200,$pagebreak); + formfield("pagesize","hidden",3,1,0,200,200,$pagesize); + formfield("pagenum","hidden",3,1,0,200,200,1); + formfield("hostid","hidden",3,1,0,200,200,$hostid); + formfield("datatype","hidden",3,1,0,200,200,$datatype); + formfield("timestamp","hidden",3,1,0,200,200,$startdate); + if ( isset($userid) ) formfield("userid","hidden",3,1,0,200,200,$userid); + formfield("typeid","hidden",3,1,0,200,200,$typeid); + if ( isset($lastid) ) { formfield("lastid","hidden",3,1,0,200,200,$lastid); } + if ( isset($regexpcount) ) { + for ( $regloop = 0 ; $regloop != $regexpcount ; $regloop++ ) { + formfield("regexp[]","hidden",3,1,0,200,200,stripslashes($regexp[$regloop])); + formfield("regexpinclude[]","hidden",3,1,0,200,200,$regexpinclude[$regloop]); + formfield("filterorlevel[]","hidden",3,1,0,200,200,$filterorlevel[$regloop]); + formfield("startfacility[]","hidden",3,1,0,200,200,$startfacility[$regloop]); + formfield("stopfacility[]","hidden",3,1,0,200,200,$stopfacility[$regloop]); + formfield("startseverity[]","hidden",3,1,0,200,200,$startseverity[$regloop]); + formfield("stopseverity[]","hidden",3,1,0,200,200,$stopseverity[$regloop]); + } + } + + $SQLQuery=""; + $TopSQLQuery="select distinct on (date,time,TSyslog_ID) TSyslog_ID, TSyslog.date, TSyslog.Time, TSyslog.host, TSyslog.message, TSyslog.Severity, TSyslog.Facility from TSyslog"; + $BottomSQLQuery="select distinct on (date,time,TSyslog_ID) Syslog_TArchive.TSyslog_ID, Syslog_TArchive.date, Syslog_TArchive.Time, Syslog_TArchive.host, Syslog_TArchive.message, Syslog_TArchive.Severity, Syslog_TArchive.Facility from Syslog_TArchive"; + if ( $datatype == 1 ) { + if ($hostid != -1) { + $host=gethost($dbsocket,$hostid); + $TopSQLQuery = $TopSQLQuery . " where host='$host'"; + $BottomSQLQuery = $BottomSQLQuery . " where host='$host'"; + } else { + if ($group < 2) { + $TopSQLQuery = $TopSQLQuery . ",Syslog_TCustomerProfile,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$REMOTE_ID and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID "; + $BottomSQLQuery = $BottomSQLQuery . ",Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$REMOTE_ID and Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID "; + } else { + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost where TSyslog.host=Syslog_THost.THost_Host "; + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost where Syslog_TArchive.host=Syslog_THost.THost_Host "; + } + } + + } + if ( $datatype == 2 ) { + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid"; + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TArchive.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid"; + } + if ( $datatype == 3 ) { + if (!isset($userid)) { + die("No User Selected
    "); + } + + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID"; + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID"; + } + if ( $datatype == 4 ) { + if (!isset($userid)) { + die("No User Selected
    "); + } + if (!isset($typeid)) { + die("No Host Type Selected"); + } + $TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( TSyslog.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid )"; + $BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " . + "( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " . + "( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " . + "( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " . + "( Syslog_THost.TPremadeType_ID=$typeid )"; + } + if ( $durtype != 3 ) { + if ( $date1 == $date2 ) { + $SQLQueryDate="and date = '$date1' and ( time >= '$time1' and time <= '$time2')"; + } + if ( ( date("z",$enddate) - date("z",$startdate) ) == 1 ) { + $SQLQueryDate="and (( date = '$date1' and time >= '$time1' ) or " . + "( date = '$date2' and time <= '$time2' ) ) "; + } + if ( ( date("z",$enddate) - date("z",$startdate) ) > 1 ) { + $SQLQueryDate="and (( date = '$date1' and time >= '$time1' ) or " . + "( date > '$date1' and date < '$date2' ) or " . + "( date = '$date2' and time <= '$time2' ) )"; + } + } + if ( $durtype == 3 ) { + $SQLOrder = " desc"; + } else { + $SQLOrder = ""; + } + + + if ( isset($lastid) ) { + $SQLQuery = $TopSQLQuery . "( TSyslog_ID > $lastid ) " . $SQLQueryDate . " union " . $BottomSQLQuery . " ( TSyslog_ID > $lastid ) " . $SQLQueryDate . " order by date ".$SQLOrder.", time". $SQLOrder.", TSyslog_ID". $SQLOrder; + } else { + $SQLQuery = $TopSQLQuery . $SQLQueryDate . " union " . $BottomSQLQuery . $SQLQueryDate . " order by date".$SQLOrder.", time". $SQLOrder.", TSyslog_ID". $SQLOrder; + } + + $SQLQuery = $TopSQLQuery . $SQLQueryDate . " union " . $BottomSQLQuery . $SQLQueryDate . " order by date".$SQLOrder.", time". $SQLOrder.", TSyslog_ID". $SQLOrder; + if ( ! isset($pagesize) ) { $pagesize=10; } + if ( $durtype != 3) { + $SQLQuery = $SQLQuery . " limit 5000"; + } else { + $SQLQuery = $SQLQuery . " limit 100"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage().":".$SQLQuery."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $saveerr ) { echo "There was an error saving results
    \n"; } + $linecount = 0; + if ( $SQLNumRows > 0 ) { + $lastid=0; + if ( ! $pagenum ) { $pagenum=1; } + $startline=$pagenum * $pagesize - $pagesize + 1 ; + $stopline=$pagenum * $pagesize ; + $loop=0; + $linecount=0; + $lasttline=0; + $keepgoing=1; + $deliverymessage=""; + if ( ( $emailaddress != "" ) && ( $action == "EMail Results" ) ) { + $deliverymessage="Report from $REMOTE_USER\n\n"; + } + echo "\n"; + echo "\n"; + $newhost=""; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id)); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->message)); + $severity=stripslashes(pgdatatrim($SQLQueryResultsObject->severity)); + $facility=stripslashes(pgdatatrim($SQLQueryResultsObject->facility)); + $vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity))); + $vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility))); + if ( $host != $newhost ) { + if ( $newhost != "" ) { + pg_freeresult($RuleResults) or + die(pg_errormessage() . "
    \n"); + } + $hostid=gethostid($dbsocket,$host); + $SQLQuery="select * from Syslog_TRule where THost_ID=$hostid"; + $RuleResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $NumOfRules = pg_numrows($RuleResults); + $newhost=$host; + } + + $messagecolor=""; + for ( $loop1 = 0 ; $loop1 != $NumOfRules ; $loop1++ ) { + $RuleResultsObject = pg_fetch_object($RuleResults,$loop1) or + die(pg_errormessage()."
    \n"); + + $ruleruleorlevel=pgdatatrim($RuleResultsObject->trule_ruleorlevel); + $rulestartfacility=pgdatatrim($RuleResultsObject->trule_startfacility); + $rulestopfacility=pgdatatrim($RuleResultsObject->trule_stopfacility); + $rulestartseverity=pgdatatrim($RuleResultsObject->trule_startseverity); + $rulestopseverity=pgdatatrim($RuleResultsObject->trule_stopseverity); + + if ( strlen(pgdatatrim($RuleResultsObject->trule_expression)) > 0 ) { + $regresults=ereg(pgdatatrim($RuleResultsObject->trule_expression),$message); + } else { + $regresults=""; + } + $bounds=withinbounds($facility,$severity,$rulestartfacility,$rulestopfacility,$rulestartseverity,$rulestopseverity); + $color="off"; + if ( ( ( $ruleruleorlevel == 1 ) && ( $regresults ) ) || + ( ( $ruleruleorlevel == 2 ) && ( $regresults ) && ( $bounds ) ) || + ( ( $ruleruleorlevel == 3 ) && ( $bounds ) ) ) { + $messagecolor=""; + } + } + $clear=1; + if ( isset($regexpcount) ) { + for ( $regloop = $regexpcount - 1 ; $regloop != -1 ; $regloop-- ) { + if ( $clear ) { + $rule=1; + $level=1; + if ( $filterorlevel[$regloop] <= 2 ) { + if ( $regexp[$regloop] != "" ) { + if ( ( $regexpinclude[$regloop] == "0" ) && ( ereg($regexp[$regloop],$message) ) ) { $rule=0; } + if ( ( $regexpinclude[$regloop] == "1" ) && ( ! ereg($regexp[$regloop],$message) ) ) { $rule=0; } + } + } + if ( $filterorlevel[$regloop] >= 2 ) { + if ( $regexpinclude[$regloop] == "0" ) { + if ( withinbounds($facility,$severity,$startfacility[$regloop],$stopfacility[$regloop], + $startseverity[$regloop],$stopseverity[$regloop]) ) { $level=0; }; + } + if ( $regexpinclude[$regloop] == "1" ) { + if ( ! withinbounds($facility,$severity,$startfacility[$regloop],$stopfacility[$regloop], + $startseverity[$regloop],$stopseverity[$regloop]) ) { $level=0; }; + } + } + if ( $filterorlevel[$regloop] == 1 ) { $clear = $rule; } + if ( ( $filterorlevel[$regloop] == 2 ) && ( ( $rule != 1 ) || ( $level != 1 ) ) ) { $clear = 0 ; } + if ( $filterorlevel[$regloop] == 3 ) { $clear = $level; } + } + } + } + if ( isset($clear) && ($clear > 0) ) { + $linecount++; + if ( $bgcolor == "#EEEEEE" ) { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#EEEEEE";} + if ( ( ( $pagebreak ) && ( $linecount >= $startline ) && ( $linecount <= $stopline ) ) || ( ! $pagebreak ) ) { + $fontcolor="#000000"; + if ( ( $severity == 4 ) || ( $severity == 3 ) ) { $fontcolor='#FF8800'; } + if ( $severity <= 2 ) { $fontcolor='#FF0000'; } + echo "    \n"; + $lastline=$linecount; + } + if ( ( $group >= 2 ) && ( $saveid != 0 ) && ( $action == "Save Results" ) && ( $saverr != 1 ) ) { + savefilteredview($dbsocket,$saveid,$date,$time,$host,$facility,$severity,$message); + } + if ( ( $emailaddress != "" ) && ( $action == "EMail Results" ) ) { + $deliverymessage=$deliverymessage . "$date $time $host $vfacility $vseverity $message\r\n"; + } + } + } + if ( ( $pagebreak ) ) { + $appendurl=""; + if ( $regexpcount ) { + for ( $regloop = 0 ; $regloop != $regexpcount ; $regloop++ ) { + $appendurl=$appendurl."®exp%5B%5D=" . urlencode(htmlspecialchars($regexp[$regloop],ENT_QUOTES)) . "®expinclude%5B%5D=$regexpinclude[$regloop]&filterorlevel%5B%5D=$filterorlevel[$regloop]&startfacility%5B%5D=$startfacility[$regloop]&stopfacility%5B%5D=$stopfacility[$regloop]&startseverity%5B%5D=$startseverity[$regloop]&stopseverity%5B%5D=$stopseverity[$regloop]"; + } + } + echo ""; + } else { + echo ""; + } + if ( $linecount > $lastline ) { + $pagenums=$pagenum+1; + echo ""; + } else { + echo ""; + } + } + } + echo "
    IDDateTimeFacilitySeverityHostMessage
    $id$date$time$vfacility$vseverity$host$messagecolor".htmlspecialchars($message).""; + echo "
    "; + if ( $startline > 1 ) { + $pagenums=$pagenum-1; + echo "PreviousNext
    \n"; + echo "$linecount Lines available after filtering $SQLNumRows lines
    "; + if ( $SQLNumRows == 5000 ) { + echo "Last entry: $time $date
    \n"; + echo "Please click Here to view the next 5000 lines.
    \n"; + + } + if ($durtype != 3) { + if ( ( isset($emailaddress)) && ( $action == "EMail Results" ) ) { + $results=mail($emailaddress,"SMT EMail",$deliverymessage); + if ( $results ) { echo "Email sent to SMTP server
    \n"; } + } + echo "EMail Address: "; + formfield("emailaddress","text",3,1,0,40,128); + formsubmit("EMail Results",3,1,1); + if ( $action == "Save Results" ) { + echo "Saved Results
    \n"; + } + if ( $group >= 2 ) { + echo "Description for Saved Results: "; + formfield("savedesc","text",3,1,0,40,128); + formsubmit("Save Results",3,1,1); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + formfield("timestamp","hidden",3,1,0,200,200,$startdate); + formfield("duration","hidden",3,1,0,200,200,$duration); + closeform(); + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +?> diff --git a/html/viewsaves.php b/html/viewsaves.php new file mode 100644 index 0000000..c8b12c2 --- /dev/null +++ b/html/viewsaves.php @@ -0,0 +1,106 @@ +\n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo "
    Saved Log Description: " . stripslashes(pgdatatrim(relatedata ($dbsocket,"Syslog_TSave","TSave_Desc","TSave_ID=$saveid"))) . "

    \n"; + echo "Expires: " . stripslashes(pgdatatrim(relatedata ($dbsocket,"Syslog_TSave","TSave_ExpireDate","TSave_ID=$saveid"))) . "

    \n"; + openform("viewsaves.php","post",2,1,0); + if ( $SQLNumRows > 0 ) { + $deliverymessage=""; + if ( ( $emailaddress != "" ) && ( $action == "EMail Results" ) ) { + $deliverymessage="Report from $REMOTE_USER\n\n"; + } + echo "\n"; + echo "\n"; + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $date=stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_date)); + $time=stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_time)); + $host=stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_host)); + $message=stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_message)); + $sev=stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_severity)); + $severity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_severity))); + $facility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->tsavedata_facility))); + if ( ( $sev == 4 ) || ( $sev == 3 ) ) { $fontcolor='#FF8800'; } + if ( $sev <= 2 ) { $fontcolor='#FF0000'; } + + echo "\n"; + if ( ( $emailaddress != "" ) && ( $action == "EMail Results" ) ) { + $deliverymessage=$deliverymessage . "$date $time $host $facility $severity $message\r\n"; + } + } + } + echo "
    DateTimeFacilitySeverityHostMessage
    $date$time$facility$severity$host$message
    \n"; + if ( ( $emailaddress != "" ) && ( $action == "EMail Results" ) ) { + $results=mail($emailaddress,"SMT EMail",$deliverymessage); + if ( $results ) { echo "Email sent to SMTP server
    \n"; } + } + echo "Email Address: "; + formfield("emailaddress","text",3,1,0,40,128); + formfield("saveid","hidden",3,1,0,40,40,$saveid); + formsubmit("EMail Results",3,1,1); + } + + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + closeform(); + $endtime=time(); + echo "
    Page loaded in " . ($endtime - $begintime) . " seconds.
    \n"; + do_footer(); + dbdisconnect($sec_dbsocket); + dbdisconnect($dbsocket); +?> diff --git a/lib/generalweb.php b/lib/generalweb.php new file mode 100644 index 0000000..9bbced1 --- /dev/null +++ b/lib/generalweb.php @@ -0,0 +1,169 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + +/********************************************************************/ +/* */ +/* File: generalweb.php */ +/* Purpose: Facilitates easier and consistent delcaration of web */ +/* structures. */ +/* */ +/********************************************************************/ + +/********************************************************************/ +/* */ +/* Function: openform */ +/* Stability(1 low - 5 high): 5 */ +/* Description: use for starting html forms */ +/* */ +/********************************************************************/ +function openform($target,$getpost,$tabs=0,$cr=1,$br=0) { + + echo tabs($tabs) . "
    "; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: closeform */ +/* Stability(1 low - 5 high): 5 */ +/* Description: use for ending html forms */ +/* */ +/********************************************************************/ +function closeform($tabs=0) { + + echo tabs($tabs) . "
    \n"; +} + +/********************************************************************/ +/* */ +/* Function: formfield */ +/* Stability(1 low - 5 high): 5 */ +/* Description: create html form fields, the function will auto */ +/* encode strings as necessary */ +/* */ +/********************************************************************/ +function formfield($name,$type,$tabs=0,$cr=1,$br=0,$size=30,$maxlength=30,$value="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: tabs */ +/* Stability(1 low - 5 high): 5 */ +/* Description: used to output the relavent # of tabs for */ +/* formatting html output */ +/* */ +/********************************************************************/ +function tabs($number) { + + $Result = ''; + for ( $loop = 0 ; $loop != $number ; $loop++ ) { + $Result = $Result . " "; + } + return($Result); +} + +/********************************************************************/ +/* */ +/* Function: crbr */ +/* Stability(1 low - 5 high): 5 */ +/* Description: used to output the a CR, LF or both */ +/* */ +/********************************************************************/ +function crbr($cr=1,$br=0) { + + if ( $br == 1 ) { echo "
    "; } + if ( $cr == 1 ) { echo "\n"; } +} + +/********************************************************************/ +/* */ +/* Function: formsubmit */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Create html form submit buttons */ +/* */ +/********************************************************************/ +function formsubmit($text,$tabs=0,$cr=1,$br=0) { + + echo tabs($tabs) . ''; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: formreset */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Create html form reset button */ +/* */ +/********************************************************************/ +function formreset($text,$tabs=0,$cr=1,$br=0) { + + echo tabs($tabs) . ''; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: fixspace(deprecated) */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Was used to convert spaces to %20 for html link */ +/* output */ +/* */ +/********************************************************************/ +function fixspace($string) { + + $Results=""; + for ( $loop = 0; $loop != strlen($string) ; $loop ++ ) { + if ( substr($string,$loop,1) == " " ) { + $Results=$Results . "%20"; + } else { + $Results=$Results . substr($string,$loop,1); + } + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: setupappostrophe(deprecated) */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Was used to properly convert "'"s for html output */ +/* */ +/********************************************************************/ +function setupappostrophe($string) { + + $Results=""; + for ( $loop = 0; $loop != strlen($string) ; $loop ++ ) { + if ( substr($string,$loop,1) == "'" ) { + $Results=$Results . "\\'"; + } else { + $Results=$Results . substr($string,$loop,1); + } + } + return($Results); +} + +%> diff --git a/lib/pgsql.php b/lib/pgsql.php new file mode 100644 index 0000000..cd31c3a --- /dev/null +++ b/lib/pgsql.php @@ -0,0 +1,147 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + +/********************************************************************/ +/* */ +/* File: pgsql.php */ +/* Purpose: Provide a slimmed down interface to interact with */ +/* PGSQL. Also used to abstract usernames/passwords */ +/* by providing extra protection */ +/* */ +/********************************************************************/ + +/********************************************************************/ +/* */ +/* Function: dbconnect */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A streamlined function used to connect to PGSQL */ +/* */ +/********************************************************************/ +function dbconnect($dbname,$user,$passwd) { + + $host = "127.0.0.1"; + $dbsocket = pg_connect("host=$host dbname=$dbname user=$user password=$passwd") or + die(pg_errormessage()."
    \n"); + return($dbsocket); +} + +/********************************************************************/ +/* */ +/* Function: dbdisconnect */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A streamlined function used to disconnect from */ +/* PGSQL */ +/* */ +/********************************************************************/ +function dbdisconnect($dbsocket) { + + pg_close($dbsocket) or + die(pg_errormessage()."
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: pgdatatrim(deprecated) */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Used to trim out trailing spaces for PGSQL char */ +/* variables */ +/* */ +/********************************************************************/ +function pgdatatrim($string) { + + $Results=ltrim(rtrim($string)); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: relatedata */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Database/table generic function to relate simple */ +/* queries and return the first row only */ +/* */ +/********************************************************************/ +function relatedata ($dbsocket,$tablename,$field,$condition) { + + $SQLQuery="select $field from $tablename where $condition"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage() . "
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsArray=pg_fetch_array($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + $Results = $SQLQueryResultsArray[0]; + } else { + $Results = ''; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: embededsql */ +/* Stability(1 low - 5 high): 5 */ +/* Description: check for embeded SQL keywords, if found, return 1 */ +/* */ +/********************************************************************/ +function embededsql($var) { + + $pgsql_commands=array('ABORT','ALTER GROUP','ALTER TABLE','ALTER USER','BEGIN','CHECKPOINT','CLOSE', + 'CLUSTER','COMMENT','COMMIT','COPY','CREATE AGGREGATE','CREATE CONSTRAINT TRIGGER', + 'CREATE DATABASE','CREATE FUNCTION','CREATE GROUP','CREATE INDEX','CREATE LANGUAGE', + 'CREATE OPERATOR','CREATE RULE','CREATE SEQUENCE','CREATE TABLE','CREATE TABLE AS', + 'CREATE TRIGGER','CREATE TYPE','CREATE USER','CREATE VIEW','DECLARE','DELETE', + 'DROP AGGREGATE','DROP DATABASE','DROP FUNCTION','DROP GROUP','DROP INDEX','DROP LANGUAGE', + 'DROP OPERATOR','DROP RULE','DROP SEQUENCE','DROP TABLE','DROP TRIGGER','DROP TYPE', + 'DROP USER','DROP VIEW','EXPLAIN','FETCH','GRANT','INSERT','LISTEN','LOAD','LOCK', + 'MOVE','NOTIFY','REINDEX','RESET','REVOKE','ROLLBACK','SELECT','SELECT INTO', + 'SET CONSTRAINTS','SET TRANSACTION','SHOW','TRUNCATE','UNLISTEN','UPDATE','VACUUM'); + $testvar=strtoupper($var); + $Results=0; + for ( $loop = 0 ; $loop != (count($pgsql_commands)-1) ; $loop++ ) { + if ( substr_count($testvar,$pgsql_commands[$loop]) ) { $Results=1; } + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: fixappostrophe(deprecated) */ +/* Stability(1 low - 5 high): 5 */ +/* Description: convert single "'"s to "''"s for SQL statements */ +/* */ +/********************************************************************/ +function fixappostrophe($string) { + + $Results=""; + for ( $loop = 0; $loop != strlen($string) ; $loop ++ ) { + if ( substr($string,$loop,1) == "'" ) { + $Results=$Results . "''"; + } else { + $Results=$Results . substr($string,$loop,1); + } + } + return($Results); +} + +%> + diff --git a/lib/pix.php b/lib/pix.php new file mode 100644 index 0000000..bb4cdf4 --- /dev/null +++ b/lib/pix.php @@ -0,0 +1,2880 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + +/********************************************************************/ +/* */ +/* File: pix.php */ +/* Purpose: Provide the majority of functions used by the Syslog */ +/* Management Tool */ +/* */ +/********************************************************************/ + +/********************************************************************/ +require_once('pgsql.php'); + +/********************************************************************/ +define("SMACDB", "TSyslog"); /* Username used to access the DB */ +define("SMACPASS", "N88iqueU"); +define("WARNINGADDRESS", "root@localhost"); /* Email address that SMT uses as the target to get warnings and misc. reports */ +define("SMTVER","1.00"); /* The version of the software that the user sees */ +define("LEFTWIDTH","150"); /* Control the width of the left panel called by index.php */ + +function dayofweekboxes($fieldname, $tabs=0, $cr=0, $br=0, $selected="") { + + echo tabs($tabs); + if ( $selected >= 64 ) { + $sunday=1; + $selected=$selected - 64; + } + if ( $selected >= 32 ) { + $monday=1; + $selected=$selected - 32; + } + if ( $selected >= 16 ) { + $tuesday=1; + $selected=$selected - 16; + } + if ( $selected >= 8 ) { + $wednesday=1; + $selected=$selected - 8; + } + if ( $selected >= 4 ) { + $thursday=1; + $selected=$selected - 4; + } + if ( $selected >= 2 ) { + $friday=1; + $selected=$selected - 2; + } + if ( $selected >= 1 ) { + $saturday=1; + $selected=$selected - 1; + } + echo "Sunday "; + echo "Monday "; + echo "Tuesday "; + echo "Wednesday "; + echo "Thursday "; + echo "Friday "; + echo "Saturday "; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: supressruleresults */ +/* Stability(1 low - 5 high): 5 */ +/* Description: determine if a rule is between the date & time */ +/* specified for the rule type */ +/* */ +/********************************************************************/ +function supressruleresults($starttime,$endtime,$daysofweek,$timertype,$timestamp) { + + $Results=0; + $sunday=0; /* 1 */ + $monday=0; /* 2 */ + $tuesday=0; /* 4 */ + $wednesday=0; /* 8 */ + $thursday=0; /* 16 */ + $friday=0; /* 32 */ + $saturday=0; /* 64 */ + $day=date("D",$timestamp); + + + if ( ( $timertype == 1 ) || ( $timertype == 2 ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( $timertype == 3 ) { + if ( $daysofweek >= 64 ) { + $sunday=1; + $daysofweek=$daysofweek - 64; + } + if ( $daysofweek >= 32 ) { + $monday=1; + $daysofweek=$daysofweek - 32; + } + if ( $daysofweek >= 16 ) { + $tuesday=1; + $daysofweek=$daysofweek - 16; + } + if ( $daysofweek >= 8 ) { + $wednesday=1; + $daysofweek=$daysofweek - 8; + } + if ( $daysofweek >= 4 ) { + $thursday=1; + $daysofweek=$daysofweek - 4; + } + if ( $daysofweek >= 2 ) { + $friday=1; + $daysofweek=$daysofweek - 2; + } + if ( $daysofweek >= 1 ) { + $saturday=1; + $daysofweek=$daysofweek - 1; + } + + /* convert from hh:mm mm/dd/yyyy to seconds since 1970 */ + $starthour=date("G",$starttime); + $startminute=date("i",$starttime); + $stophour=date("G",$endtime); + $stopminute=date("i",$endtime); + $hour=date("G",$timestamp); + $minute=date("i",$timestamp); + + /* convert time to sec since 1970 since it provides easy date/time conversion */ + $starttime=mktime($starthour,$startminute,0,1,1,2003); + $endtime=mktime($stophour,$stopminute,0,1,1,2003); + $timestamp=mktime($hour,$minute,0,1,1,2003); + + if ( ( $sunday ) && ( $day == "Sun" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $monday ) && ( $day == "Mon" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $tuesday ) && ( $day == "Tue" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $wednesday ) && ( $day == "Wed" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $thursday ) && ( $day == "Thu" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $friday ) && ( $day == "Fri" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + if ( ( $saturday ) && ( $day == "Sat" ) ) { + if ( ( $timestamp >= $starttime ) && ( $timestamp <= $endtime ) && ( $starttime < $endtime ) ) { + $Results=1; + } + if ( ( ( $timestamp >= $starttime ) || ( $timestamp <= $endtime ) ) && ( $starttime > $endtime ) ) { + $Results=1; + } + } + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: thresholddropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: HTML control to create a drop down box listing */ +/* rule threshold values */ +/* */ +/********************************************************************/ +function thresholddropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1,$selected="") { + + $values=array(0,1,2,3,4,5,10,15,20,25,30,35,40,45,50,60,70,80,90,100,200,300,400,500,600,700,800,900,1000,2000,3000,4000,5000,6000,7000,8000,9000,10000,20000,30000,40000,50000); + echo tabs($tabs) . ""; + crbr($cr,$br); +} + + +/********************************************************************/ +/* */ +/* Function: clearlaunchqueue */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete Syslog_TLaunchQueue records w/ appropriate */ +/* ID for either stale connections or properly */ +/* closing out a processor */ +/* */ +/********************************************************************/ +function clearlaunchqueue($dbsocket,$mailid) { + + $SQLQuery="begin;delete from Syslog_TLaunchQueue where TMail_ID=$mailid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: updatelaunch */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a launch entry in the Syslog_TLaunch table */ +/* */ +/********************************************************************/ +function updatelaunch($dbsocket,$launchid,$shortdesc,$longdesc,$program) { + + $Results=0; + $shortdesc=fixappostrophe(stripslashes(pgdatatrim($shortdesc))); + $longdesc=fixappostrophe(stripslashes(pgdatatrim($longdesc))); + $program=fixappostrophe(stripslashes(pgdatatrim($program))); + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + if ( ( $shortdesc != "" ) && ( $program != "" ) ) { + $SQLQuery = "begin;update syslog_tlaunch set tlaunch_shortdesc='$shortdesc',tlaunch_longdesc='$longdesc',tlaunch_program='$program' where tlaunch_id=$launchid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addlaunchdataentry */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Adds entries to Syslog_TLaunchQueue table for */ +/* queuing up date for an external program */ +/* */ +/********************************************************************/ +function addlaunchdataentry($dbsocket,$launchid,$id,$mailid,$desc) { + + $Results=0; + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + $id=fixappostrophe(stripslashes(pgdatatrim($id))); + $mailid=fixappostrophe(stripslashes(pgdatatrim($mailid))); + $desc=fixappostrophe(stripslashes(pgdatatrim($desc))); + if ( ( $launchid != "" ) && ( $id != "" ) ) { + $SQLQuery = "begin;insert into Syslog_TLaunchQueue (TLaunchQueue_Desc,TLaunch_ID,TMail_ID,TSyslog_ID) values ('$desc',$launchid,$mailid,$id);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: launchassociated */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return whether or not there is an association for */ +/* a given external program. */ +/* */ +/********************************************************************/ +function launchassociated($dbsocket,$launchid,$id,$mailid) { + + $Results=0; + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + $id=fixappostrophe(stripslashes(pgdatatrim($id))); + $mailid=fixappostrophe(stripslashes(pgdatatrim($mailid))); + if ( ( $launchid != "" ) && ( $id != "" ) ) { + $SQLQuery = "select * from Syslog_TLaunchQueue where tlaunch_id=$launchid and TSyslog_ID=$id and TMail_ID=$mailid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $Results = pg_numrows($SQLQueryResults); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: droplaunch */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop a launchable program entry from Syslog_... */ +/* Launch table for a given TLaunch_ID */ +/* */ +/********************************************************************/ +function droplaunch($dbsocket,$launchid) { + + $Results=0; + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + if ( $launchid != "" ) { + $SQLQuery = "begin;delete from syslog_tlaunch where tlaunch_id=$launchid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addlaunch */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add an launch program entry in the Syslog_.... */ +/* TLaunch table */ +/* */ +/********************************************************************/ +function addlaunch($dbsocket,$shortdesc, $longdesc, $program) { + + $Results=0; + $shortdesc=fixappostrophe(stripslashes(pgdatatrim($shortdesc))); + $longdesc=fixappostrophe(stripslashes(pgdatatrim($longdesc))); + $program=fixappostrophe(stripslashes(pgdatatrim($program))); + if ( ( $shortdesc != "" ) && ( $program != "" ) ) { + $SQLQuery = "begin;insert into syslog_tlaunch (tlaunch_shortdesc, tlaunch_longdesc, tlaunch_program) values ('$shortdesc','$longdesc','$program');commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: launchdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: An HTML control for providing a launch drop down */ +/* box */ +/* */ +/********************************************************************/ +function launchdropdown ($dbsocket, $fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="",$listnone=1) { + + $SQLQuery="select * from Syslog_TLaunch order by TLaunch_ShortDesc"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + + +/********************************************************************/ +/* */ +/* Function: reporttypename */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Easily convert report types to report names */ +/* */ +/********************************************************************/ +function reporttypename($value=0) { + + switch ($value) { + case 1: + $Results="Log Volume By Severity"; + break; + case 2: + $Results="Log Volume By Facility"; + break; + case 3: + $Results="Cisco Pix: Bandwidth Breakdown"; + break; + case 4: + $Results="Cisco VPN Usage Report"; + break; + default: + $Results="Log Volume By Severity"; + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: reporttypedropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: HTML control to create a report type drop down */ +/* control */ +/* */ +/********************************************************************/ +function reporttypedropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1,$selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: startbody */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Provides an easy control to change the basic feel */ +/* of SMT */ +/* */ +/********************************************************************/ +function startbody($tabs=0) { + + echo tabs($tabs) . ""; +} + +/********************************************************************/ +/* */ +/* Function: drophostrules */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete syslog & deny rules for a given host_id */ +/* */ +/********************************************************************/ +function drophostrules($dbsocket,$hostid) { + + $Results=0; + if ( strval($hostid) > 0 ) { + $SQLQuery="begin; delete from syslog_truledeny where ( syslog_trule.thost_id=$hostid and syslog_trule.trule_id=syslog_truledeny.trule_id) ; delete from syslog_trule where syslog_trule.thost_id=$hostid; commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostsyslogs */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Remove syslogs from the database for a given host */ +/* */ +/********************************************************************/ +function drophostsyslogs($dbsocket,$hostid) { + + $Results=0; + $host=gethost($dbsocket,$hostid); + if ( strval($hostid) > 0 ) { + $SQLQuery="begin;delete from TSyslog where host='$host';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostalerts */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Remove alerts for a given host */ +/* */ +/********************************************************************/ +function drophostalerts($dbsocket,$hostid) { + + $Results=0; + if ( strval($hostid) > 0 ) { + $SQLQuery="begin;delete from Syslog_TAlert where TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id; delete from Syslog_TAlert where Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostarchivesyslogs */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Remove syslogs from the archive table for a given */ +/* host */ +/* */ +/********************************************************************/ +function drophostarchivesyslogs($dbsocket,$hostid) { + + $Results=0; + $host=gethost($dbsocket,$hostid); + if ( strval($hostid) > 0 ) { + $SQLQuery="begin;delete from Syslog_TArchive where host='$host';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostcustprof */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Remove a host from a customer profile */ +/* */ +/********************************************************************/ +function drophostcustprof($dbsocket,$hostid) { + + $Results=0; + if ( strval($hostid) > 0 ) { + $SQLQuery="begin;delete from syslog_tcustomerprofile where thost_id=$hostid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostprocprof */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Remove a host from a processor profile */ +/* */ +/********************************************************************/ +function drophostprocprof($dbsocket,$hostid) { + + $Results=0; + if ( strval($hostid) > 0 ) { + $SQLQuery="begin;delete from syslog_tprocessorprofile where thost_id=$hostid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: renamehosts */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Provide a generic function to rename hosts in any */ +/* given table */ +/* */ +/********************************************************************/ +function renamehosts($dbsocket,$tablename,$expression,$fieldname,$hostname) { + + $SQLNumRows = 0; + $tablename=stripslashes(pgdatatrim($tablename)); + $expression=stripslashes(pgdatatrim($expression)); + $fieldname=stripslashes(pgdatatrim($fieldname)); + $hostname=stripslashes(pgdatatrim($hostname)); + if ( $hostname != "" ) { + $SQLQuery="begin;update $tablename set $fieldname='$hostname' where $expression;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: withinbounds */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Determine if a given severity & facilty exists */ +/* between the supplied ranges */ +/* */ +/********************************************************************/ +function withinbounds($facility,$severity,$startfacility,$stopfacility,$startseverity,$stopseverity) { + + $Results = 0; + if ( ( $facility >= $startfacility ) && ( $facility <= $stopfacility ) && + ( $severity >= $startseverity ) && ( $severity <= $stopseverity ) ) { + $Results=1; + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: facilitydropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a drop down box of */ +/* Syslog Facilities */ +/* */ +/********************************************************************/ +function facilitydropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1,$selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: severitydropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a drop down box of */ +/* Syslog Severities */ +/* */ +/********************************************************************/ +function severitydropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1,$selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: verbosefacility */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the english desc for a given facility */ +/* */ +/********************************************************************/ +function verbosefacility($facility) { + + $Results=""; + if ( $facility == "" ) { $facility=24; } + if ( $facility == "0" ) { $Results="kernel"; } + if ( $facility == "1" ) { $Results="random"; } + if ( $facility == "2" ) { $Results="mail"; } + if ( $facility == "3" ) { $Results="daemon"; } + if ( $facility == "4" ) { $Results="auth"; } + if ( $facility == "5" ) { $Results="msyslog"; } + if ( $facility == "6" ) { $Results="lpr"; } + if ( $facility == "7" ) { $Results="news"; } + if ( $facility == "8" ) { $Results="uucp"; } + if ( $facility == "9" ) { $Results="cron"; } + if ( $facility == "10" ) { $Results="authpriv"; } + if ( $facility == "11" ) { $Results="ftp"; } + if ( $facility == "16" ) { $Results="local0"; } + if ( $facility == "17" ) { $Results="local1"; } + if ( $facility == "18" ) { $Results="local2"; } + if ( $facility == "19" ) { $Results="local3"; } + if ( $facility == "20" ) { $Results="local4"; } + if ( $facility == "21" ) { $Results="local5"; } + if ( $facility == "22" ) { $Results="local6"; } + if ( $facility == "23" ) { $Results="local7"; } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: verboseseverity */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the english desc for a given severity */ +/* */ +/********************************************************************/ +function verboseseverity($severity) { + + $Results=""; + if ( $severity == "" ) { $severity=7; } + if ( $severity == 0 ) { $Results="emergency"; } + if ( $severity == 1 ) { $Results="alerts"; } + if ( $severity == 2 ) { $Results="critical"; } + if ( $severity == 3 ) { $Results="errors"; } + if ( $severity == 4 ) { $Results="warnings"; } + if ( $severity == 5 ) { $Results="notifications"; } + if ( $severity == 6 ) { $Results="informational"; } + if ( $severity == 7 ) { $Results="debug"; } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: cleanarchives */ +/* Stability(1 low - 5 high): 5 */ +/* Description: This function is used to help clean up after a */ +/* stale processor. Since we cannot have duplicate */ +/* log IDs, we must be sure to delete old logs that */ +/* might be left over. We delete all log with a */ +/* syslog_id > then the last time we processed */ +/* */ +/********************************************************************/ +function cleanarchives($dbsocket,$cleanid,$cleanhost) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TArchive where TSyslog_ID > $cleanid and host='$cleanhost';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: cleanalerts */ +/* Stability(1 low - 5 high): 5 */ +/* Description: This function is used to help clean up after a */ +/* stale processor. Since we cannot have duplicate */ +/* alerts, we must be sure to delete old alerts that */ +/* might be left over. We delete all alerts with a */ +/* syslog_id > then the last time we processed */ +/* */ +/********************************************************************/ +function cleanalerts($dbsocket,$cleanid,$cleanhost) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TAlert where Syslog_TAlert.TSyslog_ID=TSyslog.TSyslog_ID and TSyslog.TSyslog_ID > $cleanid and TSyslog.host='$cleanhost';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropfilterdata */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop filter row that has the appropriate */ +/* filterdata_id */ +/* */ +/********************************************************************/ +function dropfilterdata($dbsocket,$filterdataid) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TFilterData where TFilterData_ID=$filterdataid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updatefilterdata */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a given filterdata row */ +/* */ +/********************************************************************/ +function updatefilterdata($dbsocket,$filterid,$filter,$include,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity) { + + $userorglobal=strval($userorglobal); + $SQLQuery="begin;update Syslog_TFilterData set TFilterData_Include=$include,TFilterData_Filter='$filter',TFilterData_FilterOrLevel=$filterorlevel,TFilterData_StartFacility=$startfacility,TFilterData_StopFacility=$stopfacility,TFilterData_StartSeverity=$startseverity,TFilterData_StopSeverity=$stopseverity where TFilterData_ID=$filterid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $Results=$SQLNumRows; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: updatefilter */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a given filter row */ +/* */ +/********************************************************************/ +function updatefilter($dbsocket,$filterid,$filterdesc,$userorglobal) { + + $filterdesc=pgdatatrim(fixappostrophe($filterdesc)); + $userorglobal=strval($userorglobal); + $SQLQuery="begin;update Syslog_TFilter set TFilter_UserOrGlobal=$userorglobal,TFilter_Desc='$filterdesc' where TFilter_ID=$filterid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $Results=$SQLNumRows; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: dropfilter */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete a given filter row */ +/* */ +/********************************************************************/ +function dropfilter($dbsocket,$filterid) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TFilter where TFilter_ID=$filterid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropallfilterdata */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete all assocated filterdata rows for a given */ +/* filter_id */ +/* */ +/********************************************************************/ +function dropallfilterdata($dbsocket,$filterid) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TFilterData where TFilter_ID=$filterid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropprocessorhostfromprofile */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete an associated processor-host profile entry */ +/* */ +/********************************************************************/ +function dropprocessorhostfromprofile($dbsocket,$id) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TProcessorProfile where THost_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropprocessorprofile */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete an associated processor-host profile entry */ +/* */ +/********************************************************************/ +function dropprocessorprofile($dbsocket,$id) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TProcessorProfile where TProcessorProfile_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addblankdenyrule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: create an empty deny rule for editing */ +/* */ +/********************************************************************/ +function addblankdenyrule($dbsocket,$id) { + + $SQLQuery="begin;insert into Syslog_TRuleDeny (TRule_ID,TRuleDeny_Expression,TRuleDeny_StartFacility,TRuleDeny_StopFacility,TRuleDeny_StartSeverity,TRuleDeny_StopSeverity) values ($id,'',0,23,0,7);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addblankdenyrulepremade */ +/* Stability(1 low - 5 high): 5 */ +/* Description: create an empty premade deny rule for editing */ +/* */ +/********************************************************************/ +function addblankdenypremade($dbsocket,$id) { + + $SQLQuery="begin;insert into Syslog_TPremadeDeny (TPremade_ID,TPremadeDeny_Expression,TPremadeDeny_StartFacility,TPremadeDeny_StopFacility,TPremadeDeny_StartSeverity,TPremadeDeny_StopSeverity) values ($id,'',0,23,0,7);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addprocessorprofile */ +/* Stability(1 low - 5 high): 5 */ +/* Description: add a record to associate a host to a processor */ +/* */ +/********************************************************************/ +function addprocessorprofile($dbsocket,$userid,$hostid) { + + $SQLQuery="begin;insert into Syslog_TProcessorProfile (THost_ID,TLogin_ID) values ($hostid,$userid);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: assignedtoprocessor */ +/* Stability(1 low - 5 high): 5 */ +/* Description: check to see if a host is assigned to a processor */ +/* */ +/********************************************************************/ +function assignedtoprocessor ($dbsocket,$hostid) { + + $SQLQuery="select thost_id from Syslog_TProcessorProfile where THost_ID=$hostid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: assignedtouser */ +/* Stability(1 low - 5 high): 5 */ +/* Description: check to see if a user has assigned hosts */ +/* */ +/********************************************************************/ +function assignedtouser ($dbsocket,$userid,$hostid) { + + $SQLQuery="select tcustomerprofile_id,TLogin_ID,THost_ID from Syslog_TCustomerProfile where THost_ID=$hostid and TLogin_ID=$userid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: userhasruleaccess */ +/* Stability(1 low - 5 high): 5 */ +/* Description: check to see if a user has permission to edit any */ +/* hosts rules or a specific host's rules */ +/* */ +/********************************************************************/ +function userhasruleaccess ($dbsocket,$userid,$allhosts=1,$hostid=0) { + + $SQLQuery="select tcustomerprofile_id from Syslog_TCustomerProfile where TLogin_ID=$userid and TCustomerProfile_EditRules = 1"; + if ( ( ! $allhosts ) && ( $hostid !=0 ) ) { + $SQLQuery = $SQLQuery . " and THost_ID=$hostid"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: idexist */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Provide a table independent function to see if an */ +/* ID exists for the supplied table */ +/* */ +/********************************************************************/ +function idexist($dbsocket,$tablename,$idname,$id) { + + $SQLNumRows = 0; + $tablename=stripslashes(pgdatatrim($tablename)); + $idname=stripslashes(pgdatatrim($idname)); + $id=stripslashes(pgdatatrim($id)); + if ( ( is_string($idname) ) && ( is_string($tablename) ) && ( $id != "" ) ) { + $SQLQuery="select $idname from $tablename where $idname=$id"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: filterdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: An HTML control to list the available filters. */ +/* The filter will display private or global filters */ +/* and global filters will say (Global Filter) next */ +/* to the description */ +/* */ +/********************************************************************/ +function filterdropdown ($dbsocket, $fieldname, $userid, $tabs=0, $cr=0, $br=0, $lines=1, $selected="", $owneronly=0) { + + /* Gather the list of relevant filters */ + if ( ! $owneronly ) { + $SQLQuery="select * from Syslog_TFilter where ( ( TFilter_UserOrGlobal = 1 ) and ( TLogin_ID = $userid ) ) or ( ( TFilter_UserOrGlobal = 2 ) ) order by TFilter_UserOrGlobal,TFilter_Desc"; + } else { + $SQLQuery="select * from Syslog_TFilter where TLogin_ID = $userid order by TFilter_UserOrGlobal,TFilter_Desc"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: getnextid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the next value for a given PGSQL sequence */ +/* number(PGSQL will then increment the sequence # */ +/* */ +/********************************************************************/ +function getnextid ($dbsocket, $seqname) { + + $SQLQuery="select nextval('$seqname')"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $Results="1"; + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->nextval)); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: premadetypedropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: An HTML control for providing type drop down boxes */ +/* */ +/********************************************************************/ +function premadetypedropdown ($dbsocket, $fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + $SQLQuery="select * from Syslog_TPremadeType order by TPremadeType_Desc"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: savesdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: An HTML control for providing a saved logs drop */ +/* down boxes */ +/* */ +/********************************************************************/ +function savesdropdown ($dbsocket, $fieldname, $userid, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + $SQLQuery="select * from Syslog_TSave where TLogin_ID=$userid order by TSave_Desc"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: userhavesaves */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Returns the number of saved syslogs a user has in */ +/* the database */ +/* */ +/********************************************************************/ +function userhavesaves($dbsocket,$userid) { + + $SQLQuery="select * from Syslog_TSave where TLogin_ID=$userid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: userhavesaves */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Contains the saved syslog messages for a given */ +/* TSave_ID */ +/* */ +/********************************************************************/ +function savefilteredview($dbsocket,$saveid,$date,$time,$host,$facility,$severity,$message) { + + $host=fixappostrophe($host); + $message=fixappostrophe($message); + $SQLQuery="begin;insert into Syslog_TSaveData (TSaveData_Date,TSaveData_Time,TSaveData_Host,TSaveData_Facility,TSaveData_Severity,TSaveData_Message,TSave_ID) values ('$date','$time','$host',$facility,$severity,'$message',$saveid);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addfilter */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Save filter data to the database for a supplied */ +/* filter_id */ +/* */ +/********************************************************************/ +function addfilter($dbsocket,$filter,$filterid,$filterinclude,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity) { + + $filterinclude=strval(stripslashes(pgdatatrim($filterinclude))); + $SQLQuery="begin;insert into Syslog_TFilterData (TFilterData_Filter,TFilterData_Include,TFilter_ID,TFilterData_FilterOrLevel,TFilterData_StartFacility,TFilterData_StopFacility,TFilterData_StartSeverity,TFilterData_StopSeverity) values ('$filter',$filterinclude,$filterid,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addfilterheader */ +/* Stability(1 low - 5 high): 5 */ +/* Description: add filter header associated by user */ +/* */ +/********************************************************************/ +function addfilterheader($dbsocket,$userorglobal,$desc,$userid) { + + $desc=stripslashes(fixappostrophe($desc)); + $SQLQuery="begin;insert into Syslog_TFilter (TFilter_UserOrGlobal,TFilter_Desc,TLogin_ID) values ($userorglobal,'$desc',$userid);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + $SQLQuery="select TFilter_ID from Syslog_TFilter where TLogin_ID=$userid and TFilter_Desc='$desc'"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $SQLNumRows=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilter_id)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addsaveheader */ +/* Stability(1 low - 5 high): 3(need to retest) */ +/* Description: Add a header to link savedata records */ +/* */ +/********************************************************************/ +function addsaveheader($dbsocket,$expdate,$descr,$time,$date,$userid) { + + $descr=ereg_replace("'","''",$descr); + $save_id=getnextid ($dbsocket, "Syslog_TSave_TSave_ID_Seq"); + $SQLQuery="begin;insert into Syslog_TSave (TSave_ID,TSave_ExpireDate,TSave_Desc,TSave_Time,TSave_Date,TLogin_ID) values ($save_id,'$expdate','$descr','$time','$date',$userid);commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($save_id); +} + +/********************************************************************/ +/* */ +/* Function: openmail */ +/* Stability(1 low - 5 high): 3(need to retest) */ +/* Description: The openmail function records when a process starts*/ +/* */ +/********************************************************************/ +function openmail($dbsocket,$date,$time,$userid) { + + $tmail_id=getnextid ($dbsocket, "syslog_tmail_tmail_id_seq"); + $SQLQuery="begin; insert into Syslog_TMail (TMail_ID,TMail_Open,TMail_Date,TMail_Time,TLogin_ID) values ($tmail_id,1,'$date','$time',$userid); commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($tmail_id); +} + +/********************************************************************/ +/* */ +/* Function: numlaunchrecords */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Given a mail_id, return how many records currently */ +/* exist */ +/* */ +/********************************************************************/ +function numlaunchrecords($dbsocket,$mailid) { + + $SQLQuery="select * from Syslog_TLaunchQueue where TMail_ID=$mailid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: numemailrecords */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Given a mail_id, return how many records currently */ +/* exist */ +/* */ +/********************************************************************/ +function numemailrecords($dbsocket,$mailid) { + + $SQLQuery="select * from Syslog_TEmail where TMail_ID=$mailid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: numdenials */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the number of denials that exit for either */ +/* TRuleDeny or TPremadeDeny */ +/* */ +/********************************************************************/ +function numdenials($dbsocket,$denytype,$id) { + + $SQLNumRows=0; + if ( $id != "" ) { + if ( $denytype == 1 ) { + $tablename="Syslog_TRuleDeny"; + $field="TRule_ID"; + $grab="TRuleDeny_ID"; + } else { + $tablename="Syslog_TPremadeDeny"; + $field="TPremade_ID"; + $grab="TPremadeDeny_ID"; + } + $SQLQuery="select $grab from $tablename where $field=$id"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: addmail */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Save data for outgoing notification emails */ +/* */ +/********************************************************************/ +function addmail($dbsocket,$email,$mailid,$tsyslogid,$desc="") { + + $desc=fixappostrophe($desc); + $SQLQuery="begin;insert into Syslog_TEmail (TEmail_Email,TMail_ID,TSyslog_ID,TEmail_Desc) values ('$email',$mailid,$tsyslogid,'$desc');commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: cleanemail */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Blow away any stale emails, primarily used for */ +/* taking care of 'stale' processors */ +/* */ +/********************************************************************/ +function cleanemail($dbsocket,$mailid) { + + $SQLQuery="begin;delete from Syslog_TEmail where TMail_ID=$mailid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: closeopenmail */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete TMail record w/ appropriate ID for either */ +/* stale connections or properly closing out a */ +/* processor */ +/* */ +/********************************************************************/ +function closeopenmail($dbsocket,$mailid) { + + $SQLQuery="begin; delete from Syslog_TMail where TMail_ID=$mailid ; commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: ismailopen */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Determines if there is a mail record(ie processor) */ +/* that is in the DB. If so, either a process is */ +/* stale or processor is running behind */ +/* */ +/********************************************************************/ +function ismailopen($dbsocket,$userid) { + + $Results=0; + $SQLQuery="select * from Syslog_TMail where TMail_Open=1 and TLogin_ID=$userid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->tmail_id)); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropdenials */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Dual purpose function to delete tpremadetypedenial */ +/* and truledenial entries */ +/* */ +/********************************************************************/ +function dropdenial($dbsocket,$denytype,$denyid) { + + if ( $denytype == 1 ) { + $tablename="Syslog_TRuleDeny"; + $field="TRuleDeny_ID"; + } else { + $tablename="Syslog_TPremadeDeny"; + $field="TPremadeDeny_ID"; + } + $SQLQuery="begin;delete from $tablename where $field=$denyid;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: updatedenial */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Save changes to the appropriate denial rule */ +/* whether it is TRuleDeny or TPremadeDeny */ +/* */ +/********************************************************************/ +function updatedenial($dbsocket,$denytype,$id,$exp,$startfacility,$stopfacility,$startseverity,$stopseverity) { + + if ( $denytype == 1 ) { + $tablename="Syslog_TRuleDeny"; + $field="TRuleDeny_ID"; + $fieldtoken="TRuleDeny_"; + } else { + $tablename="Syslog_TPremadeDeny"; + $field="TPremadeDeny_ID"; + $fieldtoken="TPremadeDeny_"; + } + $SQLQuery="begin;update $tablename set $fieldtoken"."Expression='$exp',$fieldtoken"."StartFacility=$startfacility,$fieldtoken"."StopFacility=$stopfacility,$fieldtoken"."StartSeverity=$startseverity,$fieldtoken"."StopSeverity=$stopseverity where $field=$id;commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: updateprocessid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update the ID of the last processed syslog ID */ +/* */ +/********************************************************************/ +function updateprocessid($dbsocket,$id,$hostid) { + + $SQLQuery="begin;update Syslog_TProcess set TProcess_ID=$id where THost_ID='$hostid';commit;"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $Results=$SQLNumRows; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: lastprocessedid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: return the ID of the last processed syslog ID */ +/* */ +/********************************************************************/ +function lastprocessedid($dbsocket,$hostid) { + + $SQLQuery="select TProcess_ID from Syslog_TProcess where THost_ID='$hostid'"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->tprocess_id)); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: logincanseehosts */ +/* Stability(1 low - 5 high): 5 */ +/* Description: See if the supplied userid has the passed hostid */ +/* associated with the account */ +/* */ +/********************************************************************/ +function logincanseehost($dbsocket,$userid,$hostid) { + + $SQLQuery="select * from Syslog_TCustomerProfile where TLogin_ID=$userid and THost_ID=$hostid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + $Results=$SQLNumRows; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($SQLNumRows); +} + +/********************************************************************/ +/* */ +/* Function: pixruledropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: This really is a html control that provides a */ +/* prmade rule drop down box */ +/* */ +/********************************************************************/ +function pixruledropdown ($dbsocket, $fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $multiple="",$selected ="") { + + $SQLQuery="select TPremade_Code,TPremade_ID,TPremadeType_Desc from Syslog_TPremade,Syslog_TPremadeType where Syslog_TPremadeType.TPremadeType_ID=Syslog_TPremade.TPremadeType_ID order by TPremadeType_Desc,TPremade_Code"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: hostdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provide host drop down box */ +/* that only shows hosts that are allowed to be viewed*/ +/* by the user */ +/* */ +/********************************************************************/ +function hostdropdown ($dbsocket, $sec_dbsocket, $fieldname, $userid=0, $group=0, $tabs=0, $cr=0, $br=0, $lines=1, $selected="", $unassigned=0) { + + if ( $unassigned == 0 ) { + $SQLQuery="select DISTINCT THost_ID,THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID order by TPremadeType_Desc,THost_Host"; + } else { + $SQLQuery="select DISTINCT THost_ID,THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID except select DISTINCT Syslog_THost.THost_ID,Syslog_THost.THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType,Syslog_TProcessorProfile where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID and Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID order by TPremadeType_Desc,THost_Host"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: hostdropdown1 */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provide host drop down box */ +/* that only shows hosts that are allowed to be viewed*/ +/* by the user */ +/* */ +/********************************************************************/ +function hostdropdown1 ($dbsocket, $sec_dbsocket, $fieldname, $userid=0, $group=0, $tabs=0, $cr=0, $br=0, $lines=1, $selected="", $unassigned=0) { + + if ( $unassigned == 0 ) { + $SQLQuery="select DISTINCT THost_ID,THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID order by TPremadeType_Desc,THost_Host"; + } else { + $SQLQuery="select DISTINCT THost_ID,THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID except select DISTINCT Syslog_THost.THost_ID,Syslog_THost.THost_Host,TPremadeType_Desc from Syslog_THost,Syslog_TPremadeType,Syslog_TProcessorProfile where Syslog_THost.TPremadeType_ID=Syslog_TPremadeType.TPremadeType_ID and Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID order by TPremadeType_Desc,THost_Host"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: monthdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a month drop down box */ +/* */ +/********************************************************************/ +function monthdropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: daydropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a day drop down box */ +/* */ +/********************************************************************/ +function daydropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: yeardropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a year drop down box */ +/* */ +/********************************************************************/ +function yeardropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: hourdropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a hour drop down box */ +/* */ +/********************************************************************/ +function hourdropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: minutedropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a minute drop down box*/ +/* */ +/********************************************************************/ +function minutedropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: logratesthreshold */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides an expiration timer */ +/* drop down box */ +/* */ +/********************************************************************/ +function logratesthreshold($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + if ( $selected < 100 ) { $selected = 100; } + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: expireddropdown */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides an expiration timer */ +/* drop down box */ +/* */ +/********************************************************************/ +function expiredropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1, $selected="") { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: pagesize */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a page size drop */ +/* down box */ +/* */ +/********************************************************************/ +function pagesize($fieldname, $tabs=0, $cr=0, $br=0, $lines=1) { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: pagesize */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A html control that provides a drop down box with */ +/* time durations */ +/* */ +/********************************************************************/ +function durationdropdown($fieldname, $tabs=0, $cr=0, $br=0, $lines=1) { + + echo tabs($tabs) . ""; + crbr($cr,$br); +} + +/********************************************************************/ +/* */ +/* Function: addalert */ +/* Stability(1 low - 5 high): 5 */ +/* Description: creates alert entry in the Syslog_TAlert table */ +/* */ +/********************************************************************/ +function addalert($dbsocket,$date,$time,$info,$syslogid) { + + $Results=0; + $info = setupappostrophe($info); + $SQLQuery="begin;insert into Syslog_TAlert (TAlert_Date,TAlert_Time,TAlert_Info,TSyslog_ID) values ('$date','$time','$info',$syslogid);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: gethostid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the THost_ID for a given 'host' name */ +/* */ +/********************************************************************/ +function gethostid($dbsocket,$host) { + + $Results=0; + $SQLQuery="select THost_ID from Syslog_THost where THost_Host='$host'"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id)); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: gethost */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Return the THost_Host for a given THost_ID */ +/* */ +/********************************************************************/ +function gethost($dbsocket,$hostid) { + + $Results=0; + $SQLQuery="select THost_Host from Syslog_THost where THost_ID=$hostid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host)); + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updatehostprocess */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update the TProcess_ID for a given THost_ID */ +/* */ +/********************************************************************/ +function updatehostprocess($dbsocket,$hostid,$processid) { + + $Results=0; + $SQLQuery="begin;update Syslog_TProcess set TProcess_ID=$processid where THost_ID='$hostid';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostprocess */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update the TProcess_ID for a given THost_ID */ +/* */ +/********************************************************************/ +function drophostprocess($dbsocket,$hostid) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TProcess where THost_ID='$hostid';commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addhostprocess */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add a record to the Syslog_TProcess table for a */ +/* given THost_ID */ +/* */ +/********************************************************************/ +function addhostprocess($dbsocket,$hostid) { + + $Results=0; + $SQLQuery="begin;insert into Syslog_TProcess (TProcess_ID,THost_ID) values (0,'$hostid');commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addhost */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add a record to the Syslog_TProcess table for a */ +/* given THost_ID */ +/* */ +/********************************************************************/ +function addhost($dbsocket,$host,$syslogexpire,$alertexpire,$typeid,$hostrate) { + + $Results=0; + $host=fixappostrophe(stripslashes(pgdatatrim($host))); + $syslogexpire=fixappostrophe(stripslashes(pgdatatrim($syslogexpire))); + $alertexpire=fixappostrophe(stripslashes(pgdatatrim($alertexpire))); + $typeid=fixappostrophe(stripslashes(pgdatatrim($typeid))); + if ( $hostrate < 100 ) { $hostrate = 100; } + $SQLQuery="begin;insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID,THost_Rate) values ('$host',$alertexpire,$syslogexpire,$typeid,$hostrate);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updatehost */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a record to the Syslog_TProcess table for a */ +/* given THost_ID */ +/* */ +/********************************************************************/ +function updatehost($dbsocket,$hostid,$host,$syslogexpire=0,$alertexpire=0,$typeid,$hostrate) { + + $Results=0; + $host=fixappostrophe(stripslashes(pgdatatrim($host))); + $syslogexpire=fixappostrophe(stripslashes(pgdatatrim($syslogexpire))); + $alertexpire=fixappostrophe(stripslashes(pgdatatrim($alertexpire))); + $typeid=fixappostrophe(stripslashes(pgdatatrim($typeid))); + if ( $hostrate < 100 ) { $hostrate = 100; } + $SQLQuery="begin;update Syslog_THost set THost_Host='$host',THost_AlertExpire=$alertexpire,THost_LogExpire=$syslogexpire,TPremadeType_ID=$typeid,THost_Rate=$hostrate where THost_ID=$hostid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: drophostid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop a record from the Syslog_THost table for a */ +/* given THost_ID */ +/* */ +/********************************************************************/ +function drophostid($dbsocket,$hostid) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_THost where THost_ID=$hostid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: droppremade */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop a record from the Syslog_TPremade table for a */ +/* given TPremade_ID */ +/* */ +/********************************************************************/ +function droppremade($dbsocket,$id) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TPremade where TPremade_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updateequiptype */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update an equipment type entry in the Syslog_.. */ +/* TPremadeType table */ +/* */ +/********************************************************************/ +function updateequiptype($dbsocket,$typeid,$typedesc, $logwatch) { + + $Results=0; + $typedesc=fixappostrophe(stripslashes(pgdatatrim($typedesc))); + $typeid=fixappostrophe(stripslashes(pgdatatrim($typeid))); + $logwatch=fixappostrophe(stripslashes(pgdatatrim($logwatch))); + if ( $typedesc != "" ) { + $SQLQuery = "begin;update syslog_tpremadetype set logwatch_cmd='$logwatch', tpremadetype_desc='$typedesc' where tpremadetype_id=$typeid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropequiptype */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop an equipment type entry in the Syslog_.. */ +/* TPremadeType table for a given TPremadetype_ID */ +/* */ +/********************************************************************/ +function dropequiptype($dbsocket,$typeid) { + + $Results=0; + $typedesc=fixappostrophe(stripslashes(pgdatatrim($typeid))); + if ( $typeid != "" ) { + $SQLQuery = "begin;delete from syslog_tpremadetype where tpremadetype_id=$typeid;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addequiptype */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add an equipment type entry in the Syslog_.... */ +/* TPremadeType table */ +/* */ +/********************************************************************/ +function addequiptype($dbsocket,$typedesc, $logwatch) { + + $Results=0; + $typedesc=fixappostrophe(stripslashes(pgdatatrim($typedesc))); + $logwatch=fixappostrophe(stripslashes(pgdatatrim($logwatch))); + if ( $typedesc != "" ) { + $SQLQuery = "begin;insert into syslog_tpremadetype (tpremadetype_desc, logwatch_cmd) values ('$typedesc', '$logwatch');commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addpremaderule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add a premade rule entry in the Syslog_TPremadeRule*/ +/* table */ +/* */ +/********************************************************************/ +function addpremaderule($dbsocket,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype) { + + $code=pgdatatrim($code); + $desc=pgdatatrim($desc); + $typeid=fixappostrophe(stripslashes(pgdatatrim($typeid))); + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + if ( strval($threshold) < 0 ) { $threshold=0; } + if ( ( strval($thresholdtype) < 0 ) || ( strval($thresholdtype) > 2 ) ) { $thresholdtype=0; } + if ( $startfacility > $stopfacility ) { + $temp=$stopfacility; + $stopfacility=$startfacility; + $startfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$stopseverity; + $stopseverity=$startseverity; + $startseverity=$temp; + } + if ( ( $levelorrule == "" ) || ( $levelorrule < 0 ) || ( $levelorrule > 3 ) ){ $levelorrule = 1; } + $Results=0; + $SQLQuery="begin;insert into Syslog_TPremade (TPremade_Code,TPremade_Desc,TPremadeType_ID,TPremade_StartFacility,TPremade_StopFacility,TPremade_StartSeverity,TPremade_StopSeverity,TPremade_PremadeOrLevel,TLaunch_ID,TPremade_Threshold,TPremade_ThresholdType) values ('$code','$desc',$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updatepremaderule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a premade rule in the Syslog_TPremade table */ +/* */ +/********************************************************************/ +function updatepremaderule($dbsocket,$id,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype) { + + $id=stripslashes(pgdatatrim($id)); + $code=pgdatatrim($code); + $desc=pgdatatrim($desc); + $typeid=fixappostrophe(stripslashes(pgdatatrim($typeid))); + if ( strval($threshold) < 0 ) { $threshold=0; } + if ( ( strval($thresholdtype) < 0 ) || ( strval($thresholdtype) > 2 ) ) { $thresholdtype=0; } + if ( $startfacility > $stopfacility ) { + $temp=$stopfacility; + $stopfacility=$startfacility; + $startfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$stopseverity; + $stopseverity=$startseverity; + $startseverity=$temp; + } + if ( ( $levelorrule == "" ) || ( $levelorrule < 0 ) || ( $levelorrule > 3 ) ){ $levelorrule = 1; } + $Results=0; + $SQLQuery="begin;update Syslog_TPremade set TPremade_Code='$code',TPremade_Desc='$desc',TPremadeType_ID=$typeid,TPremade_StartFacility=$startfacility,TPremade_StopFacility=$stopfacility,TPremade_StartSeverity=$startseverity,TPremade_StopSeverity=$stopseverity,TPremade_PremadeOrLevel=$levelorrule,TLaunch_ID=$launchid,TPremade_Threshold=$threshold,TPremade_ThresholdType=$thresholdtype where TPremade_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: clonedenials */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Redundant code to add a rule to Syslog_TRuleDeny */ +/* table while supplying the TRuleDeny_ID. This */ +/* should not be necessary. 8( */ +/* */ +/********************************************************************/ +function clonedenials($dbsocket,$id,$newid) { + + $SQLQuery="select * from Syslog_TRuleDeny where TRule_ID=$id order by TRuleDeny_ID"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $denyexp=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_expression)); + $denystartfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startfacility)); + $denystopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopfacility)); + $denystartseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startseverity)); + $denystopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopseverity)); + $SQLQuery="begin;insert into Syslog_TRuleDeny (TRule_ID,TRuleDeny_Expression,TRuleDeny_StartFacility,TRuleDeny_StopFacility,TRuleDeny_StartSeverity,TRuleDeny_StopSeverity) values ($newid,'$denyexp',$denystartfacility,$denystopfacility,$denystartseverity,$denystopseverity);commit;"; + $DenySQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + pg_freeresult($DenySQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************************************/ +/* */ +/* Function: clonehostrule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Redundant code to add a rule to Syslog_TRule table */ +/* while supplying the TRule_ID. This should not be */ +/* necessary. 8( */ +/* */ +/********************************************************************/ +function clonehostrule($dbsocket,$id,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek) { + + $hostid=fixappostrophe(stripslashes(pgdatatrim($hostid))); + $alert=fixappostrophe(stripslashes(pgdatatrim($alert))); + $email=fixappostrophe(stripslashes(pgdatatrim($email))); + $desc=fixappostrophe(stripslashes(pgdatatrim($desc))); + $expression=fixappostrophe(stripslashes(pgdatatrim($expression))); + + if ( strval($threshold) < 0 ) { $threshold=0; } + if ( strval($timertype) > 3 ) { $timertype=3; } + if ( strval($timertype) < 0 ) { $timertype=0; } + if ( ( strval($daysofweek) >= 128 ) || ( strval($daysofweek) < 0 ) ) { $daysofweek=0; } + if ( ( strval($thresholdtype) < 0 ) || ( strval($thresholdtype) > 2 ) ) { $thresholdtype=0; } + if ( ( strval($timertype) < 0 ) || ( strval($timertype) > 3 ) ) { $timertype=0; } + if ( $launchid == "" ) { $launchid = 0; } + if ( $startfacility > $stopfacility ) { + $temp=$stopfacility; + $stopfacility=$startfacility; + $startfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$stopseverity; + $stopseverity=$startseverity; + $startseverity=$temp; + } + if ( strval($thresholdtype) < 1 ) { $thresholdtype = 0; } + if ( strval($starttime) < 1 ) { $starttime = 0; } + if ( strval($endtime) < 1 ) { $endtime = 0; } + if ( strval($timertype) < 1 ) { $timertype = 0; } + if ( strval($daysofweek) < 1 ) { $daysofweek = 0; } + if ( ( $levelorrule == "" ) || ( $levelorrule < 0 ) || ( $levelorrule > 3 ) ){ $levelorrule = 1; } + $Results=0; + $SQLQuery="begin;insert into Syslog_TRule (TRule_ID, TRule_LogAlert, TRule_Email, TRule_Expression, TRule_Desc, THost_ID, TRule_StartFacility, TRule_StopFacility, TRule_StartSeverity, TRule_StopSeverity, TRule_RuleOrLevel, TLaunch_ID, TRule_Threshold, TRule_ThresholdType, TRule_StartTime, TRule_EndTime, TRule_TimerType, TRule_DaysofWeek) values ($id, $alert, '$email', '$expression', '$desc', $hostid, $startfacility, $stopfacility, $startseverity, $stopseverity, $levelorrule, $launchid, $threshold, $thresholdtype, $starttime, $endtime, $timertype, $daysofweek);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropruleid */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Drop a given rule_id from the Syslog_TRule table */ +/* */ +/********************************************************************/ +function dropruleid($dbsocket,$id) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TRule where TRule_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addhostrule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add a rule to the Syslog_TRule table for a given */ +/* host */ +/* */ +/********************************************************************/ +function addhostrule($dbsocket,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek) { + + $hostid=fixappostrophe(stripslashes(pgdatatrim($hostid))); + $alert=fixappostrophe(stripslashes(pgdatatrim($alert))); + $email=fixappostrophe(stripslashes(pgdatatrim($email))); + $desc=fixappostrophe(stripslashes(pgdatatrim($desc))); + $expression=pgdatatrim($expression); + if ( ( strval($thresholdtype) < 0 ) || ( strval($thresholdtype) > 2 ) ) { $thresholdtype=0; } + if ( ( strval($daysofweek) >= 128 ) || ( strval($daysofweek) < 0 ) ) { $daysofweek=0; } + if ( ( strval($timertype) < 0 ) || ( strval($timertype) > 3 ) ) { $timertype=0; } + if ( strval($threshold) < 0 ) { $threshold=0; } + if ( $startfacility > $stopfacility ) { + $temp=$stopfacility; + $stopfacility=$startfacility; + $startfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$stopseverity; + $stopseverity=$startseverity; + $startseverity=$temp; + } + if ( ( $levelorrule == "" ) || ( $levelorrule < 0 ) || ( $levelorrule > 3 ) ){ $levelorrule = 1; } + $Results=0; + /* ,$starttime,$endtime,$timertype,$daysofweek */ + $SQLQuery="begin;insert into Syslog_TRule (TRule_LogAlert, TRule_Email, TRule_Expression, TRule_Desc, THost_ID, TRule_StartFacility, TRule_StopFacility, TRule_StartSeverity, TRule_StopSeverity, TRule_RuleOrLevel, TLaunch_ID, TRule_Threshold, TRule_ThresholdType, TRule_StartTime, TRule_EndTime, TRule_TimerType, TRule_DaysofWeek) values ($alert, '$email', '$expression', '$desc', $hostid, $startfacility, $stopfacility, $startseverity, $stopseverity, $levelorrule, $launchid, $threshold, $thresholdtype, $starttime, $endtime, $timertype, $daysofweek);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: updatehostrule */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Update a given host rule. */ +/* */ +/********************************************************************/ +function updatehostrule($dbsocket,$id,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$levelorrule,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek) { + + $id=fixappostrophe(stripslashes(pgdatatrim($id))); + $launchid=fixappostrophe(stripslashes(pgdatatrim($launchid))); + $hostid=fixappostrophe(stripslashes(pgdatatrim($hostid))); + $alert=fixappostrophe(stripslashes(pgdatatrim($alert))); + $email=fixappostrophe(stripslashes(pgdatatrim($email))); + $expression=pgdatatrim($expression); + $desc=fixappostrophe(stripslashes(pgdatatrim($desc))); + if ( strval($threshold) < 0 ) { $threshold=0; } + if ( ( strval($thresholdtype) < 0 ) || ( strval($thresholdtype) > 2 ) ) { $thresholdtype=0; } + if ( ( strval($daysofweek) >= 128 ) || ( strval($daysofweek) < 0 ) ) { $daysofweek=0; } + if ( ( strval($timertype) < 0 ) || ( strval($timertype) > 3 ) ) { $timertype=0; } + if ( $startfacility > $stopfacility ) { + $temp=$stopfacility; + $stopfacility=$startfacility; + $startfacility=$temp; + } + if ( $startseverity > $stopseverity ) { + $temp=$stopseverity; + $stopseverity=$startseverity; + $startseverity=$temp; + } + if ( ( $levelorrule == "" ) || ( $levelorrule < 0 ) || ( $levelorrule > 3 ) ){ $levelorrule = 1; } + $Results=0; + $SQLQuery="begin;update Syslog_TRule set TRule_LogAlert=$alert, TRule_Email='$email', TRule_Expression='$expression', THost_ID=$hostid, TRule_Desc='$desc', TRule_StartFacility=$startfacility, TRule_StopFacility=$stopfacility, TRule_StartSeverity=$startseverity, TRule_StopSeverity=$stopseverity, TRule_RuleOrLevel=$levelorrule, TLaunch_ID=$launchid, TRule_Threshold=$threshold, TRule_ThresholdType=$thresholdtype, TRule_StartTime=$starttime, TRule_EndTime=$endtime, TRule_TimerType=$timertype, TRule_DaysofWeek=$daysofweek where TRule_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: dropcustomerhost */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Disassociate a host with a given customer */ +/* */ +/********************************************************************/ +function dropcustomerhost($dbsocket,$id) { + + $Results=0; + $SQLQuery="begin;delete from Syslog_TCustomerProfile where TCustomerProfile_ID=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addcustomerhost */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Associate a host with a given customer */ +/* */ +/********************************************************************/ +function addcustomerhost($dbsocket,$hostid,$userid,$allowedit) { + + $hostid=fixappostrophe(stripslashes(pgdatatrim($hostid))); + $userid=fixappostrophe(stripslashes(pgdatatrim($userid))); + if ( $allowedit != 1 ) { $allowedit = 0; } + $Results=0; + $SQLQuery="begin;insert into Syslog_TCustomerProfile (THost_ID,TLogin_ID,TCustomerProfile_EditRules) values ($hostid,$userid,$allowedit);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: numberofmonth */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Given the short name for a month, ie. 'jan', */ +/* return the decimal number for that month, ie. 1 */ +/* */ +/********************************************************************/ +function numberofmonth($month) { + + $Results=0; + for ( $loop = 1 ; $loop != 13 ; $loop++ ) { + if ( $month == date("M",mktime(0,0,0,$loop,1,2001) ) ) { $Results = $loop; } + } + if ( strlen($Results) != 2 ) { $Results = "0" . $Results; } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: numberofrecords */ +/* Stability(1 low - 5 high): 5 */ +/* Description: A table inspecific function allowing generic */ +/* queries. The function will return the number of */ +/* records returned by the query. */ +/* */ +/********************************************************************/ +function numberofrecords($dbsocket,$fieldname,$tablename) { + + $Results=0; + $SQLQuery="select count($fieldname) from $tablename"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $Results=$SQLQueryResultsObject->count; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: numberofhostsusingtype */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Report the number of hosts using a given equipment */ +/* type of TPremadeType_ID */ +/* */ +/********************************************************************/ +function numberofhostsusingtype($dbsocket,$typeid) { + + $Results=0; + $SQLQuery="select count(tpremadetype_id) from Syslog_THost where TPremadeType_ID=$typeid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $Results=$SQLQueryResultsObject->count; + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: addsuspend */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Add an entry to the syslog_tsuspend process table */ +/* */ +/********************************************************************/ +function addsuspend($dbsocket,$id) { + + $Results=0; + $id=fixappostrophe(stripslashes(pgdatatrim($id))); + if ( $id > 0 ) { + $SQLQuery = "begin;insert into syslog_tsuspend (TLogin_ID,TSuspend_Status) values ($id,1);commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************************************/ +/* */ +/* Function: deletesuspend */ +/* Stability(1 low - 5 high): 5 */ +/* Description: Delete an entry to the syslog_tsuspend table */ +/* */ +/********************************************************************/ +function deletesuspend($dbsocket,$id) { + + $Results=0; + $id=fixappostrophe(stripslashes(pgdatatrim($id))); + if ( $id > 0 ) { + $SQLQuery = "begin;delete from syslog_tsuspend where tlogin_id=$id;commit;"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results=1; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +%> diff --git a/lib/secframe.php b/lib/secframe.php new file mode 100644 index 0000000..4b6220f --- /dev/null +++ b/lib/secframe.php @@ -0,0 +1,1101 @@ +<% +/*============================================================================= + * + * Copyright 2004 Jeremy Guthrie smt@dangermen.com + * + * This is free software; you can redistribute it and/or modify + * it under the terms of version 2 only of the GNU General Public License as + * published by the Free Software Foundation. + * + * It is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * +=============================================================================*/ + +/********************************************/ +/* */ +/* Purpose: To provide the framework and */ +/* functions to facilitate scalable, secure */ +/* and easy to manage systems. SecFrame db */ +/* should never be accessed by anything but */ +/* secframe functions. */ +/* */ +/********************************************/ + +require_once('pgsql.php'); + +define("SECDB", "securityframework"); +define("SECPASS", "voQ3jV1x"); +define("SECFRAMEVER","1.0"); + +/***********Functions*********** +function sec_verifypassword ($password ) { +function sec_startbody($tabs=0) { +function sec_updateappperm ($dbsocket, $id, $usergroup, $ugid, $allowaccess, $app_id, $priority) { +function groupmemberdropdownbox ($dbsocket, $fieldname, $groupid, $member=1,$tabs=0, $cr=1, $br=0, $lines=1, $multi=0, $selected="") { +function sec_updateapp ($dbsocket, $id, $appname, $appdesc) { +function sec_updategroupmembers ($dbsocket,$groupmembersid,$userid,$groupid) { +function sec_updategroup ($dbsocket, $groupid, $groupname, $groupdesc) { +function userdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="", $groupid="") { +function appdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="") { +function groupdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="") { +function sec_accessallowed($dbsocket,$userid,$appid) { +function sec_dbconnect() { +function sec_groupmember($dbsocket,$userid,$groupid) { +function sec_groupname($dbsocket,$groupid) { +function sec_appname($dbsocket,$appid) { +function sec_appnametoid($dbsocket,$appname) { +function sec_usernametoid($dbsocket,$username) { +function sec_groupnametoid($dbsocket,$groupname) { +function sec_username($dbsocket,$userid) { +function sec_delid($dbsocket,$tablename,$idname,$id) { +function sec_idexist($dbsocket,$tablename,$idname,$id) { +function sec_addgroup($dbsocket,$groupname,$groupdesc) { +function sec_addappperm($dbsocket,$usergroup,$ugid,$allowaccess,$appid,$priority) { +function sec_getpriority($dbsocket,$appid) { +function sec_addgroupmembers($dbsocket,$userid,$groupid) { +function sec_dropgroupmembers($dbsocket,$userid,$groupid) { +function sec_addapp($dbsocket,$appname,$appdesc) { +function sec_addlogin($dbsocket,$username,$password,$name,$email,$home,$work,$cell,$pager, + $address1,$address2,$city,$state,$zip) { +sec_updatelogin ($dbsocket,$id,$username,$password,$name,$email,$home,$work,$cell,$pager, + $address1,$address2,$city,$state,$zip) +***********Functions***********/ + +/********************************************/ +/* */ +/* Funciton: sec_verifypassword */ +/* */ +/* Verify that password meets content */ +/* criteria of having something other than */ +/* all lowercase or all uppercase letters */ +/* */ +/********************************************/ + +function sec_verifypassword ($password ) { + + $flag=0; + $Results=strtr($password,"abcdefghijklmnopqrstuvwxyz","aaaaaaaaaaaaaaaaaaaaaaaaaa"); + $flag1=0; + for ( $loop=0; $loop != strlen($Results) ; $loop++ ) { + if ( substr($Results, $loop, 1) != 'a' ) { $flag1=1; }; + } + $Results=strtr($password,"ABCDEFGHIJKLMNOPQRSTUVWXYZ","AAAAAAAAAAAAAAAAAAAAAAAAAA"); + $flag2=0; + for ( $loop=0; $loop != strlen($Results) ; $loop++ ) { + if ( substr($Results, $loop, 1) != 'A' ) { $flag2=1; }; + } + if ( $flag1 && $flag2 ) { + $flag=1; + } + return($flag); +} + +/********************************************/ +/* */ +/* Function: sec_updatelogin */ +/* */ +/* Purpose: Update TLogin given valid info */ +/* */ +/********************************************/ + +function sec_updatelogin ($dbsocket,$id,$username,$password,$name,$email,$home,$work,$cell,$pager,$address1,$address2,$city,$state,$zip ) { + + $Results=0; + if ( ( !embededsql($id) ) && + ( !embededsql($username) ) && + ( !embededsql($password) ) && + ( !embededsql($name) ) && + ( !embededsql($email) ) && + ( !embededsql($home) ) && + ( !embededsql($work) ) && + ( !embededsql($cell) ) && + ( !embededsql($pager) ) && + ( !embededsql($address1) ) && + ( !embededsql($address2) ) && + ( !embededsql($city) ) && + ( !embededsql($state) ) && + ( !embededsql($zip) ) ) { + $id=stripslashes(pgdatatrim($id)); + $username=stripslashes(substr(pgdatatrim($username),0,128)); + $password=stripslashes(substr(pgdatatrim($password),0,36)); + $name=stripslashes(substr(pgdatatrim($name),0,40)); + $email=stripslashes(substr(pgdatatrim($email),0,40)); + $home=stripslashes(substr(pgdatatrim($home),0,20)); + $cell=stripslashes(substr(pgdatatrim($cell),0,20)); + $work=stripslashes(substr(pgdatatrim($work),0,20)); + $pager=stripslashes(substr(pgdatatrim($pager),0,20)); + $address1=stripslashes(substr(pgdatatrim($address1),0,40)); + $address2=stripslashes(substr(pgdatatrim($address2),0,40)); + $city=stripslashes(substr(pgdatatrim($city),0,40)); + $state=stripslashes(substr(pgdatatrim($state),0,40)); + if ( ( $username != "" ) && ( is_string($username) ) && + ( $password != "" ) && ( is_string($password) ) && + ( $name != "" ) && ( is_string($name) ) && + ( $password != "" ) && ( is_string($password) ) && + ( sec_idexist($dbsocket,"SecFrame_TLogin","TLogin_ID",$id) ) && + ( is_string($email) ) && + ( is_string($home) ) && + ( is_string($work) ) && + ( is_string($cell) ) && + ( is_string($pager) ) && + ( is_string($address1) ) && + ( is_string($address2) ) && + ( is_string($city) ) && + ( is_string($state) ) && + ( is_string($zip) ) ) { + if ( strlen($password) < 32 ) { + /* $password='.' . $password . '.'; */ + $password=md5($password); + } + $SQLQuery="update SecFrame_TLogin set TLogin_Username='$username',TLogin_Password='$password'," . + "TLogin_Name='$name',TLogin_Email='$email',TLogin_Home='$home',TLogin_Work='$work',TLogin_Cell='$cell'," . + "TLogin_Pager='$pager',TLogin_Address1='$address1',TLogin_Address2='$address2',TLogin_City='$city'," . + "TLogin_State='$state',TLogin_Zip='$zip' where TLogin_ID=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_updateappperm */ +/* */ +/* Purpose: Update TAppPerm given proper */ +/* information. */ +/* */ +/********************************************/ + +function sec_updateappperm ($dbsocket, $id, $usergroup, $ugid, $allowaccess, $app_id, $priority) { + + $Results=0; + if ( ( !embededsql($id) ) && ( !embededsql($usergroup) ) && ( !embededsql($ugid) ) && + ( !embededsql($allowaccess) ) && ( !embededsql($app_id) ) && ( !embededsql($priority) ) && + ( strval($id) > 0 ) && ( strval($ugid) > 0 ) && ( strval($app_id) > 0 ) ) { + $id=stripslashes(pgdatatrim($id)); + $usergroup=stripslashes(pgdatatrim($usergroup)); + $ugid=stripslashes(pgdatatrim($ugid)); + $allowaccess=stripslashes(pgdatatrim($allowaccess)); + $app_id=stripslashes(pgdatatrim($app_id)); + $priority=stripslashes(pgdatatrim($priority)); + if ( ( strval($id) > 0 ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$id) ) ) { + $SQLQuery="update SecFrame_TAppPerm set TAppPerm_UserGroup=$usergroup,TAppPerm_UGID=$ugid,TAppPerm_AllowAccess=$allowaccess,TApp_ID=$app_id,TAppPerm_Priority=$priority where TAppPerm_ID=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: groupmemberdropdownbox */ +/* */ +/* Purpose: provide a tool for drop down */ +/* boxes where member is either 1 or 0. 1 */ +/* lists those users who are a member. 0 */ +/* lists those users who aren't members. */ +/* */ +/********************************************/ + +function groupmemberdropdownbox ($dbsocket, $fieldname, $groupid, $member=1,$tabs=0, $cr=1, $br=0, $lines=1, $multi=0, $selected="") { + $SQLQuery="select * from SecFrame_TLogin order by TLogin_Username"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************/ +/* */ +/* Function: sec_updateapp */ +/* */ +/* Purpose: Update TApp given proper info */ +/* */ +/********************************************/ + +function sec_updateapp ($dbsocket, $id, $appname, $appdesc) { + + $Results=0; + if ( ( !embededsql($id) ) && ( !embededsql($appname) ) && ( !embededsql($appdesc) ) ) { + $id=stripslashes(pgdatatrim($id)); + $appname=stripslashes(pgdatatrim($appname)); + $appdesc=stripslashes(pgdatatrim($appdesc)); + if ( ( strval($id) > 0 ) && ( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$id) ) ) { + $SQLQuery="update SecFrame_TApp set TApp_Name='$appname',TApp_Desc='$appdesc' where TApp_ID=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_updatequeue */ +/* */ +/* Purpose: Update TApp given proper info */ +/* */ +/********************************************/ + +function sec_updatequeue ($dbsocket, $id, $command="", $date="", $time="", $dateprocessed="", $timeprocessed="", $processed="", $data1="", $data2="" ) { + + $Results=0; + if ( ( strval($id) > 0 ) && ( sec_idexist($dbsocket,"SecFrame_TQueue","TQueue_ID",$id) ) ) { + $SQLQuery="update SecFrame_TQueue set "; + $flag=0; + if ( $command != "" ) { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Command='$command'"; + } + if ( $date != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_Date='$date'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Date='$date'"; + } + } + if ( $time != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_Time='$time'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Time='$time'"; + } + } + if ( $dateprocessed != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_DateProcessed='$dateprocessed'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_DateProcessed='$dateprocessed'"; + } + } + if ( $timeprocessed != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_TimeProcessed='$timeprocessed'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_TimeProcessed='$timeprocessed'"; + } + } + if ( $processed != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_Processed=$processed"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Processed=$processed"; + } + } + if ( $data1 != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_Data1='$data1'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Data1='$data1'"; + } + } + if ( $data2 != "" ) { + if ( $flag ) { + $SQLQuery=$SQLQuery . ", TQueue_Data2='$data2'"; + } else { + $flag=1; + $SQLQuery=$SQLQuery . "TQueue_Data2='$data2'"; + } + } + + $SQLQuery = $SQLQuery . " where TQueue_ID=$id"; + + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_updategroupmembers */ +/* */ +/* Purpose: Update TGroupMembers given */ +/* proper info */ +/* */ +/********************************************/ + +function sec_updategroupmembers ($dbsocket,$groupmembersid,$userid,$groupid) { + + $Results=0; + if ( ( !embededsql($userid) ) && ( !embededsql($groupid) ) ) { + $userid=stripslashes(pgdatatrim($userid)); + $groupid=stripslashes(pgdatatrim($groupid)); + if ( ( strval($userid) > 0 ) && ( strval($groupid) > 0 ) ) { + $SQLQuery="update SecFrame_TGroupMembers set TLogin_ID=$userid,TGroup_ID=$groupid where TGroupMembers_ID=$groupmembersid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_updategroup */ +/* */ +/* Purpose: Updaate TGroup given proper */ +/* */ +/********************************************/ + +function sec_updategroup ($dbsocket, $groupid, $groupname, $groupdesc) { + + $Results=0; + if ( ( !embededsql($groupname) ) && ( !embededsql($groupdesc) ) && ( !embededsql($groupid) ) ) { + $groupname=stripslashes(substr(pgdatatrim($groupname),0,30)); + $groupdesc=stripslashes(substr(pgdatatrim($groupdesc),0,80)); + $groupid=stripslashes(substr(pgdatatrim($groupid),0,80)); + if ( ( $groupname != "" ) && ( $groupdesc != "" ) && ( is_string($groupname) ) && + ( is_string($groupdesc) ) && ( strval($groupid) > 0 ) && + ( sec_idexist($dbsocket,"SecFrame_TGroup","TGroup_ID",$groupid) ) ) { + $SQLQuery="update SecFrame_TGroup set TGroup_Name='$groupname',TGroup_Desc='$groupdesc' where TGroup_ID=$groupid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: userdropdownbox */ +/* */ +/* Purpose: Creates a HTML drop down box */ +/* of users in the database */ +/* */ +/********************************************/ + +function userdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="", $groupid="") { + +/* +CREATE TABLE SecFrame_TGroupMembers ( + TGroupMembers_ID integer DEFAULT nextval('TGroupMembers_Seq'), + TLogin_ID integer not null, + TGroup_ID integer not null +*/ + + if ( $groupid ) { + $SQLQuery="select * from SecFrame_TLogin,SecFrame_TGroupMembers where SecFrame_TGroupMembers.TLogin_ID=SecFrame_TLogin.TLogin_ID and TGroup_ID=$groupid order by TLogin_Username"; + } else { + $SQLQuery="select * from SecFrame_TLogin order by TLogin_Username"; + } + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************/ +/* */ +/* Function: appdropdownbox */ +/* */ +/* Purpose: Create a HTML drop down box */ +/* of Applications listed in the database */ +/* */ +/********************************************/ + +function appdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="") { + + $SQLQuery="select * from SecFrame_TApp order by TApp_Name"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************/ +/* */ +/* Function: groupdropdownbox */ +/* */ +/* Purpose: Use these functions when doing */ +/* any work with drop down boxes. */ +/* */ +/********************************************/ + +function groupdropdownbox ($dbsocket, $fieldname, $tabs=0, $cr=1, $br=0, $lines=1, $selected="") { + + $SQLQuery="select * from SecFrame_TGroup order by TGroup_Name"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + echo tabs($tabs) . ""; + crbr($cr,$br); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); +} + +/********************************************/ +/* */ +/* Function: sec_accessallowed */ +/* */ +/* Purpose: This does the evaluation of the*/ +/* security creditials and returns either 1 */ +/* or 0. */ +/* */ +/********************************************/ + +function sec_accessallowed($dbsocket,$userid,$appid) { + + $Results=0; + if ( ( !embededsql($userid) ) && ( !embededsql($appid) ) ) { + $userid=stripslashes(pgdatatrim($userid)); + $appid=stripslashes(pgdatatrim($appid)); + if ( ( strval($userid) > 0 ) && ( strval($appid) > 0 ) ) { + $SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$appid order by TAppPerm_Priority"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + if ( $SQLNumRows > 0 ) { + for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $userorgroup=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup)); + $id=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid)); + $allowaccess=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess)); + if ( ( $userorgroup == 1 ) && ( $id == $userid ) ) { $Results = $allowaccess ; } + if ( $userorgroup == 2 ) { + if ( sec_groupmember($dbsocket,$userid,$id) ) { $Results = $allowaccess ; } + } + } + } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_dbconnect */ +/* */ +/* Purpose: Be a simple, single-point-of */ +/* administration for controlling the db */ +/* user for the security framework at */ +/* connection time */ +/* */ +/******************************************/ + +function sec_dbconnect() { + + $host = "127.0.0.1"; + $dbsocket = pg_connect("host=$host dbname=".SECDB." user=secframe password='".SECPASS."'") or + die(pg_errormessage()."
    \n"); + return($dbsocket); +} + +/******************************************/ +/* */ +/* Function: sec_groupmember */ +/* */ +/* Purpose: Check if $userid is member */ +/* group $groupid. If so, return # > 0 */ +/* else return 0 */ +/* */ +/******************************************/ + +function sec_groupmember($dbsocket,$userid,$groupid) { + + $SQLNumRows = 0; + if ( ( !embededsql($groupid) ) && ( !embededsql($userid) ) && ( $groupid != "" ) && ( $userid != "" ) ) { + $groupid=stripslashes(pgdatatrim($groupid)); + $userid=stripslashes(pgdatatrim($userid)); + $SQLQuery="select TGroupMembers_ID from SecFrame_TGroupMembers where TLogin_ID=$userid and TGroup_ID=$groupid"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($SQLNumRows); +} + +/******************************************/ +/* */ +/* Function: sec_groupname */ +/* */ +/* Purpose: Return the name of the group */ +/* with the given id of $groupid */ +/* */ +/******************************************/ + +function sec_groupname($dbsocket,$groupid) { + + $Results=""; + if ( !embededsql($groupid) ) { + $groupid=stripslashes(pgdatatrim($groupid)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TGroup','TGroup_Name',"TGroup_ID=$groupid"))); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_appnametoid */ +/* */ +/* Purpose: Provide the ID of the given */ +/* TApp_Name */ +/* */ +/********************************************/ + +function sec_appnametoid($dbsocket,$appname) { + + $Results=""; + if ( !embededsql($appname) ) { + $appname=stripslashes(pgdatatrim($appname)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TApp','TApp_ID',"TApp_Name='$appname'"))); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_appname */ +/* */ +/* Purpose: Provide the text name of the */ +/* given TApp_ID */ +/* */ +/********************************************/ + +function sec_appname($dbsocket,$appid) { + + $Results=""; + if ( !embededsql($appid) ) { + $appid=stripslashes(pgdatatrim($appid)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TApp','TApp_Name',"TApp_ID=$appid"))); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_usernametoid */ +/* */ +/* Purpose: Provide the TLogin_ID of the */ +/* given TLogin_Username */ +/* */ +/********************************************/ + +function sec_usernametoid($dbsocket,$username) { + + $Results=""; + if ( !embededsql($username) ) { + $username=stripslashes(pgdatatrim($username)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TLogin','TLogin_ID',"TLogin_Username='$username'"))); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_groupnametoid */ +/* */ +/* Purpose: Provide the TGroup_ID of the */ +/* given TGroup_Name */ +/* */ +/********************************************/ + +function sec_groupnametoid($dbsocket,$groupname) { + + $Results=""; + if ( !embededsql($groupname) ) { + $groupname=stripslashes(pgdatatrim($groupname)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TGroup','TGroup_ID',"TGroup_Name='$groupname'"))); + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_username */ +/* */ +/* Purpose: Return the name of the user */ +/* with the given id of $userid */ +/* */ +/******************************************/ + +function sec_username($dbsocket,$userid) { + + $Results=""; + if ( !embededsql($userid) ) { + $userid=stripslashes(pgdatatrim($userid)); + $Results=stripslashes(pgdatatrim(relatedata ($dbsocket,'SecFrame_TLogin','TLogin_Username',"TLogin_ID=$userid"))); + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_delid */ +/* */ +/* Purpose: delete the row from */ +/* $tablename where the $idname equals */ +/* $id. */ +/* */ +/******************************************/ + +function sec_delid($dbsocket,$tablename,$idname,$id) { + + $Results=0; + if ( ( !embededsql($tablename) ) && ( !embededsql($idname) ) && ( !embededsql($id) ) ) { + $tablename=stripslashes(pgdatatrim($tablename)); + $idname=stripslashes(pgdatatrim($idname)); + $id=stripslashes(pgdatatrim($id)); + if (sec_idexist($dbsocket,$tablename,$idname,$id)) { + $SQLQuery="delete from $tablename where $idname=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_idexist */ +/* */ +/* Purpose: report wether $id exists in */ +/* $tablename. */ +/* */ +/******************************************/ + +function sec_idexist($dbsocket,$tablename,$idname,$id) { + + $SQLNumRows = 0; + if ( ( !embededsql($tablename) ) && ( !embededsql($idname) ) && ( !embededsql($id) ) ) { + $tablename=stripslashes(pgdatatrim($tablename)); + $idname=stripslashes(pgdatatrim($idname)); + $id=stripslashes(pgdatatrim($id)); + if ( ( is_string($idname) ) && ( is_string($tablename) ) ) { + $SQLQuery="select $idname from $tablename where $idname=$id"; + $SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + $SQLNumRows = pg_numrows($SQLQueryResults); + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($SQLNumRows); +} + +/******************************************/ +/* */ +/* Function: sec_addgroup */ +/* */ +/* Purpose: Add a group to the system. */ +/* If successful, the system returns 1 */ +/* else the system returns 0. The */ +/* function also boundary checks the new */ +/* data down to the SQL defined limits of */ +/* the appropriate fields. */ +/* */ +/******************************************/ + +function sec_addgroup($dbsocket,$groupname,$groupdesc) { + + $Results=0; + if ( ( !embededsql($groupname) ) && ( !embededsql($groupdesc) ) ) { + $groupname=stripslashes(substr(pgdatatrim($groupname),0,30)); + $groupdesc=stripslashes(substr(pgdatatrim($groupdesc),0,80)); + if ( ( $groupname != "" ) && ( $groupdesc != "" ) && ( is_string($groupname) ) && ( is_string($groupdesc) ) ) { + $SQLQuery="insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('$groupname','$groupdesc')"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_addappperm */ +/* */ +/* Purpose: Add app-permission assoc. */ +/* If successful, the system returns 1 */ +/* else the system returns 0. The */ +/* function also boundary checks the new */ +/* data down to the SQL defined limits of */ +/* the appropriate fields. */ +/* */ +/******************************************/ + +function sec_addappperm($dbsocket,$usergroup,$ugid,$allowaccess,$appid,$priority) { + + $Results=0; + if ( ( !embededsql($usergroup) ) && ( !embededsql($ugid) ) && + ( !embededsql($allowaccess) ) && ( !embededsql($appid) ) && + ( !embededsql($priority) ) ) { + $usergroup=stripslashes(pgdatatrim($usergroup)); + $ugid=stripslashes(pgdatatrim($ugid)); + $allowaccess=stripslashes(pgdatatrim($allowaccess)); + $appid=stripslashes(pgdatatrim($appid)); + $priority=stripslashes(pgdatatrim($priority)); + if ( ( strval($appid) > 0 ) && ( strval($ugid) > 0 ) && + ( strval($allowaccess) >= 0 ) && ( strval($appid) > 0 ) && + ( strval($priority) > 0 ) ) { + $SQLQuery="insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TApp_ID,TAppPerm_Priority) values ($usergroup,$ugid,$allowaccess,$appid,$priority)"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_getpriority */ +/* */ +/* Purpose: Given an TApp_ID, provide with */ +/* the next highest AppID in the chain. */ +/* */ +/********************************************/ + +function sec_getpriority($dbsocket,$appid) { + + $Results=1; + if ( ( !embededsql($appid) ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TApp_ID",$appid) ) ) { + $SQLQuery="select TAppPerm_Priority from SecFrame_TAppPerm order by TAppPerm_Priority desc"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { + $SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or + die(pg_errormessage()."
    \n"); + $Results=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_priority)); + $Results++; + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_addgroupmembers */ +/* */ +/* Purpose: Add a group member to db. */ +/* If successful, the system returns 1 */ +/* else the system returns 0. The */ +/* function also boundary checks the new */ +/* data down to the SQL defined limits of */ +/* the appropriate fields. */ +/* */ +/******************************************/ + +function sec_addgroupmembers($dbsocket,$userid,$groupid) { + + $Results=0; + if ( ( !embededsql($groupid) ) && ( !embededsql($userid) ) ) { + $userid=stripslashes(pgdatatrim($userid)); + $groupid=stripslashes(pgdatatrim($groupid)); + if ( ( strval($groupid) > 0 ) && ( strval($userid) > 0 ) ) { + $SQLQuery="insert into SecFrame_TGroupMembers (TLogin_ID,TGroup_ID) values ($userid,$groupid)"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_dropqueue */ +/* */ +/* Purpose: Remove commands from the queue */ +/* */ +/********************************************/ + +function sec_dropqueue($dbsocket,$id) { + + $Results=0; + if ( ( strval($id) > 0 ) && ( !embededsql($id) ) ) { + $id=stripslashes(pgdatatrim($id)); + $SQLQuery="DELETE FROM SecFrame_TQueue where TQueue_ID=$id"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/********************************************/ +/* */ +/* Function: sec_dropgroupmembers */ +/* */ +/* Purpose: This function removes a given */ +/* TLogin_ID/TGroup_ID assocation from the */ +/* TGroupMembers table */ +/* */ +/********************************************/ + +function sec_dropgroupmembers($dbsocket,$userid,$groupid) { + + $Results=0; + if ( ( !embededsql($groupid) ) && ( !embededsql($userid) ) ) { + $userid=stripslashes(pgdatatrim($userid)); + $groupid=stripslashes(pgdatatrim($groupid)); + if ( ( strval($groupid) > 0 ) && ( strval($userid) > 0 ) ) { + $SQLQuery="DELETE FROM SecFrame_TGroupMembers where TGroup_ID=$groupid and TLogin_ID=$userid"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_startbody */ +/* */ +/* Purpose: set the default page */ +/* properites */ +/* */ +/******************************************/ + +function sec_startbody($tabs=0) { + + echo tabs($tabs) . ""; +} + +/******************************************/ +/* */ +/* Function: sec_addapp */ +/* */ +/* Purpose: Add an app to the system. */ +/* If successful, the system returns 1 */ +/* else the system returns 0. The */ +/* function also boundary checks the new */ +/* data down to the SQL defined limits of */ +/* the appropriate fields. */ +/* */ +/******************************************/ + +function sec_addapp($dbsocket,$appname,$appdesc) { + + $Results=0; + if ( ( !embededsql($appname) ) && ( !embededsql($appdesc) ) ) { + $appname=stripslashes(substr(pgdatatrim($appname),0,30)); + $appdesc=stripslashes(substr(pgdatatrim($appdesc),0,80)); + if ( ( $appname != "" ) && ( $appdesc != "" ) && ( is_string($appname) ) && ( is_string($appdesc) ) ) { + $SQLQuery="insert into SecFrame_TApp (TApp_Name,TApp_Desc) values ('$appname','$appdesc')"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_addqueue */ +/* */ +/* Purpose: Submit a job to be processed */ +/* by the Queue runner. The queue runner */ +/* can do things like create local users, */ +/* delete users, etc */ +/* */ +/******************************************/ + +function sec_addqueue($dbsocket,$command="", $date="", $time="", $dateprocessed="", $timeprocessed="", $processed="", $data1="", $data2="" ) { + + $Results=0; + if ( strlen(pgdatatrim($queuecommand)) > 0 ) { + $SQLQuery="insert into SecFrame_TQueue (TQueue_Command,TQueue_Date,TQueue_Time,TQueue_DateProcessed,TQueue_TimeProcessed,TQueue_Processed,TQueue_Data1,TQueue_Data2) values ('$queuecommand','$date','$time','$dateprocessed','$timeprocessed','$processed','$queuedata1','$queuedata2')"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + return($Results); +} + +/******************************************/ +/* */ +/* Function: sec_addlogin */ +/* */ +/* Purpose: Add a login to the system. */ +/* If successful, the system returns 1 */ +/* else the system returns 0. The */ +/* function also boundary checks the new */ +/* data down to the SQL defined limits of */ +/* the appropriate fields. */ +/* */ +/******************************************/ + +function sec_addlogin($dbsocket,$username,$password,$name,$email,$home,$work,$cell,$pager,$address1,$address2,$city,$state,$zip) { + $Results=0; + if ( ( !embededsql($username) ) && + ( !embededsql($password) ) && + ( !embededsql($name) ) && + ( !embededsql($email) ) && + ( !embededsql($home) ) && + ( !embededsql($work) ) && + ( !embededsql($cell) ) && + ( !embededsql($pager) ) && + ( !embededsql($address1) ) && + ( !embededsql($address2) ) && + ( !embededsql($city) ) && + ( !embededsql($state) ) && + ( !embededsql($zip) ) ) { + $username=stripslashes(substr(pgdatatrim($username),0,128)); + $password=stripslashes(substr(pgdatatrim($password),0,36)); + $name=stripslashes(substr(pgdatatrim($name),0,40)); + $email=stripslashes(substr(pgdatatrim($email),0,40)); + $home=stripslashes(substr(pgdatatrim($home),0,20)); + $cell=stripslashes(substr(pgdatatrim($cell),0,20)); + $work=stripslashes(substr(pgdatatrim($work),0,20)); + $pager=stripslashes(substr(pgdatatrim($pager),0,20)); + $address1=stripslashes(substr(pgdatatrim($address1),0,40)); + $address2=stripslashes(substr(pgdatatrim($address2),0,40)); + $city=stripslashes(substr(pgdatatrim($city),0,40)); + $state=stripslashes(substr(pgdatatrim($state),0,40)); + if ( ( $username != "" ) && ( is_string($username) ) && + ( $password != "" ) && ( is_string($password) ) && + ( $name != "" ) && ( is_string($name) ) && + ( $password != "" ) && ( is_string($password) ) && + ( is_string($email) ) && + ( is_string($home) ) && + ( is_string($work) ) && + ( is_string($cell) ) && + ( is_string($pager) ) && + ( is_string($address1) ) && + ( is_string($address2) ) && + ( is_string($city) ) && + ( is_string($state) ) && + ( is_string($zip) ) ) { + if ( strlen($password) < 32 ) { $password=md5($password); } + $SQLQuery="insert into SecFrame_TLogin (TLogin_Username,TLogin_Password," . + "TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell," . + "TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City," . + "TLogin_State,TLogin_Zip) values ('$username','$password','$name'," . + "'$email','$home','$work','$cell','$pager','$address1','$address2'," . + "'$city','$state','$zip')"; + $SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or + die(pg_errormessage()."
    \n"); + if ( $SQLQueryResults ) { $Results = 1 ; } + pg_freeresult($SQLQueryResults) or + die(pg_errormessage() . "
    \n"); + } + } + return($Results); +} + +%> diff --git a/log.d/.db.conf.swo b/log.d/.db.conf.swo new file mode 100644 index 0000000..01250a8 Binary files /dev/null and b/log.d/.db.conf.swo differ diff --git a/log.d/.db.conf.swp b/log.d/.db.conf.swp new file mode 100644 index 0000000..82e28aa Binary files /dev/null and b/log.d/.db.conf.swp differ diff --git a/log.d/CENTRAL_LOGSERVER b/log.d/CENTRAL_LOGSERVER new file mode 100644 index 0000000..0307517 --- /dev/null +++ b/log.d/CENTRAL_LOGSERVER @@ -0,0 +1,33 @@ +Centralised logserver scripts + +Johan Allard, CSC Australia 2004-08-27, jallard2@csc.com.au + +About +===== +These scripts tie logwatch together with PostgreSQL to generate summary +information that will be stored in the database from syslog data stored in +the database. + +Running the script +================== +To run the script type /etc/log.d/bin/parselog.sh systemname datespec +systemname: the name of the system to parse logdata from, ex: clf +datespec: the datespec is a dateformat that PostgreSQL understands, or you +can use the keywords today, yesterday or all. If omitted, all is used. + +How the script works +==================== +The script will take the syslog data from the database (for the specified +host and for the specified datespec) and put it in +/var/tmp/var/log. The logwatch script is then run and the output is then +stored in the database in the syslog_tsummary table. The output in +/var/tmp/var/log is then deleted. + +Adding a new host type +====================== +The only specified host type, as of this writing, is linux. To add, say +solaris, add a row in the syslog_tpremadetype for "Solaris Host" with the +logwatch_cmd set to solaris. Then copy the contents from +/etc/log.d/configs/linux to /etc/log.d/configs/solaris and edit the contents +of the directories below /etc/log.d/configs/solaris to match what you want +to look for in the solaris logfiles. diff --git a/log.d/bin/dumplog.pl b/log.d/bin/dumplog.pl new file mode 100755 index 0000000..e996d65 --- /dev/null +++ b/log.d/bin/dumplog.pl @@ -0,0 +1,63 @@ +#!/usr/bin/perl +# +# +use DBI; + +$configfile = "/etc/log.d/db.conf"; +eval('require("$configfile")'); +die "*** Failed to eval() file $configfile:\n$@\n" if ($@); + +if (!@ARGV) { + print "Usage: dumplog.pl system [all|today|yesterday|yyyy-mm-dd]\n"; + exit (99); +} + +if ( ! -d $temp_log_dir ) { + print "$temp_log_dir not a directory\n"; + exit (99); +} + +# +# Open the logfiles we're writing to later +# +open (MESSAGES_LOG, ">$temp_log_dir/messages"); + +# +# Open the database connection +# +my $dbh = DBI->connect($DBI, $user, $password) or die DBI::errstr; + +# +# Open the database connection +# +if (@ARGV[1] && @ARGV[1] ne "all") { + if (@ARGV[1] eq "today") { + $date = "and date=CURRENT_DATE"; + } elsif (@ARGV[1] eq "yesterday") { + $date = "and date=(CURRENT_DATE - 1)"; + } else { + $date = "and date='". @ARGV[1]. "'"; + } +} + +$sql = "select to_char(date, 'Mon DD') as date, time, host, message from syslog_tarchive + where host='". @ARGV[0]. "' $date order by date, time"; +my $sth = $dbh->prepare($sql) or die "Can't prepare statement: $DBI::errstr"; +my $rc = $sth->execute or die "Can't execute statement: $DBI::errstr"; + +if (!$sth->rows) { + print "Error: no matching data\n"; + exit (99); +} + +while (($date,$time,$host,$message) = $sth->fetchrow_array) { + $log_string = "$date $time $host $message\n"; + print MESSAGES_LOG $log_string; +} + +close (MESSAGES_LOG); + +# check for problems which may have terminated the fetch early +die $sth->errstr if $sth->err; + +$dbh->disconnect(); diff --git a/log.d/bin/getconfig b/log.d/bin/getconfig new file mode 100755 index 0000000..3bc5fa7 --- /dev/null +++ b/log.d/bin/getconfig @@ -0,0 +1,39 @@ +#!/usr/bin/perl +# +# +use DBI; + +$configfile = "/etc/log.d/db.conf"; +eval('require("$configfile")'); +die "*** Failed to eval() file $configfile:\n$@\n" if ($@); + +if (!@ARGV) { + print "Usage: getconfig system\n"; + exit (99); +} + +$sql = "select logwatch_cmd from syslog_tpremadetype, syslog_thost where "; +$sql .= "syslog_tpremadetype.tpremadetype_id=syslog_thost.tpremadetype_id and "; +$sql .= "syslog_thost.thost_host='". @ARGV[0]. "'"; + +my $dbh = DBI->connect($DBI, $user, $password) or die DBI::errstr; + +my $sth = $dbh->prepare($sql) or die "Can't prepare statement: $DBI::errstr"; + +my $rc = $sth->execute + or die "Can't execute statement: $DBI::errstr"; + +if (!$sth->rows) { + print "Error: no such system\n"; + exit (99); +} + +while (($logwatch_cmd) = $sth->fetchrow_array) { + if ($logwatch_cmd) { + print "$logwatch_cmd\n"; + } +} +# check for problems which may have terminated the fetch early +die $sth->errstr if $sth->err; + +$dbh->disconnect(); diff --git a/log.d/bin/listconfigs b/log.d/bin/listconfigs new file mode 100755 index 0000000..5ead8c5 --- /dev/null +++ b/log.d/bin/listconfigs @@ -0,0 +1,33 @@ +#!/usr/bin/perl +# +# +use DBI; + +$configfile = "/etc/log.d/db.conf"; +eval('require("$configfile")'); +die "*** Failed to eval() file $configfile:\n$@\n" if ($@); + +my $dbh = DBI->connect($DBI, $user, $password) or die DBI::errstr; + +my $sth = $dbh->prepare("select tpremadetype_desc from syslog_tpremadetype") + or die "Can't prepare statement: $DBI::errstr"; + +my $rc = $sth->execute + or die "Can't execute statement: $DBI::errstr"; + +if (!$sth->rows) { + print "Error: no systems defined\n"; + exit (99); +} + +print "System identifiers:\n"; +print "===================\n"; +while (($system) = $sth->fetchrow_array) { + if ($system) { + print "$system\n"; + } +} +# check for problems which may have terminated the fetch early +die $sth->errstr if $sth->err; + +$dbh->disconnect(); diff --git a/log.d/bin/logwatch.pl b/log.d/bin/logwatch.pl new file mode 100755 index 0000000..b854018 --- /dev/null +++ b/log.d/bin/logwatch.pl @@ -0,0 +1,790 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: logwatch.pl,v 1.111 2004/06/21 15:00:44 kirk Exp $ +########################################################################## +# Most current version can always be found at: +# ftp://ftp.logwatch.org/pub/redhat/RPMS + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to logwatch@logwatch.org. +# +######################################################## + +my $BaseDir = "/etc/log.d"; +#my $BaseDir = "/home/kirk/cvs-work/logwatch"; +my $ConfigDir = "$BaseDir/conf"; + +#Added to create switches for different os options -mgt +#For now working on Linux and SunOS +my $OSname = `uname -s`; +chomp $OSname; + +my $Version = '5.2'; +my $VDate = '06/21/04'; + +############################################################################# + +use Getopt::Long; +my (%Config, @ServiceList, @LogFileList, %ServiceData, %LogFileData); +my (@AllShared, @AllLogFiles, @FileList); +# These need to not be global variables one day +my (@ReadConfigNames, @ReadConfigValues); + +# Default config here... +$Config{'detail'} = 0; +$Config{'mailto'} = "root"; +$Config{'save'} = ""; +$Config{'print'} = 0; +$Config{'range'} = "yesterday"; +$Config{'debug'} = 0; +$Config{'archives'} = 0; +$Config{'tmpdir'} = "/tmp"; +$Config{'splithosts'} = 0; +$Config{'multiemail'} = 0; +# Logwatch now does some basic searching for logs +# So if the log file is not in the log path it will check /var/adm +# and then /var/log -mgt +$Config{'logdir'} = "/var/log"; +chomp($Config{'hostname'} = `hostname`); + +############################################################################# + +sub Usage () { + # Show usage for this program + print "\nUsage: $0 [--detail ] [--logfile ]\n" . + " [--print] [--mailto ] [--archives] [--range ] [--debug ]\n" . + " [--save ] [--help] [--version] [--service ]\n" . + " [--splithosts] [--multiemail]\n\n"; + print "--detail : Report Detail Level - High, Med, Low or any #.\n"; + print "--logfile : *Name of a logfile definition to report on.\n"; + print "--service : *Name of a service definition to report on.\n"; + print "--print: Display report to stdout.\n"; + print "--mailto : Mail report to .\n"; + print "--archives: Use archived log files too.\n"; + print "--save : Save to .\n"; + print "--range : Date range: Yesterday, Today or All.\n"; + print "--debug : Debug Level - High, Med, Low or any #.\n"; + print "--splithosts: Create a report for each host in syslog.\n"; + print "--multiemail: Send each host report in a separate email. Ignored if \n"; + print " not using --splithosts.\n"; + print "--version: Displays current version.\n"; + print "--help: This message.\n"; + print "* = Switch can be specified multiple times...\n\n"; + exit (99); +} + +my %wordsToInts = (yes => 1, no => 0, + true => 1, false => 0, + on => 1, off => 0, + high => 10, + med => 5, medium => 5, + low => 0); + +sub getInt { + my $word = shift; + my $tmpWord = lc $word; + $tmpWord =~ s/\W//g; + return $wordsToInts{$tmpWord} if (defined $wordsToInts{$tmpWord}); + unless ($word =~ s/^"(.*)"$/$1/) { + return lc $word; + } + return $word; +} + +sub CleanVars { + foreach (keys %Config) { + $Config{$_} = getInt($Config{$_}); + } +} + +sub PrintStdArray (@) { + my @ThisArray = @_; + my $i; + for ($i=0;$i<=$#ThisArray;$i++) { + print "[" . $i . "] = " . $ThisArray[$i] . "\n"; + } +} + +sub PrintConfig () { + # for debugging, print out config... + foreach (keys %Config) { + print $_ . ' -> ' . $Config{$_} . "\n"; + } + print "Service List:\n"; + PrintStdArray @ServiceList; + print "\n"; + print "LogFile List:\n"; + PrintStdArray @LogFileList; + print "\n\n"; +} + +# for debugging... +sub PrintServiceData () { + my ($ThisKey1,$ThisKey2,$i); + foreach $ThisKey1 (keys %ServiceData) { + print "\nService Name: " . $ThisKey1 . "\n"; + foreach $ThisKey2 (keys %{$ServiceData{$ThisKey1}}) { + next unless ($ThisKey2 =~ /^\d+-/); + print " $ThisKey2 = $ServiceData{$ThisKey1}{$ThisKey2}\n"; + } + for ($i=0;$i<=$#{$ServiceData{$ThisKey1}{'logfiles'}};$i++) { + print " Logfile = " . $ServiceData{$ThisKey1}{'logfiles'}[$i] . "\n"; + } + } +} + +# for debugging... +sub PrintLogFileData () { + my ($ThisKey1,$ThisKey2,$i); + foreach $ThisKey1 (keys %LogFileData) { + print "\nLogfile Name: " . $ThisKey1 . "\n"; + foreach $ThisKey2 (keys %{$LogFileData{$ThisKey1}}) { + next unless ($ThisKey2 =~ /^\d+-/); + print " $ThisKey2 = $LogFileData{$ThisKey1}{$ThisKey2}\n"; + } + for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'logfiles'}};$i++) { + print " Logfile = " . $LogFileData{$ThisKey1}{'logfiles'}[$i] . "\n"; + } + for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'archives'}};$i++) { + print " Archive = " . $LogFileData{$ThisKey1}{'archives'}[$i] . "\n"; + } + } +} + +sub ReadConfigFile ($) { + my $FileName = $_[0]; + @ReadConfigNames = (); + @ReadConfigValues = (); + if ($Config{'debug'} > 5) { + print "ReadConfigFile: Opening " . $FileName . "\n"; + } + open (READCONFFILE, $FileName) or die "Cannot open file $FileName: $!\n"; + while (my $line = ) { + if ($Config{'debug'} > 9) { + print "ReadConfigFile: Read Line: " . $line; + } + $line =~ s/#.*$//; + next if ($line =~ /^\s*$/); + + my ($name, $value) = split /=/, $line, 2; + $name =~ s/^\s+//; $name =~ s/\s+$//; + if ($value) { $value =~ s/^\s+//; $value =~ s/\s+$//; } + else { $value = ''; } + + push @ReadConfigNames, lc $name; + push @ReadConfigValues, getInt $value; + if ($Config{'debug'} > 7) { + print "ReadConfigFile: Name=" . $name . ", Value=" . $value . "\n"; + } + } + close READCONFFILE; +} + +############################################################################# + +# Add / to BaseDir +unless ($BaseDir =~ m=/$=) { + $BaseDir = $BaseDir . "/"; +} + +# Load main config file... +if ($Config{'debug'} > 8) { + print "\nDefault Config:\n"; + PrintConfig(); +} + +CleanVars(); + +my $OldMailTo = $Config{'mailto'}; +my $OldPrint = $Config{'print'}; + +ReadConfigFile ($ConfigDir . "/logwatch.conf"); +for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq "logfile") { + push @LogFileList, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] eq "service") { + push @ServiceList, $ReadConfigValues[$i]; + } else { + $Config{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } +} + +CleanVars(); + +if ($OldMailTo ne $Config{'mailto'}) { + $Config{'print'} = 0; +} elsif ($OldPrint ne $Config{'print'}) { + $Config{'mailto'} = ""; +} + +if ($Config{'debug'} > 8) { + print "\nConfig After Config File:\n"; + PrintConfig(); +} + +# Options time... + +my @TempLogFileList = (); +my @TempServiceList = (); +my $Help = 0; +my $ShowVersion = 0; + +$OldMailTo = $Config{'mailto'}; +$OldPrint = $Config{'print'}; + +GetOptions ( "d|detail=s" => \$Config{'detail'}, + "l|logfile=s@" => \@TempLogFileList, + "logdir=s" => \$Config{'logdir'}, + "s|service=s@" => \@TempServiceList, + "p|print" => \$Config{'print'}, + "m|mailto=s" => \$Config{'mailto'}, + "save=s" => \$Config{'save'}, + "a|archives" => \$Config{'archives'}, + "debug=s" => \$Config{'debug'}, + "r|range=s" => \$Config{'range'}, + "h|help" => \$Help, + "v|version" => \$ShowVersion, + "hostname=s" => \$Config{'hostname'}, + "splithosts" => \$Config{'splithosts'}, + "multiemail" => \$Config{'multiemail'}, + ) or Usage(); + +$Help and Usage(); + +if ($ShowVersion) { + print "Logwatch $Version (released $VDate)\n"; + exit 0; +} + +CleanVars(); + +if ($OldMailTo ne $Config{'mailto'}) { + $Config{'print'} = 0; +} elsif ($OldPrint ne $Config{'print'}) { + $Config{'mailto'} = ""; +} + +if ($Config{'debug'} > 8) { + print "\nCommand Line Parameters:\n Log File List:\n"; + PrintStdArray @TempLogFileList; + print "\n Service List:\n"; + PrintStdArray @TempServiceList; + print "\nConfig After Command Line Parsing:\n"; + PrintConfig(); +} + +if ($#TempLogFileList > -1) { + @LogFileList = @TempLogFileList; + for (my $i = 0; $i <= $#LogFileList; $i++) { + $LogFileList[$i] = lc($LogFileList[$i]); + } + @ServiceList = (); +} + +if ($#TempServiceList > -1) { + @ServiceList = @TempServiceList; + for (my $i = 0; $i <= $#ServiceList; $i++) { + $ServiceList[$i] = lc($ServiceList[$i]); + } +} + +if ( ($#ServiceList == -1) and ($#LogFileList == -1) ) { + push @ServiceList, 'all'; +} + +if ($Config{'debug'} > 5) { + print "\nConfig After Everything:\n"; + PrintConfig(); +} + +############################################################################# + +# Find out what services are defined... +my (@TempAllServices, $ThisFile, $count); + +opendir(SERVICESDIR, $ConfigDir . '/services') or + die $ConfigDir . "/services: $!"; +my @services = grep !-d && /\.conf$/, readdir SERVICESDIR; +closedir SERVICESDIR; + +foreach my $f (@services) { + my $ThisService = lc $f; + $ThisService =~ s/\.conf$//; + push @TempAllServices, $ThisService; + + ReadConfigFile($ConfigDir . "/services/$f"); + + for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq 'logfile') { + push @{$ServiceData{$ThisService}{'logfiles'}}, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] =~ /^\*/) { + $count++; + $ServiceData{$ThisService}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i]; + } else { + $ServiceData{$ThisService}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } + } +} +my @AllServices = sort @TempAllServices; + +# Find out what logfiles are defined... +opendir(LOGFILEDIR, $ConfigDir . "/logfiles") or die $ConfigDir . "/logfiles/, no such directory.\n"; +while (defined($ThisFile = readdir(LOGFILEDIR))) { + unless (-d $ConfigDir . "/logfiles/" . $ThisFile) { + my $ThisLogFile = $ThisFile; + if ($ThisLogFile =~ s/\.conf$//i) { + push @AllLogFiles, $ThisLogFile; + ReadConfigFile($ConfigDir . "/logfiles/" . $ThisFile); + for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq "logfile") { + #Lets try and find the logs -mgt + if (-e "$Config{'logdir'}/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $ReadConfigValues[$i]; + } elsif (-e "/var/adm/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "adm/$ReadConfigValues[$i]"; + } elsif (-e "/var/log/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "log/$ReadConfigValues[$i]"; + } else { + #Fallback to default even if it doesn't exist -mgt + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, + $ReadConfigValues[$i]; + } + } elsif ($ReadConfigNames[$i] eq "archive") { + push @{$LogFileData{$ThisLogFile}{'archives'}}, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] =~ /^\*/) { + $count++; + $LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i]; + } else { + $LogFileData{$ThisLogFile}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } + } + } + } +} +closedir(LOGFILEDIR); + +# Find out what shared functions are defined... +opendir(SHAREDDIR,$BaseDir . "scripts/shared") or die $BaseDir . "scripts/shared/, no such directory.\n"; +while (defined($ThisFile = readdir(SHAREDDIR))) { + unless (-d $BaseDir . "scripts/shared/" . $ThisFile) { + push @AllShared, lc($ThisFile); + } +} +closedir(SHAREDDIR); + +if ($Config{'debug'} > 5) { + print "\nAll Services:\n"; + PrintStdArray @AllServices; + print "\nAll Log Files:\n"; + PrintStdArray @AllLogFiles; + print "\nAll Shared:\n"; + PrintStdArray @AllShared; +} + +############################################################################# + +# Time to expand @ServiceList, using @LogFileList if defined... + +if ((scalar @ServiceList > 1) && (grep /^all$/i, @ServiceList)) { + # This means we are doing *all* services ... but excluding some + my %tmphash; + foreach my $item (@AllServices) { + $tmphash{lc $item} = ""; + } + foreach my $service (@ServiceList) { + next if $service =~ /^all$/i; + if ($service =~ /^\-(.+)$/) { + my $offservice = $1; + if (! exists $tmphash{lc $offservice}) { + die "Nonexistent service to disable: $offservice\n"; + } + delete $tmphash{lc $offservice}; + } else { + die "Wrong configuration entry for \"Service\", if \"All\" selected, only \"-\" items are allowed\n"; + } + } + @ServiceList = (); + foreach my $keys (keys %tmphash) { + push @ServiceList, $keys; + } + @LogFileList = (); +} elsif ( $ServiceList[0] and ($ServiceList[0] eq 'all') and ($#ServiceList == 0) ) { + # This means we are doing *all* services... + @ServiceList = @AllServices; + @LogFileList = (); +} else { + my $ThisOne; + while (defined($ThisOne = pop @LogFileList)) { + unless ($LogFileData{$ThisOne}) { + die "Logwatch is not configured to use logfile: $ThisOne\n"; + } + foreach my $ThisService (keys %ServiceData) { + for (my $i = 0; $i <= $#{$ServiceData{$ThisService}{'logfiles'}}; $i++) { + if ( $ServiceData{$ThisService}{'logfiles'}[$i] eq $ThisOne ) { + push @ServiceList,$ThisService; + } + } + } + } + @TempServiceList = sort @ServiceList; + @ServiceList = (); + my $LastOne = ""; + while (defined($ThisOne = pop @TempServiceList)) { + unless ( ($ThisOne eq $LastOne) or ($ThisOne eq 'all') or ($ThisOne =~ /^-/)) { + unless ($ServiceData{$ThisOne}) { + die "Logwatch does not know how to process service: $ThisOne\n"; + } + push @ServiceList, $ThisOne; + } + $LastOne = $ThisOne; + } +} + +# Now lets fill up @LogFileList again... +foreach my $ServiceName (@ServiceList) { + foreach my $LogName ( @{$ServiceData{$ServiceName}{'logfiles'} } ) { + unless ( grep m/$LogName/, @LogFileList ) { + push @LogFileList, $LogName; + } + } +} + +if ($Config{'debug'} > 7) { + print "\n\nAll Service Data:\n"; + PrintServiceData; + print "\nServices that will be processed:\n"; + PrintStdArray @ServiceList; + print "\n\n"; + print "\n\nAll LogFile Data:\n"; + PrintLogFileData; + print "\nLogFiles that will be processed:\n"; + PrintStdArray @LogFileList; + print "\n\n"; +} + +############################################################################# + +my $TempDir; +my $UseMkTemp = $Config{'usemktemp'}; +my $MkTemp = $Config{'MkTemp'}; +if ($UseMkTemp and (-x $MkTemp)) { + $TempDir = `$MkTemp -d $Config{'tmpdir'}/logwatch.XXXXXXXX 2>/dev/null`; + chomp($TempDir); + unless (($? == 0) and $TempDir) { + die "Failed to create $Config{'tmpdir'}/logwatch.XXXXXXXX with mktemp!!\nDoes your mktemp support the -d option??\nIf not, modify logwatch.conf accordingly.\n"; + } + if ($Config{'debug'}>7) { + print "\nMade Temp Dir: " . $TempDir . " with mktemp\n"; + } +} else { + my $uid = $<; + my $gid = (split(' ', $( ))[0]; + + # Create the temporary directory... + $TempDir = $Config{'tmpdir'} . "/logwatch." . $$; + + if ($Config{'debug'}>7) { + print "\nMaking Temp Dir: " . $TempDir . "\n"; + } + + `rm -rf $TempDir`; + mkdir ($TempDir,0700) or die "Failed to create TempDir: $TempDir (somebody may be attempting a root exploit!)\n"; + `chown $uid $TempDir`; + `chgrp $gid $TempDir`; + `chmod 0700 $TempDir`; + unless (-d $TempDir and (not -l $TempDir)) { + die "$TempDir not a directory (somebody is attempting a root exploit!)\n"; + } + unless ((stat($TempDir))[4] == $uid) { + die "$TempDir not owned by UID $uid (somebody is attempting a root exploit!)\n"; + } + unless ((stat($TempDir))[5] == $gid) { + die "$TempDir not owned by GID $gid (somebody is attempting a root exploit!)\n"; + } + unless (((stat($TempDir))[2] & 07777) == 0700) { + die "$TempDir permissions not 0700 (somebody is attempting a root exploit!)\n"; + } + # Check to make sure nothing changed after we checked the ownership + unless (-d $TempDir and (not -l $TempDir)) { + die "$TempDir not a directory (somebody is attempting a root exploit!)\n"; + } + `rm -rf $TempDir/*`; + unless (`ls $TempDir | wc -l` == 0) { + die "$TempDir not empty (somebody is attempting a root exploit!)\n"; + } +} + +unless ($TempDir =~ m=/$=) { + $TempDir .= "/"; +} + +############################################################################# + +# Set up the environment... + +$ENV{'LOGWATCH_DATE_RANGE'} = $Config{'range'}; +$ENV{'LOGWATCH_DETAIL_LEVEL'} = $Config{'detail'}; +$ENV{'LOGWATCH_DEBUG'} = $Config{'debug'}; +$ENV{'LOGWATCH_TEMP_DIR'} = $TempDir; +if ($Config{'hostlimit'}) { + $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Config{'hostname'}; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//; +} +if ($Config{'debug'}>4) { + foreach ('LOGWATCH_DATE_RANGE', 'LOGWATCH_DETAIL_LEVEL', + 'LOGWATCH_TEMP_DIR', 'LOGWATCH_DEBUG', 'LOGWATCH_ONLY_HOSTNAME') { + if ($ENV{$_}) { + print "export $_='$ENV{$_}'\n"; + } + } +} + +my $LibDir = "$BaseDir/lib"; +if ($ENV{PERL5LIB}) { + # User dirs should be able to override this setting + $ENV{PERL5LIB} = "$ENV{PERL5LIB}:$LibDir"; +} else { + $ENV{PERL5LIB} = $LibDir; +} + +############################################################################# + +unless ($Config{'logdir'} =~ m=/$=) { + $Config{'logdir'} .= "/"; +} + +# Okay, now it is time to do pre-processing on all the logfiles... + +my $LogFile; +foreach $LogFile (@LogFileList) { + next if ($LogFile eq 'none'); + if (!defined($LogFileData{$LogFile}{'logfiles'})) { + print "*** Error: There is no logfile defined. Do you have a " . $BaseDir . "conf/logfiles/" . $LogFile . ".conf file ?\n"; + next; + } + @FileList = @{$LogFileData{$LogFile}{'logfiles'}}; + if ($Config{'archives'} == 1) { + push @FileList, $TempDir . $LogFile . "-archive"; + my $Archive; + foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + my $DestFile = $TempDir . $LogFile . "-archive"; + unless ($Archive =~ m=^/=) { + $Archive = ($Config{'logdir'} . $Archive); + } + if ($Archive =~ m/gz$/) { + `/bin/zcat $Archive 2>/dev/null >> $DestFile`; + } else { + `/bin/cat $Archive 2>/dev/null >> $DestFile`; + } + } + } + my $FileText = ""; + foreach $ThisFile (@FileList) { + if ($ThisFile =~ m=^/=) { + $FileText .= ($ThisFile . " "); + } else { + $FileText .= ( $Config{'logdir'} . $ThisFile . " "); + } + } + my $FilterText = " 2>/dev/null "; + foreach (sort keys %{$LogFileData{$LogFile}}) { + my $cmd = $_; + if ($cmd =~ s/^\d+-\*//) { + $FilterText .= ("| $BaseDir" . "scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); + } elsif ($cmd =~ s/^\$//) { + $ENV{$cmd} = $LogFileData{$LogFile}{$_}; + if ($Config{'debug'}>4) { + print "export $cmd='$LogFileData{$LogFile}{$_}'\n"; + } + } + } + if (opendir (LOGDIR,$BaseDir . "scripts/logfiles/" . $LogFile)) { + foreach (sort readdir(LOGDIR)) { + unless ( -d $BaseDir . "scripts/logfiles/$LogFile/$_") { + $FilterText .= ("| $BaseDir" . "scripts/logfiles/$LogFile/$_"); + } + } + closedir (LOGDIR); + } + if ($FileText) { + my $Command = $FileText . $FilterText . ">" . $TempDir . $LogFile; + if ($Config{'debug'}>4) { + print "\nPreprocessing LogFile: " . $LogFile . "\n" . $Command . "\n"; + } + if ($LogFile !~ /^[-_\w\d]+$/) { + print STDERR "Unexpected filename: [[$LogFile]]. Not used\n" + } else { + `/bin/cat $Command`; + } + } +} + +#populate the host lists if we're splitting hosts +my @hosts; +if ($Config{'splithosts'} eq 1) { + my $newlogfile; + my @logarray; + opendir (LOGDIR,$TempDir) || die "Cannot open dir"; + @logarray = readdir(LOGDIR); + closedir (LOGDIR); + my $ecpcmd = ("| $BaseDir" . "scripts/shared/hostlist"); + foreach $newlogfile (@logarray) { + my $eeefile = ("$TempDir" . "$newlogfile"); + if ((!(-d $eeefile)) && (!($eeefile =~ m/-archive/))) { + `/bin/cat $eeefile $ecpcmd`; + } + } + #read in the final host list + open (HOSTFILE,"$TempDir/hostfile") || die $!; + @hosts = ; + close (HOSTFILE); + chomp @hosts; + @hosts = sort(@hosts); +} + +############################################################################# + +my $report_finish = "\n ###################### LogWatch End ######################### \n\n"; +my $printing = ''; +my $emailopen = ''; + +sub initprint { + return if $printing; + if ($Config{'print'} eq 1) { + *OUTFILE = *STDOUT; + } elsif ($Config{'save'} ne "") { + open(OUTFILE,">" . $Config{'save'}) or die "Can't open output file: $Config{'save'}\n"; + } elsif ($OSname eq "SunOS") { + #Solaris mail doesn't know -s -mgt + if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) { + open(OUTFILE,"|$Config{'mailer'} $Config{'mailto'}") or die "Can't execute /bin/mail\n"; + print OUTFILE "From: LogWatcher\n"; + print OUTFILE "To: $Config{'mailto'}\n"; + print OUTFILE "Subject: LogWatch for $Config{'hostname'}\n\n"; + if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) { + print OUTFILE "Reporting on hosts: @hosts\n"; + } + $emailopen = 'y'; + } + } else { + if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) { + open(OUTFILE,"|$Config{'mailer'} -s \"LogWatch for $Config{'hostname'}\" " . $Config{'mailto'}) or die "Can't execute /bin/mail\n"; + if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) { + print OUTFILE "Reporting on hosts: @hosts\n"; + } + $emailopen = 'y'; + } + } + $printing = 'y'; + print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n"; + print OUTFILE " Processing Initiated: " . localtime(time) . "\n"; + print OUTFILE " Date Range Processed: $Config{'range'}\n"; + print OUTFILE " Detail Level of Output: $Config{'detail'}\n"; + print OUTFILE " Logfiles for Host: $Config{'hostname'}\n"; + print OUTFILE " ################################################################ \n"; +} + +sub parselogs { + my $Service; + foreach $Service (sort @ServiceList) { + $ENV{'PRINTING'} = $printing; + @FileList = @{$ServiceData{$Service}{'logfiles'}}; + my $FileText = ""; + foreach $ThisFile (@FileList) { + if (-s $TempDir . $ThisFile) { + $FileText .= ( $TempDir . $ThisFile . " "); + } + } + my $FilterText = " "; + foreach (sort keys %{$ServiceData{$Service}}) { + my $cmd = $_; + if ($cmd =~ s/^\d+-\*//) { + $FilterText .= ("$BaseDir" . "scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); + } elsif ($cmd =~ s/^\$//) { + $ENV{$cmd} = $ServiceData{$Service}{$_}; + if ($Config{'debug'}>4) { + print "export $cmd='$ServiceData{$Service}{$_}'\n"; + } + } + } +# ECP - insert the host stripping now + my $HostStrip = " "; + if ($Config{'splithosts'} eq 1) { + $HostStrip .= ("$BaseDir" . "scripts/shared/onlyhost"); + } + if ( -f $BaseDir . "scripts/services/" . $Service ) { + $FilterText .= ("" . $BaseDir . "scripts/services/" . $Service ); + } + else { + die "Can't open: " . $BaseDir . "scripts/services/" . $Service; + } + + my $Command = ''; + if ($FileList[0] eq 'none') { + $Command = " $FilterText 2>&1 "; + } elsif ($FileText) { + if ($HostStrip ne " ") { + $Command = " ( /bin/cat $FileText | $HostStrip | $FilterText) 2>&1 "; + } else { + $Command = " ( /bin/cat $FileText | $FilterText) 2>&1 "; + } + } + + if ($Command) { + if ($Config{'debug'}>4) { + print "\nProcessing Service: " . $Service . "\n" . $Command . "\n"; + } + open (TESTFILE,$Command . " |"); + my $ThisLine; + my $has_output = 0; + while (defined ($ThisLine = )) { + next if ((not $printing) and $ThisLine =~ /^\s*$/); + initprint(); + if (($has_output == 0) and ($ServiceData{$Service}{'title'})) { + print OUTFILE "\n --------------------- $ServiceData{$Service}{'title'} Begin ------------------------ \n\n"; + $has_output = 1; + } + print OUTFILE $ThisLine; + } + close (TESTFILE); + if ($has_output and $ServiceData{$Service}{'title'}) { + print OUTFILE "\n ---------------------- $ServiceData{$Service}{'title'} End ------------------------- \n\n"; + } + } + } + + print OUTFILE $report_finish if ($printing); + if ($Config{'multiemail'} eq 1) { + close(OUTFILE) unless ($Config{'print'} eq 1); + } +} + +if ($Config{'splithosts'} eq 1) { + my $Host; + foreach $Host (@hosts) { + $printing = ''; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Host; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//; + $Config{'hostname'} = $Host; + parselogs(); + } # ECP +} else { + parselogs(); +} +close(OUTFILE) unless ($Config{'print'} eq 1); +############################################################################# + +# Get rid of temp directory... +if ($Config{'debug'}<100) { + `rm -rf $TempDir`; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/bin/parselog.sh b/log.d/bin/parselog.sh new file mode 100755 index 0000000..77c659b --- /dev/null +++ b/log.d/bin/parselog.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +if [ $# -lt 2 ]; then + echo "Usage parselog.sh hostname datespec" + exit 1 +fi + +temp_log_dir="/var/tmp/var/log" +hostspec=$1 +datespec=$2 + +configdir=`/etc/log.d/bin/getconfig $hostspec` + +if [ -d $temp_log_dir ]; then + rm -rf $temp_log_dir +fi + +if [ "$configdir" == "Error: no such system" ]; then + echo "Error: no such system: $hostspec" + exit 1 +fi + +mkdir -p $temp_log_dir; + +/etc/log.d/bin/dumplog.pl $hostspec $datespec + +rm -f /etc/log.d/conf +rm -f /etc/log.d/scripts +ln -s /etc/log.d/configs/$configdir/conf /etc/log.d/conf +ln -s /etc/log.d/configs/$configdir/scripts /etc/log.d/scripts + +/etc/log.d/bin/logwatch.pl --print | /etc/log.d/bin/storelog.pl $hostspec - $datespec + +rm -rf $temp_log_dir \ No newline at end of file diff --git a/log.d/bin/storelog.pl b/log.d/bin/storelog.pl new file mode 100755 index 0000000..5e2cb49 --- /dev/null +++ b/log.d/bin/storelog.pl @@ -0,0 +1,49 @@ +#!/usr/bin/perl +# +# +use DBI; + +$configfile = "/etc/log.d/db.conf"; +eval('require("$configfile")'); +die "*** Failed to eval() file $configfile:\n$@\n" if ($@); + +if (!@ARGV) { + print "Usage: storelog.pl system datafile [date]\n"; + exit (99); +} + +# +# Open the logfiles we're writing to the database and put all data in +# the $data variable. +# +open (DATA, $ARGV[1]); +while () { + $data .= $_; +} +close (DATA); + +if (@ARGV[2] && (@ARGV[2] ne "all") && (@ARGV[2] ne "yesterday") && (@ARGV[2] ne "today")) { + $date = "'". @ARGV[2]. "'"; +} elsif (@ARGV[2] eq "yesterday") { + $date = "(CURRENT_DATE - 1)"; +} else { + $date = "CURRENT_DATE"; +} + +# +# Open the database connection +# +my $dbh = DBI->connect($DBI, $user, $password) or die DBI::errstr; + +# Make sure that the data is properly escaped +my $qdata = $dbh->quote($data); + +$sql = "insert into syslog_tsummary (host, date, data) values ('". @ARGV[0]. "', $date, $qdata)"; + +my $sth = $dbh->prepare($sql) or die "Can't prepare statement: $DBI::errstr"; +my $rc = $sth->execute or die "Can't execute statement: $DBI::errstr"; + +# check for problems which may have terminated the fetch early +die $sth->errstr if $sth->err; + +$dbh->disconnect(); diff --git a/log.d/configs/linux.tar.gz b/log.d/configs/linux.tar.gz new file mode 100644 index 0000000..6104fed Binary files /dev/null and b/log.d/configs/linux.tar.gz differ diff --git a/log.d/configs/linux/conf/logfiles/messages.conf b/log.d/configs/linux/conf/logfiles/messages.conf new file mode 100644 index 0000000..ed1ca02 --- /dev/null +++ b/log.d/configs/linux/conf/logfiles/messages.conf @@ -0,0 +1,38 @@ +########################################################################## +# $Id: messages.conf,v 1.18 2003/12/15 18:35:01 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = messages + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +# Note: if these are gzipped, you need to end with a .gz even if +# you use wildcards... +Archive = messages.* +Archive = messages.*.gz +Archive = archiv/messages.* +Archive = archiv/messages.*.gz + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Now, lets remove the services we don't care about at all... +*RemoveService = talkd +*RemoveService = telnetd +*RemoveService = inetd +*RemoveService = nfsd +*RemoveService = /sbin/mingetty + +# Keep only the lines in the proper date range... +*OnlyHost +*ApplyStdDate + diff --git a/log.d/configs/linux/conf/logwatch.conf b/log.d/configs/linux/conf/logwatch.conf new file mode 100644 index 0000000..86b576e --- /dev/null +++ b/log.d/configs/linux/conf/logwatch.conf @@ -0,0 +1,115 @@ +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +# +######################################################## + +# NOTE: +# All these options are the defaults if you run logwatch with no +# command-line arguments. You can override all of these on the +# command-line. + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +# Default Log Directory +# All log-files are assumed to be given relative to this directory. +LogDir = /var/tmp/var/log + +# You can override the default temp directory (/tmp) here +TmpDir = /tmp + +# Default person to mail reports to. Can be a local account or a +# complete email address. +#MailTo = root + +# If set to 'Yes', the report will be sent to stdout instead of being +# mailed to above person. +Print = Yes + +# Leave this to 'Yes' if you have the mktemp program and it supports +# the '-d' option. Some older version of mktemp on pre-RH7.X did not +# support this option, so set this to no in that case and Logwatch will +# use internal temp directory creation that is (hopefully) just as secure +UseMkTemp = Yes + +# +# Some systems have mktemp in a different place +# +MkTemp = /bin/mktemp + +# if set, the results will be saved in instead of mailed +# or displayed. +#Save = /tmp/logwatch + +# Use archives? If set to 'Yes', the archives of logfiles +# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will +# be searched in addition to the /var/log/messages file. +# This usually will not do much if your range is set to just +# 'Yesterday' or 'Today'... it is probably best used with +# Archives = Yes +# Range = All + +# The default time range for the report... +# The current choices are All, Today, Yesterday +Range = all + +# The default detail level for the report. +# This can either be Low, Med, High or a number. +# Low = 0 +# Med = 5 +# High = 10 +Detail = High + + +# The 'Service' option expects either the name of a filter +# (in /etc/log.d/scripts/services/*) or 'All'. +# The default service(s) to report on. This should be left as All for +# most people. +Service = All +# You can also disable certain services (when specifying all) +#Service = -zz-fortune +# If you only cared about FTP messages, you could use these 2 lines +# instead of the above: +#Service = ftpd-messages # Processes ftpd messages in /var/log/messages +#Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog +# Maybe you only wanted reports on PAM messages, then you would use: +#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit +#Service = pam # General PAM messages... usually not many + +# You can also choose to use the 'LogFile' option. This will cause +# logwatch to only analyze that one logfile.. for example: +#LogFile = messages +# will process /var/log/messages. This will run all the filters that +# process that logfile. This option is probably not too useful to +# most people. Setting 'Service' to 'All' above analyizes all LogFiles +# anyways... + +# +# some systems have different locations for mailers +# +mailer = /bin/mail + +# +# With this option set to 'Yes', only log entries for this particular host +# (as returned by 'hostname' command) will be processed. The hostname +# can also be overridden on the commandline (with --hostname option). This +# can allow a log host to process only its own logs, or Logwatch can be +# run once per host included in the logfiles. +# +# The default is to report on all log entries, regardless of its source host. +# Note that some logfiles do not include host information and will not be +# influenced by this setting. +# +#HostLimit = Yes + diff --git a/log.d/configs/linux/conf/services/arpwatch.conf b/log.d/configs/linux/conf/services/arpwatch.conf new file mode 100644 index 0000000..ae36264 --- /dev/null +++ b/log.d/configs/linux/conf/services/arpwatch.conf @@ -0,0 +1,23 @@ +########################################################################## +# $Id: arpwatch.conf,v 1.3 2003/11/03 15:12:48 kirk Exp $ +########################################################################## + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Arpwatch" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the arpwatch service... +*OnlyService = arpwatch +*RemoveHeaders + diff --git a/log.d/configs/linux/conf/services/automount.conf b/log.d/configs/linux/conf/services/automount.conf new file mode 100644 index 0000000..48f90a6 --- /dev/null +++ b/log.d/configs/linux/conf/services/automount.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: automount.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Automount" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the automount service... +*OnlyService = automount +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/cisco.conf b/log.d/configs/linux/conf/services/cisco.conf new file mode 100644 index 0000000..6eb3ef7 --- /dev/null +++ b/log.d/configs/linux/conf/services/cisco.conf @@ -0,0 +1,28 @@ +########################################################################### +# $Id: cisco.conf,v 1.1 2004/06/21 14:31:59 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "cisco" + +# Which logfile group... +LogFile = messages + + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/clam-update.conf b/log.d/configs/linux/conf/services/clam-update.conf new file mode 100644 index 0000000..6843b8d --- /dev/null +++ b/log.d/configs/linux/conf/services/clam-update.conf @@ -0,0 +1,59 @@ +######################################################################### +# clam-update script for Logwatch +# Analyzes the Clam Anti-Virus update log +# +# Version: 1.0.0 +# Initial release +# Version: 1.0.1 +# Minor documentation update +# +# Written by: Lars Skjærlund +######################################################################### + +######################################################################### +# This script is subject to the same copyright as Logwatch itself +######################################################################### + +######################################################################### +# Files - all shown with default paths: +# +# /etc/log.d/conf/logfiles/clam-update.conf +# /etc/log.d/conf/services/clam-update.conf (this file) +# /etc/log.d/scripts/services/clam-update +# +# ... and of course +# +# /var/log/clam-update +######################################################################### + +######################################################################### +# Important note: +# +# Under normal operation - ie. a detail level of 'lo' (0), no output will +# be produced if no updates have taken place. However, if no update +# attempt has been done, an alert will be output to inform you about this +# (which probably means that freshclam isn't running). +# +# If you have stopped using ClamAV and would like to get rid of the +# alert, you should delete the logfile. If there's no logfile, no alerts +# will be output - but if Logwatch finds a logfile and no update attempts +# have been made for whatever timeperiod Logwatch is analyzing, an alert +# will be output. +######################################################################### + +Title = "clam-update" + +# Which logfile group... +LogFile = messages + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = clam-update.* +Archive = clam-update.*.gz +Archive = freshclam.log.* +Archive = freshclam.log.*.gz +Archive = archiv/clam-update.* +Archive = archiv/clam-update.*.gz +Archive = archiv/freshclam.log.* +Archive = archiv/freshclam.log.*.gz + diff --git a/log.d/configs/linux/conf/services/courier.conf b/log.d/configs/linux/conf/services/courier.conf new file mode 100644 index 0000000..bfe75eb --- /dev/null +++ b/log.d/configs/linux/conf/services/courier.conf @@ -0,0 +1,53 @@ +########################################################################### +# ------------------------------------------------------------------------ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "courier-mta" + +# Which logfile group... +LogFile = messages + +# Because the Courier Mail Server has very generic service names (pop3d +# etc.), it might sometimes be necessary to disable courier. +$courier_enable=1 + +#Level of Detail +# 0 (Default) only errors +#>=5 Successful deliveries, pop3 and imap connections +#$courier_override_detail_level=5 + +# Output format +# 0 make IPtables-Like output +# 1 make nicely-formatted tables +$courier_tables=1 + +#Print the Output of the command mailq +$courier_PrintMailQueue=0 + +#0: "502 ESMTP command error",cmd: DATA or 517-Domain does not exist: boss.com. +#1: "502 ESMTP command error" or 517-Domain does not exist +#Last means of course a reduction of tables but also a loss of information. +#Currently only in Table mode +#$courier_RemoveAdditionalInfo=0 + +#Change this to 1 if you want to do reverse DNS lookups +#(currently only for the Tables-format) +$courier_ip_lookup=0 + +# Only give lines pertaining to courier... +# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 +#but you will get at least all currently supported logs +*OnlyService = (courierd|courieresmtp|courieresmtpd|courierlocal) + +*RemoveHeaders = + diff --git a/log.d/configs/linux/conf/services/cron.conf b/log.d/configs/linux/conf/services/cron.conf new file mode 100644 index 0000000..28f8e82 --- /dev/null +++ b/log.d/configs/linux/conf/services/cron.conf @@ -0,0 +1,30 @@ +########################################################################### +# $Id: cron.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Cron" + +# Which logfile group... +LogFile = messages + +*OnlyService = crond + + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/dhcpd.conf b/log.d/configs/linux/conf/services/dhcpd.conf new file mode 100644 index 0000000..3086489 --- /dev/null +++ b/log.d/configs/linux/conf/services/dhcpd.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: dhcpd.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "dhcpd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the dhcpd service... +*OnlyService = dhcpd +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/exim.conf b/log.d/configs/linux/conf/services/exim.conf new file mode 100644 index 0000000..3c3eb52 --- /dev/null +++ b/log.d/configs/linux/conf/services/exim.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: exim.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "EXIM" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the mountd service... +#*OnlyService = +#*RemoveHeaders = + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/ftpd-messages.conf b/log.d/configs/linux/conf/services/ftpd-messages.conf new file mode 100644 index 0000000..d9835a8 --- /dev/null +++ b/log.d/configs/linux/conf/services/ftpd-messages.conf @@ -0,0 +1,33 @@ +########################################################################### +# $Id: ftpd-messages.conf,v 1.8 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "ftpd-messages" + +# Which logfile group... +LogFile = messages + +*OnlyService = ftpd +*RemoveHeaders + +# Set this to 1 if you want to ignore unmatched FTP messages... +$ftpd_ignore_unmatched = 0 + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/identd.conf b/log.d/configs/linux/conf/services/identd.conf new file mode 100644 index 0000000..4277396 --- /dev/null +++ b/log.d/configs/linux/conf/services/identd.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: identd.conf,v 1.7 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "identd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to identd... +*OnlyService = identd +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/imapd.conf b/log.d/configs/linux/conf/services/imapd.conf new file mode 100644 index 0000000..78cde06 --- /dev/null +++ b/log.d/configs/linux/conf/services/imapd.conf @@ -0,0 +1,26 @@ +########################################################################### +# ------------------------------------------------------------------------ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "IMAP" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to courier... +# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 +#but you will get at least all currently supported logs +*OnlyService = (imapd|imapd-ssl) + +*RemoveHeaders = + diff --git a/log.d/configs/linux/conf/services/in.qpopper.conf b/log.d/configs/linux/conf/services/in.qpopper.conf new file mode 100644 index 0000000..31baf87 --- /dev/null +++ b/log.d/configs/linux/conf/services/in.qpopper.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: in.qpopper.conf,v 1.4 2003/11/03 04:30:21 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "in.qpopper" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the in.qpopper service... +*MultiService = in.qpopper,qpopper +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kenneth Porter +# +# Please send all comments, suggestions, bug reports, +# etc, to shiva@well.com. +######################################################## + diff --git a/log.d/configs/linux/conf/services/init.conf b/log.d/configs/linux/conf/services/init.conf new file mode 100644 index 0000000..55e7ce9 --- /dev/null +++ b/log.d/configs/linux/conf/services/init.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: init.conf,v 1.6 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Init" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the init service... +*OnlyService = init +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/ipop3d.conf b/log.d/configs/linux/conf/services/ipop3d.conf new file mode 100644 index 0000000..6e33401 --- /dev/null +++ b/log.d/configs/linux/conf/services/ipop3d.conf @@ -0,0 +1,27 @@ +########################################################################### +# $Id: ipop3d.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "ipop3d" + +# Which logfile group... +LogFile = messages +*OnlyService = ipop3d + +*RemoveHeaders + +######################################################## +# The ipop3d filter was written and is maintained by: +# Pawel Jarosz +######################################################## + diff --git a/log.d/configs/linux/conf/services/kernel.conf b/log.d/configs/linux/conf/services/kernel.conf new file mode 100644 index 0000000..e6e1e0e --- /dev/null +++ b/log.d/configs/linux/conf/services/kernel.conf @@ -0,0 +1,34 @@ +########################################################################### +# $Id: kernel.conf,v 1.8 2002/10/13 02:01:51 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Kernel" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the kernel service... +*OnlyService = kernel +*RemoveHeaders + +# Set this to yes to lookup IPs in kernel firewall report +$kernel_ip_lookup = No + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/mailscanner.conf b/log.d/configs/linux/conf/services/mailscanner.conf new file mode 100644 index 0000000..8a11985 --- /dev/null +++ b/log.d/configs/linux/conf/services/mailscanner.conf @@ -0,0 +1,30 @@ +########################################################################### +# $Id: mailscanner.conf,v 1.1 2004/02/03 03:52:18 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "MailScanner" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the sendmail service... +*OnlyService = MailScanner +*RemoveHeaders + + +######################################################## +# This was written and is maintained by: +# Mike Tremaine +# +######################################################## + diff --git a/log.d/configs/linux/conf/services/modprobe.conf b/log.d/configs/linux/conf/services/modprobe.conf new file mode 100644 index 0000000..fc32e3d --- /dev/null +++ b/log.d/configs/linux/conf/services/modprobe.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: modprobe.conf,v 1.7 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "ModProbe" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the modprobe service... +*OnlyService = modprobe +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/mountd.conf b/log.d/configs/linux/conf/services/mountd.conf new file mode 100644 index 0000000..498831c --- /dev/null +++ b/log.d/configs/linux/conf/services/mountd.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: mountd.conf,v 1.6 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Mountd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the mountd service... +*OnlyService = mountd +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/named.conf b/log.d/configs/linux/conf/services/named.conf new file mode 100644 index 0000000..9724beb --- /dev/null +++ b/log.d/configs/linux/conf/services/named.conf @@ -0,0 +1,35 @@ +########################################################################### +# $Id: named.conf,v 1.7 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Named" + +# Which logfile group... +LogFile = messages + +# Whether or not to lookup the IPs into hostnames... +# Setting this to Yes will significantly increase runtime +$named_ip_lookup = No + +# Only give lines pertaining to the named service... +*OnlyService = named +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/oidentd.conf b/log.d/configs/linux/conf/services/oidentd.conf new file mode 100644 index 0000000..c3d693d --- /dev/null +++ b/log.d/configs/linux/conf/services/oidentd.conf @@ -0,0 +1,24 @@ +########################################################################### +# $Id: oidentd.conf,v 1.1 2004/02/03 02:45:25 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Oidentd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the modprobe service... +*OnlyService = oidentd +*RemoveHeaders + + diff --git a/log.d/configs/linux/conf/services/pam.conf b/log.d/configs/linux/conf/services/pam.conf new file mode 100644 index 0000000..5b4c1ef --- /dev/null +++ b/log.d/configs/linux/conf/services/pam.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: pam.conf,v 1.6 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "pam" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the pam service... +*OnlyService = pam +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/pam_pwdb.conf b/log.d/configs/linux/conf/services/pam_pwdb.conf new file mode 100644 index 0000000..8073b23 --- /dev/null +++ b/log.d/configs/linux/conf/services/pam_pwdb.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: pam_pwdb.conf,v 1.7 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "PAM_pwdb" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the PAM_pwdb service... +*OnlyService = pam_pwdb +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/pam_unix.conf b/log.d/configs/linux/conf/services/pam_unix.conf new file mode 100644 index 0000000..7979718 --- /dev/null +++ b/log.d/configs/linux/conf/services/pam_unix.conf @@ -0,0 +1,27 @@ +########################################################################### +# $Id: pam_unix.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "pam_unix" + +# Which logfile group... +LogFile = messages + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/pluto.conf b/log.d/configs/linux/conf/services/pluto.conf new file mode 100644 index 0000000..cd59bbc --- /dev/null +++ b/log.d/configs/linux/conf/services/pluto.conf @@ -0,0 +1,9 @@ +########################################################################## +# $Id: pluto.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################## + +# This is very simple. The FreeS/WAN watcher doesn't do a whole lot. :) + +Title = "FreeS/WAN" +LogFile = messages + diff --git a/log.d/configs/linux/conf/services/pop3.conf b/log.d/configs/linux/conf/services/pop3.conf new file mode 100644 index 0000000..c8498a3 --- /dev/null +++ b/log.d/configs/linux/conf/services/pop3.conf @@ -0,0 +1,26 @@ +########################################################################### +# ------------------------------------------------------------------------ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "POP-3" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to courier... +# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 +#but you will get at least all currently supported logs +*OnlyService = (pop3d-ssl|pop3d|spop3d) + +*RemoveHeaders = + diff --git a/log.d/configs/linux/conf/services/portsentry.conf b/log.d/configs/linux/conf/services/portsentry.conf new file mode 100644 index 0000000..10b5ede --- /dev/null +++ b/log.d/configs/linux/conf/services/portsentry.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: portsentry.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "PortSentry" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the portsentry service... +*OnlyService = portsentry +*RemoveHeaders = + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/postfix.conf b/log.d/configs/linux/conf/services/postfix.conf new file mode 100644 index 0000000..490fec5 --- /dev/null +++ b/log.d/configs/linux/conf/services/postfix.conf @@ -0,0 +1,35 @@ +########################################################################### +# $Id: postfix.conf,v 1.3 2004/02/03 03:52:18 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = postfix + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the postfix service... +*OnlyService = "postfix/[a-zA-Z0-9]*" +# *OnlyService = "postfix/smtpd" +*RemoveHeaders = + +######################################################## +# This was written and is maintained by: +# Kenneth Porter +# +# Please send all comments, suggestions, bug reports, +# etc, to shiva@well.com. +# +######################################################## + + + diff --git a/log.d/configs/linux/conf/services/pound.conf b/log.d/configs/linux/conf/services/pound.conf new file mode 100644 index 0000000..fa96f56 --- /dev/null +++ b/log.d/configs/linux/conf/services/pound.conf @@ -0,0 +1,34 @@ +########################################################################### +# pound.conf +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +# Which logfile group... +LogFile = messages + +# Whether or not to lookup the IPs into hostnames... +# Setting this to Yes will significantly increase runtime +$pound_ip_lookup = Yes + +# Only give lines pertaining to the named service... +*OnlyService = pound +*RemoveHeaders = + +######################################################## +# This was written and is maintained by: +# luuk +# +# Please send all comments, suggestions, bug reports, +# etc, to luuk@planet.nl. +# +######################################################## + diff --git a/log.d/configs/linux/conf/services/proftpd-messages.conf b/log.d/configs/linux/conf/services/proftpd-messages.conf new file mode 100644 index 0000000..8429e5e --- /dev/null +++ b/log.d/configs/linux/conf/services/proftpd-messages.conf @@ -0,0 +1,36 @@ +########################################################################### +# $Id: proftpd-messages.conf,v 1.5 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# This is for the ProFTPD daemon, if you have it on your system +# If you don't it won't hurt anything. + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "proftpd-messages" + +# Which logfile group... +LogFile = messages + +*OnlyService = proftpd +*RemoveHeaders + +# Set this to 1 if you want to ignore unmatched FTP messages... +$ftpd_ignore_unmatched = 0 + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/pureftpd.conf b/log.d/configs/linux/conf/services/pureftpd.conf new file mode 100755 index 0000000..527d6ce --- /dev/null +++ b/log.d/configs/linux/conf/services/pureftpd.conf @@ -0,0 +1,34 @@ +########################################################################### +# $Id: pureftpd.conf,v 1.1 2003/11/03 14:25:20 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "pureftp" + +# Which logfile group... +LogFile = messages + +*OnlyService = pure-ftpd +*RemoveHeaders = + +# Should we show some details? +$show_logins = 0 +$show_logouts = 0 + +# This can get rather large, it details files which were uploaded or downloaded +# by who, and where from. +$show_data_transfers = 0 + +# How many connections did we get? +# This only shows where it came from and how many per ip / host. +$show_new_connections = 0 + diff --git a/log.d/configs/linux/conf/services/qmail.conf b/log.d/configs/linux/conf/services/qmail.conf new file mode 100644 index 0000000..9b0fd02 --- /dev/null +++ b/log.d/configs/linux/conf/services/qmail.conf @@ -0,0 +1,51 @@ +########################################################################### +# $Id: qmail.conf,v 1.3 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "qmail" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the qmail service... +*OnlyService = qmail +*RemoveHeaders = + +# This sets whether to display counts of emails from each user & to each user. +# Will make rather a large log file if run on a primary mail server. +# Set either 0 or 1 +$qmail_high_detail = 0 + +# Threshold controls the minimum number for: +# "From this server" ($from_threshold) +# "To Remote Server" ($remote_threshold) +# "To Local Server" ($local_threshold) +# Threshold is a global variable. +# These are only used IF you have $qmail_high_detail set to 1 +$threshold = 4 + +# From threshold is a minimum for the number of emails people send out. +# This will over-ride threshold for this value. +# If it is not set, the global $threshold is used. Set to 0 for all. +$from_threshold = 6 + +# Remote threshold is a minimum for the number of emails that go to a remote server. +# This will over-ride threshold for this value. +# If it is not set, the global $threshold is used. Set to 0 for all. +$remote_threshold = 2 + +# Local threshold is a minimum for the number of emails that go to this local server. +# This will over-ride threshold for this value. +# If it is not set, the global $threshold is used. Set to 0 for all. +$local_threshold = 7 + diff --git a/log.d/configs/linux/conf/services/raid.conf b/log.d/configs/linux/conf/services/raid.conf new file mode 100644 index 0000000..7a12bf8 --- /dev/null +++ b/log.d/configs/linux/conf/services/raid.conf @@ -0,0 +1,5 @@ +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the kernel service... +*OnlyService = kernel diff --git a/log.d/configs/linux/conf/services/rt314.conf b/log.d/configs/linux/conf/services/rt314.conf new file mode 100644 index 0000000..31b7804 --- /dev/null +++ b/log.d/configs/linux/conf/services/rt314.conf @@ -0,0 +1,7 @@ +############################################################################# +# $Id: rt314.conf,v 1.2 2002/10/12 02:08:09 kirk Exp $ +############################################################################# + +Title = "RT314" +LogFile = messages +*OnlyService = rt314 diff --git a/log.d/configs/linux/conf/services/samba.conf b/log.d/configs/linux/conf/services/samba.conf new file mode 100644 index 0000000..5bb4d5f --- /dev/null +++ b/log.d/configs/linux/conf/services/samba.conf @@ -0,0 +1,29 @@ +########################################################################### +# $Id: samba.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "samba" + +# Which logfile group... +LogFile = messages + +*OnlyService = (smbd|nmbd) + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/secure.conf b/log.d/configs/linux/conf/services/secure.conf new file mode 100644 index 0000000..d19539c --- /dev/null +++ b/log.d/configs/linux/conf/services/secure.conf @@ -0,0 +1,40 @@ +########################################################################### +# $Id: secure.conf,v 1.10 2002/10/18 18:58:01 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Connections (secure-log)" + +# Which logfile group... +LogFile = messages + +# Whether or not to lookup the IPs into hostnames... +# Setting this to Yes will significantly increase runtime +$secure_ip_lookup = No + +# Use this to ignore certain services in the secure log. +# You can ignore as many services as you would like. +# (we ignore sshd because its entries are processed by the sshd script) +$ignore_services = sshd Pluto stunnel proftpd + +# For these services, summarize only (i.e. don't least each IP, just +# list the number of connections total) +#$summarize_connections = ftp + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/sendmail-largeboxes.conf b/log.d/configs/linux/conf/services/sendmail-largeboxes.conf new file mode 100644 index 0000000..0723085 --- /dev/null +++ b/log.d/configs/linux/conf/services/sendmail-largeboxes.conf @@ -0,0 +1,30 @@ +########################################################################### +# $Id: sendmail-largeboxes.conf,v 1.1 2004/06/21 13:51:56 kirk Exp $ +########################################################################### + +# This displays a warning for large mailboxes +# Best solution would be to have a config setting for what the +# server administrator considers as "large". Hard coded to consider 40Mb+ +# as large. + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +# Which logfile group... +LogFile = NONE + +######################################################## +# This was written and is maintained by: +# Colin Smith +# +# Please send all comments, suggestions, bug reports, +# etc, to Colin.Smith@fantasie.org.uk +######################################################## + diff --git a/log.d/configs/linux/conf/services/sendmail.conf b/log.d/configs/linux/conf/services/sendmail.conf new file mode 100644 index 0000000..e0bd0a3 --- /dev/null +++ b/log.d/configs/linux/conf/services/sendmail.conf @@ -0,0 +1,38 @@ +########################################################################### +# $Id: sendmail.conf,v 1.5 2003/11/03 04:24:06 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "sendmail" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the sendmail service... +*MultiService = sendmail,sm-mta +*RemoveHeaders + +#Sendmail Config File Files +# When Detail = High above, these two files will be used by LogWatch to +# discover which domains are local to this machine so that we can generate +# a summary of email traffic by domain. +$SendmailLocalHostNames = /etc/mail/local-host-names #Sometimes called sendmail.cw +$SendmailAccess = /etc/mail/access + +######################################################## +# This was written and is maintained by: +# Kenneth Porter +# +# Please send all comments, suggestions, bug reports, +# etc, to shiva@well.com. +######################################################## + diff --git a/log.d/configs/linux/conf/services/shaperd.conf b/log.d/configs/linux/conf/services/shaperd.conf new file mode 100644 index 0000000..ec20814 --- /dev/null +++ b/log.d/configs/linux/conf/services/shaperd.conf @@ -0,0 +1,24 @@ +########################################################################### +# $Id: shaperd.conf,v 1.1 2004/02/03 02:45:25 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Shaperd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the modprobe service... +*OnlyService = shaperd\d +*RemoveHeaders + + diff --git a/log.d/configs/linux/conf/services/smartd.conf b/log.d/configs/linux/conf/services/smartd.conf new file mode 100644 index 0000000..b29ecdf --- /dev/null +++ b/log.d/configs/linux/conf/services/smartd.conf @@ -0,0 +1,23 @@ +########################################################################### +# $Id: smartd.conf,v 1.1 2003/01/13 04:03:02 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Smartd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the smartd service... +*OnlyService = smartd +*RemoveHeaders + diff --git a/log.d/configs/linux/conf/services/sshd.conf b/log.d/configs/linux/conf/services/sshd.conf new file mode 100644 index 0000000..d628a90 --- /dev/null +++ b/log.d/configs/linux/conf/services/sshd.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: sshd.conf,v 1.12 2002/10/12 02:08:09 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "SSHD" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the sshd service... +*OnlyService = sshd +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/sshd2.conf b/log.d/configs/linux/conf/services/sshd2.conf new file mode 100644 index 0000000..e90f59d --- /dev/null +++ b/log.d/configs/linux/conf/services/sshd2.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: sshd2.conf,v 1.4 2002/10/12 02:08:10 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Sshd2" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the sshd2 service... +*OnlyService = sshd2 +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/stunnel.conf b/log.d/configs/linux/conf/services/stunnel.conf new file mode 100644 index 0000000..85d4837 --- /dev/null +++ b/log.d/configs/linux/conf/services/stunnel.conf @@ -0,0 +1,22 @@ +########################################################################## +# $Id: stunnel.conf,v 1.2 2002/10/12 02:08:10 kirk Exp $ +########################################################################## + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "stunnel" + +# Which logfile group... +LogFile = messages + +*OnlyService = stunnel +*RemoveHeaders + diff --git a/log.d/configs/linux/conf/services/sudo.conf b/log.d/configs/linux/conf/services/sudo.conf new file mode 100644 index 0000000..bf67fb8 --- /dev/null +++ b/log.d/configs/linux/conf/services/sudo.conf @@ -0,0 +1,30 @@ +########################################################################### +# $Id: sudo.conf,v 1.3 2002/10/12 02:08:10 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Sudo (secure-log)" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the sudo service... +*OnlyService = sudo +*RemoveHeaders +######################################################## +# This was written and is maintained by: +# Erik Ogan +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/syslogd.conf b/log.d/configs/linux/conf/services/syslogd.conf new file mode 100644 index 0000000..4ebde8d --- /dev/null +++ b/log.d/configs/linux/conf/services/syslogd.conf @@ -0,0 +1,31 @@ +########################################################################### +# $Id: syslogd.conf,v 1.7 2002/10/12 02:08:10 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Syslogd" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the syslogd service... +*OnlyService = syslogd +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/up2date.conf b/log.d/configs/linux/conf/services/up2date.conf new file mode 100644 index 0000000..63fe273 --- /dev/null +++ b/log.d/configs/linux/conf/services/up2date.conf @@ -0,0 +1,28 @@ +########################################################################### +# $Id: up2date.conf,v 1.2 2002/10/12 02:08:10 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "up2date" + +# Which logfile group... +LogFile = messages + +*OnlyService up2date +######################################################## +# This was written and is maintained by: +# Eric Moret +# +# Please send all comments, suggestions, bug reports, +# etc, to eric.moret@epita.fr. +######################################################## + diff --git a/log.d/configs/linux/conf/services/vpopmail.conf b/log.d/configs/linux/conf/services/vpopmail.conf new file mode 100644 index 0000000..614096e --- /dev/null +++ b/log.d/configs/linux/conf/services/vpopmail.conf @@ -0,0 +1,26 @@ +########################################################################### +# $Id: vpopmail.conf,v 1.3 2003/11/03 14:27:46 kirk Exp $ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "vpopmail" + +# Which logfile group... +LogFile = messages + +# Only give lines pertaining to the qmail service... +*OnlyService = vpopmail +*RemoveHeaders = + +# Do you want to report succeful logins? +$successful_logins = 0 + diff --git a/log.d/configs/linux/conf/services/vsftpd.conf b/log.d/configs/linux/conf/services/vsftpd.conf new file mode 100644 index 0000000..a67caad --- /dev/null +++ b/log.d/configs/linux/conf/services/vsftpd.conf @@ -0,0 +1,28 @@ + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = vsftpd-messages + +# Which logfile group... +LogFile = messages + +# *OnlyService = vsftpd +*RemoveHeaders = + +# Set this to 1 if you want to ignore unmatched FTP messages... +$vsftpd_ignore_unmatched = 0 + +# NOTE: Be sure to add these to your FTP server's vsftpd.conf file: +# (NOT this logwatch configuration file) +# xferlog_enable=YES +# xferlog_std_format=YES +# dual_log_enable=YES + diff --git a/log.d/configs/linux/conf/services/yum.conf b/log.d/configs/linux/conf/services/yum.conf new file mode 100644 index 0000000..1e39edd --- /dev/null +++ b/log.d/configs/linux/conf/services/yum.conf @@ -0,0 +1,6 @@ +Title = "yum" + +# Which logfile group... +LogFile = messages + + diff --git a/log.d/configs/linux/conf/services/zz-disk_space.conf b/log.d/configs/linux/conf/services/zz-disk_space.conf new file mode 100644 index 0000000..6c8954e --- /dev/null +++ b/log.d/configs/linux/conf/services/zz-disk_space.conf @@ -0,0 +1,30 @@ +########################################################################### +# $Id: zz-disk_space.conf,v 1.2 2003/10/29 04:37:20 kirk Exp $ +########################################################################### + +# This just displays a fortune at the end of the report... + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +# Which logfile group... +LogFile = NONE + +# Uncomment this to show the home directory sizes +#$show_home_dir_sizes = 1 + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/conf/services/zz-fortune.conf b/log.d/configs/linux/conf/services/zz-fortune.conf new file mode 100644 index 0000000..5e84a8b --- /dev/null +++ b/log.d/configs/linux/conf/services/zz-fortune.conf @@ -0,0 +1,27 @@ +########################################################################### +# $Id: zz-fortune.conf,v 1.5 2002/10/12 02:08:10 kirk Exp $ +########################################################################### + +# This just displays a fortune at the end of the report... + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +# Which logfile group... +LogFile = NONE + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + diff --git a/log.d/configs/linux/scripts/logfiles/autorpm/applydate b/log.d/configs/linux/scripts/logfiles/autorpm/applydate new file mode 100755 index 0000000..002d1da --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/autorpm/applydate @@ -0,0 +1,31 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: applydate,v 1.1 2002/10/27 14:05:40 kirk Exp $ +########################################################################## + +use POSIX qw(strftime); + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%a %b %d", localtime($time-86400)); + $SearchYear = strftime("%Y", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%a %b %d", localtime($time)); + $SearchYear = strftime("%Y", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "... ... .."; + $SearchYear = "...."; +} + +# Make sure '01' becomes '.1' so it will match ' 1' +$SearchDate =~ s/0(\d)/.$1/; + +while (defined($ThisLine = )) { + if ($ThisLine =~ s/$SearchDate ..:..:.. [^ ]+ $SearchYear - //o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/logfiles/cron/applydate b/log.d/configs/linux/scripts/logfiles/cron/applydate new file mode 100755 index 0000000..2fe326a --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/cron/applydate @@ -0,0 +1,69 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: applydate,v 1.10 2004/06/21 13:57:12 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use POSIX qw(strftime); + +# SearchDate2 is for newer crond (i.e. RH7.X) +my ($SearchDate, $SearchDate2, $ThisLine); +my ($incount, $outcount) = (0, 0); +my $time = time; +my $hostname = `hostname`; +my $OSname = `uname -s`; +chomp $hostname; +chomp $OSname; + +if ($ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%m/%d", localtime($time-86400)); + $SearchDate2 = strftime("%b %e", localtime($time-86400)); +} +elsif ($ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%m/%d", localtime($time)); + $SearchDate2 = strftime("%b %e", localtime($time)); +} +elsif ($ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = '../..'; + $SearchDate2 = '... ..'; +} + +if ($ENV{'LOGWATCH_DEBUG'} > 5) { + print STDERR "DEBUG: Inside ApplyDate (cron)...\n"; + print STDERR 'DEBUG: Range: ' . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: $SearchDate or $SearchDate2\n"; +} + +while (defined($ThisLine = )) { + $incount++; + #Solaris CRON filter -mgt + #Basically takes the cron format in /var/cron/log and makes it look like syslog + if ( $OSname =~ /SunOS/ ) { + if ($ThisLine =~ m/^\>\s+CMD: (.+)$/o) { + my $command = $1; + my $nextline = ; + my ($user, $ps, $datestamp) = $nextline =~ /^\>\s+(\w+) (\d+) \w \w\w\w (\w\w\w\s+\d+ \d\d:\d\d:\d\d)/; + $ThisLine = "$datestamp $hostname CROND[$ps]: ($user) CMD ($command)\n"; + } + } + if ($ThisLine =~ m/^[^ ]+ \($SearchDate-..:..:..-[0123456789]+\) /o) { + print $ThisLine; + $outcount++; + } elsif ($ThisLine =~ m/^$SearchDate2 ..:..:.. [^ ]+ \w+\[\d+\]:/o) { + print $ThisLine; + $outcount++; + } +} + +if ($ENV{'LOGWATCH_DEBUG'} > 5) { + print STDERR "DEBUG: ApplyDate (cron): $incount Lines In, $outcount Lines Out\n"; +} + diff --git a/log.d/configs/linux/scripts/logfiles/samba/applydate b/log.d/configs/linux/scripts/logfiles/samba/applydate new file mode 100755 index 0000000..9d62e91 --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/samba/applydate @@ -0,0 +1,62 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: applydate,v 1.6 2002/10/14 16:21:57 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Luuk de Boer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use POSIX qw(strftime); + +# I plan to add a *lot* more date flexibility at a later time... + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%m/%d/%y", localtime($time-86400)); + $SearchDate2 = strftime("%Y/%m/%d", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%m/%d/%y", localtime($time)); + $SearchDate2 = strftime("%Y/%m/%d", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "../../.."; + $SearchDate2 = "..../../.."; +} + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyDate (samba)...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: $SearchDate or $SearchDate2\n"; +} + +$ThisLine = ; +mainloop: while ($ThisLine) { + if ($ThisLine =~ m/^$SearchDate ..:..:.. /o) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^\[$SearchDate2 ..:..:../o) { + chomp($ThisLine); + print $ThisLine; + while ($ThisLine = ) { + if ($ThisLine =~ m/^\[....\/..\/.. ..:..:../) { + # Found next entry + print "\n"; + next mainloop; + } else { + chomp($ThisLine); + print $ThisLine; + } + } + print "\n"; + } else { + $ThisLine = ; + } +} + diff --git a/log.d/configs/linux/scripts/logfiles/samba/removeheaders b/log.d/configs/linux/scripts/logfiles/samba/removeheaders new file mode 100755 index 0000000..2311a1b --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/samba/removeheaders @@ -0,0 +1,19 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: removeheaders,v 1.4 2002/10/12 02:08:15 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Luuk de Boer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +while (defined($ThisLine = )) { + $ThisLine =~ s/^..\/..\/.. ..:..:.. //; + $ThisLine =~ s/^\[....\/..\/.. ..:..:...+?\]\s*//; + print $ThisLine; +} + diff --git a/log.d/configs/linux/scripts/logfiles/up2date/applydate b/log.d/configs/linux/scripts/logfiles/up2date/applydate new file mode 100755 index 0000000..6574b4c --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/up2date/applydate @@ -0,0 +1,39 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: applydate,v 1.4 2002/10/14 16:21:57 kirk Exp $ +########################################################################## + +use POSIX qw(strftime); + +# I plan to add a *lot* more date flexibility at a later time... + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%a %b %d", localtime($time-86400)); + $SearchYear = strftime("%Y", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%a %b %d", localtime($time)); + $SearchYear = strftime("%Y", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "... ... .."; + $SearchYear = "...."; +} + +# Make sure '01' becomes '.1' so it will match ' 1' +$SearchDate =~ s/0(\d)/.$1/; + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyDate (up2date)...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: " . $SearchDate . " " . $SearchYear . "\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/\[$SearchDate ..:..:.. $SearchYear\]/o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/logfiles/up2date/removeheaders b/log.d/configs/linux/scripts/logfiles/up2date/removeheaders new file mode 100755 index 0000000..435c0f8 --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/up2date/removeheaders @@ -0,0 +1,10 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: removeheaders,v 1.2 2002/10/12 02:08:16 kirk Exp $ +########################################################################## + +while (defined($ThisLine = )) { + $ThisLine =~ s/^\[... ... .. ..:..:.. ....\] up2date //; + print $ThisLine; +} + diff --git a/log.d/configs/linux/scripts/logfiles/xferlog/applydate b/log.d/configs/linux/scripts/logfiles/xferlog/applydate new file mode 100755 index 0000000..c934bbb --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/xferlog/applydate @@ -0,0 +1,47 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: applydate,v 1.8 2002/10/14 16:21:57 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use POSIX qw(strftime); + +# I plan to add a *lot* more date flexibility at a later time... + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%b %d", localtime($time-86400)); + $SearchYear = strftime("%Y", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%b %d", localtime($time)); + $SearchYear = strftime("%Y", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "... .."; + $SearchYear = "...."; +} + +# The date might be "Dec 09", but it needs to be "Dec 9"... +$SearchDate =~ s/ 0/ /; + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyDate (xferlog)...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/^... $SearchDate ..:..:.. $SearchYear/o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/logfiles/xferlog/removeheaders b/log.d/configs/linux/scripts/logfiles/xferlog/removeheaders new file mode 100755 index 0000000..474b149 --- /dev/null +++ b/log.d/configs/linux/scripts/logfiles/xferlog/removeheaders @@ -0,0 +1,18 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: removeheaders,v 1.3 2002/10/12 02:08:17 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +while (defined($ThisLine = )) { + $ThisLine =~ s/^... ... .. ..:..:.. .... [0123456789]+ //; + print $ThisLine; +} + diff --git a/log.d/configs/linux/scripts/logwatch.pl b/log.d/configs/linux/scripts/logwatch.pl new file mode 100755 index 0000000..b854018 --- /dev/null +++ b/log.d/configs/linux/scripts/logwatch.pl @@ -0,0 +1,790 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: logwatch.pl,v 1.111 2004/06/21 15:00:44 kirk Exp $ +########################################################################## +# Most current version can always be found at: +# ftp://ftp.logwatch.org/pub/redhat/RPMS + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to logwatch@logwatch.org. +# +######################################################## + +my $BaseDir = "/etc/log.d"; +#my $BaseDir = "/home/kirk/cvs-work/logwatch"; +my $ConfigDir = "$BaseDir/conf"; + +#Added to create switches for different os options -mgt +#For now working on Linux and SunOS +my $OSname = `uname -s`; +chomp $OSname; + +my $Version = '5.2'; +my $VDate = '06/21/04'; + +############################################################################# + +use Getopt::Long; +my (%Config, @ServiceList, @LogFileList, %ServiceData, %LogFileData); +my (@AllShared, @AllLogFiles, @FileList); +# These need to not be global variables one day +my (@ReadConfigNames, @ReadConfigValues); + +# Default config here... +$Config{'detail'} = 0; +$Config{'mailto'} = "root"; +$Config{'save'} = ""; +$Config{'print'} = 0; +$Config{'range'} = "yesterday"; +$Config{'debug'} = 0; +$Config{'archives'} = 0; +$Config{'tmpdir'} = "/tmp"; +$Config{'splithosts'} = 0; +$Config{'multiemail'} = 0; +# Logwatch now does some basic searching for logs +# So if the log file is not in the log path it will check /var/adm +# and then /var/log -mgt +$Config{'logdir'} = "/var/log"; +chomp($Config{'hostname'} = `hostname`); + +############################################################################# + +sub Usage () { + # Show usage for this program + print "\nUsage: $0 [--detail ] [--logfile ]\n" . + " [--print] [--mailto ] [--archives] [--range ] [--debug ]\n" . + " [--save ] [--help] [--version] [--service ]\n" . + " [--splithosts] [--multiemail]\n\n"; + print "--detail : Report Detail Level - High, Med, Low or any #.\n"; + print "--logfile : *Name of a logfile definition to report on.\n"; + print "--service : *Name of a service definition to report on.\n"; + print "--print: Display report to stdout.\n"; + print "--mailto : Mail report to .\n"; + print "--archives: Use archived log files too.\n"; + print "--save : Save to .\n"; + print "--range : Date range: Yesterday, Today or All.\n"; + print "--debug : Debug Level - High, Med, Low or any #.\n"; + print "--splithosts: Create a report for each host in syslog.\n"; + print "--multiemail: Send each host report in a separate email. Ignored if \n"; + print " not using --splithosts.\n"; + print "--version: Displays current version.\n"; + print "--help: This message.\n"; + print "* = Switch can be specified multiple times...\n\n"; + exit (99); +} + +my %wordsToInts = (yes => 1, no => 0, + true => 1, false => 0, + on => 1, off => 0, + high => 10, + med => 5, medium => 5, + low => 0); + +sub getInt { + my $word = shift; + my $tmpWord = lc $word; + $tmpWord =~ s/\W//g; + return $wordsToInts{$tmpWord} if (defined $wordsToInts{$tmpWord}); + unless ($word =~ s/^"(.*)"$/$1/) { + return lc $word; + } + return $word; +} + +sub CleanVars { + foreach (keys %Config) { + $Config{$_} = getInt($Config{$_}); + } +} + +sub PrintStdArray (@) { + my @ThisArray = @_; + my $i; + for ($i=0;$i<=$#ThisArray;$i++) { + print "[" . $i . "] = " . $ThisArray[$i] . "\n"; + } +} + +sub PrintConfig () { + # for debugging, print out config... + foreach (keys %Config) { + print $_ . ' -> ' . $Config{$_} . "\n"; + } + print "Service List:\n"; + PrintStdArray @ServiceList; + print "\n"; + print "LogFile List:\n"; + PrintStdArray @LogFileList; + print "\n\n"; +} + +# for debugging... +sub PrintServiceData () { + my ($ThisKey1,$ThisKey2,$i); + foreach $ThisKey1 (keys %ServiceData) { + print "\nService Name: " . $ThisKey1 . "\n"; + foreach $ThisKey2 (keys %{$ServiceData{$ThisKey1}}) { + next unless ($ThisKey2 =~ /^\d+-/); + print " $ThisKey2 = $ServiceData{$ThisKey1}{$ThisKey2}\n"; + } + for ($i=0;$i<=$#{$ServiceData{$ThisKey1}{'logfiles'}};$i++) { + print " Logfile = " . $ServiceData{$ThisKey1}{'logfiles'}[$i] . "\n"; + } + } +} + +# for debugging... +sub PrintLogFileData () { + my ($ThisKey1,$ThisKey2,$i); + foreach $ThisKey1 (keys %LogFileData) { + print "\nLogfile Name: " . $ThisKey1 . "\n"; + foreach $ThisKey2 (keys %{$LogFileData{$ThisKey1}}) { + next unless ($ThisKey2 =~ /^\d+-/); + print " $ThisKey2 = $LogFileData{$ThisKey1}{$ThisKey2}\n"; + } + for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'logfiles'}};$i++) { + print " Logfile = " . $LogFileData{$ThisKey1}{'logfiles'}[$i] . "\n"; + } + for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'archives'}};$i++) { + print " Archive = " . $LogFileData{$ThisKey1}{'archives'}[$i] . "\n"; + } + } +} + +sub ReadConfigFile ($) { + my $FileName = $_[0]; + @ReadConfigNames = (); + @ReadConfigValues = (); + if ($Config{'debug'} > 5) { + print "ReadConfigFile: Opening " . $FileName . "\n"; + } + open (READCONFFILE, $FileName) or die "Cannot open file $FileName: $!\n"; + while (my $line = ) { + if ($Config{'debug'} > 9) { + print "ReadConfigFile: Read Line: " . $line; + } + $line =~ s/#.*$//; + next if ($line =~ /^\s*$/); + + my ($name, $value) = split /=/, $line, 2; + $name =~ s/^\s+//; $name =~ s/\s+$//; + if ($value) { $value =~ s/^\s+//; $value =~ s/\s+$//; } + else { $value = ''; } + + push @ReadConfigNames, lc $name; + push @ReadConfigValues, getInt $value; + if ($Config{'debug'} > 7) { + print "ReadConfigFile: Name=" . $name . ", Value=" . $value . "\n"; + } + } + close READCONFFILE; +} + +############################################################################# + +# Add / to BaseDir +unless ($BaseDir =~ m=/$=) { + $BaseDir = $BaseDir . "/"; +} + +# Load main config file... +if ($Config{'debug'} > 8) { + print "\nDefault Config:\n"; + PrintConfig(); +} + +CleanVars(); + +my $OldMailTo = $Config{'mailto'}; +my $OldPrint = $Config{'print'}; + +ReadConfigFile ($ConfigDir . "/logwatch.conf"); +for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq "logfile") { + push @LogFileList, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] eq "service") { + push @ServiceList, $ReadConfigValues[$i]; + } else { + $Config{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } +} + +CleanVars(); + +if ($OldMailTo ne $Config{'mailto'}) { + $Config{'print'} = 0; +} elsif ($OldPrint ne $Config{'print'}) { + $Config{'mailto'} = ""; +} + +if ($Config{'debug'} > 8) { + print "\nConfig After Config File:\n"; + PrintConfig(); +} + +# Options time... + +my @TempLogFileList = (); +my @TempServiceList = (); +my $Help = 0; +my $ShowVersion = 0; + +$OldMailTo = $Config{'mailto'}; +$OldPrint = $Config{'print'}; + +GetOptions ( "d|detail=s" => \$Config{'detail'}, + "l|logfile=s@" => \@TempLogFileList, + "logdir=s" => \$Config{'logdir'}, + "s|service=s@" => \@TempServiceList, + "p|print" => \$Config{'print'}, + "m|mailto=s" => \$Config{'mailto'}, + "save=s" => \$Config{'save'}, + "a|archives" => \$Config{'archives'}, + "debug=s" => \$Config{'debug'}, + "r|range=s" => \$Config{'range'}, + "h|help" => \$Help, + "v|version" => \$ShowVersion, + "hostname=s" => \$Config{'hostname'}, + "splithosts" => \$Config{'splithosts'}, + "multiemail" => \$Config{'multiemail'}, + ) or Usage(); + +$Help and Usage(); + +if ($ShowVersion) { + print "Logwatch $Version (released $VDate)\n"; + exit 0; +} + +CleanVars(); + +if ($OldMailTo ne $Config{'mailto'}) { + $Config{'print'} = 0; +} elsif ($OldPrint ne $Config{'print'}) { + $Config{'mailto'} = ""; +} + +if ($Config{'debug'} > 8) { + print "\nCommand Line Parameters:\n Log File List:\n"; + PrintStdArray @TempLogFileList; + print "\n Service List:\n"; + PrintStdArray @TempServiceList; + print "\nConfig After Command Line Parsing:\n"; + PrintConfig(); +} + +if ($#TempLogFileList > -1) { + @LogFileList = @TempLogFileList; + for (my $i = 0; $i <= $#LogFileList; $i++) { + $LogFileList[$i] = lc($LogFileList[$i]); + } + @ServiceList = (); +} + +if ($#TempServiceList > -1) { + @ServiceList = @TempServiceList; + for (my $i = 0; $i <= $#ServiceList; $i++) { + $ServiceList[$i] = lc($ServiceList[$i]); + } +} + +if ( ($#ServiceList == -1) and ($#LogFileList == -1) ) { + push @ServiceList, 'all'; +} + +if ($Config{'debug'} > 5) { + print "\nConfig After Everything:\n"; + PrintConfig(); +} + +############################################################################# + +# Find out what services are defined... +my (@TempAllServices, $ThisFile, $count); + +opendir(SERVICESDIR, $ConfigDir . '/services') or + die $ConfigDir . "/services: $!"; +my @services = grep !-d && /\.conf$/, readdir SERVICESDIR; +closedir SERVICESDIR; + +foreach my $f (@services) { + my $ThisService = lc $f; + $ThisService =~ s/\.conf$//; + push @TempAllServices, $ThisService; + + ReadConfigFile($ConfigDir . "/services/$f"); + + for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq 'logfile') { + push @{$ServiceData{$ThisService}{'logfiles'}}, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] =~ /^\*/) { + $count++; + $ServiceData{$ThisService}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i]; + } else { + $ServiceData{$ThisService}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } + } +} +my @AllServices = sort @TempAllServices; + +# Find out what logfiles are defined... +opendir(LOGFILEDIR, $ConfigDir . "/logfiles") or die $ConfigDir . "/logfiles/, no such directory.\n"; +while (defined($ThisFile = readdir(LOGFILEDIR))) { + unless (-d $ConfigDir . "/logfiles/" . $ThisFile) { + my $ThisLogFile = $ThisFile; + if ($ThisLogFile =~ s/\.conf$//i) { + push @AllLogFiles, $ThisLogFile; + ReadConfigFile($ConfigDir . "/logfiles/" . $ThisFile); + for (my $i = 0; $i <= $#ReadConfigNames; $i++) { + if ($ReadConfigNames[$i] eq "logfile") { + #Lets try and find the logs -mgt + if (-e "$Config{'logdir'}/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $ReadConfigValues[$i]; + } elsif (-e "/var/adm/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "adm/$ReadConfigValues[$i]"; + } elsif (-e "/var/log/$ReadConfigValues[$i]") { + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "log/$ReadConfigValues[$i]"; + } else { + #Fallback to default even if it doesn't exist -mgt + push @{$LogFileData{$ThisLogFile}{'logfiles'}}, + $ReadConfigValues[$i]; + } + } elsif ($ReadConfigNames[$i] eq "archive") { + push @{$LogFileData{$ThisLogFile}{'archives'}}, $ReadConfigValues[$i]; + } elsif ($ReadConfigNames[$i] =~ /^\*/) { + $count++; + $LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i]; + } else { + $LogFileData{$ThisLogFile}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; + } + } + } + } +} +closedir(LOGFILEDIR); + +# Find out what shared functions are defined... +opendir(SHAREDDIR,$BaseDir . "scripts/shared") or die $BaseDir . "scripts/shared/, no such directory.\n"; +while (defined($ThisFile = readdir(SHAREDDIR))) { + unless (-d $BaseDir . "scripts/shared/" . $ThisFile) { + push @AllShared, lc($ThisFile); + } +} +closedir(SHAREDDIR); + +if ($Config{'debug'} > 5) { + print "\nAll Services:\n"; + PrintStdArray @AllServices; + print "\nAll Log Files:\n"; + PrintStdArray @AllLogFiles; + print "\nAll Shared:\n"; + PrintStdArray @AllShared; +} + +############################################################################# + +# Time to expand @ServiceList, using @LogFileList if defined... + +if ((scalar @ServiceList > 1) && (grep /^all$/i, @ServiceList)) { + # This means we are doing *all* services ... but excluding some + my %tmphash; + foreach my $item (@AllServices) { + $tmphash{lc $item} = ""; + } + foreach my $service (@ServiceList) { + next if $service =~ /^all$/i; + if ($service =~ /^\-(.+)$/) { + my $offservice = $1; + if (! exists $tmphash{lc $offservice}) { + die "Nonexistent service to disable: $offservice\n"; + } + delete $tmphash{lc $offservice}; + } else { + die "Wrong configuration entry for \"Service\", if \"All\" selected, only \"-\" items are allowed\n"; + } + } + @ServiceList = (); + foreach my $keys (keys %tmphash) { + push @ServiceList, $keys; + } + @LogFileList = (); +} elsif ( $ServiceList[0] and ($ServiceList[0] eq 'all') and ($#ServiceList == 0) ) { + # This means we are doing *all* services... + @ServiceList = @AllServices; + @LogFileList = (); +} else { + my $ThisOne; + while (defined($ThisOne = pop @LogFileList)) { + unless ($LogFileData{$ThisOne}) { + die "Logwatch is not configured to use logfile: $ThisOne\n"; + } + foreach my $ThisService (keys %ServiceData) { + for (my $i = 0; $i <= $#{$ServiceData{$ThisService}{'logfiles'}}; $i++) { + if ( $ServiceData{$ThisService}{'logfiles'}[$i] eq $ThisOne ) { + push @ServiceList,$ThisService; + } + } + } + } + @TempServiceList = sort @ServiceList; + @ServiceList = (); + my $LastOne = ""; + while (defined($ThisOne = pop @TempServiceList)) { + unless ( ($ThisOne eq $LastOne) or ($ThisOne eq 'all') or ($ThisOne =~ /^-/)) { + unless ($ServiceData{$ThisOne}) { + die "Logwatch does not know how to process service: $ThisOne\n"; + } + push @ServiceList, $ThisOne; + } + $LastOne = $ThisOne; + } +} + +# Now lets fill up @LogFileList again... +foreach my $ServiceName (@ServiceList) { + foreach my $LogName ( @{$ServiceData{$ServiceName}{'logfiles'} } ) { + unless ( grep m/$LogName/, @LogFileList ) { + push @LogFileList, $LogName; + } + } +} + +if ($Config{'debug'} > 7) { + print "\n\nAll Service Data:\n"; + PrintServiceData; + print "\nServices that will be processed:\n"; + PrintStdArray @ServiceList; + print "\n\n"; + print "\n\nAll LogFile Data:\n"; + PrintLogFileData; + print "\nLogFiles that will be processed:\n"; + PrintStdArray @LogFileList; + print "\n\n"; +} + +############################################################################# + +my $TempDir; +my $UseMkTemp = $Config{'usemktemp'}; +my $MkTemp = $Config{'MkTemp'}; +if ($UseMkTemp and (-x $MkTemp)) { + $TempDir = `$MkTemp -d $Config{'tmpdir'}/logwatch.XXXXXXXX 2>/dev/null`; + chomp($TempDir); + unless (($? == 0) and $TempDir) { + die "Failed to create $Config{'tmpdir'}/logwatch.XXXXXXXX with mktemp!!\nDoes your mktemp support the -d option??\nIf not, modify logwatch.conf accordingly.\n"; + } + if ($Config{'debug'}>7) { + print "\nMade Temp Dir: " . $TempDir . " with mktemp\n"; + } +} else { + my $uid = $<; + my $gid = (split(' ', $( ))[0]; + + # Create the temporary directory... + $TempDir = $Config{'tmpdir'} . "/logwatch." . $$; + + if ($Config{'debug'}>7) { + print "\nMaking Temp Dir: " . $TempDir . "\n"; + } + + `rm -rf $TempDir`; + mkdir ($TempDir,0700) or die "Failed to create TempDir: $TempDir (somebody may be attempting a root exploit!)\n"; + `chown $uid $TempDir`; + `chgrp $gid $TempDir`; + `chmod 0700 $TempDir`; + unless (-d $TempDir and (not -l $TempDir)) { + die "$TempDir not a directory (somebody is attempting a root exploit!)\n"; + } + unless ((stat($TempDir))[4] == $uid) { + die "$TempDir not owned by UID $uid (somebody is attempting a root exploit!)\n"; + } + unless ((stat($TempDir))[5] == $gid) { + die "$TempDir not owned by GID $gid (somebody is attempting a root exploit!)\n"; + } + unless (((stat($TempDir))[2] & 07777) == 0700) { + die "$TempDir permissions not 0700 (somebody is attempting a root exploit!)\n"; + } + # Check to make sure nothing changed after we checked the ownership + unless (-d $TempDir and (not -l $TempDir)) { + die "$TempDir not a directory (somebody is attempting a root exploit!)\n"; + } + `rm -rf $TempDir/*`; + unless (`ls $TempDir | wc -l` == 0) { + die "$TempDir not empty (somebody is attempting a root exploit!)\n"; + } +} + +unless ($TempDir =~ m=/$=) { + $TempDir .= "/"; +} + +############################################################################# + +# Set up the environment... + +$ENV{'LOGWATCH_DATE_RANGE'} = $Config{'range'}; +$ENV{'LOGWATCH_DETAIL_LEVEL'} = $Config{'detail'}; +$ENV{'LOGWATCH_DEBUG'} = $Config{'debug'}; +$ENV{'LOGWATCH_TEMP_DIR'} = $TempDir; +if ($Config{'hostlimit'}) { + $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Config{'hostname'}; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//; +} +if ($Config{'debug'}>4) { + foreach ('LOGWATCH_DATE_RANGE', 'LOGWATCH_DETAIL_LEVEL', + 'LOGWATCH_TEMP_DIR', 'LOGWATCH_DEBUG', 'LOGWATCH_ONLY_HOSTNAME') { + if ($ENV{$_}) { + print "export $_='$ENV{$_}'\n"; + } + } +} + +my $LibDir = "$BaseDir/lib"; +if ($ENV{PERL5LIB}) { + # User dirs should be able to override this setting + $ENV{PERL5LIB} = "$ENV{PERL5LIB}:$LibDir"; +} else { + $ENV{PERL5LIB} = $LibDir; +} + +############################################################################# + +unless ($Config{'logdir'} =~ m=/$=) { + $Config{'logdir'} .= "/"; +} + +# Okay, now it is time to do pre-processing on all the logfiles... + +my $LogFile; +foreach $LogFile (@LogFileList) { + next if ($LogFile eq 'none'); + if (!defined($LogFileData{$LogFile}{'logfiles'})) { + print "*** Error: There is no logfile defined. Do you have a " . $BaseDir . "conf/logfiles/" . $LogFile . ".conf file ?\n"; + next; + } + @FileList = @{$LogFileData{$LogFile}{'logfiles'}}; + if ($Config{'archives'} == 1) { + push @FileList, $TempDir . $LogFile . "-archive"; + my $Archive; + foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + my $DestFile = $TempDir . $LogFile . "-archive"; + unless ($Archive =~ m=^/=) { + $Archive = ($Config{'logdir'} . $Archive); + } + if ($Archive =~ m/gz$/) { + `/bin/zcat $Archive 2>/dev/null >> $DestFile`; + } else { + `/bin/cat $Archive 2>/dev/null >> $DestFile`; + } + } + } + my $FileText = ""; + foreach $ThisFile (@FileList) { + if ($ThisFile =~ m=^/=) { + $FileText .= ($ThisFile . " "); + } else { + $FileText .= ( $Config{'logdir'} . $ThisFile . " "); + } + } + my $FilterText = " 2>/dev/null "; + foreach (sort keys %{$LogFileData{$LogFile}}) { + my $cmd = $_; + if ($cmd =~ s/^\d+-\*//) { + $FilterText .= ("| $BaseDir" . "scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); + } elsif ($cmd =~ s/^\$//) { + $ENV{$cmd} = $LogFileData{$LogFile}{$_}; + if ($Config{'debug'}>4) { + print "export $cmd='$LogFileData{$LogFile}{$_}'\n"; + } + } + } + if (opendir (LOGDIR,$BaseDir . "scripts/logfiles/" . $LogFile)) { + foreach (sort readdir(LOGDIR)) { + unless ( -d $BaseDir . "scripts/logfiles/$LogFile/$_") { + $FilterText .= ("| $BaseDir" . "scripts/logfiles/$LogFile/$_"); + } + } + closedir (LOGDIR); + } + if ($FileText) { + my $Command = $FileText . $FilterText . ">" . $TempDir . $LogFile; + if ($Config{'debug'}>4) { + print "\nPreprocessing LogFile: " . $LogFile . "\n" . $Command . "\n"; + } + if ($LogFile !~ /^[-_\w\d]+$/) { + print STDERR "Unexpected filename: [[$LogFile]]. Not used\n" + } else { + `/bin/cat $Command`; + } + } +} + +#populate the host lists if we're splitting hosts +my @hosts; +if ($Config{'splithosts'} eq 1) { + my $newlogfile; + my @logarray; + opendir (LOGDIR,$TempDir) || die "Cannot open dir"; + @logarray = readdir(LOGDIR); + closedir (LOGDIR); + my $ecpcmd = ("| $BaseDir" . "scripts/shared/hostlist"); + foreach $newlogfile (@logarray) { + my $eeefile = ("$TempDir" . "$newlogfile"); + if ((!(-d $eeefile)) && (!($eeefile =~ m/-archive/))) { + `/bin/cat $eeefile $ecpcmd`; + } + } + #read in the final host list + open (HOSTFILE,"$TempDir/hostfile") || die $!; + @hosts = ; + close (HOSTFILE); + chomp @hosts; + @hosts = sort(@hosts); +} + +############################################################################# + +my $report_finish = "\n ###################### LogWatch End ######################### \n\n"; +my $printing = ''; +my $emailopen = ''; + +sub initprint { + return if $printing; + if ($Config{'print'} eq 1) { + *OUTFILE = *STDOUT; + } elsif ($Config{'save'} ne "") { + open(OUTFILE,">" . $Config{'save'}) or die "Can't open output file: $Config{'save'}\n"; + } elsif ($OSname eq "SunOS") { + #Solaris mail doesn't know -s -mgt + if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) { + open(OUTFILE,"|$Config{'mailer'} $Config{'mailto'}") or die "Can't execute /bin/mail\n"; + print OUTFILE "From: LogWatcher\n"; + print OUTFILE "To: $Config{'mailto'}\n"; + print OUTFILE "Subject: LogWatch for $Config{'hostname'}\n\n"; + if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) { + print OUTFILE "Reporting on hosts: @hosts\n"; + } + $emailopen = 'y'; + } + } else { + if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) { + open(OUTFILE,"|$Config{'mailer'} -s \"LogWatch for $Config{'hostname'}\" " . $Config{'mailto'}) or die "Can't execute /bin/mail\n"; + if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) { + print OUTFILE "Reporting on hosts: @hosts\n"; + } + $emailopen = 'y'; + } + } + $printing = 'y'; + print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n"; + print OUTFILE " Processing Initiated: " . localtime(time) . "\n"; + print OUTFILE " Date Range Processed: $Config{'range'}\n"; + print OUTFILE " Detail Level of Output: $Config{'detail'}\n"; + print OUTFILE " Logfiles for Host: $Config{'hostname'}\n"; + print OUTFILE " ################################################################ \n"; +} + +sub parselogs { + my $Service; + foreach $Service (sort @ServiceList) { + $ENV{'PRINTING'} = $printing; + @FileList = @{$ServiceData{$Service}{'logfiles'}}; + my $FileText = ""; + foreach $ThisFile (@FileList) { + if (-s $TempDir . $ThisFile) { + $FileText .= ( $TempDir . $ThisFile . " "); + } + } + my $FilterText = " "; + foreach (sort keys %{$ServiceData{$Service}}) { + my $cmd = $_; + if ($cmd =~ s/^\d+-\*//) { + $FilterText .= ("$BaseDir" . "scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); + } elsif ($cmd =~ s/^\$//) { + $ENV{$cmd} = $ServiceData{$Service}{$_}; + if ($Config{'debug'}>4) { + print "export $cmd='$ServiceData{$Service}{$_}'\n"; + } + } + } +# ECP - insert the host stripping now + my $HostStrip = " "; + if ($Config{'splithosts'} eq 1) { + $HostStrip .= ("$BaseDir" . "scripts/shared/onlyhost"); + } + if ( -f $BaseDir . "scripts/services/" . $Service ) { + $FilterText .= ("" . $BaseDir . "scripts/services/" . $Service ); + } + else { + die "Can't open: " . $BaseDir . "scripts/services/" . $Service; + } + + my $Command = ''; + if ($FileList[0] eq 'none') { + $Command = " $FilterText 2>&1 "; + } elsif ($FileText) { + if ($HostStrip ne " ") { + $Command = " ( /bin/cat $FileText | $HostStrip | $FilterText) 2>&1 "; + } else { + $Command = " ( /bin/cat $FileText | $FilterText) 2>&1 "; + } + } + + if ($Command) { + if ($Config{'debug'}>4) { + print "\nProcessing Service: " . $Service . "\n" . $Command . "\n"; + } + open (TESTFILE,$Command . " |"); + my $ThisLine; + my $has_output = 0; + while (defined ($ThisLine = )) { + next if ((not $printing) and $ThisLine =~ /^\s*$/); + initprint(); + if (($has_output == 0) and ($ServiceData{$Service}{'title'})) { + print OUTFILE "\n --------------------- $ServiceData{$Service}{'title'} Begin ------------------------ \n\n"; + $has_output = 1; + } + print OUTFILE $ThisLine; + } + close (TESTFILE); + if ($has_output and $ServiceData{$Service}{'title'}) { + print OUTFILE "\n ---------------------- $ServiceData{$Service}{'title'} End ------------------------- \n\n"; + } + } + } + + print OUTFILE $report_finish if ($printing); + if ($Config{'multiemail'} eq 1) { + close(OUTFILE) unless ($Config{'print'} eq 1); + } +} + +if ($Config{'splithosts'} eq 1) { + my $Host; + foreach $Host (@hosts) { + $printing = ''; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Host; + $ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//; + $Config{'hostname'} = $Host; + parselogs(); + } # ECP +} else { + parselogs(); +} +close(OUTFILE) unless ($Config{'print'} eq 1); +############################################################################# + +# Get rid of temp directory... +if ($Config{'debug'}<100) { + `rm -rf $TempDir`; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/arpwatch b/log.d/configs/linux/scripts/services/arpwatch new file mode 100755 index 0000000..357f730 --- /dev/null +++ b/log.d/configs/linux/scripts/services/arpwatch @@ -0,0 +1,24 @@ +#!/usr/bin/perl -w +########################################################################### +# $Id: arpwatch,v 1.5 2003/12/15 18:09:23 kirk Exp $ +########################################################################### + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + next if ($ThisLine eq ""); + $ARPWatch{$ThisLine}++; +} + +if ( ($Detail >= 10) and (keys %ARPWatch) ) { + print "\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ARPWatch) { + print $ThisOne . "\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/automount b/log.d/configs/linux/scripts/services/automount new file mode 100755 index 0000000..c923cdd --- /dev/null +++ b/log.d/configs/linux/scripts/services/automount @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: automount,v 1.7 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Gerald Teschl +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$MountAttempts = 0; + +while (defined($ThisLine = )) { + if ( ($ThisLine =~ /^using kernel protocol version .*$/) or + ($ThisLine =~ /^expired .*$/) or + ($ThisLine =~ /^>> mount: .*$/) ) { + # don't care about these + } + elsif ( ($ThisMount) = ($ThisLine =~ /^attempting to mount entry (.*)$/) ) { + # store Mount + $Mount= $ThisMount; + $MountAttempts++; + } + elsif ($ThisLine =~ /^mount\(nfs\): nfs: mount failure .*:.* on .*$/) { + $Failed{$Mount}{'nfsm'}++; + } + elsif ($ThisLine =~ /^mount\(nfs\): entry .* lookup failure$/) { + $Failed{$Mount}{'nfsl'}++; + } + elsif ( $ThisLine =~ /^mount\(generic\): failed to mount .* on .*$/) { + $Failed{$Mount}{'mnt'}++; + } + elsif ( ($ThisMount) = ( $ThisLine =~ /^(.*): mount failed!$/) ) { + $FailedStartup{$ThisMount}++; + } + elsif ( $ThisLine =~ /^lookup\(file\): lookup for .* failed$/) { + $Failed{$Mount}{'file'}++; + } + elsif ( ($ThisMount) = ($ThisLine =~ /^starting automounter version .* path = (.*), maptype = .*, mapname = .*$/) ) { + $StartStop{$ThisMount}{'start'}++; + $StartStop{$ThisMount}{'stop'}+=0; + } + elsif ( ($ThisMount) = ($ThisLine =~ /^shutting down, path = (.*)$/) ) { + $StartStop{$ThisMount}{'stop'}++; + } + else { + # Report any unmatched entries... + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +if (keys %FailedStartup) { + print "\nFailed Startups:\n"; + foreach $ThisOne (keys %FailedStartup) { + print " $ThisOne " . $FailedStartup{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %Failed) { + print "\nFailed mounts:\n"; + foreach $ThisOne (keys %Failed) { + print " $ThisOne "; + if ($Failed{$ThisOne}{'nfsm'}) { + print "NFS Mount Failure $Failed{$ThisOne}{'nfsm'} Time(s)"; } + if ($Failed{$ThisOne}{'nfsl'}) { + print "NFS Lookup Failure $Failed{$ThisOne}{'nfsl'} Time(s)"; } + if ($Failed{$ThisOne}{'mnt'}) { + print "Mount Failure $Failed{$ThisOne}{'mnt'} Time(s)"; } + if ($Failed{$ThisOne}{'file'}) { + print "File Lookup Failure $Failed{$ThisOne}{'file'} Time(s)"; } + print "\n"; + } +} + +if ( ($Detail >= 10) and (keys %StartStop) ) { + print "\nStatistics:\n"; + print " Total number of mount attempts: $MountAttempts\n"; + foreach $ThisOne (keys %StartStop) { + $StartStop{$ThisOne}{'start'} = 0 unless defined $StartStop{$ThisOne}{'start'}; + $StartStop{$ThisOne}{'stop'} = 0 unless defined $StartStop{$ThisOne}{'stop'}; + print " $ThisOne: Started $StartStop{$ThisOne}{'start'} and stopped $StartStop{$ThisOne}{'stop'} Time(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $ThisOne (keys %OtherList) { + print "$ThisOne: $OtherList{$ThisOne} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/cisco b/log.d/configs/linux/scripts/services/cisco new file mode 100755 index 0000000..f9d9a0a --- /dev/null +++ b/log.d/configs/linux/scripts/services/cisco @@ -0,0 +1,401 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: cisco,v 1.2 2004/06/21 15:07:21 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Laurent DUFOUR , +# based on the work of +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to laurent.dufour@havas.com +######################################################## + +use Logwatch ':all'; + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my ($month,$day,$time,$host,$process,$conn,$msg); + +while (defined($ThisLine = )) { + +($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7); + + if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or + ($ThisLine =~ /Copyright/ ) or + ($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or + ($ThisLine =~ /IOS \(tm\)/ ) or + ($ThisLine =~ /accept udp/ ) or + ($ThisLine =~ /accept tcp/ ) or + ($ThisLine =~ /accept icmp/ ) or + ($ThisLine =~ /accept ip/ ) or + ($ThisLine =~ /denied udp/ ) or + ($ThisLine =~ /denied tcp/ ) or + ($ThisLine =~ /denied icmp/ ) or + ($ThisLine =~ /denied ip/ ) + ) { + # don't care about this, will code this later + } + elsif ( ($interface,$errortype,$withwho) = ($ThisLine =~ /duplex mismatch discovered on (.+) \(.*\), with (.*)/) ) { + $DuplexMismatched{$host}{$interface," with ",$errortype}++; + } + elsif ( ($interface,$vlan_number,$withwho) = ($ThisLine =~ /Native VLAN mismatch discovered on (.+) \(([^ ]+)\), with ([^ ]+)/) ) { + $VLANMismatched{$host}{$interface," vlan ",$vlan_number}++; + } + elsif ( ($interface) = ($ThisLine =~ /NVLANMISMATCH:Native vlan mismatch detected on port (.*)/) ) { + $VLANMismatched{$host}{$interface}++; + } + elsif ( ($interface,$state) = ($ThisLine =~ /Interface (.+), changed state to (.*)/) ) { + $InterfaceState{$host}{$interface," ",$state}++; + } + elsif ( ($interface,$state) = ($ThisLine =~ /Line protocol on Interface (.+), changed state to (.*)/) ) { + $LineProtocolInterfaceState{$host}{$interface," ",$state}++; + } + elsif ( ($interface_experiencing_error) = ($ThisLine =~ /ERROR: (.*) is experiencing errors/) ) { + $InterfaceError{$host}{$interface_experiencing_error}++; + } + elsif ( ($interface) = ($ThisLine =~ /DUPLEXMISMATCH:Full\/half duplex mismatch detected on port (.*)/) ) { + $DuplexMismatched{$host}{$interface}++; + } + elsif ( ($interface,$state,$destination_port) = ($ThisLine =~ /PORTFROMSTP:Port (.+) (.+) bridge port (.*)/) ) { + $PortStateBridge{$host}{$interface," ",$state," ",$destination_port}++; + } + elsif ( ($interface,$state,$destination_port) = ($ThisLine =~ /PORTTOSTP:Port (.+) (.+) bridge port (.*)/) ) { + $PortStateBridge{$host}{$interface," ",$state," ",$destination_port}++; + } + elsif ( ($Unit) = ($ThisLine =~ /Unit (.*), excessive modem control changes/) ) { + $ModemChange{$host}{$Unit}++; + } + elsif ( ($ThisLine =~ /Compiled/) ) { + $Started{$host}++; + } + elsif ( ($message) = ($ThisLine =~ /RELOAD: (.*)/) ) { + $ReloadRequested{$host}{$message}++; + } + elsif ( ($message) = ($ThisLine =~ /RESTART: (.*)/) ) { + $Restarted{$host}{$message}++; + } + elsif ( ($interface) = ($ThisLine =~ /LOSTCARR: (.*)/) ) { + $LostCarrier{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /DUPADDR: (.*)/) ) { + $DuplicateAddress{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /TRUNKPORTON:Port (.*)/) ) { + $TRUNKPORTON{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /TRUNKPORTOFF:Port (.*)/) ) { + $TRUNKPORTOFF{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /EXCESSCOLL: (.*)/) ) { + $ExcessiveCollision{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /LATECOLL: (.*)/) ) { + $LateCollision{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /UNDERFLO: (.*)/) ) { + $Underflow{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /P2_WARN: (.*)/) ) { + $InvalidMulticast{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /CONFIG.+: (.*)/) ) { + $Configured{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /CONFIG: (.*)/) ) { + $Configured{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /LINK_FLAP: (.*)/) ) { + $Flapping{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /ERR_DISABLE: (.*)/) ) { + $Flapping{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /LOGIN_FAIL:User (.*)/) ) { + $LoginFail{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /RSHPORTATTEMPT: (.*)/) ) { + $RSHELLFail{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /SPANTREE.+: (.*)/) ) { + $SpantreeFailure{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /DHCPD-4-DECLINE_CONFLICT: (.*)/) ) { + $DHCPConflict{$host}{$interface}++; + } + elsif ( ($interface) = ($ThisLine =~ /COUNTERS: (.*)/) ) { + $CountersMsg{$host}{$interface}++; + } + else { + # Report any unmatched entries... + # push @OtherList,$ThisLine; + } +} + +if (keys %Started) { + print "\nDevice started :\n"; + foreach $ThisOne (keys %Started) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Started{$ThisOne}}) { + print "\t Started" .$ThatOne . "\t: " . $Started{$ThisOne} . " Time(s)\n"; + } + } +} + +if (keys %Restarted) { + print "\nDevice restarted :\n"; + foreach $ThisOne (keys %Restarted) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Restarted{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $Restarted{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %ReloadRequested) { + print "\nDevice reload requested :\n"; + foreach $ThisOne (keys %ReloadRequested) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$ReloadRequested{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $ReloadRequested{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if (keys %DuplexMismatched) { + print "\nDuplex Mismatch warning:\n"; + foreach $ThisOne (keys %DuplexMismatched) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$DuplexMismatched{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $DuplexMismatched{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %VLANMismatched) { + print "\nNative VLAN mismatch warning:\n"; + foreach $ThisOne (keys %VLANMismatched) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$VLANMismatched{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $VLANMismatched{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %TRUNKPORTON) { + print "\nPort/Interface trunk on :\n"; + foreach $ThisOne (keys %TRUNKPORTON) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$TRUNKPORTON{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $TRUNKPORTON{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %TRUNKPORTOFF) { + print "\nPort/Interface trunk off :\n"; + foreach $ThisOne (keys %TRUNKPORTOFF) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$TRUNKPORTOFF{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $TRUNKPORTOFF{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %PortStateBridge) { + print "\nPort/Interface left/joined bridge :\n"; + foreach $ThisOne (keys %PortStateBridge) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$PortStateBridge{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $PortStateBridge{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if (( $Detail >= 5 ) and (keys %InterfaceState)) { + print "\nPort/Interface state change :\n"; + foreach $ThisOne (keys %InterfaceState) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$InterfaceState{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $InterfaceState{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %Flapping) { + print "\nPort/Interface Flapping :\n"; + foreach $ThisOne (keys %Flapping) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Flapping{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $Flapping{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %$DuplicateAddress) { + print "\nPort/Interface duplicate address :\n"; + foreach $ThisOne (keys %$DuplicateAddress) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$$DuplicateAddress{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $DuplicateAddress{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if (keys %InvalidMulticast) { + print "\nPort/Interface invalid multicast :\n"; + foreach $ThisOne (keys %InvalidMulticast) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$InvalidMulticast{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $InvalidMulticast{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %SpantreeFailure) { + print "\nPort/Interface spantree failure :\n"; + foreach $ThisOne (keys %SpantreeFailure) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$SpantreeFailure{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $SpantreeFailure{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + + +if (keys %LineProtocolInterfaceState) { + print "\nLine protocol on Port/Interface changed state :\n"; + foreach $ThisOne (keys %LineProtocolInterfaceState) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$LineProtocolInterfaceState{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $LineProtocolInterfaceState{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %Underflow) { + print "\nPort/Interface transmit error(underflow) :\n"; + foreach $ThisOne (keys %Underflow) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Underflow{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $Underflow{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %LostCarrier) { + print "\nPort/Interface transmit error (lost carrier) :\n"; + foreach $ThisOne (keys %LostCarrier) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$LostCarrier{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $LostCarrier{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %LateCollision) { + print "\nPort/Interface transmit error (Late collision) :\n"; + foreach $ThisOne (keys %LateCollision) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$LateCollision{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $LateCollision{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %ExcessiveCollision) { + print "\nPort/Interface Excessive collision :\n"; + foreach $ThisOne (keys %ExcessiveCollision) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$ExcessiveCollision{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $ExcessiveCollision{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if (keys %InterfaceError) { + print "\nPort/Interface experiencing error :\n"; + foreach $ThisOne (keys %InterfaceError) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$InterfaceError{$ThisOne}}) { + print "\tPort or Interface " .$ThatOne . "\t: " . $InterfaceError{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %ModemChange) { + print "\nExcessive modem control changes:\n"; + foreach $ThisOne (keys %ModemChange) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$ModemChange{$ThisOne}}) { + print "\tUnit " .$ThatOne . "\t: " . $ModemChange{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %CountersMsg) { + print "\nCounters chnages:\n"; + foreach $ThisOne (keys %CountersMsg) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$CountersMsg{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $CountersMsg{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %Configured) { + print "\nDevice configured by :\n"; + foreach $ThisOne (keys %Configured) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Configured{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $Configured{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %LoginFail) { + print "\nLogin failed on device :\n"; + foreach $ThisOne (keys %LoginFail) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$LoginFail{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $LoginFail{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %RSHELLFail) { + print "\nRemote Shell Login failed on device :\n"; + foreach $ThisOne (keys %RSHELLFail) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$RSHELLFail{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $RSHELLFail{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if (keys %DHCPConflict) { + print "\nDHCP Conflict on device :\n"; + foreach $ThisOne (keys %DHCPConflict) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$DHCPConflict{$ThisOne}}) { + print "\t " .$ThatOne . "\t: " . $DHCPConflict{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + diff --git a/log.d/configs/linux/scripts/services/clam-update b/log.d/configs/linux/scripts/services/clam-update new file mode 100755 index 0000000..df03f25 --- /dev/null +++ b/log.d/configs/linux/scripts/services/clam-update @@ -0,0 +1,256 @@ +#!/usr/bin/perl -w +########################################################################## +## $Id: clam-update,v 1.6 2004/06/21 14:59:05 kirk Exp $ +########################################################################### +######################################################################### +# clam-update script for Logwatch +# Analyzes the Clam Anti-Virus update log +# +# Version: 1.0.0 +# Initial release +# Version: 1.0.1 +# Add support for pre-0.65 database +# +# Written by: Lars Skjærlund +######################################################################### + +######################################################################### +# This script is subject to the same copyright as Logwatch itself +######################################################################### + +######################################################################### +# Files - all shown with default paths: +# +# /etc/log.d/conf/logfiles/clam-update.conf +# /etc/log.d/conf/services/clam-update.conf +# /etc/log.d/scripts/services/clam-update (this file) +# +# ... and of course +# +# /var/log/clam-update +######################################################################### + +######################################################################### +# Important note: +# +# Under normal operation - ie. a detail level of 'lo' (0), no output will +# be produced if no updates have taken place. However, if no update +# attempt has been done, an alert will be output to inform you about this +# (which probably means that freshclam isn't running). +# +# If you have stopped using ClamAV and would like to get rid of the +# alert, you should delete the logfile. If there's no logfile, no alerts +# will be output - but if Logwatch finds a logfile and no update attempts +# have been made for whatever timeperiod Logwatch is analyzing, an alert +# will be output. +######################################################################### + +use strict; + +use POSIX qw(strftime); + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; + +my $time = time; +my $Date; +my $SearchDate; +my $InRange = 0; + +### Variables for new database format (ClamAV > 0.60) + +my $MainUptodate = undef; +my $MainUpdated = undef; +my $DailyUptodate = undef; +my $DailyUpdated = undef; +my $Updated = undef; + +### Variables for old database format (ClamAV <= 0.60) + +my $DBUptodate = undef; +my $DBUpdated = undef; +my $DB2Uptodate = undef; +my $DB2Updated = undef; + +my $bDBUptodate = 0; +my $bDB2Uptodate = 0; +my $NotificationOK = 0; + +my %Errors; +my %Unmatched; + +my $range = $ENV{'LOGWATCH_DATE_RANGE'} || 'all'; + +if ($range eq 'yesterday') { + $SearchDate = strftime("%b %e", localtime($time-86400)); +} elsif ($range eq 'today') { + $SearchDate = strftime("%b %e", localtime($time)); +} elsif ($range eq 'all') { + $SearchDate = '... ..'; +} + +while (defined(my $ThisLine = )) { + if (($ThisLine =~ /^\s*$/) or + ($ThisLine =~ /^----------/) + ) { + # Do nothing + } elsif (($Date) = ($ThisLine =~ /(\w\w\w [\d ]\d) ..:..:../)) { + $bDBUptodate = 0; + $bDB2Uptodate = 0; + if ($Date =~ $SearchDate) { + $InRange = 1; + } else { + $InRange = 0; + } + } elsif ($InRange == 1) { + chomp($ThisLine); + if ($ThisLine =~ /^main.cvd is up to date/) { + $MainUptodate = $ThisLine; + } elsif ($ThisLine =~ /^daily.cvd is up to date/) { + $DailyUptodate = $ThisLine; + } elsif ($ThisLine =~ /^main.cvd updated/) { + $MainUpdated = $ThisLine; + } elsif ($ThisLine =~ /^daily.cvd updated/) { + $DailyUpdated = $ThisLine; + } elsif ($ThisLine =~ /^Database updated \(\d* signatures\)/) { + $Updated = $ThisLine; + } elsif ((my $Text) = ($ThisLine =~ /^Database updated \((containing .*)\)./)) { + if ($bDBUptodate == 0) { + $DBUpdated = $Text; + } elsif ($bDB2Uptodate == 0) { + $DB2Updated = $Text; + } else { + $Unmatched{$ThisLine}++; + } + } elsif (($Text) = ($ThisLine =~ /^Database updated from (.*).$/)) { + $Updated = $Text; + } elsif ($ThisLine =~ /^viruses\.db is up to date/) { + $bDBUptodate = 1; + $DBUptodate = $ThisLine; + } elsif ($ThisLine =~ /^viruses\.db2 is up to date/) { + $bDB2Uptodate = 1; + $DB2Uptodate = $ThisLine; + } elsif ($ThisLine =~ /^Clamd successfully notified about the update./) { + $NotificationOK++; + } elsif (($Text) = ($ThisLine =~ /^ERROR: (.*)/)) { + $Errors{$Text}++; + } else { + $Unmatched{$ThisLine}++; + } + } else { + if (($ThisLine =~ /^main.cvd is up to date/) or + ($ThisLine =~ /^daily.cvd is up to date/) or + ($ThisLine =~ /^viruses.db is up to date/) or + ($ThisLine =~ /^viruses.db2 is up to date/) or + ($ThisLine =~ /^main.cvd updated/) or + ($ThisLine =~ /^daily.cvd updated/) or + ($ThisLine =~ /^Database updated/) or + ($ThisLine =~ /^ERROR: /)) { + # + } else { + chomp($ThisLine); + $Unmatched{$ThisLine}++; + } + } +} + + +##################################################################### +# This should not be necessary since a header will be inserted by the +# main logwatch program if output is genereated - Kirk +#if (($Detail >= 5) or ($MainUpdated or $DailyUpdated or $DBUpdated or $DB2Updated) or (!$MainUptodate and !$DailyUptodate and !$DBUptodate and !$DB2Uptodate)) { +# print "ClamAV database:\n"; +#} + +if ($MainUpdated) { + (my $Text, my $Version) = ($MainUpdated =~ /(.*) \((.*)\)/); + print " $Text\n"; + if ($Detail >= 10) { + print " $Version\n"; + } +} else { + if (($MainUptodate) and ($Detail >= 5)) { + (my $Text, my $Version) = ($MainUptodate =~ /(.*) \((.*)\)/); + print " $Text\n"; + if ($Detail >= 10) { + print " $Version\n"; + } + } +} + +if ($DailyUpdated) { + (my $Text, my $Version) = ($DailyUpdated =~ /(.*) \((.*)\)/); + print " $Text\n"; + if ($Detail >= 10) { + print " $Version\n"; + } +} else { + if (($DailyUptodate) and ($Detail >= 5)) { + (my $Text, my $Version) = ($DailyUptodate =~ /(.*) \((.*)\)/); + print " $Text\n"; + if ($Detail >= 10) { + print " $Version\n"; + } + } +} + +if ($DBUpdated) { + print " viruses.db updated\n"; + if ($Detail >= 10) { + print " Now $DBUpdated\n"; + } +} else { + if (($DBUptodate) and ($Detail >= 5)) { + print " $DBUptodate\n"; + } +} + +if ($DB2Updated) { + print " viruses.db2 updated\n"; + if ($Detail >= 10) { + print " Now $DB2Updated\n"; + } +} else { + if (($DB2Uptodate) and ($Detail >= 5)) { + print " $DB2Uptodate\n"; + } +} + +if ($NotificationOK > 0) { + print "Clamd successfully notified about the update $NotificationOK Time(s).\n"; +} elsif (($MainUpdated or $DailyUpdated) and ($NotificationOK > 0)) { + print "WARNING\n"; + print "Databases are updated, but Clamd is not notified.\n"; +} + +if (($Updated) and ($Detail >= 10)) { + if ($Updated =~ /^(\w* \w*) \(\d* \w*\)/) { + (my $Text, my $From) = ($Updated =~ /^(\w* \w*) \(\d* \w*\) (.*)\./); + print " $Text $From\n"; + } else { + print " Updated from $Updated\n"; + } +}; + +if (!$MainUptodate and !$MainUpdated and + !$DailyUptodate and !$DailyUpdated and + !$DBUptodate and !$DB2Uptodate) { + print " WARNING: Database has not been checked for updates\n"; +} + +if (keys %Errors) { + print "\nERRORS:\n"; + foreach my $Text (keys %Errors) { + print " $Text: $Errors{$Text} Time(s)\n"; + } +} + +if (keys %Unmatched) { + print "\n**Unmatched Entries**\n"; + foreach my $Text (keys %Unmatched) { + print " $Text: $Unmatched{$Text} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/clamav b/log.d/configs/linux/scripts/services/clamav new file mode 100755 index 0000000..53498bc --- /dev/null +++ b/log.d/configs/linux/scripts/services/clamav @@ -0,0 +1,93 @@ +#!/usr/bin/perl +################################################################## +# +# clamav script ver. 0.31 for Logwatch. +# +# Written by S. Schimkat . +# +# Find latest version here: www.schimkat.dk/clamav +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +################################################################## +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; + +while (defined($ThisLine = )) { + if ( ( $ThisLine =~ /^Reading databases from/ ) or + ( $ThisLine =~ /^Socket file/ ) or + ( $ThisLine =~ /^Pid file/ ) or + ( $ThisLine =~ /^Log file/ ) or + ( $ThisLine =~ /^Protecting against/ ) or + ( $ThisLine =~ /^Unix socket file/ ) or + ( $ThisLine =~ /^Setting connection queue length to/ ) or + ( $ThisLine =~ /^Maximal number of threads:/ ) or + ( $ThisLine =~ /^Archive/ ) or + ( $ThisLine =~ /^RAR support/ ) or + ( $ThisLine =~ /^Mail files support/ ) or + ( $ThisLine =~ /^Self checking every/ ) or + ( $ThisLine =~ /^Timeout set to/ ) or + ( $ThisLine =~ /^Running as user \w+ \(UID \d+, GID \d+\)/ ) or + ( $ThisLine =~ /^Exiting \(clean\)/ ) or + ( $ThisLine =~ /^OLE2 support enabled./ ) or + ( $ThisLine =~ /^No stats for Database check/ )) { + # We do not care about these. + } elsif (($Check) = ($ThisLine =~ /^SelfCheck: (.*?)\.?\s?\n/i)) { + $SelfCheck{$Check}++; + } elsif (($Virus) = ($ThisLine =~ /^.+?: (.*?) FOUND/i )) { + $VirusList{$Virus}++; + } elsif (($Viruses) = ($ThisLine =~ /^Database correctly reloaded \((\d+) viruses\)/i )) { + $DatabaseReloads{$Viruses}++; + } elsif (($ThisLine =~ /Stopped at/)) { + $DaemonStop++; + } elsif (($ThisLine =~ /Daemon started/)) { + $DaemonStart++; + } else { + # Comment the following line if using verbose logging. + # Note that doing that will result in not displaying the extra log. + push @OtherList,$ThisLine; + } +} + +if (($DaemonStop) and ($Detail >= 5)) { + print "\nDaemon stopped: ". $DaemonStop." Time(s)\n"; +} + +if (($DaemonStart) and ($Detail >= 5)) { + print "\nDaemon started: ". $DaemonStart." Time(s)\n"; +} + +if (keys %VirusList) { + print "\nViruses detected:\n"; + foreach $Virus (sort {$a cmp $b} keys %VirusList) { + print ' ' . $Virus . ": ". $VirusList{$Virus} . " Time(s)\n"; + } +} + +if (keys %SelfCheck) { + print "\nDaemon check list:\n"; + foreach $Check (sort {$a cmp $b} keys %SelfCheck) { + print ' ' . $Check . ": ". $SelfCheck{$Check} . " Time(s)\n"; + } +} + +if (keys %DatabaseReloads) { + print "\nVirus database reloads:\n"; + foreach $VirusCount (sort {$a cmp $b} keys %DatabaseReloads) { + print ' Now protecting against ' . $VirusCount . ' viruses: ' . $DatabaseReloads{$VirusCount} . " Time(s)\n"; + } +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); diff --git a/log.d/configs/linux/scripts/services/clamav-milter b/log.d/configs/linux/scripts/services/clamav-milter new file mode 100755 index 0000000..b99314c --- /dev/null +++ b/log.d/configs/linux/scripts/services/clamav-milter @@ -0,0 +1,82 @@ +#!/usr/bin/perl +################################################################## +# +# clamav script ver. 0.23 for Logwatch. +# +# Written by S. Schimkat . +# +# Find latest version here: www.schimkat.dk/clamav +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +################################################################## +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; + +while (defined($ThisLine = )) { + if (( $ThisLine =~ /^clamfi_abort/ ) or + ( $ThisLine =~ /^clamfi_connect: not scanning outgoing messages/ ) or + ( $ThisLine =~ /^Quarantined infected mail as/ )) { + # We do not care about these. + } elsif (($ThisLine =~ /clean message from/)) { + $CleanMessage++; + } elsif (($ThisLine =~ /Intercepted virus/)) { + $InfectedMessage++; + } elsif ((($Virus) = ($ThisLine =~ /^stream: (.*?) FOUND/i )) or (($Virus) = ($ThisLine =~ /^.+?msg\.\w+?: (.*?) FOUND/i ))) { + $VirusList{$Virus}++; + } elsif (($MailHost) = ($ThisLine =~ /^clamfi_connect: connection from (.*?)\n/i )) { + $MailHostList{$MailHost}++; + } elsif (($Version) = ($ThisLine =~ /^clamdscan \/ (.*?)\n/i )) { + $DaemonStart{$Version}++; + } elsif (($ClamdVersion, $MilterVersion) = ($ThisLine =~ /^ClamAV version \'clamd \/ ClamAV version (.*?)\', clamav-milter version \'(.*?)\'\n/i )) { + $Version = 'Clamd ver. ' . $ClamdVersion . ' / Clmilter ver. ' . $MilterVersion; + $DaemonStart{$Version}++; + } else { + # Comment the following line out if using verbose logging. + # Note that doing that will result in not displaying the extra log. + push @OtherList,$ThisLine; + } +} + +if ($CleanMessage) { + print "\nClean messages: ". $CleanMessage." Message(s)\n"; +} + +if ($InfectedMessage) { + print "\nInfected messages: ". $InfectedMessage." Message(s)\n"; +} + +if ((keys %VirusList)) { + print "\nVirus list:\n"; + foreach $Virus (sort {$a cmp $b} keys %VirusList) { + print ' ' . $Virus . " - ". $VirusList{$Virus} . " Time(s)\n"; + } +} + +if ((keys %MailHostList) and ($Detail >= 5)) { + print "\nHost list:\n"; + foreach $MailHost (sort {$a cmp $b} keys %MailHostList) { + print ' ' . $MailHost . " - ". $MailHostList{$MailHost} . " Time(s)\n"; + } +} + +if ((keys %DaemonStart) and ($Detail >= 5)) { + print "\nAntivirus daemon:\n"; + foreach $Version (sort {$a cmp $b} keys %DaemonStart) { + print ' ' . $Version . ' started: '. $DaemonStart{$Version} . " Time(s)\n"; + } +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); diff --git a/log.d/configs/linux/scripts/services/courier b/log.d/configs/linux/scripts/services/courier new file mode 100755 index 0000000..43819df --- /dev/null +++ b/log.d/configs/linux/scripts/services/courier @@ -0,0 +1,912 @@ +#!/usr/bin/perl +########################################################################## +# +########################################################################## + +######################################################## +# Logwatch was written and is maintained by: +# Kirk Bauer +# +# The courier script was written by: +# Willi Mann +# +# Please send all comments, suggestions, bug reports, +# etc, about this script to +# Willi Mann +# +######################################################## + +use strict; + +#Could be neccessary in some environments +unless ($ENV{'courier_enable'} == 1) {exit 0}; + +my $Debug = $ENV{'LOGWATCH_DEBUG'}; +my $DoLookup = $ENV{'courier_ip_lookup'}; +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; +my $overrideDetail = $ENV{'courier_override_detail_level'}; +if (!($overrideDetail eq "")) { + $Detail = $overrideDetail; +} + +my $PrintMailQueue = $ENV{'courier_printmailqueue'}; +my $Tables = $ENV{'courier_tables'}; +my $RemoveAdditionalInfo = $ENV{'courier_removeadditionalinfo'}; +my $MostFrequentSender = $ENV{'courier_mostfrequentsender'}; + +my $DeliverMailSize = 0; +my $LastLine; + +sub LookupIP { + my ($name, $a1, $a2,$a3,$a4,$PackedAddr,$Addr); + $Addr = $_[0]; + ($a1,$a2,$a3,$a4) = split /\./,$Addr; + $PackedAddr = pack('C4',$a1,$a2,$a3,$a4); + if ($DoLookup) { + if ($name = gethostbyaddr ($PackedAddr,2)) { + return ($name . " (" . $Addr . ")"); + } else { + return ($Addr); + } + } + else { + return ($Addr); + } +} + +#Make pseudo IPv6 to IPv4 +sub LookupIPv46 { + my $IPv4Addr; + my $Addr = $_[0]; + if ( ($IPv4Addr) = ($Addr =~ /::ffff:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/ ) ) { +# print "$IPv4Addr\n"; + return $IPv4Addr; + + } + else { +# print $Addr; + return $Addr; + + } +} + + + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside Courier Filter \n\n"; +} + +#List vars here to avoid case-sensitive typos + +my $Address; +my $AddressCount; +my $CommCount; +my %CommStat; +my $ConnCount; +my %Connection; +my $ConnHostCount; +my $Conns; +my $CountLength; +my $CountSpaceLength; +my %Deferred; +my $DeferredCount; +my %DeSu; +my %DeSuTbl; +my %DeSuTblSz; +my %DfrdTbl; +my $Dummy; +my $Dummy2; +my %ErrorMsgs; +my %ErrorTbl; +my %ErrorTbl2; +my %Failed; +my $FailedCount; +my %FailRe; +my $FailreasonCount; +my $From; +my $FromCount; +my $Host; +my $HostCount; +my $HostLength; +my $HostOut; +my $HostSpaceLength; +my $ID; +my $LastFrom; +my $LastHost; +my $LastReason; +my $LastReasonNumber; +my $line; +my %Login; +my %Login2; +my $LoginCount; +my %LoginFailed; +my %Logout; +my %Logout2; +my $LogoutCount; +my $LogoutSize; +my %LogoutSize; +my $MailCount; +my %MailDeliveryStarted; +my $MailFrom; +my $MailFromCount; +my $Module; +my $ModuleCount; +my $MsgCount; +my $newmsg; +my $OrigReason; +my %OtherList; +my $output; +my $Reason; +my $ReasonCount; +my $ReasonNumber; +my $Sender; +my $ShutdownCourier; +my $Size; +my $SizeAll; +my $SizeLength; +my $SizeSpaceLength; +my $SpaceSizeLength; +my $StartCourier; +my $StatusCount; +my $TblReason; +my $ThisLine; +my $ThisOne; +my $ThisSender; +my $To; +my $ToCount; +my $User; +my $UserCount; +my $UserLength; +my $UserSpaceLength; +my $ConnsSender; +my $SizeSender; +my $MostFrqSenderNmb; +my $MostFrqSender; +my $MostFrqSenderSize; +my $SenderLength; +my $SenderSpaceLength; +my $Symbol; + + +while (defined($ThisLine = )) { + my $Size2 = 0; + my $Size = 0; + if ( + ($ThisLine =~ /^Initializing */) or + ($ThisLine =~ /^Installing */) or + ($ThisLine =~ /^Installed: */) or + ($ThisLine =~ /^Started .\/courier.*, pid=.*, maxdels=.*, maxhost=.*, maxrcpt=.*1/ ) or + ($ThisLine =~ /^Waiting\. shutdown time=.*, wakeup time=.*, queuedelivering=.*, inprogress=.*/) or + ($ThisLine =~ /^Loading STATIC transport module libraries./) or + ($ThisLine =~ /^Purging /) or + ($ThisLine =~ /^completed,id=/) or + ($ThisLine =~ /^queuelo=.*, queuehi=.*/) or + # Do we really want to ignore these? + # currently i'm too lazy to include this + ($ThisLine =~ /started,ip=.*/) or + # example line: + # id=00081D7A.3E9E0C51.000037A4,from=,addr=,size=53223,status: success: 1 Time(s) + + ($ThisLine =~ /id=.*?,from=<.*?>,addr=<.*?>,size=[0-9]*,status:.*/) + ) { + # Don't care about these... + } elsif ( ( $ThisLine =~ /^Courier .* Copyright/) ) { + $StartCourier++; + } elsif ( $ThisLine =~ /^SHUTDOWN: respawnlo limit reached/ ) { + $ShutdownCourier++; + } elsif ( $ThisLine =~ /^newmsg,id=/ ) { + $newmsg++; + } elsif ( ($MailFrom, $Module, $Host, $Address ) = ( $ThisLine =~ /^started,id=.*?,from=<(.*?)>,module=(.*?),host=(.*?),addr=<(.*?)>/ ) ){ + $MailDeliveryStarted{$MailFrom}{$Address}{$Host}{$Module}++; + } elsif ( ($Host, $From, $To, $Reason) = ( $ThisLine =~ /^error,relay=(.*?),from=<(.*?)>,to=<(.*?)>: (.*)/ ) ) { + # example lines: + # error,relay=::ffff:209.214.170.188,from=,to=: 513 Relaying denied. + # error,relay=::ffff:218.70.112.124,from=: 517 Invalid domain, see + # error,relay=::ffff:62.67.54.144,msg="502 ESMTP command error",cmd: DATA + $ErrorMsgs{$Reason}{$Host}{$From}{$To}++; + $TblReason = MakeTblReason($Reason); + $ErrorTbl{$TblReason}{$Host}++; + } elsif ( ($Host, $From, $Reason) = ( $ThisLine =~ /^error,relay=([0-9a-f:.]*?),(?:ident=.*,|)from=<(.*?)>: (.*)/ ) ){ + if ( + ( ( $LastHost, $LastFrom, $LastReason ) = ($LastLine =~ /^error,relay=(.*?),from=<(.*?)>: (.*)/ ) ) && + ($LastHost eq $Host) && + ($LastFrom eq $From) && + (( $LastReasonNumber ) = ($LastReason =~ /^([0-9]{3})/)) && + (( $ReasonNumber ) = ($Reason =~ /^([0-9]{3})/)) && + ( $ReasonNumber == $LastReasonNumber ) + ) { + $ReasonNumber = ""; + $LastReasonNumber = ""; + } else { + $ErrorMsgs{$Reason}{$Host}{$From}{'-'}++; + $TblReason = MakeTblReason($Reason); + $ErrorTbl{$TblReason}{$Host}++; + } + } elsif ( ($Host, $Reason) = ( $ThisLine =~ /^error,relay=(.*?),msg=(".*)/ ) ) {+ $ErrorMsgs{$Reason}{$Host}{'-'}{'-'}++; + $TblReason = MakeTblReason($Reason); + $ErrorTbl{$TblReason}{$Host}++; +# } elsif ( ($From, $To, $Status) = ( $ThisLine =~ /^id=.*?,from=<(.*?)>,addr=<(.*?)>: ([0-9]{3})/ ) ) { +# #example line: +# #id=00081D79.3E9EE416.00003C6E,from=,addr=: 250 OK +# +# $CommStat{$Status}{$From}{$To}++; + } elsif ( ($From, $To, $Size) = ( $ThisLine =~ /^id=.*?,from=<(.*?)>,addr=<(.*?)>,size=([0-9]*),success: .*/ ) ) { + #example line: + #id=00081D7A.3E9E0B39.000036E4,from=,addr=,size=35861,success: delivered: ff.ff.at [111.111.111.111] + #DeliverSuccess = DeSu !!!!!!!! + + $DeSu{$From}{$To}++; + $DeliverMailSize += $Size; + $DeSuTbl{$To}{$From}++; + $DeSuTblSz{$To}{$From} += $Size; + } elsif ( ($Host) = ( $ThisLine =~ /^Connection, ip=\[(.*?)\]/ ) ) { + #example line pop3, imapd?? + #Connection, ip=[::ffff:192.168.0.24] + + $Connection{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^LOGIN, user=(.*?), ip=\[(.*?)\]/ ) ) { + + #example line + #LOGIN, user=xy, ip=[::ffff:192.168.0.12] + + $Login{$User}{$Host}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.*? \[.*?\])/) ) { + # This is not from courier, but has the same service name + #example line + #Login user=xy host=host.some.domain [192.168.0.12] + + $Login{$User}{$Host}++; + } elsif ( + ( ( $User, $Host, undef, undef, $Size) = ( $ThisLine =~ /^LOGOUT, user=(.*?), ip=\[(.*?)\], (top|headers)=[0-9]*?, (retr|body)=([0-9]*)/ ) ) || + ( ( $User, $Host, $Size, $Size2) = ( $ThisLine =~ /^DISCONNECTED, user=(.*?), ip=\[(.*?)\], headers=([0-9]*?), body=([0-9]*)/ ) ) + ) { + #example line + #LOGOUT, user=xy, ip=[::ffff:192.168.0.24], top=0, retr=0 + #DISCONNECTED, user=zz@uu.ch, ip=[::ffff:192.168.0.1], headers=0, body=1100 + + $Logout{$User}{$Host}++; + $Logout2{$User}++; + $LogoutSize{$User} += $Size; + $LogoutSize += $Size2; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^Logout user=(.*?) host=(.*? \[.*?\])/) ) { + # This is not from courier, but has the same service name + #example line + #Logout user=xy host=host.some.domain [192.168.0.12] + + $Logout{$User}{$Host}++; + $Logout2{$User}++; + } elsif ( ($Host) = ( $ThisLine =~ /^LOGIN FAILED, ip=\[(.*?)\]/ ) ) { + #example line + #LOGIN FAILED, ip=[::ffff:192.168.200.199] + + $LoginFailed{$Host}++; + } elsif ( ($ID, $From, $To) = ( $ThisLine =~ /^id=(.*),from=<(.*?)>,addr=<(.*?)>,status: deferred/ ) ) { + #example line: deferred delivery attempts + #id=00081D03.3E850D34.000076BD,from=,addr=,status: deferred + + $Reason = $FailRe{$ID}{$From}{$To}; + if ($Reason eq "") { + $Reason = "-"; + } + $TblReason = MakeTblReason($Reason); + + $Deferred{$From}{$To}{$Reason}++; + $DfrdTbl{$TblReason}{$To}++; + } elsif ( ($ID, $From, $To) = ( $ThisLine =~ /^id=(.*?),from=<(.*?)>,addr=<(.*?)>,status: failure/ ) ) { + #example line: failed delivery attempts + #id=00081D7B.3E9167E7.00002B27,from=,addr=,status: failure+ + $Reason = $FailRe{$ID}{$From}{$To}; + if ($Reason eq "") { + $Reason = "-"; + } + $Failed{$From}{$To}{$Reason}++; + $TblReason = MakeTblReason($Reason); + $ErrorTbl2{$TblReason}{$To}++; + } elsif ( ($ID, $From, $To, $Reason) = ( $ThisLine =~ /^id=(.*?),from=<(.*?)>,addr=<(.*?)>:(.*)/ ) ) { + #example line: + #id=00079ED0.3E8A45E7.000042AF,from=,addr=: Connection timed out + #id=00079ED0.3E975385.00005B66,from=,addr=: DNS lookup failed. + #This is for the following lines to have the reason for failed or deferred. + + $FailRe{$ID}{$From}{$To} = $Reason; + } else { + # Report any unmatched entries... + # remove PID from named messages + + $ThisLine =~ s/^(client [.0-9]+)\S+/$1/; + chomp($ThisLine); + $OtherList{$ThisLine}++; + } + $LastLine = $ThisLine; +} + +if ( ( $Detail >= 5 ) and ($PrintMailQueue ) ) { + print "\n\n\nCurrent State of the Mail Queue:\n". + "================================\n\n"; + my $OutputMailq; + open WHICH, "which mailq|"; + while () { + $OutputMailq .= $_; + my $WhichMailq = $_; + open MAILQ, "$WhichMailq|"; + while() { + my $MailqLine = $_; + print $MailqLine; + } + close MAILQ; + } + close WHICH; + + my $WhichMailq = ($OutputMailq =~ /([A-Za-z0-9\/]*)/); + if (-x $WhichMailq) { + open MAILQ, "$WhichMailq|"; + while() { + my $MailqLine = $_; + print $MailqLine; + } + close MAILQ; + } + print "\n\n"; +} + + +if ( ( $Detail >= 5 ) and ($StartCourier) ) { + print "Courier started: $StartCourier Time(s)\n"; +} + + + +if ( ( $Detail >= 5 ) and ($ShutdownCourier) ) { + print "Courier shutdown: $ShutdownCourier Time(s)\n"; +} + +#if ( ( $Detail >= 5 ) and (keys %ZoneLoaded) ) { +# print "\nLoaded Zones:\n"; +# foreach $ThisOne (sort {$a cmp $b} keys %ZoneLoaded) { +# print " " . $ThisOne . ": " . $ZoneLoaded{$ThisOne} . " Time(s)\n"; +# } +#} + +if ( ( $Detail >= 5 ) and (keys %Connection) and (!$Tables)) { + print "\n[pop3d, imapd ?] Connections:\n"; + $ConnCount = 0; + foreach $ThisOne (sort keys %Connection) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($ThisOne)); + } else { + $HostOut = $ThisOne; + } + print " " . $HostOut . ": " . $Connection{$ThisOne} . " Time(s)\n"; + $ConnCount += $Connection{$ThisOne}; + } + print "Total $ConnCount Connections\n\n\n"; +} + + +if ( ( $Detail >= 0 ) and (keys %LoginFailed) and ($Tables)) { + print "\n[POP3, IMAP] Failures:". + "\n=========================". + "\n Host | # ". + "\n------------------------------------------------------------- | -----------"; + + $ConnCount = 0; + foreach $Host (sort keys %LoginFailed) { + $Conns = $LoginFailed{$Host}; + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + $HostLength = length($HostOut); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + print "\n" ." " x $HostSpaceLength . $HostOut . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnCount += $Conns; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 75 - $CountLength; + print "\n" . "-" x 75; + print "\n" . " " x $CountSpaceLength . "$ConnCount\n\n\n"; +} + +if ( ( $Detail >= 0 ) and (keys %LoginFailed) and (!$Tables)) { + print "\n[pop3d, imapd ?] Failures:\n"; + $ConnCount = 0; + foreach $ThisOne (sort keys %LoginFailed) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($ThisOne)); + } else { + $HostOut = $ThisOne; + } + print " " . $HostOut . ": " . $LoginFailed{$ThisOne} . " Time(s)\n"; + $ConnCount += $LoginFailed{$ThisOne}; + + } + print "Total $ConnCount Logins failed\n\n\n"; +} + + + + + +#format as table +# + +if ( ( $Detail >= 5 ) and (keys %Connection) and ($Tables)) { + print "\n[POP3, IMAP] Connections:". + "\n=========================". + "\n Host | Connections". + "\n------------------------------------------------------------- | -----------"; + + $ConnCount = 0; + foreach $Host (sort keys %Connection) { + $Conns = $Connection{$Host}; + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + $HostLength = length($HostOut); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + print "\n" ." " x $HostSpaceLength . $HostOut . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnCount += $Conns; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 75 - $CountLength; + print "\n" . "-" x 75; + print "\n" . " " x $CountSpaceLength . "$ConnCount\n\n\n"; +} + + + +if ( ( $Detail >= 5 ) and (keys %Logout2) and ($Tables)) { + print "\n[POP3, IMAP] Logins:". + "\n====================". + "\n User | Logins | Size". + "\n---------------------------------------------------- | ------ | -----------"; + + $ConnCount = 0; + $SizeAll = 0; + foreach $User (sort keys %Logout2) { + $Conns = $Logout2{$User}; + $Size = $LogoutSize{$User}; + $UserLength = length($User); + $UserSpaceLength = 52 - $UserLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 7 - $CountLength; + $SizeSpaceLength = 12 - length($Size); + print "\n" ." " x $UserSpaceLength . $User . " |" . " " x $CountSpaceLength . $Conns . " |" . + " " x $SizeSpaceLength . $Size; + $ConnCount += $Conns; + $SizeAll += $Size; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 61 - $CountLength; + $SizeLength = length($SizeAll); + $SpaceSizeLength = 12 - $SizeLength; + print "\n" . "-" x 75; + print "\n" . " " x $CountSpaceLength . "$ConnCount" . " |" . + " " x $SpaceSizeLength . $SizeAll . + "\n\n\n"; +} + + + + +if ( ( $Detail >= 5 ) and (keys %Login) and (!$Tables)) { + print "\nSuccessful Logins: (pop3, imap?)\n"; + $LoginCount = 0; + foreach my $User (keys %Login) { + print " User $User: \n"; + $UserCount = 0; + foreach my $Host (keys %{$Login{$User}}) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + $HostCount = $Login{$User}{$Host}; + print " From $HostOut: $HostCount Time(s)\n"; + $UserCount += $HostCount; + } + $LoginCount += $UserCount; + print " Total $UserCount Time(s)\n"; + print "\n"; + } + print "Total $LoginCount successful logins\n\n\n"; +} + + + +if ( ( $Detail >= 5 ) and (keys %Logout) and (!$Tables)) { + print "\nLogouts: (pop3, imap?)\n"; + $LogoutCount = 0; + foreach my $User (keys %Logout) { + print " User $User: \n"; + $UserCount = 0; + foreach my $Host (keys %{$Logout{$User}}) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + $HostCount = $Logout{$User}{$Host}; + print " From $HostOut: $HostCount Time(s)\n"; + $UserCount += $HostCount; + } + $LogoutCount += $UserCount; + print " Total $UserCount Time(s), transmitted $LogoutSize{$User} Bytes\n"; + print "\n"; + } + print "Total $LogoutCount logouts\n\n\n"; +} + + +if ( ( $Detail >= 0 ) and (keys %ErrorTbl) and ($Tables)) { + print "Errors caused by remote connections:\n". + "====================================\n\n"; + + $ConnCount = 0; + foreach $Reason (sort keys %ErrorTbl) { + + + + $output .= "\n Host | Count". + "\n------------------------------------------------------------- | -----------"; + + $ConnHostCount = 0; + foreach $Host (sort keys %{$ErrorTbl{$Reason}}) { + $Conns = $ErrorTbl{$Reason}{$Host}; + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + $HostLength = length($HostOut); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + $output .= "\n" ." " x $HostSpaceLength . $HostOut . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnHostCount += $Conns; + } + $CountLength = length("$ConnHostCount"); + $CountSpaceLength = 75 - $CountLength; + $output .= "\n" . "-" x 75; + $output .= "\n" . " " x $CountSpaceLength . "$ConnHostCount\n\n"; + + print "$Reason: $ConnHostCount Time(s)".$output; + $output = "" ; + $ConnCount += $ConnHostCount; + } +} + +if ( ( $Detail >= 0 ) and (keys %DfrdTbl) and ($Tables)) { + print "\n". + "Deferred delivery attempts - messages originating from this host:\n". + "=================================================================\n"; + + $ConnCount = 0; + foreach $Reason (sort keys %DfrdTbl) { + $output .= "\n Recipient | Count". + "\n------------------------------------------------------------- | -----------"; + + $ConnHostCount = 0; + foreach $To (sort keys %{$DfrdTbl{$Reason}}) { + $Conns = $DfrdTbl{$Reason}{$To}; + $HostOut = $To; + $HostLength = length($HostOut); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + $output .= "\n" ." " x $HostSpaceLength . $HostOut . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnHostCount += $Conns; + } + $CountLength = length("$ConnHostCount"); + $CountSpaceLength = 75 - $CountLength; + $output .= "\n" . "-" x 75; + $output .= "\n" . " " x $CountSpaceLength . "$ConnHostCount\n\n"; + + print "$Reason: $ConnHostCount Time(s)".$output; + $output = "" ; + $ConnCount += $ConnHostCount; + } +} + + + +if ( ( $Detail >= 0 ) and (keys %ErrorTbl2) and ($Tables)) { + print "\n". + "Failed delivery failures - messages originating from this host:\n". + "===============================================================\n"; + + $ConnCount = 0; + foreach $Reason (sort keys %ErrorTbl2) { + $output .= "\n Recipient | Count". + "\n------------------------------------------------------------- | -----------"; + + $ConnHostCount = 0; + foreach $To (sort keys %{$ErrorTbl2{$Reason}}) { + $Conns = $ErrorTbl2{$Reason}{$To}; + $HostOut = $To; + $HostLength = length($HostOut); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + $output .= "\n" ." " x $HostSpaceLength . $HostOut . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnHostCount += $Conns; + } + $CountLength = length("$ConnHostCount"); + $CountSpaceLength = 75 - $CountLength; + $output .= "\n" . "-" x 75; + $output .= "\n" . " " x $CountSpaceLength . "$ConnHostCount\n\n"; + + print "$Reason: $ConnHostCount Time(s)".$output; + $output = "" ; + $ConnCount += $ConnHostCount; + } +} + + + +if ( ( $Detail >= 0 ) and (keys %Deferred) and (!$Tables) ) { + print "\nDeferred delivery attempts:\n"; + $DeferredCount = 0; + foreach my $From (keys %Deferred) { + print " From $From: \n"; + $FromCount = 0; + foreach my $To (keys %{$Deferred{$From}}) { + $ToCount = 0; + print " To $To: \n"; + foreach my $Reason (keys %{$Deferred{$From}{$To}}) { + $ReasonCount = $Deferred{$From}{$To}{$Reason}; + print " because $Reason: $ReasonCount Time(s)\n"; + $ToCount += $ReasonCount; + } + print " Total $ToCount Time(s)\n"; + $FromCount += $ToCount; + + } + $DeferredCount += $FromCount; + print " Total $FromCount Time(s)\n"; + print "\n"; + } + print "Total $DeferredCount deferred delivery attempts\n\n\n"; +} + + +if ( ( $Detail >= 0 ) and (keys %Failed) and (!$Tables)) { + print "\nFailed delivery attempts:\n"; + $FailedCount = 0; + foreach my $From (keys %Failed) { + print " From $From: \n"; + $FromCount = 0; + foreach my $To (keys %{$Failed{$From}}) { + $ToCount = 0; + print " To $To: \n"; + foreach my $Reason (keys %{$Failed{$From}{$To}}) { + $ReasonCount = $Failed{$From}{$To}{$Reason}; + print " because $Reason: $ReasonCount Time(s)\n"; + $ToCount += $ReasonCount; + } + print " Total $ToCount Time(s)\n"; + $FromCount += $ToCount; + + } + $FailedCount += $FromCount; + print " Total $FromCount Time(s)\n"; + print "\n"; + } + print "Total $FailedCount failed delivery attempts\n\n\n"; +} + +if ( ( $Detail >= 0 ) and (keys %ErrorMsgs) and (!$Tables) ) { + print "\nFailed Mail Deliveries:\n"; + $MailCount = 0; + foreach my $Failreason (sort keys %ErrorMsgs) { + print " because $Failreason: \n"; + $FailreasonCount = 0; + foreach my $Host (keys %{$ErrorMsgs{$Failreason}}) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + print " Host $HostOut\n"; + $HostCount = 0; + foreach my $From (keys %{$ErrorMsgs{$Failreason}{$Host}}) { + if (!($From eq "-")) { + print " From $From\n"; + } + $FromCount = 0; + foreach my $To (keys %{$ErrorMsgs{$Failreason}{$Host}{$From}}) { + $ToCount = $ErrorMsgs{$Failreason}{$Host}{$From}{$To}; + if (!($To eq "-")) { + print " To $To: $ToCount Time(s)\n"; + } + $FromCount += $ToCount; + } + $HostCount += $FromCount; + if (!($From eq "-")) { + print " Total $FromCount Time(s)\n"; + } + } + $FailreasonCount += $HostCount; + print " Total $HostCount Time(s)\n"; + } + $MailCount += $FailreasonCount; + print " Total $FailreasonCount Time(s)\n"; + print "\n"; + } + print "Total $MailCount failed attempts \n"; +} + +if ( ( $Detail >= 10 ) and (keys %MailDeliveryStarted) ) { + print "\nStarted Mail Deliveries:\n"; + $MailCount = 0; + foreach my $MailFrom (keys %MailDeliveryStarted) { + print " From $MailFrom: "; + $MailFromCount = 0; + foreach my $Address (keys %{$MailDeliveryStarted{$MailFrom}}) { + print "\n To $Address"; + $AddressCount = 0; + foreach my $Host (keys %{$MailDeliveryStarted{$MailFrom}{$Address}}) { + if ($DoLookup == 1) { + $HostOut = LookupIP(LookupIPv46($Host)); + } else { + $HostOut = $Host; + } + print "\n By $HostOut\n"; + $HostCount = 0; + foreach my $Module (keys %{$MailDeliveryStarted{$MailFrom}{$Address}{$Host}}) { + $ModuleCount = $MailDeliveryStarted{$MailFrom}{$Address}{$Host}{$Module}; + print " Module $Module: $ModuleCount Time(s)\n"; + $HostCount += $ModuleCount; + } + $AddressCount += $HostCount; + print " Total $HostCount Time(s)\n"; + } + $MailFromCount += $AddressCount; + print " Total $AddressCount Time(s)\n"; + } + $MailCount += $MailFromCount; + print " Total $MailFromCount Time(s)\n"; + print "\n"; + } + print "Total $MailCount sending attempts\n\n\n"; +} + +#currently not used +if ( ( $Detail >= 5 ) and (keys %CommStat) ) { + print "\nCommunication with other Servers:\n"; + $CommCount = 0; + foreach my $Status (keys %CommStat) { + print " Status $Status: \n"; + $StatusCount = 0; + foreach my $From (keys %{$CommStat{$Status}}) { + print " From $From\n"; + $FromCount = 0; + foreach my $To (keys %{$CommStat{$Status}{$From}}) { + $ToCount = $CommStat{$Status}{$From}{$To}; + print " To $To: $ToCount Time(s)\n"; + $FromCount += $ToCount; + } + $StatusCount += $FromCount; + print " Total $FromCount Time(s)\n"; + } + $CommCount += $StatusCount; + print " Total $StatusCount Time(s)\n"; + print "\n"; + } + print "Total $CommCount sending attempts\n\n\n"; +} + +if ( ( $Detail >= 5 ) and (keys %DeSu) and (!$Tables) ) { + print "\nSuccessful deliveries:\n"; + $MsgCount = 0; + foreach my $From (keys %DeSu) { + print " From $From: \n"; + $FromCount = 0; + foreach my $To (keys %{$DeSu{$From}}) { + $ToCount = $DeSu{$From}{$To}; + print " To $To: $ToCount Time(s)\n"; + $FromCount += $ToCount; + } + $MsgCount += $FromCount; + print " Total $FromCount Time(s)\n"; + print "\n"; + } + print "Total $MsgCount successfully delivered messages\n\n\n"; + print "Size of all successfully delivered messages: $DeliverMailSize Bytes\n\n\n"; +} + +if ( ( $Detail >= 5 ) and (keys %DeSuTbl) and ($Tables)) { + print "\nSuccessful deliveries:". + "\n======================"; + print "\n To | # | Size". + "\n---------------------------------------------------- | ------ | -----------"; + + $ConnCount = 0; + $SizeAll = 0; + $Symbol = "%"; + foreach $User (sort keys %DeSuTbl) { + $ConnsSender = 0; + if ($Symbol eq "%") { + $Symbol = "#"; + } else { + $Symbol = "%"; + } + $SizeSender = 0; + $MostFrqSenderNmb = 0; + $MostFrqSender = ""; + $MostFrqSenderSize = 0; + foreach $Sender (keys %{$DeSuTbl{$User}}) { + $ConnsSender += $DeSuTbl{$User}{$Sender}; + $ThisSender = $DeSuTbl{$User}{$Sender}; + $SizeSender += $DeSuTblSz{$User}{$Sender}; + if ($ThisSender > $MostFrqSenderNmb) { + $MostFrqSender = $Sender; + $MostFrqSenderNmb = $DeSuTbl{$User}{$Sender}; + } + } + $MostFrqSenderSize = $DeSuTblSz{$User}{$MostFrqSender}; + + $Conns = $ConnsSender; + $Size = $SizeSender; + $UserLength = length($User); + $UserSpaceLength = 52 - $UserLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 7 - $CountLength; + $SizeSpaceLength = 12 - length($Size); + print "\n" ." " x $UserSpaceLength . $User . " |" . " " x $CountSpaceLength . $Conns . " |" . + " " x $SizeSpaceLength . $Size; + if ($MostFrequentSender) { + $SenderLength = length("(MstFrqSnd $MostFrqSender)"); + $SenderSpaceLength = 52 - $SenderLength; + $CountLength = length("$MostFrqSenderNmb"); + $CountSpaceLength = 7 - $CountLength; + $SizeSpaceLength = 12 - length($MostFrqSenderSize); + print "\n" ." " x $SenderSpaceLength . "(MstFrqSnd $MostFrqSender)" . " |" . " " x $CountSpaceLength . + $MostFrqSenderNmb . " |" . + " " x $SizeSpaceLength . $MostFrqSenderSize."\n"; + #"\nFrom $MostFrqSender: $MostFrqSenderNmb, $MostFrqSenderSize bytes" + } + $ConnCount += $Conns; + $SizeAll += $Size; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 61 - $CountLength; + $SizeLength = length($SizeAll); + $SpaceSizeLength = 12 - $SizeLength; + print "\n" . "-" x 75; + print "\n" . " " x $CountSpaceLength . "$ConnCount" . " |" . + " " x $SpaceSizeLength . $SizeAll . + "\n\n\n"; +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +sub MakeTblReason() { + $OrigReason = shift; + + if ( + (!((( $TblReason) = ( $OrigReason =~ /^(".*?").*/ ))) and + (!(( $TblReason) = ( $OrigReason =~ /^(.*?): .*/ )))) or + !($RemoveAdditionalInfo) + ) { + $TblReason = $Reason; + } + return $TblReason; +} + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/cron b/log.d/configs/linux/scripts/services/cron new file mode 100755 index 0000000..e1fe9df --- /dev/null +++ b/log.d/configs/linux/scripts/services/cron @@ -0,0 +1,162 @@ +#!/usr/bin/perl +########################################################################## +# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $ +########################################################################## +# $Log: cron,v $ +# Revision 1.17 2004/06/21 15:07:21 kirk +# - Added check for large user mailboxes +# - Added pop3 and imapd filters +# - Updated clamav support +# - New cisco log filter +# - Tons of updates to existing filters (too many to list!) +# +# Revision 1.16 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.15 2004/06/21 14:24:46 kirk +# RH9 fix from Jindrich Kubec +# +# Revision 1.13 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +$Startups = 0; +$Reloads = 0; +$MailErrors = 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( + ($ThisLine =~ /Updated timestamp for job/) + ) { + # Ignore + } elsif ( + ($ThisLine =~ s/^([^ ]+) \([^ ]+\)\s+//) or + ($ThisLine =~ s/^\S+\s+\S+\s+..:..:..\s+\S+\s+\S+\[\d+\]:\s+\((\S+)\)\s+//) + ) { + $User = $1; + + if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) { + $Runs->{$User}->{$ThisLine}++; + } elsif ($ThisLine =~ /ORPHAN \(no passwd entry\)/) { + $Orphans++; + } elsif ($ThisLine =~ s/^(BEGIN|END) EDIT \((.+)\)\s*$/$2/) { + $Runs->{$ThisLine}->{'personal crontab edited'} += 0.5; + } elsif ($ThisLine =~ s/^REPLACE \((.+)\)\s*$/$1/) { + $Runs->{$ThisLine}->{'personal crontab replaced'}++; + } elsif ($ThisLine =~ s/^LIST \((.+)\)\s*$/$1/) { + $Runs->{$ThisLine}->{'personal crontab listed'}++; + } elsif ($ThisLine =~ s/^DELETE \((.+)\)\s*$/$1/) { + $Runs->{$User}->{'personal crontab deleted'}++; + } elsif ($ThisLine =~ /^STARTUP \(fork ok\)\s*$/ ) { + $Startups++; + } elsif ($ThisLine =~ m/^STARTUP \(\d+ jobs to catch up\)/ ) { + $Startups++; + } elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) { + $Runs->{$User}->{'personal crontab reloaded'}++; + } elsif ( $ThisLine =~ /^MAIL \(mailed \d+ bytes of output but got status [^ ]+/) { + $MailErrors++; + } elsif ( $ThisLine =~ /^AUTH \(crontab command not allowed\)/) { + $CronDeny{$User}++; + } elsif ( $ThisLine =~ /^WRONG INODE INFO \([^ ]+\)/) { + $InodeError{$User}++; + } elsif ( ($Reason) = ($ThisLine =~ /^error \((.+)\)$/) ) { + $Errors{$Reason}++; + } else { + # Report any unmatched entries... + push @OtherList, "$ThisLine\n"; + } + } elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) { + $Reloads++; + } elsif ( $User = ($ThisLine =~ /^(.*) \([^ ]+\) RELOAD \(.*\)$/ ) ) { + $UserReloads{$User}++; + } else { + # Report any unmatched entries... + push @OtherList, "$ThisLine\n"; + } +} + +####################################### + +if (%CronDeny) { + print "Attempt to use crontab by unauthorized users:\n"; + foreach $User (sort {$a cmp $b} keys %CronDeny) { + print " $User : $CronDeny{$User} Time(s)\n"; + } +} + +if (%InodeError) { + print "\nInode errors in crontab files of users:\n"; + foreach $User (sort {$a cmp $b} keys %InodeError) { + print " $User : $InodeError{$User} Time(s)\n"; + } +} + +if (keys %Errors) { + print "Errors when running cron:\n"; + foreach $Reason (sort {$a cmp $b} keys %Errors) { + print " $Reason: $Errors{$Reason} Time(s)\n"; + } +} + +if (keys %{$Runs} and ($Detail >= 5)) { + print "\n\nCommands Run:\n"; + foreach $i (sort {$a cmp $b} keys %{$Runs}) { + print " User $i:\n"; + foreach $j (sort {$a cmp $b} keys %{$Runs->{$i}}) { + print " $j: " . $Runs->{$i}->{$j} . " Time(s)\n"; + } + } +} + +if ($Detail >= 10) { + if (keys %UserReloads) { + print " User crontabs reloaded:\n"; + foreach $i (keys %UserReloads) { + print " $i $UserReloads{$i} Time(s)\n"; + } + } + + if ($Orphans) { + print " ORPHAN entries: $Orphans\n"; + } + + if ($Startups > 0) { + print "\nCRON Restarted $Startups Time(s)\n"; + } + + if ($Reloads > 0) { + print "\nCRON Reloaded system crontab $Reloads Time(s)\n"; + } + + if ($MailErrors > 0) { + print "\nMAIL sending errors $MailErrors Time(s)\n"; + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/dhcpd b/log.d/configs/linux/scripts/services/dhcpd new file mode 100755 index 0000000..7b0fa1c --- /dev/null +++ b/log.d/configs/linux/scripts/services/dhcpd @@ -0,0 +1,135 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: dhcpd,v 1.10 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my %data; + +# This filter is very basic... much more could be done with it + +while (my $line = ) { + chomp $line; + $line =~ s/^\s+//; + $line =~ s/\s+$//; + next unless $line; + if ( + # All of these entries are generated at startup :( + ($line =~ /^Internet Software Consortium DHCP Server/) or + ($line =~ /^Copyright/) or + ($line =~ /^All rights reserved/) or + ($line =~ /^Please contribute if you find this software useful/) or + ($line =~ /^For info, please visit/) or + # Other lines to ignore + ($line =~ /^Wrote .* to leases file\./) or + ($line =~ /^already acking lease/) or + ($line =~ /^dhcpd shutdown .*succeeded/) or + ($line =~ /^dhcpd startup .*succeeded/) or + ($line =~ /^Sending on/) or + ($line =~ /^Dynamic and static leases present for/) or + ($line =~ /^from the dynamic address pool for/) or + ($line =~ /^DHCPACK/) or + ($line =~ /^DHCPNAK/) or + ($line =~ /^DHCPINFORM/) or + ($line =~ /^DHCPDISCOVER/) or + ($line =~ /^DHCPREQUEST/) or + ($line =~ /^DHCPRELEASE/) + ) { + # Ignore these lines + } elsif ($line =~ s/Listening on\s+//) { + $data{'DHCP Server Listening On'}{$line}++; + } elsif ( + ($line =~ /^you want, please write a subnet declaration/) or + ($line =~ /^in your dhcpd.conf file for the network segment/) or + ($line =~ /^to which interface [a-z\d]+ is attached./) or + + ($line =~ /^If you did not get this software from ftp.isc.org, please/) or + ($line =~ /^get the latest from ftp.isc.org and install that before/) or + ($line =~ /^requesting help./) or + + ($line =~ /^If you did get this software from ftp.isc.org and have not/) or + ($line =~ /^yet read the README, please read it before requesting help./) or + + ($line =~ /^If you intend to request help from the dhcp-server\@isc.org/) or + ($line =~ /^mailing list, please read the section on the README about/) or + ($line =~ /^help directly to the authors of this software - please/) or + ($line =~ /^submitting bug reports and requests for help./) or + + ($line =~ /^Please do not under any circumstances send requests for/) or + ($line =~ /^help directly to the authors of this software - please/) or + ($line =~ /^send them to the appropriate mailing list as described in/) or + ($line =~ /^the README file./) + ) { + # Do nothing + + } elsif ($line =~ s/^exiting./DHCP server exiting./) { + $data{'Generic error'}{$line}++; + } elsif ($line =~ /^There's already a DHCP server running./) { + $data{'Generic error'}{$line}++; + } elsif ($line =~ s/^\*\* Ignoring requests on ([a-z\d]+). If this is not what\s*$/Ignoring interface $1/) { + $data{'Config error'}{$line}++; + } elsif ($line =~ s/^No subnet declaration for ([a-z\d]+) ([()\d.]+).\s*$/No subnet declaration for $1 $2/) { + $data{'Config error'}{$line}++; + } elsif ($line =~ s/^DHCPOFFER on ([\d\.]+) to ([a-f\d:]+) via (\S+)\s*$/$1 -> $2 ($3)/) { + if ($Detail >= 5) { + $data{'Addresses Leased'}{$line}++; + } + } elsif ($line =~ s/^DHCPOFFER on ([\d\.]+) to ([a-f\d:]+) \(([a-zA-Z\d_-]+)\) via (\S+)\s*$/$1 -> $2 [$3] ($4)/) { + if ($Detail >= 5) { + $data{'Addresses Leased'}{$line}++; + } + } elsif ($line =~ s/^added reverse map from ([\d]+).([\d]+).([\d]+).([\d]+).in-addr.arpa. to ([a-zA-Z\d._-]+)\s*$/Add reverse $4.$3.$2.$1 -> $5/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ s/^removed reverse map on ([\d]+).([\d]+).([\d]+).([\d]+).in-addr.arpa.\s*$/Remove reverse $4.$3.$2.$1/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ s/^Added new forward map from ([a-zA-Z\d\-_.]+) to ([\d.]+)\s*$/Add forward $1 -> $2/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ s/^if ([a-zA-Z\d\-_.]+) IN A rrset doesn't exist delete ([a-zA-Z\d\-_.]+) IN TXT "([a-f\d]+)": success.\s*$/Remove forward TXT from $1 (TXT "$3")/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ s/^if ([a-zA-Z\d\-_.]+) IN TXT "([a-f\d]+)" rrset exists and ([a-zA-Z\d\-_.]+) IN A ([\d.]+) rrset exists delete ([a-zA-Z\d\-_.]+) IN A ([\d.]+): success.\s*$/Remove forward $1 -> $4 (TXT "$2")/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ /^.* rrset .*/) { + if ($Detail >= 7) { + $data{'DNS Mappings'}{$line}++; + } + } elsif ($line =~ s/^Remove host declaration ([a-zA-Z\d.]+) or remove ([\d.]+)\s*$/Host $2 ($1) has static and dynamic mappings, remove other./) { + if ($Detail >= 3) { + $data{'Warnings'}{$line}++; + } + } else { + $data{'Unknown Entries'}{$line}++; + } +} + +if (keys %data) { + foreach my $type (keys %data) { + print "$type:\n"; + foreach my $entry (sort {$a cmp $b} keys %{$data{$type}}) { + print " $entry: $data{$type}{$entry} Time(s)\n"; + } + print "\n"; + } +} + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/disk_space b/log.d/configs/linux/scripts/services/disk_space new file mode 100755 index 0000000..bb7d64d --- /dev/null +++ b/log.d/configs/linux/scripts/services/disk_space @@ -0,0 +1,13 @@ +#!/bin/bash +########################################################################## +# $Id: disk_space,v 1.1 2003/01/13 04:00:59 kirk Exp $ +########################################################################## + +if [ "$PRINTING" = "y" ] ; then + echo + echo + echo "------------------ Disk Space --------------------" + echo + df -h + echo +fi diff --git a/log.d/configs/linux/scripts/services/exim b/log.d/configs/linux/scripts/services/exim new file mode 100755 index 0000000..73cdca8 --- /dev/null +++ b/log.d/configs/linux/scripts/services/exim @@ -0,0 +1,156 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: exim,v 1.9 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This module requires Date::Calc and Tie::IxHash!! +# To install, run this as root: +# root> perl -MCPAN -eshell +# cpan> install Date::Calc +# cpan> install Tie::IxHash +######################################################## + +######################################################## +# This was written and is maintained by: +# Dariusz Nierada +######################################################## + +# aby hashe wychodzily w tej kolejnosci co wchodza +eval "require Tie::IxHash" or exit 0; +eval "require Date::Calc qw(Delta_Days)" or exit 0; +use Time::localtime; # czas dla wyswietlania tylko wczorajszych logow + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +# procedura sortujaca tak jak ja chce (bo tamta sotrowala po ASCII) +sub wedlug_liczb { + ($aa) = ($a =~ /^(\d+).+/); + ($bb) = ($b =~ /^(\d+).+/); + $aa <=> $bb; +} + +# START + +tie(%mmsg, Tie::IxHash); # dla normalnego (w kolejnosci wpisywania) wypisywania haszy + +# jaki dzis dzien? +$tm = localtime; +($day2, $month2, $year2) = ($tm->mday, $tm->mon, $tm->year); +$month2++; $year2 += 1900; + +while (defined($ThisLine = )) { + chomp($ThisLine); + # pobierz dzisiejsza date z 2002-03-31 22:13:48 ... + do { + $BadFormat{$ThisLine}++; + next; + } unless ($year1,$month1,$day1) = ($ThisLine =~ /^(\d+)\-(\d+)\-(\d+)\s.+/); + # a jaka jest roznica czasu? + $days = Delta_Days( $year1, $month1, $day1, $year2, $month2, $day2); + + if ($days == 1) { # TYLKO Z WCZORAJ + # if ( $ThisLine =~ s/^modprobe: Can\'t locate module (\w+)\s*$/$1/ ) { + if ( $ThisLine =~ /End queue run\:/ ) { + $EndQueue++; + } + elsif ( $ThisLine =~ /Start queue run\:/ ) { + $StartQueue++; + } + elsif ( $ThisLine =~ /refused relay/ || $ThisLine =~ /rejected RCPT/ ) { + $Relay++; + @RelayH = (@RelayH, $ThisLine); + } + elsif ( $ThisLine =~ /^\d+\-\d+\-\d+\s\d+\:\d+\:\d+\s\w+\-\w+\-\w+\s/ ) { # inne wiadomosci przesylane przez EXIMA + ($mdate,$mtime,$mid,$mrest) = ($ThisLine =~ /^(\d+\-\d+\-\d+)\s(\d+\:\d+\:\d+)\s(\w+\-\w+\-\w+)(.+)/); + $licze++; # Dodaje taki licznik aby potem przy wypisaniu posortowac po nim, bo wypisywal nie po kolei + $mmsg{$mid}{$licze.$mrest} = "$mdate $mtime"; + + } + else + { + $OtherList{$ThisLine}++; + } + } #end tylko z wczoraj +} #end while + +if (%BadFormat) { + print "\n***** BAD FORMAT (Possible data corruption or Exim bug) *****\n"; + foreach $ThisOne (keys %BadFormat) { + print "$ThisOne\n"; + } +} + +if ($Detail >= 5) { + # Start Queue + $StartQueue and print "\nStart queue run: $StartQueue Time(s)\n"; + # End Queue + $EndQueue and print "End queue run: $EndQueue Time(s)\n"; + + # Relaye! + if (@RelayH) { + print "\n--- Refused Relays \n"; + print "--- \(eg. spam try\): $Relay Time(s)\n\n"; + + foreach $ThisOne (@RelayH) { + print "$ThisOne\n"; + } + } +} + +# Messages by ID +if (keys %mmsg and ($Detail >= 10)) { + my $tmsgcount=0; + my $tmsgrcpts=0; + print "\n--- Messages history ---\n\n"; + foreach $tmsg (keys %mmsg) { + my @tmsgkeys = sort {wedlug_liczb} keys %{$mmsg{$tmsg}}; + my $immed_deliv = 1; + $immed_deliv = 0 unless $tmsgkeys[0] =~ /^\d+ <=/; + foreach my $key (@tmsgkeys[1..$#tmsgkeys-1]) { + $immed_deliv = 0 unless $key =~ /^\d+ [-=]>/; + } + $immed_deliv = 0 unless $tmsgkeys[$#tmsgkeys] =~ /^\d+ Completed/; + my $qttmsgcount = 0; + my $oldqttmsg = ''; + if (!$immed_deliv) { + print "\-MsgID: $tmsg\: \n"; + foreach $ttmsg (@tmsgkeys) { + $qttmsg = $ttmsg; + $qttmsg =~ s/^\d+//; # wywal licznik na poczatku (te od sortowania) + $qttmsg =~ s/P\=e*smtp S.+//; # wywal koncowki typu: P=smtp S=372023 id= + if ($oldqttmsg eq $qttmsg) { + $qttmsgcount++; + } else { + $oldqttmsg = $qttmsg; + if ($qttmsgcount > 0) { + print "\tlast message repeated $qttmsgcount times\n"; + $qttmsgcount = 0; + } + print "\t$mmsg{$tmsg}{$ttmsg}$qttmsg\n"; + } + } + if ($qttmsgcount > 0) { + print "\tlast message repeated $qttmsgcount times\n"; + } + } else { + $tmsgcount++; + $tmsgrcpts+=$#tmsgkeys-1; + } + } + print "$tmsgcount messages delivered immediately "; + print "to $tmsgrcpts total recipients\n"; +} + +# INNE Badziewia +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/ftpd-messages b/log.d/configs/linux/scripts/services/ftpd-messages new file mode 100755 index 0000000..493e213 --- /dev/null +++ b/log.d/configs/linux/scripts/services/ftpd-messages @@ -0,0 +1,173 @@ +#!/usr/bin/perl +########################################################################## +# $Id: ftpd-messages,v 1.25 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$IgnoreUnmatched = $ENV{'ftpd_ignore_unmatched'}; + +while (defined($ThisLine = )) { + if ( ( $ThisLine =~ /FTP session closed$/ ) or + ( $ThisLine =~ /^getpeername \(in.ftpd\): Transport endpoint is not connected$/ ) or + ( $ThisLine =~ /^QUIT$/ ) or + ( $ThisLine =~ /^[\w\.]+: connected: IDLE\s\[\d+\]: failed login from/ ) or ( $ThisLine =~ /^lost connection to / ) or + ( $ThisLine =~ /^wu-ftpd - TLS settings:/ ) or + + # The connect info is extracted elsewhere: + ( $ThisLine =~ /^USER / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: USER [^ ]+\[\d+\]:/ ) or + + ( $ThisLine =~ /^PASS / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: IDLE\[\d+\]: PASS password$/ ) or + + # These are uninteresting: + ( $ThisLine =~ /^[^ ]+: [^ ]+: TYPE / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: PORT / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: STOR / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: RNFR / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: RNTO / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: SYST\[\d+\]: SYST$/ ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: QUIT\[\d+\]: QUIT$/ ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: PASV\[\d+\]: PASV$/ ) or + + # Some people may want these things below, but not in a simple upfront security + ( $ThisLine =~ /^[^ ]+: [^ ]+: RETR / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: LIST / ) or + ( $ThisLine =~ /^[^ ]+: [^ ]+: NLST / ) or + + # 62.161.227.69: connected: SYST[27800]: cmd failure - not logged in + ( $ThisLine =~ /^[^ ]+: [^ ]+: SYST\[\d+\]: cmd failure - not logged in$/ ) or + ( $ThisLine =~ /^User .* timed out after .* seconds at .*$/ ) ) { + + # We don't care about any of these + + } elsif ( ($Host,$IP,$Email) = ( $ThisLine =~ /^ANONYMOUS FTP LOGIN FROM ([^ ]+) \[(.*)\], (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $Email . " - "; + $AnonLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /FTP LOGIN FROM ([^ ]+) \[(.*)\], (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $User . " - "; + $UserLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /^FTP LOGIN REFUSED \(.+\) FROM ([^ ]+) \[(.*)\], (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $User . " - "; + $FailedLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /REFUSED .+ from ([^ ]+) \[(.*)\], (.*)$/i ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $User . " - "; + $FailedLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /^failed login from ([^ ]+) \[(.*)\], (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $User . " - "; + $FailedLogins{$Temp}++; + } elsif ( ($Limit,$Class,$Host,$IP) = ( $ThisLine =~ /^ACCESS DENIED \(user limit (.*)\; class (.*)\) TO (.*) \[(.*)\]/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): class " . $Class . " (Limit: " . $Limit . ") - "; + $FailedLogins{$Temp}++; + } elsif ( ($Host,$IP) = ( $ThisLine =~ /^FTP ACCESS REFUSED \(anonymous password not rfc822\) from (.*) \[(.*)\]/ ) ) { + $Temp = " " . $Host . " (" . $IP . ") - "; + $FailedLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /failed login from ([^ ]+) \[(.*)\]$/ ) ) { + $Temp = " " . $Host . " (" . $IP . ") - "; + $FailedLogins{$Temp}++; + } elsif ( ($IP,$Host) = ( $ThisLine =~ /^refused PORT ([\d.]+),\d+ from (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . ") - "; + $RefusedPorts{$Temp}++; + } elsif ( $ThisLine =~ /^exiting on signal 11: Segmentation fault$/ ) { + $SegFault++; + } elsif ( ($User,$Host,$IP,$File) = ( $ThisLine =~ /^([^ ]+) of ([^ ]*) \[(.*)\] deleted (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $User . "\n"; + $Temp2 = " " . $File . "\n"; + push @{$DeletedFiles{$Temp}}, $Temp2; + } elsif ( ($User,$Pass,$Host,$IP) = ( $ThisLine =~ /(.*)\((.*)\) of (.*) \[(.*)\] tried to/) ) { + $Temp = " " . $Host . " ($IP): " . $User . " ($Pass) - "; + $SecurityViolations{$Temp}++; + } elsif ( ($Host,$User,$IP) = ( $ThisLine =~ /(.*)\: (.*)\: SITE .* \[(.*)\] tried to/) ) { + $Temp = " " . $Host . " ($IP): " . $User . " - "; + $SecurityViolations{$Temp}++; + } elsif ( ($Host,$IP) = ( $ThisLine =~ /^FTP LOGIN FAILED \(cannot set guest privileges\) for ([^ ]+) \[(.*)\], ftp$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): - "; + $RefusedAnonLogins{$Temp}++; + } elsif ( ($Host, $User) = ( $ThisLine =~ /^([^ ]+): ([^ ]+): IDLE\[\d+\]: User [^ +]+ timed out after / ) ) { + # dhcp024-208-136-047.insight.rr.com: visitor: IDLE[23195]: User visitor timed out after 900 seconds at Mon Jan 13 00:25:24 2003 + $TimedOut{" " . $Host . " : " . $User}++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if ( (keys %AnonLogins) and ($Detail >= 10) ) { + print "\nAnonymous FTP Logins:\n"; + foreach $ThisOne (keys %AnonLogins) { + print $ThisOne . $AnonLogins{$ThisOne} . " Time(s)\n"; + } +} + +if ((keys %DeletedFiles) and ($Detail >= 10)) { + print "\nFiles deleted through FTP:\n"; + foreach $ThisOne (keys %DeletedFiles) { + print $ThisOne; + print @{$DeletedFiles{$ThisOne}}; + } +} + +if ((keys %UserLogins) and ($Detail >= 5)) { + print "\nUser FTP Logins:\n"; + foreach $ThisOne (keys %UserLogins) { + print $ThisOne . $UserLogins{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %FailedLogins) { + print "\nFailed FTP Logins:\n"; + foreach $ThisOne (keys %FailedLogins) { + print $ThisOne . $FailedLogins{$ThisOne} . " Time(s)\n"; + } +} + +if ( (keys %RefusedPorts) and ($Detail >= 10) ) { + print "\nRefused PORTs:\n"; + foreach $ThisOne (keys %RefusedPorts) { + print $ThisOne . $RefusedPorts{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %TimedOut) { + print "\nConnections timed out:\n"; + foreach $ThisOne (keys %TimedOut) { + print $ThisOne . $TimedOut{$ThisOne} . " Time(s)\n"; + } +} + +if ( (keys %SecurityViolations) and ($Detail >= 5) ) { + print "\nFailed filesystem violations:\n"; + foreach $ThisOne (keys %SecurityViolations) { + print $ThisOne . $SecurityViolations{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %RefusedAnonLogins) { + print "\nRefused anonymous FTP Logins:\n"; + foreach $ThisOne (keys %RefusedAnonLogins) { + print $ThisOne . $RefusedAnonLogins{$ThisOne} . " Time(s)\n"; + } +} + +if ($SegFault > 0) { + print "\nexiting on signal 11: Segmentation fault: $SegFault Time(s)\n"; +} + +if (($#OtherList >= 0) and (not $IgnoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/ftpd-xferlog b/log.d/configs/linux/scripts/services/ftpd-xferlog new file mode 100755 index 0000000..36f9b6a --- /dev/null +++ b/log.d/configs/linux/scripts/services/ftpd-xferlog @@ -0,0 +1,177 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: ftpd-xferlog,v 1.17 2004/06/21 13:46:21 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +sub remove_dups { + my(@info)=sort @_; + + my(%count,@out,$i); + foreach $i (@info) { + $count{$i}++; + } + + foreach $i (keys %count) { + my($j)=$i; + $j =~ s/\n//; + if ($count{$i} > 1) { + push @out, $j . " (".$count{$i}." Times)\n"; + } else { + push @out, "$j\n"; + } + } + return @out; +} + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$FTPDetail = $ENV{'detail_transfer'}; + +$TotalBytesOut = 0; +$TotalBytesIn = 0; + +while (defined($ThisLine = )) { + # Remove transfer time if it is there + if ( ($RemoteHost,$Size,$FileName,$Direction,$AccessMode,$UserName) = + ( $ThisLine =~ /^([^ ]+) (\d+) (.*) . . (.) (.) (.*) ftp . .*$/ ) ) { + if ( $AccessMode eq 'a' ) { + # Anonymous transfers + if ( $Direction eq 'o' ) { + # File was outgoing + $TotalBytesOut += $Size; + if ($Detail >= 15) { + $Temp = ' ' . $FileName . ' -> ' . $RemoteHost . ' (Email: ' . $UserName . ")\n"; + } + else { + $Temp = ' ' . $FileName . ' -> ' . $RemoteHost . "\n"; + } + push @AnonOut, $Temp; + $FilesOut{$FileName}++; + } elsif ( $Direction eq 'd' ) { + $Temp = ' ' . $FileName . ' Deleted ' . $RemoteHost . ' (Email: ' . $UserName . ")\n"; + push @DeletedFiles, $Temp; + } else { + # File was incoming + $TotalBytesIn += $Size; + if ($Detail >= 15) { + $Temp = ' ' . $RemoteHost . ' -> ' . $FileName . ' (User: ' . $UserName . ")\n"; + } + else { + $Temp = ' ' . $RemoteHost . ' -> ' . $FileName . "\n"; + } + push @AnonIn, $Temp; + } + } elsif ( $AccessMode eq 'g' ) { + # Guest transfers + if ( $Direction eq 'o' ) { + # File was outgoing + $TotalBytesOut += $Size; + $Temp = ' ' . $FileName . ' -> ' . $RemoteHost . ' (User: ' . $UserName . ")\n"; + push @GuestOut, $Temp; + } elsif ( $Direction eq 'd' ) { + $Temp = ' ' . $FileName . ' Deleted ' . $RemoteHost . ' (User: ' . $UserName . ")\n"; + push @DeletedFiles, $Temp; + } else { + # File was incoming + $TotalBytesIn += $Size; + $Temp = ' ' . $RemoteHost . ' -> ' . $FileName . ' (User: ' . $UserName . ")\n"; + push @GuestIn, $Temp; + } + } elsif ( $AccessMode eq 'r' ) { + # User transfers + if ( $Direction eq 'o' ) { + # File was outgoing + $TotalBytesOut += $Size; + $Temp = ' ' . $FileName . ' -> ' . $RemoteHost . ' (User: ' . $UserName . ")\n"; + push @UserOut, $Temp; + } elsif ( $Direction eq 'd' ) { + $Temp = ' ' . $FileName . ' Deleted ' . $RemoteHost . ' (User: ' . $UserName . ")\n"; + push @DeletedFiles, $Temp; + } else { + # File was incoming + $TotalBytesIn += $Size; + $Temp = ' ' . $RemoteHost . ' -> ' . $FileName . ' (User: ' . $UserName . ")\n"; + push @UserIn, $Temp; + } + } + } else { + # Report any unmatched entries... + push @OtherList, $ThisLine; + } +} + +@AnonOut=&remove_dups(@AnonOut); +@AnonIn=&remove_dups(@AnonIn); +@GuestOut=&remove_dups(@GuestOut); +@GuestIn=&remove_dups(@GuestIn); +@UserOut=&remove_dups(@UserOut); +@UserIn=&remove_dups(@UserIn); +@OtherList=&remove_dups(@OtherList); +@DeletedFiles=&remove_dups(@DeletedFiles); + + +$TotalKBytesOut = int $TotalBytesOut/1000; +$TotalKBytesIn = int $TotalBytesIn/1000; +$TotalMBytesOut = int $TotalKBytesOut/1000; +$TotalMBytesIn = int $TotalKBytesIn/1000; +($TotalKBytesOut > 0) and print "TOTAL KB OUT: " . $TotalKBytesOut . "KB (" . $TotalMBytesOut . "MB)\n"; +($TotalKBytesIn > 0) and print "TOTAL KB IN: " . $TotalKBytesIn . "KB (" . $TotalMBytesIn . "MB)\n"; + +if (@AnonIn) { + print "\nIncoming Anonymous FTP Transfers:\n"; + print @AnonIn; +} + +if ( (keys %FilesOut) and ($Detail >= 5) and ($Detail < 10) ) { + print "\nOutgoing Anonymous FTP Transfers (By File):\n"; + foreach (sort keys %FilesOut) { + print " $_: $FilesOut{$_} Time(s)\n"; + } +} + +if ( (@GuestIn) and ($Detail >= 10) and ($FTPDetail > 0)) { + print "\nIncoming Guest FTP Transfers:\n"; + print @GuestIn; +} + +if ( (@GuestOut) and ($Detail >= 10) and ($FTPDetail > 0)) { + print "\nOutgoing Guest FTP Transfers:\n"; + print @GuestOut; +} + +if ( (@AnonOut) and ($Detail >= 10) ) { + print "\nOutgoing Anonymous FTP Transfers:\n"; + print @AnonOut; +} + +if ( (@UserIn) and ($Detail >= 10) and ($FTPDetail > 0)) { + print "\nIncoming User FTP Transfers:\n"; + print @UserIn; +} + +if ( (@UserOut) and ($Detail >= 10) and ($FTPDetail > 0)) { + print "\nOutgoing User FTP Transfers:\n"; + print @UserOut; +} + +if ( (@DeletedFiles) and ($Detail >= 10) and ($FTPDetail > 0)) { + print "\nDeleted Files:\n"; + print @DeletedFiles; +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/http b/log.d/configs/linux/scripts/services/http new file mode 100755 index 0000000..3b1be03 --- /dev/null +++ b/log.d/configs/linux/scripts/services/http @@ -0,0 +1,463 @@ +#!/usr/bin/perl +########################################################################## +# $Id: http,v 1.12 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: http,v $ +# Revision 1.12 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.11 2004/06/21 14:27:19 kirk +# Patch from logwatch@iamafreeman.com +# +# Revision 1.10 2004/06/21 13:37:07 kirk +# *** empty log message *** +# +# Revision 1.9 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Michael Romeo +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + + +use strict; +# use re "debug"; +# +# parse httpd access_log +# +# Get the detail level and +# Build tables of the log format to parse it and determine whats what +# + +my $detail = 10; +my @log_fields =(); +my @log_format =(); +my $ignore_error_hacks = 0; +$detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; +@log_fields = split(" ", $ENV{'http_fields'}); +@log_format = split(" ", $ENV{'http_format'}); +$ignore_error_hacks = $ENV{'http_ignore_error_hacks'}; + +# +# Initialization etc. +# + +my $byte_summary = 0; +my $failed_requests = 0; +my %field = (); +my %hacks =(); +my %hack_success =(); +my %needs_exam =(); +my %ban_ip =(); +my %robots =(); +my $pattern = ""; +my $flag = 0; +my $isahack = 0; +my $a5xx_resp = 0; +my $a4xx_resp = 0; +my $a3xx_resp = 0; +my $a2xx_resp = 0; +my $a1xx_resp = 0; +my $image_count = 0; +my $image_bytes = 0; +my $docs_count = 0; +my $docs_bytes = 0; +my $archive_count = 0; +my $archive_bytes = 0; +my $sound_count = 0; +my $sound_bytes = 0; +my $movie_count = 0; +my $movie_bytes = 0; +my $winexec_count = 0; +my $winexec_bytes = 0; +my $content_count = 0; +my $content_bytes = 0; +my $redirect_count = 0; +my $redirect_bytes = 0; +my $other_count = 0; +my $other_bytes = 0; +my $total_hack_count = 0; +my $wpad_count = 0; +my $wpad_bytes = 0; +my $src_count = 0; +my $src_bytes = 0; +my $logs_count = 0; +my $logs_bytes = 0; +my $images_count = 0; +my $images_bytes = 0; +my $fonts_count = 0; +my $fonts_bytes = 0; +my $proxy_count = 0; +my $proxy_bytes = 0; +my %proxy_host = (); +my $host = ""; + +###################### +my $image_types = '(\.bmp|\.cdr|\.emz|\.gif|\.ico|\.jpeg|\.jpg|\.png|\.sxd|\.tif|\.tiff|\.wbmp|\.wmf|\.wmz|\.xdm)'; +my $content_types = '('; + $content_types = $content_types.'\/server-status|\/server-info'; + $content_types = $content_types.'|\.htm|\.html|\.jhtml|\.phtml|\.shtml|\/'; + $content_types = $content_types.'|\.inc|\.php|\.php3|\.asp|\.pl|\.wml|\/'; + $content_types = $content_types.'|\.css|\.js|\.cgi|\/'; + $content_types = $content_types.'|\.fla|\.swf|\/'; + $content_types = $content_types.'|\.class|\.jsp|\.jar|\.java|\/'; + $content_types = $content_types.'|COPYRIGHT|readme|README|FAQ|INSTALL|\.txt)'; +my $docs_types = '(\.asc|\.doc|\.dot|\.dvi|\.gnumeric|\.mcd|\.mso|\.pdf|\.pps|\.ppt|\.ps|\.rtf|\.sxi|\.tex|\.text|\.xls|\.xml)'; +my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.Z|\.zip)'; +my $sound_types = '(\.au|\.mid|\.mp3|\.ram|\.raw|\.rm|\.wav|\.wma|\.wmv|\.xsm)'; +my $movie_types = '(\.asf|\.ass|\.avi|\.idx|\.mid|\.mpg|\.mpeg|\.mov|\.qt|\.psb|\.srt|\.ssa|\.smi|\.sub)'; +my $winexec_types = '(\.bat|\.com|\.exe|\.dll)'; +my $wpad_files = '(wpad\.dat|wspad\.dat|proxy\.pac)'; +my $program_src = '('; + $program_src = $program_src.'(\.bas|\.c|\.cfg|\.conf|\.config|\.cpp|\.diff|\.f|\.h|\.init|\.m|\.pas|\.patch|\.spec)'; + $program_src = $program_src.'(Makefile|Makefile_c|Makefile_f77)'; +my $images_types = '(\.bin|\.cue|\.img|\.iso|\.run)'; +my $logs_types = '(\.log|_log|-log|\.logs|\.out|\.wyniki)'; +my $fonts_types = '(\.aft|\.ttf)'; + +# +# what to look for as an attack USE LOWER CASE!!!!!! +# +my @exploits = ( + '/../../../', + '../../config.sys', + '/../../../autoexec.bat', + '/../../windows/user.dat', + '\\\x02\\\xb1', + '\\\x04\\\x01', + '\\\x05\\\x01', + '\\\x90\\\x02\\\xb1\\\x02\\\xb1', + '\\\x90\\\x90\\\x90\\\x90', + '\\\xff\\\xff\\\xff\\\xff', + '\/c\+dir', + '\/c\+dir\+c', + 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', + 'author.exe', + 'cmd.exe', + 'cltreq.asp', + 'c%20dir%20C', + 'default.ida', + 'httpodbc.dll', + 'nsiislog.dll', + 'owssvr.dll', + 'phpmyadmin', + 'root.exe', + 'shtml.exe', + 'win.ini', + 'XXXXXXXXXXXXXXXXXXXXXX' +); + +# +# Define some usefull RE paterns +# + +my %re_pattern = (space => '(.*)', + brace => '\[(.*)\]', + quote => '\"(.*)\"'); + +# +# Build the regex to parse the line +# + +for (my $i = 0; $i < @log_format; $i++) { + # print "$i $log_format[$i] $re_pattern{$log_format[$i]} \n"; + $pattern = $pattern.$re_pattern{$log_format[$i]}.'\\s'; +} + +# this is easier than coding last element logic in the loop + + +chop($pattern); +chop($pattern); + +################# print "RE pattern = $pattern \n"; + +# +# Process log file on stdin +# + +while (my $line = ) { + chomp($line); + + ################## print "Line = $line \n"; + + # + # parse the line per the input spec + # + + my @parsed_line = $line =~ /$pattern/o; + + # hash the results so we can identify the fields + # + for (my $i = 0; $i < @log_fields; $i++) { + # print "$i $log_fields[$i] $parsed_line[$i] \n"; + $field{$log_fields[$i]} = $parsed_line[$i]; + } + + ## + ## Do the default stuff + ## + + # + # Break up the request into method, url and protocol + # + + ($field{method},$field{url},$field{protocol}) = split(/ /,$field{"request"}); + $field{lc_url} = lc $field{url}; + + # + # Bytes sent Summary + # Apache uses "-" to represent 0 bytes transfered + # + + if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0}; + + $byte_summary += $field{bytes_transfered}; + # + # loop to check for typical exploit attempts + # + + $isahack = 0; + for (my $i = 0; $i < @exploits; $i++) { + # print "$i $exploits[$i] $field{lc_url} \n"; + if ($field{lc_url} =~ /$exploits[$i]/) { + $hacks{$exploits[$i]} {$field{client_ip}} += 1; + $total_hack_count += 1; + $ban_ip{$field{client_ip}} = " "; + if ($field{http_rc} < 400) { + $hack_success{$field{url}} = $field{http_rc}; + } + $isahack = 1; + } + } + + # + # Count types and bytes + # + # this is only printed if detail > 4 but it also looks + # for 'strange' stuff so it needs to run always + # + + ($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"}); + + if ($field{lc_url} =~ /$image_types$/) { + $image_count += 1; + $image_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$docs_types$/) { + $docs_count += 1; + $docs_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$archive_types$/) { + $archive_count += 1; + $archive_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$sound_types$/) { + $sound_count += 1; + $sound_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$movie_types$/) { + $movie_count += 1; + $movie_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$winexec_types$/) { + $winexec_count += 1; + $winexec_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$content_types$/) { + $content_count += 1; + $content_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$wpad_files$/) { + $wpad_count += 1; + $wpad_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$program_src$/) { + $src_count += 1; + $src_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$images_types$/) { + $images_count += 1; + $images_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$logs_types$/) { + $logs_count += 1; + $logs_bytes += $field{bytes_transfered}; + } elsif ($field{base_url} =~ /$fonts_types$/) { + $fonts_count += 1; + $fonts_bytes += $field{bytes_transfered}; + } elsif ($field{http_rc} =~ /3\d\d/) { + $redirect_count += 1; + $redirect_bytes += $field{bytes_transfered}; + } elsif ($field{method} =~ /CONNECT/) { + $proxy_count += 1; + $proxy_bytes += $field{bytes_transfered}; + $proxy_host{"$field{client_ip} -> $field{base_url}"}++; + } else { + $other_count += 1; + $other_bytes += $field{bytes_transfered}; + if (!$isahack ) { + if ( !$ignore_error_hacks ) { + $needs_exam{$field{request}} .= $field{http_rc}." "; + } elsif ( $field{http_rc} < 400 ) { + $needs_exam{$field{request}} .= $field{http_rc}." "; + } + } + } + + ## + ## Do the > 4 stuff + ## + # + # Response Summary + # + + if ($field{http_rc} > 499 ) { + $a5xx_resp += 1; + } elsif ($field{http_rc} > 399 ) { + $a4xx_resp += 1; + } elsif($field{http_rc} > 299 ) { + $a3xx_resp += 1; + } elsif($field{http_rc} > 199 ) { + $a2xx_resp += 1; + } else { + $a1xx_resp += 1; + } + + # + # Count the robots who actually ask for the robots.txt file + # + + if ($field{lc_url} =~ /^\/robots.txt$/) { + $robots{$field{agent}} +=1; + } + +} ## End of while loop + +############################################# +## output the results +## + +if ($detail >4) { + printf "%.2f MB transfered " , $byte_summary/(1024*1024); + print "in "; + print ($a1xx_resp + $a2xx_resp + $a3xx_resp + $a4xx_resp + $a5xx_resp); + print " responses "; + print " (1xx $a1xx_resp, 2xx $a2xx_resp, 3xx $a3xx_resp,"; + print " 4xx $a4xx_resp, 5xx $a5xx_resp) \n"; + if ($image_count > 0) { printf " $image_count Images (%.2f MB),\n" , $image_bytes/(1024*1024); } + if ($docs_count > 0) { printf " $docs_count Documents (%.2f MB),\n" , $docs_bytes/(1024*1024); } + if ($archive_count > 0) { printf " $archive_count Archives (%.2f MB),\n" , $archive_bytes/(1024*1024); } + if ($sound_count > 0) { printf " $sound_count Sound files (%.2f MB),\n" , $sound_bytes/(1024*1024); } + if ($movie_count > 0) { printf " $movie_count Movies files (%.2f MB),\n" , $movie_bytes/(1024*1024); } + if ($winexec_count > 0) { printf " $winexec_count Windows executable files (%.2f MB),\n" , $winexec_bytes/(1024*1024); } + if ($content_count > 0) { printf " $content_count Content pages (%.2f MB),\n" , $content_bytes/(1024*1024); } + if ($redirect_count > 0) { printf " $redirect_count Redirects (%.2f MB),\n" , $redirect_bytes/(1024*1024); } + if ($wpad_count > 0) { printf " $wpad_count Proxy Configuration Files (%.2f MB),\n" , $wpad_bytes/(1024*1024); } + if ($src_count > 0) { printf " $src_count Program source files (%.2f MB),\n" , $src_bytes/(1024*1024); } + if ($images_count > 0) { printf " $images_count CD Images (%.2f MB),\n" , $images_bytes/(1024*1024); } + if ($logs_count > 0) { printf " $logs_count various Logs (%.2f MB),\n" , $logs_bytes/(1024*1024); } + if ($fonts_count > 0) { printf " $fonts_count Fonts (%.2f MB),\n" , $fonts_bytes/(1024*1024); } + if ($proxy_count > 0) { printf " $proxy_count mod_proxy connection attempts (%.2f MB),\n" , $proxy_bytes/(1024*1024); } + if ($other_count > 0) { printf " $other_count Other (%.2f MB) \n" , $other_bytes/(1024*1024); } +} + +# +# List attempted exploits +# + +if ($detail >4) { + $flag = 1; + foreach my $i (keys %hacks) { + if ($flag) { + print "\nAttempts to use ".scalar(keys %hacks)." known hacks were logged $total_hack_count time(s)\n"; + $flag = 0; + } + print " $i "; + if ($detail > 9) { + print " by \n"; + foreach my $j ( keys %{$hacks{$i}} ) { + print " $j $hacks{$i}{$j} time(s) \n"; + } + } else { + print "\n"; + } + } +} + +if (keys %proxy_host) { + print "\nConnection attempts using mod_proxy:\n"; + foreach $host (sort {$a cmp $b} keys %proxy_host) { + print " $host : $proxy_host{$host} Time(s)\n"; + } +} +# +# List (wannabe) blackhat sites +# + +$flag = 1; +foreach my $i (keys %ban_ip) { + if ($flag) { + print "\nA total of ".scalar(keys %ban_ip)." sites probed the server \n"; + $flag = 0; + } + #if ($detail > 4) { + print " $i \n"; + #} +} + +# +# List possible successful probes +# + +$flag = 1; +foreach my $i (keys %hack_success) { + if ($flag) { + print "\n!!!! ".scalar(keys %hack_success)." possible successful probes \n"; + $flag = 0; + } + print " $i HTTP Response $hack_success{$i} \n"; +} + +# +# List 'others' that are not known attacks +# + +$flag = 1; +foreach my $i (keys %needs_exam) { + if ($flag) { + print "\nA total of ".scalar(keys %needs_exam)." unidentified \'other\' records logged\n"; + $flag = 0; + } +# $needs_exam{$i} is massive + my %codes; + for my $code ( sort split / /, $needs_exam{$i} ) { + $codes{ $code }++; + } + my @code_summaries ; + for my $code ( sort keys %codes ) { + push @code_summaries, "$codes{ $code } $code responses"; + } + print " $i with response code(s) " . join(', ', @code_summaries) . "\n"; +} + +# +# List robots that identified themselves +# + +if ($detail > 4) { + $flag = 1; + foreach my $i (keys %robots) { + if ($flag) { + print "\nA total of ".scalar(keys %robots)." ROBOTS were logged \n"; + $flag = 0; + } + if ($detail > 9) { + print " $i $robots{$i} time(s) \n"; + } + } +} + +exit (0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/identd b/log.d/configs/linux/scripts/services/identd new file mode 100755 index 0000000..62446c0 --- /dev/null +++ b/log.d/configs/linux/scripts/services/identd @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: identd,v 1.9 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Debug = $ENV{'LOGWATCH_DEBUG'} || 0; +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside Identd Filter \n\n"; + $DebugCounter = 1; +} + +# This whole NeedNextLine thing is because there are multiple lines that +# go together for these log entries... + +$ThisLine = ; +while (defined($ThisLine)) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n"; + print STDERR "DEBUG: " . $ThisLine; + } + $NeedNextLine = 1; + if ( ($IP,$Hostname,$Port) = ($ThisLine =~ m/^from: (\d+\.\d+\.\d+\.\d+) \( ([^ ]*) \) for: \d+, (\d+)$/) ) { + # this means that somebody accessed identd... + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Connection From- Line -- Reading another line\n"; + $DebugCounter++; + } + if (defined($NextLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n"; + print STDERR "DEBUG: " . $NextLine; + } + if ( ($User) = ($NextLine =~ m/^Successful lookup: \d+ , \d+ : ([^ ]+)\.[^ ]+/) ) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Successful Lookup- line (" . $User . ")\n"; + } + ${Identd{$IP}}[0] = $Hostname; + ${Identd{$IP}}[1]++; + push @{${Identd{$IP}}[2]}, $Port; + push @{${Identd{$IP}}[3]}, $User; + } + else { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: No matches... keeping current line.\n"; + } + $ThisLine = $NextLine; + $NeedNextLine = 0; + } + } + } + elsif ( ($IP,$Hostname) = ($ThisLine =~ m/^from: (\d+\.\d+\.\d+\.\d+) \(([^ ]*)\) EMPTY REQUEST$/) ) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Empty Request- Line\n"; + } + $Text = " " . $Hostname . " (" . $IP . ")"; + push @EmptyRequests,$Text; + } + elsif ( ($IP,$Hostname,$Name) = ($ThisLine =~ m/^from: (\d+\.\d+\.\d+\.\d+) \(([^ ]*)\) INVALID REQUEST: (.*)$/) ) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Invalid Request- Line\n"; + } + $Text = " " . $Hostname . " (" . $IP . ") - " . $Name; + push @InvalidRequests,$Text; + } + elsif ( $ThisLine =~ m/^Returned: \d+ , \d+ : NO-USER/ ) { + # Do nothing... + } + elsif ( ($Host) = ( $ThisLine =~ /^Connection from ([^ ]+)/ ) ) { + chomp($Host); + if (defined($NextLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n"; + print STDERR "DEBUG: " . $NextLine; + } + if ( ($Port,$User) = ($NextLine =~ m/^Successful lookup: \d+ , (\d+) : ([^ ]+)/) ) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Successful Lookup- line (" . $User . ")\n"; + } + chomp($Port); chomp($User); + ${Identd{$Host}}[0] = $Host; + ${Identd{$Host}}[1]++; + push @{${Identd{$Host}}[2]}, $Port; + push @{${Identd{$Host}}[3]}, $User; + } + else { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: No matches... keeping current line.\n"; + } + $ThisLine = $NextLine; + $NeedNextLine = 0; + } + } + } + elsif ($ThisLine =~ /^Successful lookup: [1234567890]+ , [1234567890]+ : [^ ]+/ ) { + # skip empty entry ... + } + else { + # Report any unmatched entries... + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found unmatched line\n"; + } + chomp($ThisLine); + $OtherList{$ThisLine}++; + } + if ($NeedNextLine == 1) { + $ThisLine = ; + } +} + +if ( (keys %Identd) and ($Detail >= 10) ) { + print "Identd Lookups:\n"; + foreach $ThisOne (keys %Identd) { + print " Host: " . ${Identd{$ThisOne}}[0] . " (" . $ThisOne . ") - " . ${Identd{$ThisOne}}[1] . " Connection(s).\n"; + + } +} + +if (($#EmptyRequests >= 0) and ($Detail >= 5)) { + print "\nEmpty requests:\n"; + foreach $ThisOne (@EmptyRequests) { + print " " . $ThisOne . "\n"; + } +} + +if (($#InvalidRequests >= 0) and ($Detail >= 5)) { + print "\nInvalid requests:\n"; + foreach $ThisOne (@InvalidRequests) { + print " " . $ThisOne . "\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/imapd b/log.d/configs/linux/scripts/services/imapd new file mode 100755 index 0000000..8ef7ba2 --- /dev/null +++ b/log.d/configs/linux/scripts/services/imapd @@ -0,0 +1,257 @@ +#!/usr/bin/perl +########################################################################## +# $Id: imapd,v 1.1 2004/06/21 14:59:05 kirk Exp $ +########################################################################## + +######################################################## +# Logwatch was written and is maintained by: +# Kirk Bauer +# +# The imap script was written by: +# Pawe³ Go³aszewski +# +######################################################## + +my $Debug = $ENV{'LOGWATCH_DEBUG'}; +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; + +#Make pseudo IPv6 to IPv4 +sub LookupIPv46 { + my $IPv4Addr; + my $Addr = $_[0]; + if ( ($IPv4Addr) = ($Addr =~ /::ffff:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/ ) ) { +# print "$IPv4Addr\n"; + return $IPv4Addr; + + } + else { +# print $Addr; + return $Addr; + + } +} + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG \n\n"; +} + +while (defined($ThisLine = )) { + if ( + ($ThisLine =~ /^Initializing */) or + ($ThisLine =~ /^spgetpwnam: can't find user: */) + ) { + # Don't care about these... + } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.* \[.*\])$/ ) ) { + $Login{$User}{$Host}++; + } elsif ( ($User,$Host) = ( $ThisLine =~ /^Authenticated user=(.*) host=(.* \[.*\])$/ ) ) { + $Login{$User}{$Host}++; + } elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated user=(.*) host=(.*)$/ ) ) { + $Login{$User}{$Host}++; + } elsif ( ($Host) = ( $ThisLine =~ /^imap service init from (.*)$/ ) ) { + $ConnectionNonSSL{$Host}++; + $Connection{$Host}++; + } elsif ( ($Host) = ( $ThisLine =~ /^imaps SSL service init from (.*)$/ ) ) { + $ConnectionSSL{$Host}++; + $Connection{$Host}++; +# } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { +# $DownloadedMessages{$User} += $Downloaded; +# $DownloadedMessagesSize{$User} += $DownloadSize; +# $MessagesLeft{$User} = $Left; +# $MboxSize{$User} = $LeftSize; +# } elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed for user (.*?) - (.*)/ ) ) { +# $LoginFailed{"$Host ($User)"}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^Logout user=(.*?) host=(.* \[.*\])$/) ) { + $Logout{$User}{$Host}++; + $Logout2{$User}++; + } elsif ( ($User,$Host) = ( $ThisLine =~ /^Autologout user=(.*) host=(.* \[.*\])$/ ) ) { + $AutoLogout{$User}{$Host}++; + $Logout{$User}{$Host}++; + $Logout2{$User}++; + } elsif ( ($Reason,$User,$Host) = ( $ThisLine =~ /^Killed (.*) user=(.*) host=(.* \[.*\])$/ ) ) { + $Logout{$User}{$Host}++; + $Logout2{$User}++; + $KilledSession{$User}{$Reason}++; + } elsif ( + (($User,$Host) = ( $ThisLine =~ /^Broken pipe, while reading line user=(.*) host=(.* \[.*\])$/ )) or + (($User,$Host) = ( $ThisLine =~ /^Command stream end of file, while reading line user=(.*) host=(.* \[.*\])$/ )) or + (($User,$Host) = ( $ThisLine =~ /^Connection reset by peer, while reading line user=(.*) host=(.* \[.*\])$/ )) + ) { + $SocketErrors{$Host}++; + } else { + # Report any unmatched entries... + # remove PID from named messages + + $ThisLine =~ s/^(client [.0-9]+)\S+/$1/; + chomp($ThisLine); + $OtherList{$ThisLine}++; + } + $LastLine = $ThisLine; +} + +################################################ + + +if ( ( $Detail >= 0 ) and (keys %LoginFailed)) { + print "\n\n[IMAPd] Login failures:". + "\n=========================". + "\n Host (user) | # ". + "\n------------------------------------------------------------- | -----------"; + + $ConnCount = 0; + foreach $Host (sort keys %LoginFailed) { + $Conns = $LoginFailed{$Host}; + $HostLength = length($Host); + $HostSpaceLength = 61 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + print "\n" ." " x $HostSpaceLength . $Host . " |" . " " x $CountSpaceLength . $Conns . ""; + $ConnCount += $Conns; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 75 - $CountLength; + print "\n" . "-" x 75; + print "\n" . " " x $CountSpaceLength . "$ConnCount\n\n\n"; +} + +if ( ( $Detail >= 5 ) and (keys %Connection)) { + print "\n[IMAPd] Connections:". + "\n=========================". + "\n Host | Connections | SSL | Total ". + "\n-------------------------------------- | ----------- | -------- | ---------"; + + $ConnCount = 0; + $SSLConn = 0; + $TotalConn = 0; + foreach $Host (sort keys %Connection) { + $Total = $Connection{$Host}; + if (defined ($ConnectionNonSSL{$Host})) { + $Conns = $ConnectionNonSSL{$Host}; + } else { + $Conns = 0; + } + if (defined ($ConnectionSSL{$Host})) { + $SSL = $ConnectionSSL{$Host}; + } else { + $SSL = 0; + } + $HostLength = length($Host); + $HostSpaceLength = 38 - $HostLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 12 - $CountLength; + $SSLLength = length("$SSL"); + $SSLSpaceLength = 9 - $SSLLength; + $TotalLenght = length("$Total"); + $TotalSpaceLength = 10 - $TotalLenght; + print "\n" ." " x $HostSpaceLength . $Host . " |" . " " x $CountSpaceLength . $Conns . + " |" . " " x $SSLSpaceLength . $SSL . " |" . " " x $TotalSpaceLength . $Total; + $NonSSLCount += $Conns; + $SSLCount += $SSL; + $TotalCount += $Total; + } + $NonSSLLength = length("$NonSSLCount"); + $NonSSLSpaceLength = 52 - $NonSSLLength; + $SSLLength = length("$SSLCount"); + $SSLSpaceLength = 9 - $SSLLength; + $TotalLength = length("$TotalCount"); + $totalSpaceLength = 10 - $TotalLength; + print "\n" . "-" x 75; + print "\n" . " " x $NonSSLSpaceLength . $NonSSLCount . " |" . " " x $SSLSpaceLength . $SSLCount . + " |" . " " x $totalSpaceLength . $TotalCount . "\n\n\n"; +} + + + +if (keys %Logout2) { + print "\n[IMAPd] Logout stats:". + "\n====================". + "\n User | Logouts | Downloaded | Mbox Size". + "\n--------------------------------------- | ------- | ---------- | ----------"; + + $ConnCount = 0; + $SizeAll = 0; + $DownAll = 0; + foreach $User (sort keys %Logout2) { + $Conns = $Logout2{$User}; + $UserLength = length($User); + $UserSpaceLength = 39 - $UserLength; + $CountLength = length("$Conns"); + $CountSpaceLength = 8 - $CountLength; + $Down = $DownloadedMessagesSize{$User}; + $DownSpaceLength = 11 - length($Down); + $Size = $MboxSize{$User}; + $SizeSpaceLength = 11 - length($Size); + print "\n" ." " x $UserSpaceLength . $User . " |" . " " x $CountSpaceLength . $Conns . " |" . + " " x $DownSpaceLength . $Down . " |" . " " x $SizeSpaceLength . $Size; + $ConnCount += $Conns; + $SizeAll += $Size; + $DownAll += $Down; + } + $CountLength = length("$ConnCount"); + $CountSpaceLength = 49 - $CountLength; + $DownLength = length($DownAll); + $DownSpaceLength = 11 - $DownLength; + $SizeLength = length($SizeAll); + $SizeSpaceLength = 12 - $SizeLength; + print "\n" . "-" x 76; + print "\n" . " " x $CountSpaceLength . "$ConnCount" . " |" . " " x $DownSpaceLength . $DownAll . " |" . + " " x $SizeSpaceLength . $SizeAll . "\n\n\n"; +} + + +if ( ( $Detail >= 10 ) and (keys %Login)) { + print "\n[POP3] Successful Logins:\n"; + $LoginCount = 0; + foreach my $User (keys %Login) { + print " User $User: \n"; + $UserCount = 0; + foreach $Host (keys %{$Login{$User}}) { + $HostCount = $Login{$User}{$Host}; + print " From $Host: $HostCount Time(s)\n"; + $UserCount += $HostCount; + } + $LoginCount += $UserCount; + print " Total $UserCount Time(s)\n"; + print "\n"; + } + print "Total $LoginCount successful logins\n\n"; +} + +if ( ( $Detail >= 10 ) and (keys %AutoLogout)) { + print "\nAutologout:\n"; + foreach $User (sort {$a cmp $b} keys %AutoLogout) { + print " $User:\n"; + foreach $Host (sort {$a cmp $b} keys %{$AutoLogout{$User}}) { + print " $Host: $AutoLogout{$User}{$Host} Time(s)\n"; + } + } +} + +if ( ( $Detail >= 10 ) and (keys %KilledSession)) { + print "\nKilled IMAP sessions:\n"; + foreach $User (sort {$a cmp $b} keys %KilledSession) { + print " $User:\n"; + foreach $Reason (sort {$a cmp $b} keys %{$KilledSession{$User}}) { + print " $Reason: $KilledSession{$User}{$Reason} Time(s)\n"; + } + } +} + +if ( ( $Detail >= 10 ) and (keys %SocketErrors)) { + print "\nSocket Errors in connections with:\n"; + foreach $Host (sort {$a cmp $b} keys %SocketErrors) { + print " $Host: $SocketErrors{$Host} Time(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/in.qpopper b/log.d/configs/linux/scripts/services/in.qpopper new file mode 100755 index 0000000..757273c --- /dev/null +++ b/log.d/configs/linux/scripts/services/in.qpopper @@ -0,0 +1,106 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: in.qpopper,v 1.10 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kenneth Porter +# +# Please send all comments, suggestions, bug reports, +# etc, to shiva@well.com. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( ($ThisLine =~ /xsender/) or + ( $ThisLine =~ /.drac.:/ ) or + ( $ThisLine =~ /Timing/ ) or + ( $ThisLine =~ /-ERR \[AUTH\]/ ) or + ( $ThisLine =~ /canonical name of client/ ) or + ( $ThisLine =~ /I\/O error flushing output to client/ ) or + ( $ThisLine =~ /-ERR SIGHUP or SIGPIPE flagged/ ) or + ( $ThisLine =~ /-ERR POP hangup/ ) or + ( $ThisLine =~ /-ERR POP EOF or I\/O Error/ ) or + ( $ThisLine =~ /-ERR \[IN-USE\] / ) or + ( $ThisLine =~ /Incorrect octet count/ ) ) { + # We don't care about these + } + ## Stats: 0 0 0 0 + elsif (($UserID, $NumDeleted, $BytesDeleted, $NumLeft, $BytesLeft) = ( $ThisLine =~ /Stats: ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)/ )) { + $Stats{$UserID}{"Times"}++; + $Stats{$UserID}{"NumDel"} += $NumDeleted; + $Stats{$UserID}{"BytesDel"} += $BytesDeleted; + $Stats{$UserID}{"NumLeft"} = $NumLeft; + $Stats{$UserID}{"BytesLeft"} = $BytesLeft; + } + elsif (($UserID) = ($ThisLine =~ /^\[AUTH\] Failed attempted login to ([^ ]+) from host/ )) { + $FailedLogin{$UserID}++; + } + elsif ( $ThisLine =~ s/^connect from ([^ ]+)$/$1/ ) { + $Connections{$ThisLine}++; + } + elsif ( $ThisLine =~ s/^\(v[0-9.]+\) POP login by user "?[^ ]+"? at \([^ ]+\) ([^ ]+)$/$1/ ) { + $Connections{$ThisLine}++; + } + elsif ( $ThisLine =~ s/^apop \"(.*)\".*/$1/ ) { + $ApopConnections{$ThisLine}++; + } + else { + # Report any unmatched entries... + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +if ( (keys %Connections) and ($Detail >= 10) ) { + print "\nPlaintext Connections:\n"; + foreach $ThisOne (keys %Connections) { + print " " . $Connections{$ThisOne} . " from " . $ThisOne; + } +} + +if ( (keys %ApopConnections) and ($Detail >= 10) ) { + print "\nAPOP Connections:\n"; + foreach $ThisOne (keys %ApopConnections) { + print " " . $ApopConnections{$ThisOne} . " from " . $ThisOne; + } +} + +if ((keys %Stats) and ($Detail >= 10)) { + print "\nUser Statistics:\n"; + print " | Deleted | Kept |\n"; + print "User Name Times | Num KBytes | Num KBytes |\n"; + foreach $UserID (sort {$Stats{$b}{"BytesDel"}<=>$Stats{$a}{"BytesDel"}} keys %Stats) + { + printf("%-15s %5d | %5d %6d | %5d %6d |\n", $UserID, $Stats{$UserID}{"Times"}, $Stats{$UserID}{"NumDel"}, $Stats{$UserID}{"BytesDel"}/1024, $Stats{$UserID}{"NumLeft"}, $Stats{$UserID}{"BytesLeft"}/1024); + $Times += $Stats{$UserID}{"Times"}; + $NumDel += $Stats{$UserID}{"NumDel"}; + $BytesDel += $Stats{$UserID}{"BytesDel"}; + $NumLeft += $Stats{$UserID}{"NumLeft"}; + $BytesLeft += $Stats{$UserID}{"BytesLeft"}; + } + print "------------------------+----------------+----------------+\n"; + printf("TOTALS %5d | %5d %6d | %5d %6d |\n", $Times, $NumDel, $BytesDel/1024, $NumLeft, $BytesLeft/1024); +} + +if (keys %FailedLogin) { + print "\nFailed Logins:\n"; + foreach $UserID (sort {$FailedLogin{$b}<=>$FailedLogin{$a} } keys %FailedLogin) { + print " $UserID: $FailedLogin{$UserID} time(s).\n"; + }; # foreach +}; # if + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) + { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/init b/log.d/configs/linux/scripts/services/init new file mode 100755 index 0000000..237c190 --- /dev/null +++ b/log.d/configs/linux/scripts/services/init @@ -0,0 +1,55 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: init,v 1.10 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( $ThisLine =~ s/Switching to runlevel: (.)\s*$/$1/ ) { + # Which runlevel did we change to? + chomp ($ThisLine); + $RunLevel{$ThisLine}++; + } + elsif ( $ThisLine =~ s/^Entering runlevel: (.)\s*$/$1/ ) { + # Which runlevel did we enter? + chomp ($ThisLine); + $RunLevel{$ThisLine}++; + } + elsif ( $ThisLine =~ s/^Trying to re-exec init// ) { + # Look for telinit executions + chomp ($ThisLine); + $ReExecInit++; + } + else { + # report any unmatched entries + push @OtherList,$ThisLine; + } +} + +if ((keys %RunLevel) and ($Detail >= 10)) { + foreach $Level (sort keys %RunLevel) { + print " Entered or switched to runlevel " . $Level . ": " . $RunLevel{$Level} . " Time(s)\n"; + } +} +if ($ReExecInit) { + print "\n\nRe-execs of init: $ReExecInit times\n"; +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/ipop3d b/log.d/configs/linux/scripts/services/ipop3d new file mode 100755 index 0000000..55ee76e --- /dev/null +++ b/log.d/configs/linux/scripts/services/ipop3d @@ -0,0 +1,109 @@ +#!/usr/bin/perl +########################################################################## +# $Id: ipop3d,v 1.8 2004/02/03 03:52:20 kirk Exp $ +########################################################################## +# Revision 0.3 2002/06/16 Kirk Bauer +# - Only outputs separator lines if there are logs on which to report +# Revision 0.2 2002/05/29 Pawel Jarosz +# - More flexible output +# Revision 0.1 2002/05/27 Pawel Jarosz +# - Removed unneded things +# - New lookout, more sorted data +########################################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my %Conn_loginok; +my %Conn_loginfail; +my %Connections; +my %OtherList; + +while (defined($ThisLine = )) { + chomp($ThisLine); + #Solaris ID filter -mgt + $ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //; +# next unless ( $ThisLine=~s/^... .. ..:..:.. [^ ]+ ipop3d\[\d+\]: //); #For testing only + next unless (defined($ThisLine)); + + if ( $ThisLine =~/^Command stream end of file/ ) { + next; + } + + if ( $ThisLine =~/^(Autol|L)ogout/ ) { + next; + } + + if ( $ThisLine =~/^Trying to get mailbox lock/ ) { + next; + } + + if ( $ThisLine =~/^Connection reset by peer/ ) { + next; + } + + if ( $ThisLine =~/^Error opening or locking/ ) { + next; + } + + if ( $ThisLine =~/^Login failure user=(\S+) host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) { + $Conn_loginfail{$1}{$2}++; + next; + } + + if ( $ThisLine =~/service init from (\d+.\d+.\d+.\d+)$/ ) { + $Connections{$1}++; + next; + } + + if ( $ThisLine =~/^(Login|Auth|APOP) user=(\S+) host=[^\[]*\[(\d+.\d+.\d+.\d+)\]/ ) { + $Conn_loginok{$2}{$3}++; + next; + } + + if ( $ThisLine =~/^AUTHENTICATE (\S+) failure host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) { + $Conn_loginfail{$1}{$2}++; + next; + } + + # Report any unmatched entries... + $OtherList{$ThisLine}++; +} + +if ( (keys %Connections) and ($Detail >= 15) ) { + print "\nInitialized Connections:\n"; + foreach $ThisOne (sort {$Connections{$b}<=>$Connections{$a}} keys %Connections) { + printf " %4i from %s\n" , $Connections{$ThisOne} , $ThisOne; + } +} + +if ( (keys %Conn_loginfail) and ($Detail >= 5) ) { + print "\nFailed to log in:\n"; + foreach my $user (keys %Conn_loginfail) { + print "User: $user from:\n"; + foreach my $host ( sort keys %{ $Conn_loginfail{$user} } ) { + printf " %-35s %4i\n",$host,$Conn_loginfail{$user}{$host}; + } + } +} + +if ( (keys %Conn_loginok) and ($Detail >=15) ) { + print "\nSuccess in log in:\n"; + foreach my $user (keys %Conn_loginok) { + print "User: $user from:\n"; + foreach my $host ( sort keys %{ $Conn_loginok{$user} } ) { + printf " %-35s %4i\n",$host,$Conn_loginok{$user}{$host}; + } + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/kernel b/log.d/configs/linux/scripts/services/kernel new file mode 100755 index 0000000..8515c83 --- /dev/null +++ b/log.d/configs/linux/scripts/services/kernel @@ -0,0 +1,266 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: kernel,v 1.24 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# Kernel script for LogWatch +# The latest version of this script can be found at: +# http://snurk.org/projects/files/kernel +# +# Based on the kernel script of LogWatch 3.3 written by +# Kirk Bauer +# with contributions by +# Fabrizio Zeno Cornelli +# Luuk de Boer +# +# This script written by +# James Wysynski +# +# Visit the LogWatch website at +# www.logwatch.org +######################################################## + +use Logwatch ':ip'; + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$DoLookup = $ENV{'kernel_ip_lookup'}; $DoLookup = $DoLookup; # keep -w happy +$MaxFlood = 10; +$MaxNum =0; + +sub lookupService { + my ($port, $proto, $service); + ($port, $proto) = ($_[0], $_[1]); + if ($service = getservbyport ($port, $proto)) { + return($service); + } else { + return($port); + } +} + +sub lookupProtocol { + my ($proto, $name); + $proto = $_[0]; + if ($name = getprotobynumber ($proto)) { + return($name); + } else { + return($proto); + } +} + +sub lookupAction { + my ($chain, $actionType); + $chain = $_[0]; + + # choose an action type + if ( $chain =~ /.*reject.*/i ) { + $actionType = "Rejected"; + } elsif ( $chain =~ /.*drop.*/i ) { + $actionType = "Dropped"; + } elsif ( $chain =~ /.*deny.*/i ) { + $actionType = "Denied"; + } elsif ( $chain =~ /.*accept.*/i ) { + $actionType = "Accepted"; + } else { + $actionType = "Logged"; + } + + return $actionType; +} + +# SORT COMPARISONS +sub compStr { + return $a cmp $b; +} + +sub compNum { + return $a <=> $b; +} + +while (defined($ThisLine = )) { + chomp($ThisLine); + next if ($ThisLine eq ''); + + # IPCHAINS + if ( ($from,$on) = ( $ThisLine =~ /^Warning: possible SYN flood from ([^ ]+) on ([^ ]+):.+ Sending cookies/ ) ) { + $Fullfrom = LookupIP($from); + $Fullon = LookupIP($on); + $SYNflood{$Fullon}{$Fullfrom}++; + } elsif ($ThisLine =~ /continuing in degraded mode/) { + print " !! RAID ERROR !!\n$ThisLine\n"; + } elsif( ($TU,$from,$port,$on) = ( $ThisLine =~ /IP fw-in deny \w+ (\w+) ([^:]+):\d+ ([^:]+):(\d+) / ) ){ + if($MaxNum < ++$TCPscan{$TU}{$from}) { + $MaxNum = $TCPscan{$TU}{$from} + } + $port=0; + } elsif ( ($chain,$action,$if,$proto,$fromip,$toip,$toport) = ( $ThisLine =~ /^Packet log: ([^ ]+) (\w+) (\w+) PROTO=(\d+) ([\d|\.]+):\d+ ([\d|\.]+):(\d+)/ ) ) { + $actionType = lookupAction($action); + $ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$chain,$if"}++; + } + # IPTABLES + elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest,$ref) = ($ThisLine =~ /^(.*?)\s*IN=(\w*).*?OUT=(\w*).*?SRC=([\d|\.]+).*?DST=([\d|\.]+).*?PROTO=(\w+)([^\[]*)(.*)/ )) { + + # we ignore the reference to a previous packet + $ref = ""; + + # get a destination port number if there is one + if (! ( ($toport) = ( $rest =~ /^.*?DPT=(\w+)/ ) ) ) { + $toport = 0; + } + + # get the action type + $actionType = lookupAction($chain); + + # determine the dominant interface + if ($ifin =~ /\w+/ && $ifout =~ /\w+/) { + $interface = $ifin; + } elsif ($ifin =~ /\w+/) { + $interface = $ifin; + $ifout = "none"; + } else { + $interface = $ifout; + $ifin = "none"; + } + + # add the packet + $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{"$chain,$ifin,$ifout"}++; + } + # Kernel Errors + elsif ( ( $errormsg ) = ( $ThisLine =~ /(.*?[Ee]rror.{0,17})/ ) ) { + # filter out smb open/read errors cased by insufficient permissions + $SkipError = 0; + $SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/; + $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/; + $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/; + $Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8)); + } + # OTHER + else { + # XXX For now, going to ignore all other kernel messages as there + # XXX are practically an infinite number and most of them are obviously + # XXX not parsed here at this time. + # filter out smb open/read errors cased by insufficient permissions + $SkipError = 0; + $SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/; + $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/; + $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/; + $Kernel{$ThisLine}++ if ( (! $SkipError) || ($Detail > 8)) ; + } +} + +# Kernel Errors +if (keys %Errors) { + print "\nWARNING: Kernel Errors Present\n"; + foreach $Thisone ( sort {$a cmp $b} keys %Errors ) { + print " " . $Thisone . "...: " . $Errors{$Thisone} . " Time(s)\n"; + } +} + +# IPCHAINS +if (keys %SYNflood) { + print "\nWarning: SYN flood on:\n"; + foreach $ThisOne (sort compStr keys %SYNflood) { + print " " . $ThisOne . " from:\n"; + foreach $Next (sort compStr keys %{$SYNflood{$ThisOne}}) { + print " " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n"; + } + } +} + +if (keys %TCPscan and $MaxNum>$MaxFlood) { + print "\nWarning: ipfwadm scan detected on:\n"; + foreach $ThisOne (sort compStr keys %TCPscan) { + print " " . $ThisOne . " from:\n"; + foreach $Next (sort compStr keys %{$TCPscan{$ThisOne}}) { + $TCPscan{$ThisOne}{$Next}>$MaxFlood && + print " " . LookupIP($Next). ": $TCPscan{$ThisOne}{$Next} Time(s)\n"; + } + } +} + +# IPCHAINS / IPTABLES +if (keys %ipt) { + foreach $actionType (sort compStr keys %ipt) { + foreach $interface (sort compStr keys %{$ipt{$actionType}}) { + $outputMain = ''; + $interfaceCount = 0; + foreach $fromip (sort SortIP keys %{$ipt{$actionType}{$interface}}) { + $outputSection = ''; + $fromHostCount = 0; + $fromHost = LookupIP($fromip); + if ( $fromHost eq $fromip ) { + $from = $fromHost; + } else { + $from = "$fromHost \($fromip\)"; + } + undef %port_list; + foreach $toip (sort SortIP keys %{$ipt{$actionType}{$interface}{$fromip}}) { + $toHostCount = 0; + $toHost = LookupIP($toip); + if ( $toHost eq $toip ) { + $to = $toHost; + } else { + $to = "$toHost \($toip\)"; + } + $outputServices = ''; + foreach $toport (sort compNum keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}}) { + foreach $proto (sort compStr keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}}) { + # determine the protocol + if ( $proto =~ /\d+/ ) { + $protocol = lookupProtocol($proto); + } else { + $protocol = lc($proto); + } + + # determine the name of the service + $service = lookupService($toport,$protocol); + + foreach $details (sort keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}}) { + $packetCount = $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{$details}; + $toHostCount += $packetCount; + if ( $Detail > 0 ) { + $outputServices .= " Service: $service ($protocol/$toport) ($details) - $packetCount " . ( ( $packetCount > 1 ) ? "packets\n" : "packet\n" ); + } else { + push @{ $port_list{ $protocol } }, $toport; + } + } + } + } + $fromHostCount += $toHostCount; + if ( $Detail > 0 ) { $outputSection .= " To $to - $toHostCount " . ( ( $toHostCount > 1 ) ? "packets\n" : "packet\n" ); } + $outputSection .= $outputServices; + } + $interfaceCount += $fromHostCount; + if ($Detail > 0 ) { + $outputMain .= " From $from - $fromHostCount " . ( ( $fromHostCount > 1 ) ? "packets\n" : "packet\n" ); + } else { + $outputMain .= " From $from - $fromHostCount " . ( ($fromHostCount > 1) ? "packets" : "packet" ) . " to " ; + foreach $protocol ( keys %port_list ) { + if ( $#{ $port_list{ $protocol } } > 10 ) { + $outputMain .= $#{ $port_list{ $protocol } } ." $protocol ports"; + } else { + $outputMain .= "$protocol(" . join(",", @{ $port_list{ $protocol } } ) . ")" ; + } + } + $outputMain .="\n"; + } + $outputMain .= $outputSection; + } + print "\n$actionType $interfaceCount " . ( ( $interfaceCount > 1 ) ? "packets" : "packet" ) . " on interface $interface\n"; + print $outputMain; + } + } +} + +# OTHER +if ( ($Detail >= 5) and (keys %Kernel) ) { + print "\n"; + foreach $ThisOne (sort {$a cmp $b} keys %Kernel) { + print $Kernel{$ThisOne} . " Time(s): " . $ThisOne . "\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/mailscanner b/log.d/configs/linux/scripts/services/mailscanner new file mode 100755 index 0000000..b9892a4 --- /dev/null +++ b/log.d/configs/linux/scripts/services/mailscanner @@ -0,0 +1,193 @@ +#!/usr/bin/perl +########################################################################## +# $Id: mailscanner,v 1.4 2004/06/21 14:59:05 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Mike Tremaine +# +# Sophos Support and other improvments by Mark W. Nienberg +# +######################################################## + +while (defined($ThisLine = )) { + ($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / ); + $ThisLine =~ s/^[a-zA-Z0-9]+: //; + if ( ( $ThisLine =~ m/^Saved infected/ ) or + ( $ThisLine =~ m/^Expanding TNEF archive/ ) or + ( $ThisLine =~ m/^Warned about/ ) or + ( $ThisLine =~ m/^Sender Warnings:/ ) or + ( $ThisLine =~ m/X-Spam/ ) or + ( $ThisLine =~ m/Using locktype = flock/ ) or + ( $ThisLine =~ m/New Batch: Found/ ) or + ( $ThisLine =~ m/Attempting to disinfect/ ) or + ( $ThisLine =~ m/Rescan found/ ) or + ( $ThisLine =~ m/Virus Re-scanning:/ ) or + ( $ThisLine =~ m/Content Checks: Fixed awkward MIME boundary for Cyrus IMAP/ ) or + ( $ThisLine =~ m/Delete bayes lockfile/ ) or + ( $ThisLine =~ m/MailScanner E-Mail Virus Scanner version/ ) or + ( $ThisLine =~ m/MailScanner child dying of old age/ ) or + ( $ThisLine =~ m/MailScanner child caught a SIGHUP/ ) or + ( $ThisLine =~ m/Virus and Content Scanning/ ) or + ( $ThisLine =~ m/Virus Scanning: [\w]+ found/ ) or + ( $ThisLine =~ m/Message .+ is spam, Spam/ ) or + ( $ThisLine =~ m/Saved entire message to/ ) or + ( $ThisLine =~ m/Spam Checks: Starting/ ) or + ( $ThisLine =~ m/Spam Actions: message .+ actions are .*deliver/ ) or + ( $ThisLine =~ m/SophosSAVI .+ recognizing [0-9]+ viruses/ ) or + ( $ThisLine =~ m/SophosSAVI using [0-9]+ IDE files/ ) or + ( $ThisLine =~ m/Sophos SAVI library has been updated/ ) or + ( $ThisLine =~ m/Sophos update of .* detected, resetting SAVI/ ) or + ( $ThisLine =~ m/Content Checks: Detected and will convert HTML/ ) ) { + # We don't care about these + } elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) { + $MailScan_Received = $MailScan_Received + $1; + $MailScan_bytes = $MailScan_bytes + $2; + } elsif ( $ThisLine =~ m/New Batch: Forwarding ([0-9]+) unscanned messages, ([0-9]+) bytes/i) { + $MailScan_Received = $MailScan_Received + $1; + $MailScan_Unscanned = $MailScan_Unscanned + $1; + $MailScan_bytes = $MailScan_bytes + $2; + } elsif ( $ThisLine =~ m/Delivered ([0-9]+)( cleaned)? messages/) { + $MailScan_Delivered = $MailScan_Delivered + $1; + } elsif ( $ThisLine =~ m/Spam Checks: Found ([0-9]+) spam messages/) { + $MailScan_Spam = $MailScan_Spam + $1; + } elsif ( $ThisLine =~ m/Virus Scanning: Found ([0-9]+) viruses/) { + $MailScan_Virus = $MailScan_Virus + $1; + } elsif ( $ThisLine =~ m/infected message .+ came from (.*)/i) { + $MailScan_VirualHost = $MailScan_VirualHost + 1; + $Hostlist{$1}++; + } elsif ( $ThisLine =~ m/Content Checks: Found ([0-9]+) problems/) { + $MailScan_Content = $MailScan_Content + $1; + } elsif ( $ThisLine =~ m/Other Checks: Found ([0-9]+) problems/) { + $MailScan_Other = $MailScan_Other + $1; + } elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) { + $VirusType_ClamAv{$1}++; + $MailScan_Virus_ClamAv++; + } elsif ($ThisLine =~ m/>>> Virus \'(.+)\' found/) { + $VirusType_Sophos{$1}++; + $MailScan_Virus_Sophos++; + } elsif ($ThisLine =~ m/INFECTED:: (.+)::/) { + $VirusType_SophosSavi{$1}++; + $MailScan_Virus_SophosSavi++; + } elsif ($ThisLine =~ m/Content Checks: Detected (.+) in [\w]+/i) { + $ContentType{$1}++; + } elsif ($ThisLine =~ m/Filename Checks: (.+)/i) { + #filter sendmail tag + my $temp_fc = $1; + $temp_fc =~ s/\([a-z0-9]{14}\s/\(/i; + $FilenameType{$temp_fc}++; + } elsif ($ThisLine =~ m/(Password\-protected archive \(.+\)) in \w+/i) { + $MailScan_Other = $MailScan_Other + 1; + $FilenameType{$1}++; + } elsif ($ThisLine =~ /Spam Actions: .+ actions are .*delete/) { + $MailScan_Spam_Deleted++; + } elsif ($ThisLine =~ /SpamAssassin timed out and was killed/) { + $SA_timeout++; + } elsif ( $ThisLine =~ m/Message .+ from (.+ \(.+\)) to .+ is spam \(blacklisted\)/ ) { + $MailScan_Blacklisted++; + $Blacklisted_Host{$1}++; + } else { + chomp($ThisLine); + # Report any unmatched entries... + $OtherList{$ThisLine}++; + } +} + +if ($MailScan_Received > 0) { + print "\nMailScanner Status:"; + print "\n\t" . $MailScan_Received . ' messages Scanned by MailScanner'; + print "\n\t" . $MailScan_bytes . ' Total Bytes'; +} + +if ($MailScan_Spam > 0) { + print "\n\t" . $MailScan_Spam . ' Spam messages detected by MailScanner'; +} + +if ($MailScan_Unscanned > 0) { + print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner'; +} + +if ($MailScan_Spam_Deleted > 0) { + print "\n\t" . $MailScan_Spam_Deleted . ' Spam messages deleted by Mailscanner'; +} + +if ($MailScan_Virus > 0) { + print "\n\t" . $MailScan_Virus . ' Viruses found by MailScanner'; +} + +if ($MailScan_Other > 0) { + print "\n\t" . $MailScan_Other . ' Banned attachments found by MailScanner'; +} + +if ($MailScan_Content > 0) { + print "\n\t" . $MailScan_Content . ' Content Problems found by MailScanner'; +} + +if ($MailScan_Delivered > 0) { + print "\n\t" . $MailScan_Delivered . " Messages delivered by MailScanner\n"; +} + +if ($SA_timeout > 0) { + print "\n\t" . $SA_timeout . " SpamAssassin timeout(s)\n"; +} + +if (keys %VirusType_ClamAv) { + print "\nVirus Report: (Total Seen = $MailScan_Virus_ClamAv)\n"; + foreach $ThisOne (sort keys %VirusType_ClamAv) { + print ' ' . $ThisOne . ': ' . $VirusType_ClamAv{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %VirusType_Sophos) { + print "\nSophos Virus Report: (Total Seen = $MailScan_Virus_Sophos)\n"; + foreach $ThisOne (sort keys %VirusType_Sophos) { + print ' ' . $ThisOne . ': ' . $VirusType_Sophos{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %VirusType_SophosSavi) { + print "\nSophosSavi Virus Report: (Total Seen = $MailScan_Virus_SophosSavi)\n"; + foreach $ThisOne (sort keys %VirusType_SophosSavi) { + print ' ' . $ThisOne . ': ' . $VirusType_SophosSavi{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %Hostlist) { + print "\nVirus Sender Report: (Total Seen = $MailScan_VirualHost)\n"; + foreach $ThisOne (sort keys %Hostlist) { + print ' ' . $ThisOne . ': ' . $Hostlist{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %Blacklisted_Host) { + print "\nSpam Blacklisted Host Report: (Total Seen = $MailScan_Blacklisted)\n"; + foreach $ThisOne (sort keys %Blacklisted_Host) { + print ' ' . $ThisOne . ': ' . $Blacklisted_Host{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %ContentType) { + print "\nContent Report: (Total Seen = $MailScan_Content)\n"; + foreach $ThisOne (sort keys %ContentType) { + print ' ' . $ThisOne . ': ' . $ContentType{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %FilenameType) { + print "\nFilename Report: (Total Seen = $MailScan_Other)\n"; + foreach $ThisOne (sort keys %FilenameType) { + print ' ' . $ThisOne . ': ' . $FilenameType{$ThisOne} . " Times(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/modprobe b/log.d/configs/linux/scripts/services/modprobe new file mode 100755 index 0000000..250ab6e --- /dev/null +++ b/log.d/configs/linux/scripts/services/modprobe @@ -0,0 +1,83 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: modprobe,v 1.11 2004/02/03 03:36:39 kirk Exp $ +########################################################################## +# $Log: modprobe,v $ +# Revision 1.11 2004/02/03 03:36:39 kirk +# Patches from Anssi Kolehmainen +# +# Revision 1.10 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( $ThisLine =~ s/^modprobe: Can\'t locate module ([\w-]+)\s*$/$1/ ) { + $Modules{$ThisLine}++; + } elsif ( $ThisLine =~ s/^FATAL: Module (.*) not found./$1/) { + $Modules{$ThisLine}++; + } elsif ( (undef,$Module,$Reason) = ( $ThisLine =~ /(WARNING|FATAL): Error inserting ([^ ]* \([^ ]*\)): (.*)$/ ) ) { + $ErrorInsert{$Module}{$Reason}++; + } elsif ( (undef,$Module) = ( $ThisLine =~ /(WARNING|FATAL): Error running install command for (.*)$/ ) ) { + $ErrorInstall{$Module}++; + } elsif ( (undef,$Module) = ( $ThisLine =~ /(WARNING|FATAL): Module ([^ ]*) already in kernel./ ) ) { + $AlreadyLoaded{$Module}++; + } else { + $OtherList{$ThisLine}++; + } +} + +if (keys %Modules) { + print "\nCan't locate these modules:\n"; + foreach my $ThisOne (sort keys %Modules) { + print " " . $ThisOne . ": " . $Modules{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %ErrorInsert) { + print "\nErrors inserting modules:\n"; + foreach $Module (sort {$a cmp $b} keys %ErrorInsert) { + print " $Module :\n"; + foreach $Reason (sort {$a cmp $b} keys %{$ErrorInsert{$Module}}) { + print " $Reason : $ErrorInsert{$Module}{$Reason} Time(s)\n"; + } + } +} + +if (keys %ErrorInstall) { + print "\nErrors running install command:\n"; + foreach $Module (sort {$a cmp $b} keys %ErrorInstall) { + print " $Module : $ErrorInstall{$Module} Time(s)\n"; + } +} + +if (keys %AlreadyLoaded) { + print "\nModules already in kernel:\n"; + foreach $Module (sort {$a cmp $b} keys %AlreadyLoaded) { + print " $Module : $AlreadyLoaded{$Module} Time(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/mountd b/log.d/configs/linux/scripts/services/mountd new file mode 100755 index 0000000..0c36fc4 --- /dev/null +++ b/log.d/configs/linux/scripts/services/mountd @@ -0,0 +1,101 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: mountd,v 1.13 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use Logwatch ':ip'; + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( ($ThisLine =~ /^Unauthorized access by NFS client .*$/ ) or + ($ThisLine =~ /^NFS client [^ ]+ tried to access .*$/ ) ) { + # don't care about this, as the next line reports the IP again + } + elsif ( ($IP,$Mount) = ($ThisLine =~ /^Blocked attempt of (\d+\.\d+\.\d+\.\d+) to mount (.*)$/) ) { + $Name = LookupIP ($IP); + $Mount = " " . $Mount; + $Rejected{$Name}{$Mount}++; + } + elsif ( ($Name,$Mount) = ($ThisLine =~ /^refused mount request from (.+) for ([^ ]+)/) ) { + $Mount = " " . $Mount; + $Rejected{$Name}{$Mount}++; + } + elsif ( ($Mount) = ($ThisLine =~ /can.t stat exported dir (.*): No such file or directory/) ) { + $Mount = " " . $Mount; + $NotFound{$Mount}++; + } + elsif ( ($Mount,$IP) = ($ThisLine =~ /^NFS mount of (.*) attempted from (\d+\.\d+\.\d+\.\d+) $/) ) { + $Name = LookupIP ($IP); + $Mount = " " . $Mount; + $Attempted{$Name}{$Mount}++; + } + elsif ( ($Name) = ($ThisLine =~ /^authenticated (?:un)?mount request from ([\w:]+)/) ) { + $Mount = " unknown"; + $Mounted{$Name}{$Mount}++; + } + elsif ( ($Mount,$IP) = ($ThisLine =~ /^(.*) has been mounted by (\d+\.\d+\.\d+\.\d+) $/) ) { + $Name = LookupIP ($IP); + $Mount = " " . $Mount; + $Mounted{$Name}{$Mount}++; + } + else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if (keys %Rejected) { + print "\nRefused NFS mount attempts:\n"; + foreach $ThisOne (keys %Rejected) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Rejected{$ThisOne}}) { + print $ThatOne . ': ' . $Rejected{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (keys %NotFound) { + print "\nAttemts to mount nonexisting files or directories:\n"; + foreach $ThisOne (keys %NotFound) { + print " " . $ThisOne .":" . $NotFound{$ThisOne} . " Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %Mounted)) { + print "\nSuccessful NFS mounts:\n"; + foreach $ThisOne (keys %Mounted) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Mounted{$ThisOne}}) { + print $ThatOne . ': ' . $Mounted{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if (($Detail >= 10) and (keys %Attempted)) { + print "\nAttempted NFS mounts:\n"; + foreach $ThisOne (keys %Attempted) { + print " " . $ThisOne . ":\n"; + foreach $ThatOne (keys %{$Attempted{$ThisOne}}) { + print $ThatOne . ': ' . $Attempted{$ThisOne}{$ThatOne} . " Time(s)\n"; + } + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/named b/log.d/configs/linux/scripts/services/named new file mode 100755 index 0000000..915dd2b --- /dev/null +++ b/log.d/configs/linux/scripts/services/named @@ -0,0 +1,317 @@ +#!/usr/bin/perl +########################################################################## +# $Id: named,v 1.34 2004/02/03 18:39:34 kirk Exp $ +########################################################################## +# $Log: named,v $ +# Revision 1.34 2004/02/03 18:39:34 kirk +# Patches from [ISO-8859-2] Pawe? Go?aszewski" +# +# Revision 1.33 2004/02/03 04:18:55 kirk +# Patch from David Golden +# +# Revision 1.32 2004/02/03 03:36:39 kirk +# Patches from Anssi Kolehmainen +# +# Revision 1.31 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use Logwatch ':ip'; + +$Debug = $ENV{'LOGWATCH_DEBUG'}; +$DoLookup = $ENV{'named_ip_lookup'}; +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside Named Filter \n\n"; +} + +while (defined($ThisLine = )) { + if ( + ($ThisLine =~ /RR negative cache entry/) or + ($ThisLine =~ /^ns_....: .* NS points to CNAME/) or + ($ThisLine =~ /^accept: connection reset by peer/) or + ($ThisLine =~ /Connection reset by peer/) or + ($ThisLine =~ /transfered serial/) or + ($ThisLine =~ /^There may be a name server already running/) or + ($ThisLine =~ /^exiting/) or + ($ThisLine =~ /^NSTATS /) or + ($ThisLine =~ /Cleaned cache of \d+ RRs/) or + ($ThisLine =~ /USAGE \d+ \d+ CPU=\d+.*/) or + ($ThisLine =~ /^XSTATS /) or + ($ThisLine =~ /^Ready to answer queries/) or + ($ThisLine =~ /^Forwarding source address is/) or + ($ThisLine =~ /^bad referral/) or + ($ThisLine =~ /prerequisite not satisfied/) or + ($ThisLine =~ /^(rcvd|Sent) NOTIFY/) or + ($ThisLine =~ /^ns_resp: TCP truncated/) or + ($ThisLine =~ /No possible A RRs/) or + ($ThisLine =~ /points to a CNAME/) or + ($ThisLine =~ /^dangling CNAME pointer/) or + ($ThisLine =~ /^listening on/) or + ($ThisLine =~ /^unrelated additional info/) or + ($ThisLine =~ /^Response from unexpected source/) or + ($ThisLine =~ /^No root nameservers for class IN/) or + ($ThisLine =~ /^recvfrom: No route to host/) or + ($ThisLine =~ /Connection refused/) or + ($ThisLine =~ /lame server resolving/) or + ($ThisLine =~ /transfer of/) or + ($ThisLine =~ /^using \d+ CPU/) or + ($ThisLine =~ /^loading configuration/) or + ($ThisLine =~ /^command channel listening/) or + ($ThisLine =~ /^no IPv6 interfaces found/) or + ($ThisLine =~ /^running/) or + ($ThisLine =~ /^exiting/) or + ($ThisLine =~ /^no longer listening/) or + ($ThisLine =~ /^the default for the .* option is now/) or + ($ThisLine =~ /^stopping command channel on [0-9.#]/) or + ($ThisLine =~ /^Malformed response from/) or + ($ThisLine =~ /client .+#\d+: query:/) or + # Do we really want to ignore these? + #($ThisLine =~ /unknown logging category/) or + ($ThisLine =~ /^could not open entropy source/) or + ($ThisLine =~ /\/etc\/rndc.key: file not found/) or + ($ThisLine =~ /sending notifies/) or + # file syntax error get reported twice and are already caught below + ($ThisLine =~ /loading master file/) + ) { + # Don't care about these... + } elsif ( + ($ThisLine =~ /^starting\..*named/) or + ($ThisLine =~ /^starting BIND/) or + ($ThisLine =~ /^named startup succeeded/) + ) { + $StartNamed++; + } elsif ( $ThisLine =~ /^(reloading nameserver|named reload succeeded)/ ) { + $ReloadNamed++; + } elsif ( + ($ThisLine =~ /^shutting down/) or + ($ThisLine =~ /^named shutting down/ ) or + ($ThisLine =~ /^named shutdown succeeded/ ) + ) { + $ShutdownNamed++; + } elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) { + $DeniedZoneTransfers{$Host}{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) { + $ZoneLoaded{"cache $Zone"}++; + } elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" .* loaded/ ) ) { + $ZoneLoaded{"cache $Zone"}++; + } elsif ( ($Zone) = ( $ThisLine =~ /primary zone \"(.+)\" loaded/ ) ) { + $ZoneLoaded{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /master zone \"(.+)\" .* loaded/ ) ) { + $ZoneLoaded{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /secondary zone \"(.+)\" loaded/ ) ) { + $ZoneLoaded{"secondary $Zone"}++; + } elsif ( ($Zone) = ( $ThisLine =~ /slave zone \"(.+)\" .* loaded/ ) ) { + $ZoneLoaded{"secondary $Zone"}++; + } elsif ( ($Zone) = ( $ThisLine =~ /^zone (.+)\: loaded serial/ ) ) { + $ZoneLoaded{$Zone}++; + } elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) { + $LameServer{"$Addr ($Server)"}++; + } elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) { + $ZoneRemoved{$Zone}++; + } elsif ( ($Host) = ( $ThisLine =~ /^([^ ]+) has CNAME and other data \(invalid\)/ ) ) { + push @CNAMEAndOther, $Host; + } elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /dns_master_load: ([^:]+):(\d+): ([^ ]+): (.+)$/ ) ) { + $ZoneFileErrors{$File}{"$Entry: $Error"}++; + } elsif ( ($Way,$Host) = ( $ThisLine =~ /^([^ ]+): sendto\(\[([^ ]+)\].+\): Network is unreachable/ ) ) { + $FullHost = LookupIP ($Host); + $NetworkUnreachable{$Way}{$FullHost}++; + } elsif ( ($Zone,$Message) = ( $ThisLine =~ /^client [^\#]+#[^\:]+: updating zone '([^\:]+)': (.*)$/ ) ) { + $ZoneUpdates{$Zone}{$Message}++; + } elsif ( ($Host,$Zone) = ( $ThisLine =~ /approved AXFR from \[(.+)\]\..+ for \"(.+)\"/ ) ) { + $FullHost = LookupIP ($Host); + $AXFR{$Zone}{$FullHost}++; + } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query \(cache\) denied/ ) ) { + $FullClient = LookupIP ($Client); + $DeniedQuery{$FullClient}++; + } elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /^client ([\d\.]+)#\d+: update '(.*)' denied/)) { + $UpdateDenied{"$Rhost ($Ldom)"}++; + } elsif ( ($Zone) = ($ThisLine =~ /^zone '([0-9a-zA-Z.-]+)' allows updates by IP address, which is insecure/)) { + $InsecUpdate{$Zone}++; + } elsif ( ($Zone) = ($ThisLine =~ /^zone ([0-9a-zA-Z.\/-]+): journal rollforward failed: journal out of sync with zone/)) { + $JournalFail{$Zone}++; + } elsif ( ($Channel,$Reason) = ($ThisLine =~ /^couldn't add command channel (.+#\d+): (.*)$/)) { + $ChannelAddFail{$Channel}{$Reason}++; + } elsif ( ($Zone,$Host,$Reason) = ($ThisLine =~ /^zone ([^ ]*)\/IN: refresh: failure trying master ([^ ]*)#\d+: (.*)/) ) { + $MasterFailure{"$Zone from $Host"}{$Reason}++; + } elsif ( ($Zone) = ($ThisLine =~ /^zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) { + $NonAuthoritative{$Zone}++; + } else { + # Report any unmatched entries... + # remove PID from named messages + $ThisLine =~ s/^(client [.0-9]+)\S+/$1/; + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +####################################### + +if ( ( $Detail >= 5 ) and ($StartNamed) ) { + print "Named started: $StartNamed Time(s)\n"; +} + +if ( ( $Detail >= 5 ) and ($ReloadNamed) ) { + print "Named reloaded: $ReloadNamed Time(s)\n"; +} + +if ( ( $Detail >= 5 ) and ($ShutdownNamed) ) { + print "Named shutdown: $ShutdownNamed Time(s)\n"; +} + +if ( ( $Detail >= 5 ) and (keys %ZoneLoaded) ) { + print "\nLoaded Zones:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ZoneLoaded) { + print " $ThisOne: $ZoneLoaded{$ThisOne} Time(s)\n"; + } +} + +if ( ($Detail >= 5) and (keys %ChannelAddFail) ) { + print "\nCan't add command channel:\n"; + foreach $Channel (sort {$a cmp $b} keys %ChannelAddFail) { + print " $Channel:\n"; + foreach $Reason (sort {$a cmp $b} keys %{$ChannelAddFail{$Channel}}) { + print " $Reason: $ChannelAddFail{$Channel}{$Reason} Time(s)\n"; + } + } +} + +if ( ($Detail >= 5) and (keys %MasterFailure) ) { + print "\nFailure trying to refresh zone:\n"; + foreach $Zone (sort {$a cmp $b} keys %MasterFailure) { + print " $Zone:\n"; + foreach $Reason (sort {$a cmp $b} keys %{$MasterFailure{$Zone}}) { + print " $Reason: $MasterFailure{$Zone}{$Reason}++ Time(s)\n"; + } + } +} + +if ( ( $Detail >= 5 ) and (keys %DeniedZoneTransfers) ) { + print "\nDenied Zone Transfers:\n"; + foreach my $Host (keys %DeniedZoneTransfers) { + print " $Host: "; + foreach my $Zone (keys %{$DeniedZoneTransfers{$Host}}) { + print $DeniedZoneTransfers{$Host}{$Zone}. ' '; + } + print "\n"; + } +} + +if ( ( $Detail >= 5 ) and (keys %ZoneRemoved) ) { + print "\nRemoved Zones:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ZoneRemoved) { + print " $ThisOne: $ZoneRemoved{$ThisOne} Time(s)\n"; + } +} + +if ( ( $Detail >= 5 ) and (keys %AXFR) ) { + print "\nZone Transfers:\n"; + foreach $ThisOne (keys %AXFR) { + print " Zone: $ThisOne\n"; + foreach $Temp (keys %{$AXFR{$ThisOne}}) { + print " by $Temp: $AXFR{$ThisOne}{$Temp} Time(s)\n"; + } + } +} + +if ( ( $Detail >= 5 ) and (keys %DeniedQuery) ) { + print "\nQueries (cache) that were denied:\n"; + foreach $ThisOne (keys %DeniedQuery) { + print " from $ThisOne: $DeniedQuery{$ThisOne} Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (@CNAMEAndOther) ) { + print "\nThese hosts have CNAME and other data (invalid):\n"; + foreach $ThisOne (@CNAMEAndOther) { + print " $ThisOne\n"; + } +} + +if ( ( $Detail >= 5 ) and (keys %ZoneFileErrors) ) { + print "\nSyntax errors in zone files:\n"; + for $File (keys %ZoneFileErrors) { + print " $File\n"; + for $Error ( keys %{$ZoneFileErrors{$File}} ) { + print " \"$Error\" " . $ZoneFileErrors{$File}{$Error} . " Time(s)\n"; + } + } +} + +if ( ( $Detail >= 10 ) and (keys %LameServer) ) { + print "\nThese addresses had lame server references:\n"; + foreach $ThisOne (keys %LameServer) { + print " $ThisOne: $LameServer{$ThisOne} Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (keys %NonAuthoritative) ) { + print "\nNon-authoritative answer from master for these zones:\n"; + foreach $ThisOne (keys %NonAuthoritative) { + print " " . $ThisOne . ": " . $NonAuthoritative{$ThisOne} . " Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (keys %NetworkUnreachable) ) { + print "\nNetwork is unreachable for:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %NetworkUnreachable) { + print " $ThisOne:\n"; + foreach $Host (sort {$a cmp $b} keys %{$NetworkUnreachable{$ThisOne}}) { + print " $Host: $NetworkUnreachable{$ThisOne}{$Host} Time(s)\n"; + } + } +} + +if ( ( $Detail >= 5 ) and (keys %ZoneUpdates) ) { + print "\nZone Updates:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ZoneUpdates) { + print " $ThisOne:\n"; + foreach $Message (sort {$a cmp $b} keys %{$ZoneUpdates{$ThisOne}}) { + print " $Message: $ZoneUpdates{$ThisOne}{$Message} Time(s)\n"; + } + } +} + +if ( keys %UpdateDenied ) { + print "\nZone update refused:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %UpdateDenied) { + print " $ThisOne: $UpdateDenied{$ThisOne} Time(s)\n"; + } +} + +if ( keys %InsecUpdate ) { + print "\nInsecure zones (dynamic update allowed by IP address):\n"; + foreach $ThisOne (sort {$a cmp $b} keys %InsecUpdate) { + print " " . $ThisOne . ": " . $InsecUpdate{$ThisOne} . " Time(s)\n"; + } +} + +if ( keys %JournalFail ) { + print "\nJournall rollforward failed:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %JournalFail) { + print " " . $ThisOne . ": " . $JournalFail{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/oidentd b/log.d/configs/linux/scripts/services/oidentd new file mode 100755 index 0000000..9bd4c8a --- /dev/null +++ b/log.d/configs/linux/scripts/services/oidentd @@ -0,0 +1,128 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: oidentd,v 1.2 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: oidentd,v $ +# Revision 1.2 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.1 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +# Revision 1.2 2004/01/27 09:20:58 blues +# - updated some missing entries +# +# Revision 1.1 2004/01/23 20:47:20 blues +# - basic support for oidentd. It's full support for me, but I know that +# something is missing. If you have some unmatched entries - send to me. +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Pawe³ Go³aszewski +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org and blues@pld-linux.org +######################################################## + +## Initial initialization: +$Startups = 0; +$Shutdowns = 0; +$LookupCount = 0; +$LookupErrorCount = 0; +$Connections = 0; +$MasqLookupCount = 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( + ($ThisLine =~ m/^Continuous traffic control enabled/) or + ($ThisLine =~ m/^Timeout for request -- Closing connection/) + ) { + #ignore these + } elsif ( ($Host,$Port,$User,$Identity) = ($ThisLine =~ /^\[([^ ]*)\] Successful lookup: \d+ , (\d+) : ([^ ]*) \(([^ ]*)\)$/)) { + $Temp = "$User announced as $Identity"; + $Lookups{$Port}{$Temp}{$Host}++; + $LookupCount++; + } elsif ( ($Host,$Port,$User) = ($ThisLine =~ /^\[([^ ]*)\] \(Masqueraded\) Successful lookup: \d+ , (\d+) : ([^ ]*)$/)) { + $Temp = "Masqueraded as $User"; + $Lookups{$Port}{$Temp}{$Host}++; + $LookupCount++; + $MasqLookupCount++; + } elsif ( + (($Host) = ($ThisLine =~ /^Connection from ([^ ]* \([^ ]*\)):\d+$/)) or + (($Host) = ($ThisLine =~ /^Connection from ([^ ]*):\d+$/)) + ) { + $Connection{$Host}++; + $Connections++; + } elsif ( ($Host,$Port) = ($ThisLine =~ /^\[([^ ]*)\] \d+ , (\d+) : ERROR : [^ ]*$/)) { + $ErrorLookup{$Port}{$Host}++; + $LookupErrorCount++; + } elsif ( $ThisLine =~ /^oidentd startup\s+succeeded$/ ) { + $Startups++; + } elsif ( $ThisLine =~ /^oidentd shutdown\s+succeeded$/ ) { + $Shutdowns++; + } else { + $OtherList{$ThisLine}++; + } +} + +########################### +# Print report: + +if ($Startups > 0) { + print "\nStartups: $Startups\n"; +} + +if ($Shutdowns > 0) { + print "\nShutdowns: $Shutdowns\n"; +} + +if (keys %Connection) { + print "\nConnections to service: $Connections Time(s)\n"; + foreach $Host (sort {$a cmp $b} keys %Connection) { + print " $Host: $Connection{$Host} Time(s)\n"; + } +} + +if (keys %Lookups) { + print "\nSuccessful ident lookups $LookupCount Time(s)\n"; + if ($MasqLookupCount > 0) { + print "Masqueraded connections: $MasqLookupCount Time(s)\n"; + } + foreach $Port (sort {$a cmp $b} keys %Lookups) { + print " Service on port $Port:\n"; + foreach $User (sort {$a cmp $b} keys %{$Lookups{$Port}}) { + print " $User:\n"; + foreach $Host (sort {$a cmp $b} keys %{$Lookups{$Port}{$User}}) { + print " $Host: $Lookups{$Port}{$User}{$Host} Time(s)\n"; + } + } + } +} + +if (keys %ErrorLookup) { + print "\nErrors when lookup ident $LookupErrorCount Time(s)\n"; + foreach $Port (sort {$a cmp $b} keys %ErrorLookup) { + print " Service on port $Port:\n"; + foreach $Host (sort {$a cmp $b} keys %{$ErrorLookup{$Port}}) { + print " $Host: $ErrorLookup{$Port}{$Host} Time(s)\n" + } + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pam b/log.d/configs/linux/scripts/services/pam new file mode 100755 index 0000000..ae99558 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pam @@ -0,0 +1,45 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: pam,v 1.7 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( ( $ThisLine =~ /^pam_get_user: no username obtained$/ ) or + ( $ThisLine =~ /^pam_end: NULL pam handle passed/ ) ) { + # We don't care about these + } + elsif ( $ThisLine =~ s/^FAILED LOGIN SESSION FROM ([^ ]+) FOR .*$/$1/ ) { + $FailedLogins{$ThisLine}++; + } + else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if ( (keys %FailedLogins) and ($Detail >= 10) ) { + print "\nFailed Login Sessions:\n"; + foreach $ThisOne (keys %FailedLogins) { + print " " . $FailedLogins{$ThisOne} . " from " . $ThisOne; + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pam_pwdb b/log.d/configs/linux/scripts/services/pam_pwdb new file mode 100755 index 0000000..2ca6fae --- /dev/null +++ b/log.d/configs/linux/scripts/services/pam_pwdb @@ -0,0 +1,211 @@ +#!/usr/bin/perl +########################################################################## +# $Id: pam_pwdb,v 1.18 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# NOTE: This script is for older (6.X era) Red Hat boxes + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( ( $ThisLine =~ /(.*) session closed for user .*$/ ) or + ( $ThisLine =~ /^Logout user .* host .*$/ ) or + ( $ThisLine =~ /^log: Password authentication/ ) or # apparently SSHD messages + ( $ThisLine =~ /^log: Closing connection/ ) or # apparently SSHD messages + ( $ThisLine =~ /^check pass; user unknown/ ) or + ( $ThisLine =~ /^User account has expired/ ) or # This one is caught below (2-line message) + ( $ThisLine =~ /^get passwd; pwdb: structure is no longer valid$/) or + ( $ThisLine =~ /^fatal: Read error from remote host: Connection reset by peer$/) or + ( $ThisLine =~ /^new password not acceptable$/ ) or + ( $ThisLine =~ /^FTP session closed$/) or + ( $ThisLine =~ /^FTP LOGIN REFUSED/) or + ( $ThisLine =~ /^FAILED LOGIN SESSION FROM \S+ FOR , Error in service module/) or + ( $ThisLine =~ /^FTP LOGIN FROM/ ) # I will let ftpd handle FTP messages.... + ) { + # We don't care about these + } + elsif ( $ThisLine =~ /password for \(.*\) changed by \(.*\)$/ ) { + chomp($ThisLine); + push @PWChanges, $ThisLine; + } + elsif ( ($RemoteHost,$User) = ( $ThisLine =~ /^failed login from ([^ ]+) \[.*\], ([^ ]+)$/) or + ($RemoteHost,$User) = ( $ThisLine =~ /^Login failure user=(\S+) host=([^ ]+)$/) ) { + chomp ($User); + push @{$FailedLogins{$RemoteHost}}, $User; + } + elsif ( $ThisLine =~ s/auth could not identify password for \[([^ ]+)\]$/$1/ ) { + chomp ($ThisLine); + $CouldNotIDPW{$ThisLine}++; + } + elsif ( $ThisLine =~ s/^expiry check failed for \'([^ ]+)\'/$1/ ) { + # user account expired? + chomp($ThisLine); + push @Expired, $ThisLine; + } + elsif ( $ThisLine =~ s/bad username \[(.*)\]$/$1/ ) { + chomp($ThisLine); + push @BadName, $ThisLine; + } + elsif ( ($StartName,$StartUID,$EndName,$ServiceName) = + ( $ThisLine =~ m/authentication failure.*; ([^ ]*)\(uid=(\d+)\) -> ([^ ]+) for ([^ ]+) service$/ ) ) { + $StartName = " " if (!$StartName); + $ThisKey = $StartName . "(uid=" . $StartUID . ") -> " . $EndName; + $AuthFailures{$ThisKey}{$ServiceName}++; + } + elsif ( ($Num,$StartName,$StartUID,$EndName,$ServiceName) = + ( $ThisLine =~ m/^(\d+) authentication failure.*; ([^ ]*)\(uid=(\d+)\) -> ([^ ]+) for ([^ ]+) service$/ ) ) { + $StartName = " " if (!$StartName); + $ThisKey = $StartName . "(uid=" . $StartUID . ") -> " . $EndName; + $AuthFailures{$ThisKey}{$ServiceName}+=$Num; + } + elsif ( ($ThisKey,$ServiceName) = ( $ThisLine =~ /([^ ]+) authentication failed for ([^ ]+)$/ ) ) { + chomp($ThisKey); chomp($ServiceName); + $AuthFailures{$ThisKey}{$ServiceName}++; + } + elsif ( ($RemoteHost, $User) = ( $ThisLine =~ m/^FAILED LOGIN .* FROM ([^ ]+) FOR (.+), .*$/ ) ) { + push @{$FailedLogins{$RemoteHost}}, $User; + } + elsif ( $ThisLine =~ s/^ROOT LOGIN ON ([^ ]+)/$1/ ) { + chomp ($ThisLine); + $RootLogins{$ThisLine}++; + } + elsif ( ($User,$From) = ( $ThisLine =~ /^LOGIN ON [^ ]+ BY ([^ ]+) FROM ([^ ]+)$/ ) or + ($User,$From) = ( $ThisLine =~ /^Login user=([^ ]+) host=([^ ]+)$/ ) ) { + chomp ($From); + ${$RemoteLogins{$User}}{$From}++; + } + elsif ( $ThisLine =~ s/^LOGIN ON [^ ]+ BY ([^ ]+$)/$1/ ) { + chomp ($ThisLine); + $LocalLogins{$ThisLine}++; + } + elsif ( ($ServiceName,$StartName,$StartUID,$EndName) = + ( $ThisLine =~ m/([^ ]+)\[[0-9]+\]:\s+authentication\s+failure;\s*logname=([^ ]+)\s+uid=([^ ]+).*user=([^ ]+)/ ) ) { + $StartName = " " if (!$StartName); + $ThisKey = $StartName . "(uid=" . $StartUID . ") -> " . $EndName; + $AuthFailures{$ThisKey}{$ServiceName}++; + } + elsif ( ($Service, $User, $Orig) = ( $ThisLine =~ /^\((.*)\) session opened for user ([^ ]+) by (.*\(uid=.*\))/ ) ) { + if (( $Service eq "su" ) and ($Orig =~ /[^ ]+\(uid=.*\)$/)) { + $Temp = " " . $Orig . " -> " . $User; + $SUList{$Temp}++; + } + else { + ${$OpenedSessions{$Service}}{$User}++; + } + } + else { + # Report any unmatched entries... + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +if (keys %SUList) { + print "\nSU Sessions:\n"; + foreach $SU (keys %SUList) { + print " " . $SU . " - " . $SUList{$SU} . " Time(s)\n"; + } +} + +if (($Detail >= 10) and (keys %CouldNotIDPW)) { + print "\nCould not identify password for:\n"; + foreach $User (keys %CouldNotIDPW) { + print " " . $User . " - " . $CouldNotIDPW{$User} . " Time(s)\n"; + } +} + +if (@PWChanges) { + print "\nPassword Changes:\n"; + foreach $Change (@PWChanges) { + print " " . $Change . "\n"; + } +} + +if (($Detail >= 5) and (@BadName)) { + print "\nBad Usernames Received:\n"; + foreach $User (@BadName) { + print " " . $User . "\n"; + } +} + +if (@Expired) { + print "\nExpired User Accounts:\n"; + foreach $User (@Expired) { + print " " . $User . "\n"; + } +} + +if (keys %OpenedSessions) { + print "\nOpened Sessions:\n"; + foreach $Service (keys %OpenedSessions) { + print " Service: " . $Service . "\n"; + foreach $User (keys %{$OpenedSessions{$Service}}) { + print " User " . $User . " - " . ${$OpenedSessions{$Service}}{$User} . " Time(s)\n"; + } + } +} + +if (keys %RemoteLogins) { + print "\nRemote Logins:\n"; + foreach $User (keys %RemoteLogins) { + print " User " . $User . ":\n"; + foreach $Remote (keys %{$RemoteLogins{$User}} ) { + print " Remote Host " . $Remote . " - " . ${$RemoteLogins{$User}}{$Remote} . " Time(s)\n"; + } + } +} + +if (keys %LocalLogins) { + print "\nLocal Logins:\n"; + foreach $User (keys %LocalLogins) { + print " " . $User . " - " . $LocalLogins{$User} . " Time(s)\n"; + } +} + +if (keys %RootLogins) { + print "\nRoot Logins:\n"; + foreach $tty (keys %RootLogins) { + print " " . $tty . ": " . $RootLogins{$tty} . " time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %AuthFailures)) { + print "\nAuthentication Failures:\n"; + foreach $Users (keys %AuthFailures) { + print " " . $Users . "\n"; + foreach $Service (keys %{$AuthFailures{$Users}}) { + print " Service: " . $Service . ": " . ${$AuthFailures{$Users}}{$Service} . " time(s)\n"; + } + } +} + +if (($Detail >= 5) and (keys %FailedLogins)) { + print "\nLogin Failures:\n"; + foreach $RemoteHost (keys %FailedLogins) { + print " " . $RemoteHost . ": "; + foreach $User ( @{$FailedLogins{$RemoteHost}} ) { + print $User . ", "; + } + print "\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pam_unix b/log.d/configs/linux/scripts/services/pam_unix new file mode 100755 index 0000000..7d4c6f0 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pam_unix @@ -0,0 +1,180 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: pam_unix,v 1.14 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: pam_unix,v $ +# Revision 1.14 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.13 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use Logwatch ':sort'; + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my ($service, $line, %data); + +while ($line = ) { + chomp $line; + $service = $line; + if ($line =~ s/^... .. ..:..:.. .+ .+\(pam_unix\)\[\d+\]: //) { + $service =~ s/^... .. ..:..:.. .+ (.+)\(pam_unix\)\[\d+\]: .*$/$1/; + } else { + next; + } + if (($service eq 'sshd') or ($service eq 'login') or ($service eq 'ftp')) { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ s/^session opened for user ([^ ]*) by ([^ ]*)\(uid=\d+\)/$1 by $2/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ s/^session opened for user (.+) by LOGIN\(uid=\d+\)/$1/) { + $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } elsif ($line =~ s/^authentication failure; .*rhost=([^ ]*)\s+user=([^ ]*)$/$2 ($1)/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ s/^authentication failure; .*rhost=([^ ]*).$/unknown ($1)/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ s/^(\d+) more authentication failure; .*rhost=(.+)\s+user=(.+)$/$2 ($1)/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ s/^(\d+) more authentication failure; .*rhost=(.+)$/unknown ($1)/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ /check pass; user unknown/) { + $data{$service}{'Invalid Users'}{'Unknown Account'}++; + } elsif ($line =~ s/^password changed for (.+)/$1(by sshd)/) { + ($Detail >= 5) && $data{passwd}{'Password changed'}{$line}++; + } elsif ($line =~ s/^account (.+) has expired (failed to change password)$/$1/) { + $data{$service}{'Expired Accounts'}{$line}++; + } elsif ($line =~ s/bad username \[(.*)\]/$1/) { + $data{$service}{'Invalid Users'}{"Bad User: $line"}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'su') { + if ($line =~ s/^authentication failure; logname=(.+) uid=(\d+) .*user=(.+)$/$1($2) -> $3/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } elsif ($line =~ s/session opened for user (.+) by (.+)$/$2 -> $1/) { + $data{$service}{'Sessions Opened'}{$line}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'passwd') { + if ($line =~ s/^password changed for (.+)/$1/) { + ($Detail >= 5) && $data{$service}{'Password changed'}{$line}++; + } + } elsif ($service eq 'poppassd') { + if ($line =~ s/^password changed for (.+)/$1/) { + ($Detail >= 5) && $data{$service}{'Password changed'}{$line}++; + } + } elsif ($service eq 'gdm') { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'kdm') { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } + } elsif ($service eq 'xdm') { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } + } elsif ($service eq 'imap') { + if ($line =~ s/^authentication failure; .*user=(.+)$/$1/) { + $data{$service}{'Authentication Failures'}{$line}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'spop3d') { + if ($line =~ s/^session opened for user (.+)/$1/) { + $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } elsif ($line =~ s/^authentication failure; .*user=(.+)$/$1/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ s/^account (.+) has expired (failed to change password)$/$1/) { + $data{$service}{'Expired Accounts'}{$line}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'pure-ftpd') { + if ($line =~ s/^session opened for user (.+)/$1/) { + $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ s/^check pass; (.+)/$1/) { + $data{$service}{'Password Failures'}{$line}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'xscreensaver') { + if ($line =~ s/^authentication failure; .*uid=(\d+) euid=(\d+) tty=(.+) ruser= rhost= user=(.+)$/$4($1,$2) on display $3/) { + $data{$service}{'Authentication Failures'}{$line}++; + } + } elsif ($service eq 'cron') { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ /session closed for user/) { + # ignore this line + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'cyrus') { + if ($line =~ /check pass; user unknown/) { + $data{$service}{'Invalid Users'}{'Unknown Account'}++; + } elsif ($line =~ /authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=/) { + # ignore this line + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } elsif ($service eq 'samba') { + if ($line =~ s/^session opened for user ([a-zA-Z\d]+) by (.+)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ s/^session closed for user (.+)/$1/) { + ($Detail >= 8) && $data{$service}{'Sessions Closed'}{$line}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } +} + +foreach my $service (sort {$a cmp $b} keys %data) { + print "$service:\n"; + foreach my $type (sort {$a cmp $b} keys %{$data{$service}}) { + print " $type:\n"; + my $sort = CountOrder(%{$data{$service}{$type}}); + foreach my $entry (sort $sort keys %{$data{$service}{$type}}) { + print " $entry: $data{$service}{$type}{$entry} Time(s)\n"; + } + } + print "\n"; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pluto b/log.d/configs/linux/scripts/services/pluto new file mode 100755 index 0000000..62457a9 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pluto @@ -0,0 +1,215 @@ +#!/usr/bin/perl +########################################################################## +# $Id: pluto,v 1.8 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +# This is a scanner for logwatch (see www.logwatch.org) that processes +# FreeSWAN's Pluto log files and attempts to +# make some sense out of them. +# +# Please CC suggestions to mcr@freeswan.org and/or design@lists.freeswan.org +# as well as to kirk@kaybee.org. + +# the vendorID hash maps vendor IDs to products. VendorIDs are hashs of +# internal stuff from each vendor. Grow this table as you encouter new +# products. + +$vendorID{"p....}..&..i...5..............................."}="KAME/Racoon"; +$debug=0; + +while(<>) { +# May 4 04:04:33 abigail Pluto[24170]: "abigail-istari" #1479: ISAKMP SA expired (LATEST!) + + chop; + ($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$_,7); + $today="$month $day"; + + next unless ($process =~ /pluto/i); + + $loglines{$today}++; + + print STDERR "Msg: $msg\n" if $debug>1; + + if($msg =~ /([^\#]*)\#(\d*)\:(.*)/) { + $ipaddr = $1; + $stateinfo = $2; + $rest = $3; + } elsif($msg =~ /no Phase 1 state for Delete/) { + $baddelete++; + next; + } elsif($msg =~ /from ([^:]*)\:([^:]*)\: Main Mode message is part of an unknown exchange/) { + $ipaddr = $1; + $ipport = $2; + $badexch{"[$ipaddr]:$ipport"}++; + next; + } else { + print STDERR "Failed to decode: $msg (of $_)\n" if $debug; + next; + } + + # print STDERR "conn: $conn IP: $ipaddr STATE: $stateinfo\n" if $debug; + + $conn =~ s/\"(.*)\"/$1/; + + $conns{$conn}++; + if(!defined($peerIP{"$conn|$ipaddr"})) { + #print STDERR "Adding $ipaddr to $conn\n" if $debug; + $peerIP{$conn}=$peerIP{$conn}.$ipaddr." "; + } + $peerIP{"$conn|$ipaddr"}++; + + $stateobjects{$stateinfo}++; + if(!defined($peer{$stateinfo}) && length($ipaddr)>0) { + $peer{$stateinfo}=$ipaddr; + } + + # ignore following + next if($rest =~ /ISAKMP SA expired/); + next if($rest =~ /responding to Main Mode/); + next if($rest =~ /responding to Quick Mode/); + next if($rest =~ /IPsec SA expired/); + next if($rest =~ /ignoring informational payload, type IPSEC_INITIAL_CONTACT/); + next if($rest =~ /regenerating DH private secret to avoid Pluto 1.0 bug handling public value with leading zero/); + next if($rest =~ /regenerating DH private secret to avoid Pluto 1.0 bug handling shared secret with leading zero/); + next if($rest =~ /shared DH secret has leading zero -- triggers Pluto 1.0 bug/); + next if($rest =~ /ignoring Delete SA payload/); + next if($rest =~ /received and ignored informational message/); + next if($rest =~ /discarding duplicate packet; already STATE_MAIN_../); + next if($rest =~ /discarding duplicate packet; already STATE_QUICK_../); + next if($rest =~ /deleting state \(STATE_MAIN_..\)/); + next if($rest =~ /deleting state \(STATE_QUICK_..\)/); + next if($rest =~ /Quick Mode .. message is unacceptable because it uses a previously used Message ID/); + next if($rest =~ /deleting connection .* instance with peer .*/); + next if($rest =~ /dropping and reinitiating exchange to avoid Pluto 1.0 bug handling DH shared secret with leading zero byte/); + next if($rest =~ /KE has 191 byte DH public value; 192 required/); + next if($rest =~ /retransmitting in response to duplicate packet; already STATE_MAIN_../); + #Manuel Mitnyan Thu Jul 31 2003 -To handle somes non important messages + next if($rest =~ /Peer ID is ID_IPV4_ADDR/); + next if($rest =~ /Peer ID is ID_FQDN/); + + $relevantlog{"$today"}++; + + print STDERR "Rest is $rest\n" if $debug>1; + + # but process these. + if($rest =~ /initiating Main Mode to replace \#(.*)/) { + $oldinfo = $1; + $statechain{$conn.$stateinfo}="$conn|$oldinfo"; + next; + + } elsif($rest =~ /initiating Main Mode/) { + $statechain{$conn.$stateinfo}="$conn"; + next; + + } elsif($rest =~ /initiating Quick Mode (.*) to replace \#(.*)/) { + $oldinfo = $2; + $phase2 = $1; + $statechain{"$conn|$stateinfo"}="$conn|$oldinfo"; + $quickmode{"$conn"}=$quickmode{"$conn"}." ".$phase2; + next; + + } elsif($rest =~ /initiating Quick Mode (.*)/) { + $phase2 = $1; + $statechain{"$conn|$stateinfo"}="$conn"; + $quickmode{"$conn"}=$quickmode{"$conn"}." ".$phase2; + next; + + } elsif($rest =~ /ISAKMP SA established/) { + $rekeysuccess{$conn}++; + next; + + } elsif($rest =~ /cannot respond to IPsec SA request because no connection is known for (.*)/) { + $rekeyfail{$conn}++; + $rekeyfail_notknown{$1}++; + + } elsif($rest =~ /max number of retransmissions \((.*)\) reached STATE_QUICK_I./) { + + $rekeyfail{$conn}++; + $rekeyfailQI1{$conn}++; + next; + + } elsif($rest =~ /max number of retransmissions \((.*)\) reached STATE_QUICK_R./) { + + $rekeyfail{$conn}++; + $rekeyfailQR1{$conn}++; + next; + + } elsif($rest =~ /max number of retransmissions \((.*)\) reached STATE_MAIN_I./) { + + $rekeyfail{$conn}++; + $rekeyfailI1{$conn}++; + next; + + } elsif($rest =~ /max number of retransmissions \((.*)\) reached STATE_MAIN_R./) { + $rekeyfail{$conn}++; + $rekeyfailR1{$conn}++; + next; + + } elsif($rest =~ /ERROR: asynchronous network error report on .* for message to .* port 500, complainant .*:.*errno (.*), origin ICMP type (.*) code (.*)/) { + $rekeyfail{$conn}++; + $rekeyfail_ICMPunreachable{$conn}++; + + } elsif($rest =~ /ERROR: asynchronous network error report on .* for message to .* port 500, complainant .*:.*errno (.*), origin ICMP type (.*) code (.*)/) { + $rekeyfail{$conn}++; + $rekeyfail_ICMPunreachable{$conn}++; + + } elsif($rest =~ /starting keying attempt (.*) of an unlimited number/) { + $lastattempt=$1; + if($maxattempts{$conn} < $lastattempt) { + $maxattempts{$conn} = $lastattempt; + } + next; + + } elsif($rest =~ /Vendor ID: (.*)/) { + $vid=$1; + if(defined($vendorID{$vid})) { + $peerID{$conn}=$vendorID{$vid}; + } else { + $peerID{$conn}="unknown $vid"; + $vendorID{$vid}="unknown $vid at $stateinfo/$ipaddr\n"; + } + next; + } elsif($rest =~ /prepare-client output.*/) { + $setupfail{$conn}++; + } elsif(($rest =~ /sent QI2, IPsec SA established/) || + ($rest =~ /IPsec SA established/)) { + $ipsecSAs{$conn}++; + next; + + } else { + print STDERR "UNKNOWN: $_"."\n"; + } +} + +if (keys %loglines) { + print "Overview summary of log files:\n"; + foreach $day (keys %loglines) { + print "\t $day had ".$loglines{$day}." entries of which ".$relevantlog{$day}." were relevant\n"; + } +} + +if (keys %conns) { + print "Summary by peer:\n"; + foreach $conn (keys %conns) { + print " Peer $conn caused $conns{$conn} lines of output.\n"; + print "\tconnected from:".$peerIP{$conn}."\n"; + if(defined($peerID{$conn})) { + print "\tVID: ".$peerID{$conn}."\n"; + } + print "\tKeyed: ".($rekeysuccess{$conn}+0)." successes ",($rekeyfail{$conn}+0)." failures (max retries: ".($maxattempts{$conn}+0).")\n"; + print "\tIPsec SAs: ".($ipsecSAs{$conn}+0)."\n"; + if($setupfail{$conn} > 0) { + print "\tSetup failures: ".$setupfail{$conn}."\n"; + } + } +} + +if (keys %badexch) { + print "Summary of bad peers\n"; + foreach $badpeer (keys %badexch) { + print "\t".$badpeer." caused ".$badexch{$badpeer}." bad exchanges\n"; + } +} + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pop3 b/log.d/configs/linux/scripts/services/pop3 new file mode 100755 index 0000000..b5a8c01 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pop3 @@ -0,0 +1,247 @@ +#!/usr/bin/perl +########################################################################## +# $Id: pop3,v 1.1 2004/06/21 14:59:05 kirk Exp $ +########################################################################## + +######################################################## +# Logwatch was written and is maintained by: +# Kirk Bauer +# +# The pop-3 script was written by: +# Pawe³ Go³aszewski +# +######################################################## + +my $Debug = $ENV{'LOGWATCH_DEBUG'}; +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; + +#Make pseudo IPv6 to IPv4 +sub LookupIPv46 { + my $IPv4Addr; + my $Addr = $_[0]; + if ( ($IPv4Addr) = ($Addr =~ /::ffff:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/ ) ) { +# print "$IPv4Addr\n"; + return $IPv4Addr; + + } + else { +# print $Addr; + return $Addr; + + } +} + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG \n\n"; +} + +while (defined($ThisLine = )) { + if ( + ($ThisLine =~ /^auth: PAM error: Authentication failure$/) or + ($ThisLine =~ /^getpeername: Socket operation on non-socket$/) or + ($ThisLine =~ /^Initializing */) or + ($ThisLine =~ /^Installing */) or + ($ThisLine =~ /^(mailbox: )?open: No such file or directory$/) or + ($ThisLine =~ /^(sktbuff|maildrop): write: Broken pipe$/) or + ($ThisLine =~ /^maildrop: can't read message$/) or + ($ThisLine =~ /^maildrop: can't write to socket$/) or + ($ThisLine =~ /^mailbox: mailbox content has been changed$/) or + ($ThisLine =~ /^maildrop: write: Connection reset by peer$/) or + ($ThisLine =~ /^(sktbuff|maildrop): write: Connection timed out$/) or + ($ThisLine =~ /^open: Permission denied$/) or + ($ThisLine =~ /^read: Broken pipe$/) or + ($ThisLine =~ /^read: Connection reset by peer$/) or + ($ThisLine =~ /^spgetpwnam: can't find user: */) or + ($ThisLine =~ /^sptls: SSL_accept error: (-|)\d+$/) or + ($ThisLine =~ /^sptls: do need at least RSA or DSA cert\/key data$/) + ) { + # Don't care about these... + } elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ ) ) { + $Login{$User}{$Host}++; + } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { + $DownloadedMessages{$User} += $Downloaded; + $DownloadedMessagesSize{$User} += $DownloadSize; + $MessagesLeft{$User} = $Left; + $MboxSize{$User} = $LeftSize; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^session ended for user (.*?) - (.*)/) ) { + $Logout{$User}{$Host}++; + $Logout2{$User}++; + $Connection{$Host}++; + } elsif ( ($Host) = ( $ThisLine =~ /^session ended - (.*)$/) ) { + $Logout{"UNKNOWN"}{$Host}++; + $Connection{$Host}++; + } elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed for user (.*?) - (.*)/ ) ) { + $LoginFailed{"$Host ($User)"}++; + } elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed: no such user: (.*?) - (.*)/ ) ) { + $LoginFailed{"$Host (UNKNOWN: $User)"}++; + } elsif ( ($Mechanism) = ( $ThisLine =~ /^sptls: TLS connection established: (.*)$/ ) ) { + $sslMechanism{$Mechanism}++; + } elsif ($ThisLine =~ /^sptls: created \d+bit temporary [^ ].* key$/ ) { + $sslTempkey++; + } elsif ( ($Host) = ( $ThisLine =~ /^autologout time elapsed - (.*)$/ ) ) { + $AutoLogout{$Host}++; + } elsif ( + (($File) = ( $ThisLine =~ /^can't open or create file: (.*)$/ )) or + (($File) = ( $ThisLine =~ /^mailbox: can't open mailbox file: (.*)$/ )) + ) { + $PermissionDenied{$File}++; + } elsif ( ($User, $Host) = ( $ThisLine =~ /^can't find APOP secret for user (.*?) - (.*)$/ ) ) { + $NoApopSecret{$User}++; + $Logout{$User}{$Host}++; + $Connection{$Host}++; + $Logout2{$User}++; + } elsif ($ThisLine =~ /^mailbox: no memory available$/ ) { + $OutOfMemory++; + } else { + # Report any unmatched entries... + # remove PID from named messages + + $ThisLine =~ s/^(client [.0-9]+)\S+/$1/; + chomp($ThisLine); + $OtherList{$ThisLine}++; + } + $LastLine = $ThisLine; +} + +################################################ + +if ( ( $Detail >= 0 ) and (keys %PermissionDenied)) { + print "WARNING:\n"; + print "Can't open or create files:\n"; + foreach $File (sort {$a cmp $b} keys %PermissionDenied) { + print " $File: $PermissionDenied{$File} Time(s)\n"; + } +} + +if ( ( $Detail >= 0 ) and ($OutOfMemory > 0) ) { + print "\nPOP3 processes were running out of memory $OutOfMemory Time(s)\n"; +} + +if ( ( $Detail >= 0 ) and (keys %LoginFailed)) { + print "\n\n[POP3] Login failures:". + "\n=========================". + "\n Host (user) | # ". + "\n------------------------------------------------------------- | -----------"; + + $ConnCount = 0; + foreach $Host (sort keys %LoginFailed) { + $Conns = $LoginFailed{$Host}; + printf "\n%61s | %11.0f", $Host, $Conns; + $ConnCount += $Conns; + } + print "\n" . "-" x 75; + printf "\n%75s\n\n\n", $ConnCount; +} + +if ( ( $Detail >= 5 ) and (keys %Connection)) { + print "\n[POP3] Connections:". + "\n=========================". + "\n Host | Connections". + "\n------------------------------------------------------------- | -----------"; + + $ConnCount = 0; + foreach $Host (sort keys %Connection) { + $Conns = $Connection{$Host}; + printf "\n%61s | %11.0f", $Host, $Conns; + $ConnCount += $Conns; + } + print "\n" . "-" x 75; + printf "\n%75s\n\n\n", $ConnCount; +} + + + +if (keys %Logout2) { + print "\n[POP3] Logout stats (in MB):". + "\n============================". + "\n User | Logouts | Downloaded | Mbox Size". + "\n--------------------------------------- | ------- | ---------- | ----------"; + + $ConnCount = 0; + $SizeAll = 0; + $DownAll = 0; + foreach $User (sort keys %Logout2) { + $Conns = $Logout2{$User}; + $Down = $DownloadedMessagesSize{$User}/(1024*1024); + $Size = $MboxSize{$User}/(1024*1024); + printf "\n%39s | %7d | ", $User, $Conns; + if ($Down > 0) { + printf "%10.2f | ",$Down; + } else { + printf "%10.0f | ",$Down; + } + if ($Size > 0) { + printf "%10.2f",$Size; + } else { + printf "%10.0f",$Size; + } + $ConnCount += $Conns; + $SizeAll += $Size; + $DownAll += $Down; + } + print "\n" . "-" x 75; + printf "\n%49d | %10.2f | %10.2f\n\n\n",$ConnCount,$DownAll,$SizeAll; +} + + +if ( ( $Detail >= 10 ) and (keys %Login)) { + print "\n[POP3] Successful Logins:\n"; + $LoginCount = 0; + foreach my $User (keys %Login) { + print " User $User: \n"; + $UserCount = 0; + foreach $Host (keys %{$Login{$User}}) { + $HostCount = $Login{$User}{$Host}; + print " From $Host: $HostCount Time(s)\n"; + $UserCount += $HostCount; + } + $LoginCount += $UserCount; + print " Total $UserCount Time(s)\n"; + print "\n"; + } + print "Total $LoginCount successful logins\n\n\n"; +} + +if ($sslTempkey > 0) { + print "\nTemporary SSL key created and used $sslTempkey Time(s)\n"; +} + +if ( ( $Detail >= 5 ) and (keys %sslMechanism)) { + print "\nTLS Connection types:\n"; + $TotalConnections = 0; + foreach $Mechanism (keys %sslMechanism) { + print " $Mechanism $sslMechanism{$Mechanism} Time(s)\n"; + $TotalConnections += $sslMechanism{$Mechanism}; + } + print "Total TLS connections: $TotalConnections Time(s)\n"; +} + +if ( ( $Detail >= 5 ) and (keys %AutoLogout)) { + print "\nAutologout:\n"; + foreach $Host (sort {$a cmp $b} keys %AutoLogout) { + print " $Host: $AutoLogout{$Host} Time(s)\n"; + } +} + +if ( ( $Detail >= 5 ) and (keys %NoApopSecret)) { + print "\nCan't find APOP secret:\n"; + $TotalAPOP = 0; + foreach $User (keys %NoApopSecret) { + print " $User: $NoApopSecret{$User} Time(s)\n"; + $TotalAPOP += $NoApopSecret{$User}; + } + print "Total APOP errors: $TotalAPOP Time(s)\n"; +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/portsentry b/log.d/configs/linux/scripts/services/portsentry new file mode 100755 index 0000000..70fe773 --- /dev/null +++ b/log.d/configs/linux/scripts/services/portsentry @@ -0,0 +1,135 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: portsentry,v 1.5 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Osma Ahvenlampi +######################################################## + +use Logwatch ':ip'; + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + next if ($ThisLine eq ""); + if ( ( $ThisLine =~ /Starting portsentry/ ) or + ( $ThisLine =~ /PortSentry is now active/ ) or + ( $ThisLine =~ /Psionic PortSentry .* (starting|shutting)/ ) or + ( $ThisLine =~ /portsentry shutdown/ ) ) { + # don't care + } elsif( ($scan,$host,$proto,$port) = ( $ThisLine =~ m|attackalert: (.+) scan from host: [^/]+/(\S+) to (\w+) port: (\d+)| ) ){ + $host = LookupIP($host); + $Scans{$scan}{$host}{$port}++; + } elsif ( ($host) = ( $ThisLine =~ /Host (\S+) has been blocked/ ) ){ + $host = LookupIP($host); + $Blocked{$host}++; + } elsif( ($host) = ( $ThisLine =~ /Host: (\S+) is already blocked/ ) ){ + # ignore + } elsif( ($mode,$proto,$port) = ( $ThisLine =~ /: (.+) scan detection mode activated. Ignored (\w+) port: (\d+)/ ) ){ + $Ignored{$mode}{$proto}{$port}++; + } elsif( ($mode,$port) = ( $ThisLine =~ /: (.+) mode will manually exclude port: (\d+)/ ) ){ + $Exclude{$mode}{$port}++; + } else{ + $Unknown{$ThisLine}++; + } +} + +if (keys %Scans) { + print "\nWarning: Portscans detected"; + foreach $mode (sort {$a cmp $b} keys %Scans) { + print "\n " . $mode . " from:"; + foreach $host (sort {$a cmp $b} keys %{$Scans{$mode}}) { + print "\n " . $host . ": ports:"; + $ports = $prev = $list = undef; + foreach $port (sort {$a <=> $b} keys %{$Scans{$mode}{$host}}) { + if ($prev && ($port-1) == $prev) { + $ports .= "-" if (!$list); + $list = 1; + } elsif ($list) { + $ports .= "$prev $port"; + $list = undef; + } else { + $ports .= " $port"; + } + $prev = $port; + } + $ports .= $prev if ($list); + # don't display the port list if it doesn't fit on one line + if (length($ports) > 55 && $Detail < 10) { + print " (too many, set Detail to High for complete list)"; + } else { + print $ports; + } + } + } + print "\n"; +} + +if (keys %Blocked) { + print "\n"; + foreach $host (keys %Blocked) { + print "Warning: Blocked route from/to $host $Blocked{$host} times(s).\n"; + } +} + +if ( ($Detail >= 10) and (keys %Ignored) ) { + print "\nIgnored following ports"; + foreach $mode (sort {$a cmp $b} keys %Ignored) { + print "\n " . $mode . ":"; + foreach $proto (sort {$a cmp $b} keys %{$Ignored{$mode}}) { + print "\n " . $proto . ": ports:"; + $prev = $list = undef; + foreach $port (sort {$a <=> $b} keys %{$Ignored{$mode}{$proto}}) { + if ($prev && ($port-1) == $prev) { + print "-" if (!$list); + $list = 1; + } elsif ($list) { + print "$prev $port"; + $list = undef; + } else { + print " $port"; + } + $prev = $port; + } + print $prev if ($list); + } + } + print "\n"; +} + +if ( ($Detail >= 10) and (keys %Exclude) ) { + print "\nExcluded following ports"; + foreach $mode (sort {$a cmp $b} keys %Exclude) { + print "\n " . $mode . ": ports:"; + $prev = $list = undef; + foreach $port (sort {$a <=> $b} keys %{$Exclude{$mode}}) { + if ($prev && ($port-1) == $prev) { + print "-" if (!$list); + $list = 1; + } elsif ($list) { + print "$prev $port"; + $list = undef; + } else { + print " $port"; + } + $prev = $port; + } + print $prev if ($list); + } + print "\n"; +} + +if ( ($Detail >= 5) and (keys %Unknown) ) { + print "\n**Unmached entries**\n"; + foreach $ThisOne (sort {$a cmp $b} keys %Unknown) { + print $Unknown{$ThisOne} . " Time(s): " . $ThisOne . "\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/postfix b/log.d/configs/linux/scripts/services/postfix new file mode 100755 index 0000000..e3d7dcb --- /dev/null +++ b/log.d/configs/linux/scripts/services/postfix @@ -0,0 +1,644 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: postfix,v 1.12 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: postfix,v $ +# Revision 1.12 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.11 2004/06/21 13:42:02 kirk +# From: Matthew Wise +# This is more of a suggestion than a true patch submission. On a busy +# postfix server the messages sent by section is really long and not +# helpful. This patch finds and lists the top 10 senders by bumber of +# messages. +# +# Revision 1.10 2004/06/21 13:41:04 kirk +# Patch from rod@nayfield.com +# +# Revision 1.9.1 2004/02/22 16:44:01 rod +# Added patch from rod@nayfield.com +# +# Revision 1.9 2004/02/03 03:25:02 kirk +# Added patch from quien-sabe@metaorg.com +# +# Revision 1.8 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +# Revision 1.7 2003/12/15 18:35:03 kirk +# Tons of patches from blues@ds.pg.gda.pl +# +# Revision 1.6 2003/12/15 18:09:23 kirk +# Added standard vi formatting commands at the bottom of all files. +# Applied many patches from blues@ds.pg.gda.pl +# +# Revision 1.5 2003/12/15 17:45:09 kirk +# Added clamAV update log filter from lars@spinn.dk +# +# Revision 1.4 2003/11/26 14:36:30 kirk +# Applied patch from blues@ds.pg.gda.pl +# +# Revision 1.3 2003/11/18 14:04:05 kirk +# More patches from blues@ds.pg.gda.pl +# +# Revision 1.2 2003/11/18 04:02:21 kirk +# Patch from blues@ds.pg.gda.pl +# +# Revision 1.1 2003/11/03 04:49:18 kirk +# Added postfix filter from Sven Conrad +# +# Revision 1.1 2002/03/29 15:32:14 kirk +# Added some filters found in RH's release +# +# +# Revision ??? 2000/07/12 Simon Liddington +# converted from sendmail to postfix Sven Conrad +# added unknown users +# added relay denials +# todo: +# add authentication warnings +# add forward errors +# add returns after 4 hours +# ignores alias database building +# ignores daemon start messages +# ignores clone messages +# ignores all to= lines whatever follows stat= +# +# +# Revision 1.1 2003/03/21 21:10 sven +# Initial revision +# +# filters all postfix/ messages +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# ??? Kenneth Porter ??? +# changed by Sven Conrad +# +# Please send all comments, suggestions, bug reports, +# etc, to ?? shiva@well.com.?? +# Sven Conrad +# +######################################################## + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; + +$MsgsSent = 0; +$BytesTransferred = 0; +$FourHourReturns = 0; +$ReturnedToSender = 0; +$ResentMessages = 0; +$RemovedFromQueue = 0; +$UnsupportedFamily = 0; +$TableChanged = 0; +$QueueSizeExceeded = 0; +$RejectedRBL = 0; +$ErrorRBL = 0; +$NoFreeSpace = 0; +$RejectClients = 0; + +while (defined($ThisLine = )) { + if ( + ( $ThisLine =~ m/^connect/ ) or + ( $ThisLine =~ m/^disconnect/ ) or + ( $ThisLine =~ m/^reload configuration/ ) or + ( $ThisLine =~ m/^[a-zA-Z0-9]+: client=([^ ]*\[[^ ]*\])$/ ) or + ( $ThisLine =~ m/^[a-zA-Z0-9]+: message-id/ ) or + ( $ThisLine =~ m/^[a-zA-Z0-9]+: skipped, still being delivered/ ) or + ( $ThisLine =~ m/^warning: [\.0-9]+: address not listed for hostname/ ) or + ( $ThisLine =~ m/^[a-zA-Z0-9]+: to\=\<.*>, relay\=.*, delay\=[0-9]+, status\=(sent|deferred)/ ) or + ( $ThisLine =~ m/^warning: [\.0-9]+: hostname .* verification failed: Host not found/ ) or + ( $ThisLine =~ m/^warning: no MX host for .* has a valid A record$/ ) or + ( $ThisLine =~ m/^warning: numeric domain name in resource data of MX record for .*$/ ) or + ( $ThisLine =~ m/^daemon started$/ ) or + ( $ThisLine =~ m/^terminating on signal 15$/ ) or + ( $ThisLine =~ m/^warning: Mail system is down -- accessing queue directly$/ ) or + ( $ThisLine =~ m/^Deleted: \d message$/ ) or + ( $ThisLine =~ m/^warning: [a-zA-Z0-9]+: skipping further client input$/ ) or + ( $ThisLine =~ m/^warning: premature end-of-input from cleanup socket while reading input attribute name$/ ) or + ( $ThisLine =~ m/^warning: uid=\d: Broken pipe$/ ) or + ( $ThisLine =~ m/^warning: SASL authentication failure: no secret in database$/ ) or + ( $ThisLine =~ m/^warning: SASL authentication failure: Password verification failed$/ ) or + ( $ThisLine =~ m/^setting up TLS connection (from|to)/ ) or + ( $ThisLine =~ m/^SSL_accept error from/ ) or + ( $ThisLine =~ m/^verify error:num=/ ) or + ( $ThisLine =~ m/^Peer verification:/ ) or + ( $ThisLine =~ m/^Peer certificate could not be verified$/ ) or + ( $ThisLine =~ m/^Peer certficate could not be verified$/ ) #postfix typo + ) { + # We don't care about these + } elsif ( ($Bytes) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=.*size=([0-9]+).*$/) ) { + $MsgsSent++; + $BytesTransferred += $Bytes; + } elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ]*)>, relay\=local, delay\=-?[0-9]+, status\=bounced \(unknown user/)) { + # unknown user + $UnknownUsers{$User}++; + } elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ]*)>, relay\=local, delay\=[0-9]+, status\=bounced \(user unknown/)) { + # unknown user ( alias to |"exit 67" in aliases table ) + $UnknownUsers{$User}++; + } elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]*): [0-9]+ <([^ ]*)>: User unknown in virtual mailbox table;/)) { + # unknown virtual user + $UnknownUsers{$User}++; + } elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ]*)>, .*, status\=bounced .*: User unknown in virtual mailbox table/)) { + # another unknown user probably could combine with local unknown but again my perl is weak + $UnknownUsers{$User}++; + } elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]*): [0-9]+ <([^ ]*)>.*: User unknown in local recipient table/)) { + # and yet another unknown user probably + $UnknownUsers{$User}++; + } elsif (($Dest, $Relay, $Msg) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ]*)>, relay=([^ ]*).*, delay\=-?[0-9]+, status\=bounced \(([^)]*)/ )) { + # unknown user + # $Msg = " hello " + # print "bounce message from " . $Dest . " msg : " . $Relay . "\n"; + if ($Relay =~ m/^(none|local|avcheck)/) { + $Temp = "To " . $Dest . " Msg=\"" . $Msg . "\""; + $LocalBounce{$Temp}++; + } else { + $Temp = "To " . $Dest . " Msg=\"" . $Msg . "\""; + $ForeignBounce{$Temp}++; + } + } elsif ( ($Relay,$Dest) = ($ThisLine =~ m/reject: RCPT from ([^ ]*): 554 <([^ ]*)>.* Relay access denied.* to=([^ ]*)/) ) { + # print "reject: " . $ThisLine . "\n"; + # print "Relay :" . $Relay . " to " . $Dest . "\n"; + $Temp = "From " . $Relay . " to " . $Dest; + $RelayDenied{$Temp}++; + } elsif ( ($User,$From) = ($ThisLine =~ /^[a-zA-Z0-9]+: uid=([^ ]*) from=\<([^ ]*)>/)) { + #Messages sent by user + $Temp = $From . " (uid=" . $User . "): "; + $SentBy{$Temp}++; + } elsif ( ($From) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=<([^ ]*)>, status=expired, returned to sender$/)) { + $ReturnedToSender++; + } elsif ( (undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: resent-message-id=<([^ ]*)>$/)) { + $ResentMessages++; + } elsif ( ($Command,$Host) = ($ThisLine =~ /lost connection after ([^ ]*) from ([^ ]*)$/)) { + # Make some better summary with hosts + $ConnectionLost{$Command}++; + } elsif ( ($Command,$Host) = ($ThisLine =~ /timeout after ([^ ]*) from ([^ ]*)$/)) { + # Make some better summary with hosts + $ConnectionLost{$Command}++; + } elsif ( ($Rejected,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: header (.*); from=<([^ ]*)> to=<([^ ]*)>: Message content rejected$/)) { + $HeaderReject{$Rejected}++; + #} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): [0-9]+ <([^ ]*)>: Sender address rejected: Domain not found;/)) { + # $RejectDomain{$Host}++; + # above two lines included in generic reject sender on next condition + } elsif ( ($Host,$Sender,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): [0-9]+ <(.*)>: Sender address rejected: (.*);/)) { + $RejectSender{$Reason}{$Host}{$Sender}++; + $RejectSenderHost{$Reason}{$Host}++; + $RejectSenderReason{$Reason}++; + } elsif ( ($Host) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): [0-9]+ <[^ ]*\[[^ ]*\]>: Client host rejected: Access denied;/)) { + $RejectClientHost{$Host}++; + $RejectClients++; + } elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): [0-9]+ <(.*)>: Recipient address rejected: (.*);/)) { + $Temp = "$Host : $Reason"; + $RejectRecip{$Recip}{$Temp}++; + } elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): 554 <(.*)>: Sender address rejected: Access denied;/)) { + $RejectAddress{$Host}++; + } elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): 554 Service unavailable; \[[^ ]*\] blocked using ([^ ]*), reason: (.*);/)) { + $Temp = "$Host : $Reason"; + $RejectRBL{$Site}{$Temp}++; + $RejectedRBL++; + } elsif ( ($Host,$Site) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): 554 Service unavailable; \[[^ ]*\] blocked using ([^ ]*);/)) { + $RejectRBL{$Site}{$Host}++; + $RejectedRBL++; + } elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /warning: ([^ ]*): RBL lookup error: Name service error for \d+\.\d+\.\d+\.\d+\.([^ ]*): (.*)$/)) { + $Temp = "$Host : $Reason"; + $RBLError{$Site}{$Temp}++; + $ErrorRBL++; + } elsif ( (undef,undef,$Error) = ($ThisLine =~ /warning: ([^ ]*): hostname ([^ ]*) verification failed: (.*)$/)) { + $HostnameVerification{$Error}++; + } elsif ( $ThisLine =~ /^[a-zA-Z0-9]+: removed$/) { + $RemovedFromQueue++; + } elsif ( ($Host) = ($ThisLine =~ /^[a-zA-Z0-9]+: enabling PIX . workaround for ([^ ]*\[[^ ]*\])$/)) { + $PixWorkaround{$Host}++; + } elsif ( ($Message) = ($ThisLine =~ /warning: valid_hostname: (.*)$/)) { + $ValidHostname{$Message}++; + } elsif ( ($Host,$MyName) = ($ThisLine =~ /warning: host ([^ ]*\[[^ ]*\]) greeted me with my own hostname ([^ ]*)$/)) { + $Temp = "$Host : greeted me with my own hostname $MyName"; + $HeloError{$Temp}++; + } elsif ( ($Host,$MyName) = ($ThisLine =~ /warning: host ([^ ]*\[[^ ]*\]) replied to HELO\/EHLO with my own hostname ([^ ]*)$/)) { + $Temp = "$Host : replied to HELO\/EHLO with my own hostname $MyName"; + $HeloError{$Temp}++; + } elsif ( ($Host,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): \d+ <.*>: Helo command rejected: (.*);/)) { + $Temp = "$Host : Helo command rejected \($Reason\)"; + $HeloError{$Temp}++; + } elsif ( ($Size,$Host) = ($ThisLine =~ /bad size limit "\(([^ ]*)\)" in EHLO reply from ([^ ]*\[[^ ]*\])$/)) { + $Temp = "$Host : bad size limit \($Size\) in EHLO reply"; + $HeloError{$Temp}++; + } elsif ( ($Host,$Command) = ($ThisLine =~ /warning: Illegal address syntax from ([^ ]*\[[^ ]*\]) in ([^ ]*) command:/)) { + $IllegalAddressSyntax{$Command}{$Host}++; + } elsif ( ($Error) = ($ThisLine =~ /warning: mailer loop: (.*)$/)) { + $MailerLoop{$Error}++; + } elsif ( ($Host) = ($ThisLine =~ /warning: ([^ ]*\[[^ ]*\]): SASL .* authentication failed/)) { + $SaslAuthenticationFail{$Host}++; + } elsif ( ($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]*\[[^ ]*\]), .* sasl_username=([^ ]*)$/)) { + chomp($User); + $SaslAuth{$Host}{$User}++; + } elsif ( ($Host) = ($ThisLine =~ /TLS connection established from ([^ ]*\[[^ ]*\]):/)) { + $TLSconnectFrom{$Host}++; + } elsif ( ($Host) = ($ThisLine =~ /TLS connection established to ([^ ]*):/)) { + $TLSconnectTo{$Host}++; + } elsif ( ($Domain) = ($ThisLine =~ /warning: malformed domain name in resource data of MX record (.*)$/)) { + $MxError{$Domain}++; + } elsif ( ($Host,$Command) = ($ThisLine =~ /warning: ([^ ]*\[[^ ]*\]) sent .* header instead of ([^ ]*) command: /)) { + $Error = "Sent message header instead of $Command command"; + $SmtpConversationError{$Error}{$Host}++; + } elsif ( + ($ThisLine =~ m/warning: smtp_connect_addr: socket: Address family not supported by protocol/) or + ($ThisLine =~ m/warning: smtp_addr_one: unknown address family \d for [^ ]*/) + ) { + $UnsupportedFamily++; + } elsif ($ThisLine =~ m/(lookup |)table has changed -- exiting$/) { + $TableChanged++; + } elsif ( + ($ThisLine =~ m/^fatal: [^ ]*\(\d+\): Message file too big$/) or + ($ThisLine =~ m/^warning: [a-zA-Z0-9]+: queue file size limit exceeded$/) or + ($ThisLine =~ m/^warning: uid=\d+: File too large$/) + ) { + $QueueSizeExceeded++; + } elsif ( ($Command,$Host) = ($ThisLine =~ /too many errors after ([^ ]*) from ([^ ]*\[[^ ]*\])$/)) { + $TooManyErrors{$Command}{$Host}++; + } elsif ( (undef,undef,$To) = ($ThisLine =~ /^reject: RCPT from ([^ ]*\[[^ ]*\]): 552 Message size exceeds fixed limit; from=<([^ ]*)> to=<([^ ]*)>$/)) { + $SizeLimit{"$From -> $To"}++; + } elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([a-zA-Z0-9\/]+)$/)) { + $DatabaseGeneration{$Source}++; + } elsif ( ($Reason) = ($ThisLine =~ /^warning: [a-zA-Z0-9]+: write queue file: (.*)$/)) { + $QueueWriteError{$Reason}++; + } elsif ( ($Reason) = ($ThisLine =~ /^warning: open active [a-zA-Z0-9]+: (.*)$/)) { + $QueueWriteError{"open active: $Reason"}++; + } elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_corrupt: save corrupt file queue active id [a-zA-Z0-9]+: (.*)$/)) { + $QueueWriteError{"active corrupt: $Reason"}++; + } elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_done_3_generic: remove [a-zA-Z0-9]+ from active: (.*)$/)) { + $QueueWriteError{"remove active: $Reason"}++; + } elsif ( ($Reason) = ($ThisLine =~ /^warning: [^ ]*\/[a-zA-Z0-9]+: (Error writing message file)$/)) { + $MessageWriteError{$Reason}++; + } elsif ( $ThisLine =~ /reject: RCPT from [^ ]*\[[^ ]*\]: \d+ Insufficient system storage; from=<.*> to=<.*>/) { + $NoFreeSpace++; + } elsif ( ($Process,$Status) = ($ThisLine =~ /^warning: process ([^ ]*) pid \d+ exit status (\d+)$/)) { + $ProcessExit{$Status}{$Process}++; + } elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ ]*): (.*)$/)) { + $ConfigError{$Option}{$Reason}++; + } elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) { + # keep this as the next to last condition + $UnknownWarnings{$Warn}++; + } else { + push @OtherList,$ThisLine; + } +} + +################################################################## + +if ($NoFreeSpace > 0) { + print "\nWARNING!!!\n"; + print "Insufficient system storage error $NoFreeSpace Time(s)\n"; +} + +if ($MsgsSent > 0) { + print "\n\n$BytesTransferred bytes transferred"; + print "\n$MsgsSent messages sent"; +} + +if ($FourHourReturns > 0) { + print "\n$FourHourReturns messages returned after 4 hours"; +} + +if ($ReturnedToSender >0) { + print "\n$ReturnedToSender messages expired and returned to sender"; +} + +if ($ResentMessages > 0) { + print "\n$ResentMessages resent messages"; +} + +if ($RemovedFromQueue > 0) { + print "\n$RemovedFromQueue messages removed from queue"; +} + +if ($QueueSizeExceeded > 0) { + print "\n$QueueSizeExceeded messages exceeded queue or message file size limit and removed"; +} + +if ($TableChanged > 0) { + print "\n$TableChanged exited after table change detection"; +} + +if ($UnsupportedFamily > 0) { + print "\nUnknown address family $UnsupportedFamily Time(s)\n"; +} + +if (keys %ConfigError) { + print "\n\nWARNING!!!\n"; + print "Configuration Errors:\n"; + foreach $Option (sort {$a cmp $b} keys %ConfigError) { + print " Option: $Option\n"; + foreach $Reason (sort {$a cmp $b} keys %{$ConfigError{$Option}} ) { + print " $Reason: $ConfigError{$Option}{$Reason} Time(s)\n"; + } + } +} + +if (keys %QueueWriteError) { + print "\nError writing queue file:\n"; + foreach $Reason (sort {$a cmp $b} keys %QueueWriteError) { + print " $Reason : $QueueWriteError{$Reason} Time(s)\n"; + } +} + +if (keys %MessageWriteError) { + print "\n\nError writing message file:\n"; + foreach $Reason (sort {$a cmp $b} keys %MessageWriteError) { + print " $Reason : $MessageWriteError{$Reason} Time(s)\n"; + } +} + +if (keys %DatabaseGeneration) { + print "\n\nDatabase files are not up-to-date (propably rehash is needed):\n"; + foreach $Source (sort {$a cmp $b} keys %DatabaseGeneration) { + print " $Source : $DatabaseGeneration{$Source} Time(s)\n"; + } +} + +if (keys %PixWorkaround) { + print "\n\nEnabled PIX . workaround for:\n"; + foreach $Host (sort {$a cmp $b} keys %PixWorkaround) { + print " $Host : $PixWorkaround{$Host} Time(s)\n"; + } +} + +if (keys %SentBy) { + print "\n\nTop ten senders:\n"; + foreach $ThisSender (sort {$a cmp $b} keys %SentBy) { + $ThisNumber = $SentBy{$ThisSender}; + push(@{$ThisIsNumber{$ThisNumber}}, $ThisSender); + } + my $ListRank = 10; + foreach $SenderRank (sort {$b <=> $a} keys %ThisIsNumber) { + last unless ($ListRank > 0); + print " $SenderRank messages sent by:\n"; + foreach $ThisSender (@{$ThisIsNumber{$SenderRank}}) { + last unless ($ListRank > 0); + $ListRank--; + print" $ThisSender\n"; + } + } +} + +if (($Detail >= 5) and (keys %UnknownUsers)) { + print "\n\nUnknown users:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %UnknownUsers) { + print " $ThisOne : $UnknownUsers{$ThisOne} Time(s)\n"; + } +} + +if (keys %SaslAuthenticationFail) { + print "\n\nSASL Authentication failed from:\n"; + foreach $Host (sort {$a cmp $b} keys %SaslAuthenticationFail) { + print " $Host : $SaslAuthenticationFail{$Host} Time(s)\n"; + } +} + +if (keys %SaslAuth) { + print "\n\nSASL Authenticated messages from:\n"; + foreach $Host (sort {$a cmp $b} keys %SaslAuth) { + print " $Host:\n"; + foreach $User (sort {$a cmp $b} keys %{$SaslAuth{$Host}} ) { + print " sasluser $User : $SaslAuth{$Host}{$User} Times(s)\n"; + } + } +} + +if (keys %TLSconnectFrom) { + print "\n\nTLS Connections from:\n"; + foreach $Host (sort {$a cmp $b} keys %TLSconnectFrom) { + print " $Host : $TLSconnectFrom{$Host} Time(s)\n"; + } +} + +if (keys %TLSconnectTo) { + print "\n\nTLS Connections To:\n"; + foreach $Host (sort {$a cmp $b} keys %TLSconnectTo) { + print " $Host : $TLSconnectTo{$Host} Time(s)\n"; + } +} + +if (keys %RelayDenied) { + print "\n\nRelaying denied:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %RelayDenied) { + print " $ThisOne : $RelayDenied{$ThisOne} Time(s)\n"; + } +} + +if (keys %SizeLimit) { + print "\n\nMessage size exceeds fixed limit:\n"; + foreach $Message (sort {$a cmp $b} keys %SizeLimit) { + print " $Message: $SizeLimit{$Message} Time(s)\n"; + } +} + +if (keys %LocalBounce) { + print "\n\nLocal Bounce:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %LocalBounce) { + print " $ThisOne : $LocalBounce{$ThisOne} Time(s)\n"; + } +} + +if (keys %ForeignBounce) { + print "\n\nForeign Bounce:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ForeignBounce) { + print " $ThisOne : $ForeignBounce{$ThisOne} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %HeaderReject)) { + print "\n\nHeader content reject:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %HeaderReject) { + print " $ThisOne : $HeaderReject{$ThisOne} Time(s)\n"; + } +} + +if ($RejectClients > 0) { + print "\n\nClient hosts rejected $RejectClients Time(s)\n"; + foreach $Host (sort {$a cmp $b} keys %RejectClientHost) { + print " $Host $RejectClientHost{$Host} Time(s)\n"; + } +} + +if (keys %RejectSender) { + print "\n\nMessages rejected:\n"; + foreach $Reason (sort {$a cmp $b} keys %RejectSender) { + print " $Reason $RejectSenderReason{$Reason} Time(s)\n"; + foreach $Host (sort {$a cmp $b} keys %{$RejectSender{$Reason}} ) { + print " $Host $RejectSenderHost{$Reason}{$Host} Time(s)\n"; + if ($Detail >= 5) { + foreach $Sender (sort {$a cmp $b} keys %{$RejectSender{$Reason}{$Host}}) { + print " $Sender : $RejectSender{$Reason}{$Host}{$Sender} Time(s)\n"; + } + } + } + } +} + +if (keys %RejectRecip) { + print "\n\nMessages rejected to recipient:\n"; + foreach $Recip (sort {$a cmp $b} keys %RejectRecip) { + print " $Recip:\n"; + foreach $Host (sort {$a cmp $b} keys %{$RejectRecip{$Recip}} ) { + print " $Host : $RejectRecip{$Recip}{$Host} Time(s)\n"; + } + } +} + + +if (keys %RejectAddress) { + print "\n\nRejected sender address from:\n"; + foreach $Host (sort {$a cmp $b} keys %RejectAddress) { + print " $Host : $RejectAddress{$Host} Time(s)\n"; + } +} + +if (keys %RejectRBL) { + print "\n\nMessages rejected using Anti-Spam site $RejectedRBL Time(s)\n"; + foreach $Site (sort {$a cmp $b} keys %RejectRBL) { + $count = 0; + # okay there is probably a more efficient way to get this total + # than walking the container again, but my perl is weak + # and I want to know which list are working the best so I can + # put them at the top of the checking order in my configuration + foreach $Host ( keys %{$RejectRBL{$Site}} ) { + $count = $count + $RejectRBL{$Site}{$Host}; + } + print " $Site identified $count spam messages:\n"; + foreach $Host (sort {$a cmp $b} keys %{$RejectRBL{$Site}} ) { + print " $Host : $RejectRBL{$Site}{$Host} Time(s)\n"; + } + } +} + +if (keys %RBLError) { + print "\n\nRBL lookup errors $ErrorRBL Time(s)\n"; + foreach $Site (sort {$a cmp $b} keys %RBLError) { + print " $Site\n"; + if ($Detail >= 5) { + foreach $Error (sort {$a cmp $b} keys %{$RBLError{$Site}} ) { + print " $Error : $RBLError{$Site}{$Error} Time(s)\n"; + } + } + } +} + +if (keys %AuthWarns) { + print "\n\nAuthentication warnings:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %AuthWarns) { + print " $ThisOne : $AuthWarns{$ThisOne} Time(s)\n"; + } +} + +if (keys %ForwardErrors) { + print "\n\nForwarding errors:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ForwardErrors) { + print " $ThisOne : $ForwardErrors{$ThisOne} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %SmtpConversationError)) { + print "\n\nSMTP commands dialog errors:\n"; + foreach $Error (sort {$a cmp $b} keys %SmtpConversationError) { + print " $Error:\n"; + foreach $Host (sort {$a cmp $b} keys %{$SmtpConversationError{$Error}} ) { + print " $Host : $SmtpConversationError{$Error}{$Host} Time(s)\n"; + } + } +} + +if (keys %TooManyErrors) { + print "\n\nToo many errors in SMTP commands dialog:\n"; + foreach $Command(sort {$a cmp $b} keys %TooManyErrors) { + print " After command $Command:\n"; + foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) { + print " $Host : $TooManyErrors{$Command}{$Host} Time(s)\n"; + } + } +} + +if (keys %ConnectionLost) { + print "\n\nConnections lost:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %ConnectionLost) { + print " Connection lost after command $ThisOne : $ConnectionLost{$ThisOne} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %MxError)) { + print "\n\nMalformed domain name in resource data of MX record:\n"; + foreach $Domain (sort {$a cmp $b} keys %MxError) { + print " $Domain : $MxError{$Domain} Time(s)\n"; + } +} + +if (%IllegalAddressSyntax) { + print "\n\nIllegal address syntax:\n"; + foreach $Command (sort {$a cmp $b} keys %IllegalAddressSyntax) { + print " In command $Command from:\n"; + foreach $Host (sort {$a cmp $b} keys %{$IllegalAddressSyntax{$Command}} ) { + print " $Host : $IllegalAddressSyntax{$Command}{$Host} Time(s)\n"; + } + } +} + +if (keys %HostnameVerification) { + print "\n\nHostname verification errors:\n"; + foreach $Error (sort {$a cmp $b} keys %HostnameVerification) { + print " $Error : $HostnameVerification{$Error} Time(s)\n"; + } +} + +if (keys %MailerLoop) { + print "\n\nMailer Loop:\n"; + foreach $Error (sort {$a cmp $b} keys %MailerLoop) { + print " $Error : $MailerLoop{$Error} Time(s)\n"; + } +} + +if (keys %ValidHostname) { + print "\n\nHostname validation errors:\n"; + foreach $Message (sort {$a cmp $b} keys %ValidHostname) { + print " $Message : $ValidHostname{$Message} Time(s)\n"; + } +} + +if (keys %HeloError) { + print "\n\nErrors in HELO/EHLO conversation:\n"; + foreach $Error (sort {$a cmp $b} keys %HeloError) { + print " $Error : $HeloError{$Error} Time(s)\n"; + } +} + +if (keys %ProcessExit) { + print "\n\nProcess exited:\n"; + foreach $Status (sort {$a cmp $b} keys %ProcessExit) { + print " Exit status $Status:\n"; + foreach $Process (sort {$a cmp $b} keys %{$ProcessExit{$Status}} ) { + print " $Process: $ProcessExit{$Status}{$Process} Time(s)\n"; + } + } +} + +if (keys %UnknownWarnings) { + print "\n\nUnrecognized warning:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %UnknownWarnings) { + print " $ThisOne : $UnknownWarnings{$ThisOne} Time(s)\n"; + } +} + +if ($#OtherList >= 0) { + print "\n\n**Unmatched Entries**\n\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/pound b/log.d/configs/linux/scripts/services/pound new file mode 100755 index 0000000..ef19f74 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pound @@ -0,0 +1,98 @@ +#!/usr/bin/perl +########################################################################## +# $Id: pound,v 1.3 2003/12/15 18:09:23 kirk Exp $ +########################################################################## +######################################################## +# This was written and is maintained by: +# luuk - luuk@planet.nl +# +# Please send all comments, suggestions, bug reports, +# etc, to luuk@planet.nl. +# +######################################################## + +$Debug = $ENV{'LOGWATCH_DEBUG'}; +$DoLookup = $ENV{'pound_ip_lookup'}; +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +$DoLookup = 1; +sub LookupIP { + my ($name, $a1, $a2,$a3,$a4,$PackedAddr,$Addr); + $Addr = $_[0]; + ($a1,$a2,$a3,$a4) = split /\./,$Addr; + $PackedAddr = pack('C4',$a1,$a2,$a3,$a4); + if ($DoLookup) { + if ($name = gethostbyaddr ($PackedAddr,2)) { + return ($name . " (" . $Addr . ")"); + } else { + return ($Addr); + } + } + else { + return ($Addr); + } +} + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside Pound Filter \n\n"; +} + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ($ThisLine =~ /error read from ([\d|\.]+): Succes/) { + $error{'read'}{$1}++; + } elsif ($ThisLine =~ /([\d|\.]+) \w+ \S+ \S+ - \S+ 301 Unauthorized/) { + $error{'unauthorized'}{$1}++; + } elsif ($ThisLine =~ /([\d|\.]+) \w+ \/exchange\/([\w|\.]+)\/.* \S+/) { + $user{$1}{$2}++; + } elsif ($ThisLine =~ /([\d|\.]+) \w+ \/.* (\d\d\d .*?)$/) { + $tmphost = $1; $tmpcode = $2; + $ip{$tmphost}{'total'}++; + $ip{$tmphost}{$tmpcode}++; + } else { + # Report any unmatched entries... + $OtherList{$ThisLine}++; + } +} + +if ( ( $Detail >= 5 ) and (keys %user) ) { + print "\nUsage by user:\n"; + foreach $host (keys %user) { + $rhost = LookupIP($host); + print " $rhost:\n"; + foreach $usr (keys %{$user{$host}}) { + print " $usr: $user{$host}{$usr}\n"; + } + } +} + +if ( ( $Detail >= 10 ) and (keys %ip) ) { + print "\nUsage by host:\n"; + foreach $host (keys %ip) { + $rhost = LookupIP($host); + print " $rhost: $ip{$host}{'total'}\n"; + foreach $code (keys %{$ip{$host}}) { + print " $code: $ip{$host}{$code}\n" if ($code ne 'total'); + } + } +} + +if ( ( $Detail >= 5 ) and (keys %error) ) { + print "\nError read from - Succes message:\n"; + foreach $host (keys %{$error{'read'}}) { + $rhost = LookupIP($host); + print " $rhost: $error{'read'}{$host} \n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/proftpd-messages b/log.d/configs/linux/scripts/services/proftpd-messages new file mode 100755 index 0000000..401c102 --- /dev/null +++ b/log.d/configs/linux/scripts/services/proftpd-messages @@ -0,0 +1,187 @@ +#!/usr/bin/perl +########################################################################## +# $Id: proftpd-messages,v 1.16 2004/02/03 02:45:26 kirk Exp $ +########################################################################## +# $Log: proftpd-messages,v $ +# Revision 1.16 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Simon Liddington +# +# for use with Logwatch +# +# Logwatch was written and is maintained by: +# Kirk Bauer +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$IgnoreUnmatched = $ENV{'ftpd_ignore_unmatched'}; + +$NoEndpoints = 0; + +while (defined($ThisLine = )) { + if ( + ( $ThisLine =~ /^FTP session closed./ ) or + ( $ThisLine =~ /^(ANONYMOUS )?FTP login as \'.*\' from [^ ]+ \[.*\] to .*/ ) or + ( $ThisLine =~ /PAM\(.*\): Authentication failure/ ) or + ( $ThisLine =~ /^data_sendfile/ ) or + ( $ThisLine =~ / - FTP session opened/ ) or + ( $ThisLine =~ / - FTP session closed/ ) or + ( $ThisLine =~ / - No certificate files found/ ) or + ( $ThisLine =~ /FTP no transfer timeout, disconnected\./ ) or + ( $ThisLine =~ /FTP login timed out, disconnected\./ ) + ) { + #We don't care about these + } elsif ( ($Host,$IP,$Email,) = ( $ThisLine =~ /^FTP session opened: ftp\/ftp (.*)\[(.*)\] (.*)$/ ) ) { + $Temp = " " . $Host . " (" . $IP . "): " . $Email . " - "; + $AnonLogins{$Temp}++; + } elsif ( ($Host, $IP) = ( $ThisLine =~ /\((.*)\[(.*)\]\) - ANON .+: Login successful\./ ) ) { + $Temp = " " . $Host . " (" . $IP . ")"; + $AnonLogins{$Temp}++; + } elsif ( ($User,$Host,$IP) = ( $ThisLine =~ /^FTP session opened: (.*\/.*) (.*)\[(.*)\] (.*)$/ ) ) { + $Temp = " $Host : $User - "; + $UserLogins{$Temp}++; + } elsif ( ($Host,$IP,$User) = ( $ThisLine =~ /\((.*)\[(.*)\]\) - USER (.+): Login successful/ ) ) { + $Temp = " " . $Host . ": " . $User . " - "; + $UserLogins{$Temp}++; + } elsif ( ($User) = ( $ThisLine =~ /^failed login, can\'t find user \'(.*)\' $/ ) ) { + $Temp = " " . "Unknown" . " (" . "Unknown.IP" . "): " . $User . " - "; + $BadUsers{$Temp}++; + } elsif ( ($User,$Host,$IP) = ( $ThisLine =~ /USER (.*): no such user found from (.*) \[(.*)\] to/ ) ) { + $Temp = " $Host : $User - "; + $BadUsers{$Temp}++; + } elsif ( ($Host,$Ip,$User) = ( $ThisLine =~ /\((.*)\[(.*)\]\) - no such user '(.*)'.$/ ) ) { + #$Temp = "$Host($Ip)"; + $BadUsers{$User}{$Host}++; + } elsif ( ($Host,$User) = ( $ThisLine =~ /\[(.*)\]\) - USER (.*) \(Login failed\): Incorrect password/ ) ) { + $Temp = " $Host : $User - "; + $BadPasswds{$Temp}++; + } elsif ( ($Host,$User) = ( $ThisLine =~ /\[(.*)\]\) - USER (.*) \(Login failed\): Invalid shell/ ) ) { + $Temp = " $Host : $User - "; + $BadShell{$Temp}++; + } elsif ( ($Host,$Ip) = ( $ThisLine =~ /\((.*)\[(.*)\]\) - SECURITY VIOLATION: root login attempted./ ) ) { + $RootLoginAttempt{$Host}++; + } elsif ( ($Host) = ( $ThisLine =~ /\(((.*)\[(.*)\])\) - Maximum login attempts exceeded./ ) ) { + $MaxLoginAttempts{$Host}++; + } elsif ( ($Host,$Reason) = ( $ThisLine =~ /\[(.*)\]\) - Refused PORT [\d,]+ \((.*)\)/ ) ) { + $Temp = " " . $Host . ": " . $Reason . " - "; + $RefusedPorts{$Temp}++; + } elsif ( ($Host,$Reason) = ( $ThisLine =~ /\(((.*)\[(.*)\])\) - Connection refused \((.*)\)./ ) ) { + $ConnectionRefused{$Reason}{$Host}++; + } elsif ( ($Host) = ( $ThisLine =~ /\(((.*)\[(.*)\])\) - Data transfer stall timeout/ ) ) { + $TransferTimeout{$Host}++; + } elsif ( $ThisLine =~ m/[^ ]* - Fatal: Transport endpoint is not connected/ ) { + $NoEndpoints++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +############################################## + +if ( (keys %AnonLogins) and ($Detail >= 5) ) { + print "\nAnonymous FTP Logins:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %AnonLogins) { + print $ThisOne . $AnonLogins{$ThisOne} . " Time(s)\n"; + } +} + +if ( (keys %DeletedFiles) and ($Detail >= 10) ) { + print "\nFiles deleted through FTP:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %DeletedFiles) { + print $ThisOne; + print @{$DeletedFiles{$ThisOne}}; + } +} + +if (keys %UserLogins) { + print "\nUser FTP Logins:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %UserLogins) { + print $ThisOne . $UserLogins{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %RootLoginAttempt) { + print "\nSECURITY VIOLATION!!!!\n"; + print "Root login attempt from:\n"; + foreach $Host (sort {$a cmp $b} keys %RootLoginAttempt) { + print " $Host : $RootLoginAttempt{$Host} Time(s)\n"; + } +} + +if (keys %MaxLoginAttempts) { + print "\nMaximum login attempts exceeded from hosts:\n"; + foreach $Host (sort {$a cmp $b} keys %MaxLoginAttempts) { + print " $Host : $MaxLoginAttempts{$Host} Time(s)\n"; + } +} + +if (keys %ConnectionRefused) { + print "\nConnection refused with reason:\n"; + foreach $Reason (sort {$a cmp $b} keys %ConnectionRefused) { + print " $Reason :\n"; + foreach $Host (sort {$a cmp $b} keys %{$ConnectionRefused{$Reason}}) { + print " $Host : $ConnectionRefused{$Reason}{$Host} Time(s)\n"; + } + } +} + +if ( ( (keys %BadUsers) or (keys %BadPasswds) ) and ($Detail >= 5) ) { + print "\nFailed FTP Logins:\n"; + if ( (keys %BadUsers) and ($Detail >= 5) ) { + print "\n Invalid Username:\n"; + foreach $User (sort {$a cmp $b} keys %BadUsers) { + print " $User:\n"; + foreach $Host (sort {$a cmp $b} keys %{$BadUsers{$User}}) { + print " $Host : $BadUsers{$User}{$Host} Time(s)\n"; + } + } + } + + if ( (keys %BadPasswds) and ($Detail >= 5) ) { + print "\n Incorrect Password:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %BadPasswds) { + print $ThisOne . $BadPasswds{$ThisOne} . " Time(s)\n"; + } + } + + if ( (keys %BadPasswds) and ($Detail >= 5) ) { + print "\n Invalid Shell:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %BadShell) { + print $ThisOne . $BadShell{$ThisOne} . " Time(s)\n"; + } + } +} + +if ( (keys %RefusedPorts) and ($Detail >= 5) ) { + print "\nRefused PORTs:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %RefusedPorts) { + print $ThisOne . $RefusedPorts{$ThisOne} . " Time(s)\n"; + } +} + +if ( (keys %TransferTimeout) and ($Detail >= 5) ) { + print "\nData transfer stall timeout:\n"; + foreach $Host (sort {$a cmp $b} keys %TransferTimeout) { + print " $Host : $TransferTimeout{$Host} Time(s)\n"; + } +} + +if ($NoEndpoints > 0) { + print "\nTransport endpoint is not connected error $NoEndpoints Time(s)\n"; +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/pureftpd b/log.d/configs/linux/scripts/services/pureftpd new file mode 100755 index 0000000..66a3af1 --- /dev/null +++ b/log.d/configs/linux/scripts/services/pureftpd @@ -0,0 +1,128 @@ +#!/usr/bin/perl +########################################################################## +# $Id: pureftpd,v 1.3 2004/02/03 02:45:26 kirk Exp $ +########################################################################## +# $Log: pureftpd,v $ +# Revision 1.3 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +########################################################################## +# Written & Maintained by Chris Smith (csmith@squiz.net) +########################################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; +$ShowLogins = $ENV{'show_logins'}; +$ShowLogouts = $ENV{'show_logouts'}; +$ShowDataTransfers = $ENV{'show_data_transfers'}; +$ShowNewConnections = $ENV{'show_new_connections'}; + +$PureShutdown = 0; + +while (defined($ThisLine = )) { + if ( + ( $ThisLine =~ /last message repeated/ ) or + ( $ThisLine =~ /Timeout/) or + ( $ThisLine =~ /Can't change directory/) or + ( $ThisLine =~ /pure-ftpd startup( |) succeeded/) + ) { + #We don't care about these + } elsif (($IP,$j) = ($ThisLine =~ /\@(.*?)\)(.*?)new connection/i )) { + $NewConnections{$IP}++; + } elsif (($IP,$j) = ($ThisLine =~ /\@(.*?)\)(.*?)logout/i )) { + $Logouts{$IP}++; + } elsif (($IP,$j) = ($ThisLine =~ /\@(.*?)\)(.*?)unable to set up secure anonymous ftp/i )) { + $SecureAnon{$IP}++; + } elsif (($IP,$User) = ($ThisLine =~ /\@(.*?)\)\s*\[info\]\s*(.*?) is now logged in/i )) { + $Logins->{$IP}->{$User}++; + } elsif (($j,$ConnectionCount,$IP) = ($ThisLine =~ /(.*?)too many connections \((.*?)\) from this ip\: \[(.*?)\]/i )) { + $TooManyConnections->{$ConnectionCount}->{$IP}++; + } elsif (($User,$Location,$File,$Direction) = ($ThisLine =~ /\((.*?)\@(.*?)\)\s+\[\w+\]\s+(.*?)\s+(\w+)\s+/)) { + $Direction->{$User}->{$Location}->{$File}++; + } elsif (($User,$Location,$File) = ($ThisLine =~ /\((.*?)\@(.*?)\)\s+\[\w+\]\s+ Deleted ([^ ]+)/)) { + $Direction = "Deleted"; + $Direction->{$User}->{$Location}->{$File}++; + } elsif ($ThisLine =~ m/pure-ftpd shutdown( |) succeeded/) { + $PureShutdown++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +########################## +# + +if ($PureShutdown > 0) { + print "\nPure-ftpd shutdown $PureShutdown Time(s)\n"; +} + +if ($ShowNewConnections) { + if (keys %NewConnections) { + print "\nNew Connections:\n"; + foreach $Line (sort {$a cmp $b} keys %NewConnections) { + print "\t" . $Line . " - ". $NewConnections{$Line} . " Time(s)\n"; + } + } +} + +if ($ShowLogins) { + if (keys %{$Logins}) { + print "\nSuccessful Logins:\n"; + foreach $Line (sort {$a cmp $b} keys %{$Logins}) { + foreach $Detail (sort {$a cmp $b} keys %{$Logins->{$Line}}) { + print "\t" . $Detail. " (" . $Line . ") - ". $Logins->{$Line}->{$Detail} . " Time(s)\n"; + } + } + } +} + +if (keys %{$TooManyConnections}) { + print "\nToo Many Connections:\n"; + foreach $Line (sort {$a cmp $b} keys %{$TooManyConnections}) { + foreach $Detail (sort {$a cmp $b} keys %{$TooManyConnections->{$Line}}) { + print "\t" . $Detail. " (" . $Line . " connections) - ". $TooManyConnections->{$Line}->{$Detail} . " Time(s)\n"; + } + } +} + +if ($ShowDataTransfers) { + if (keys %{$Direction}) { + print "\nData Transferred:\n"; + foreach $User (sort {$a cmp $b} keys %{$Direction}) { + foreach $Location (sort {$a cmp $b} keys %{$Direction->{$User}}) { + foreach $Filename (sort {$a cmp $b} keys %{$Direction->{$User}->{$Location}}) { + print "\tUser " . $User . " " . $Direction . " " . $Filename . " from " . $Location . " - ". $Direction->{$User}->{$Location}->{$Filename} . " Time(s)\n"; + } + } + } + } +} + +if (keys %SecureAnon) { + print "\nUnsuccessful Secure Anonymous Connections:\n"; + foreach $Line (sort {$a cmp $b} keys %SecureAnon) { + print "\t" . $Line . " - ". $SecureAnon{$Line} . " Time(s)\n"; + } +} + +if ($ShowLogouts) { + if (keys %Logouts) { + print "\nLogouts:\n"; + foreach $Line (sort {$a cmp $b} keys %Logouts) { + print "\t" . $Line . " - ". $Logouts{$Line} . " Time(s)\n"; + } + } +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/qmail b/log.d/configs/linux/scripts/services/qmail new file mode 100755 index 0000000..0513a5b --- /dev/null +++ b/log.d/configs/linux/scripts/services/qmail @@ -0,0 +1,145 @@ +#!/usr/bin/perl +########################################################################## +# $Id: qmail,v 1.6 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$QmailDetail = $ENV{'qmail_high_detail'}; +$QmailThreshold = $ENV{'threshold'}; +$RemoteThreshold = $ENV{'remote_threshold'}; +$LocalThreshold = $ENV{'local_threshold'}; +$FromThreshold = $ENV{'from_threshold'}; + +while (defined($ThisLine = )) { + if ( + ( $ThisLine =~ /new msg/ ) or + ( $ThisLine =~ /status: / ) or + ( $ThisLine =~ /bounce msg/ ) or + ( $ThisLine =~ /tcpserver/ ) or + ( $ThisLine =~ /end msg/ ) + ) { + # We don't care about these + } elsif ( + ($msgid,$DeliveryResponse,$Response) = ( $ThisLine =~ /delivery (\d+)\: (.*?)\:(.*)/ ) + ) { + if ( $Response =~ /did_/ ) { + # ignore these. + } else { + if ( ($ResponseCode) = ( $Response =~ /Remote_host_said\:_(\d{3})_/ ) ) { + $ServerResponses->{$DeliveryResponse}->{$ResponseCode}++; + } else { + if ( $DeliveryResponse =~ /failure/ ) { + $ResponseCode=511; + $ServerResponses->{$DeliveryResponse}->{$ResponseCode}++; + } + if ( $DeliveryResponse =~ /deferral/ ) { + $ResponseCode=443; + $ServerResponses->{$DeliveryResponse}->{$ResponseCode}++; + } + } + } + } elsif ( ($EmailFrom) = ( $ThisLine =~ /from \<(.*)\>/ ) ) { + $From{$EmailFrom}++; + } elsif ( ($ToLocal) = ( $ThisLine =~ /to local (.*)/ ) ) { + $Local{$ToLocal}++; + } elsif ( ($ToRemote) = ( $ThisLine =~ /to remote (.*)/ ) ) { + $Remote{$ToRemote}++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if ($QmailDetail >= 1) { + if ($QmailThreshold > 0) { + if (($RemoteThreshold < 0) or ($RemoteThreshold eq '')) { + $RemoteThreshold = $QmailThreshold; + } + if (($FromThreshold < 0) or ($FromThreshold eq '')) { + $FromThreshold = $QmailThreshold; + } + if (($LocalThreshold < 0) or ($LocalThreshold eq '')) { + $LocalThreshold = $QmailThreshold; + } + } + + if (($RemoteThreshold < 0) or ($RemoteThreshold eq '')) { + $RemoteThreshold = 0; + } + if (($FromThreshold < 0) or ($FromThreshold eq '')) { + $FromThreshold = 0; + } + if (($LocalThreshold < 0) or ($LocalThreshold eq '')) { + $LocalThreshold = 0; + } + + if ( (keys %From) ) { + print "\nEmails from (Threshold of " . $FromThreshold . "):\n"; + $threshold_reached=0; + foreach $Line (sort {$a cmp $b} keys %From) { + if ($From{$Line} >= $FromThreshold) { + $threshold_reached=1; + print "\t" . $Line . " - ". $From{$Line} . " Time(s)\n"; + } + } + if ($threshold_reached < 1) { + print "\t" . "None found above the threshold\n"; + } + } + + if ( (keys %Remote) ) { + print "\nEmails to Remote Server (Threshold of " . $RemoteThreshold . "):\n"; + $threshold_reached=0; + foreach $Line (sort {$a cmp $b} keys %Remote) { + if ($Remote{$Line} >= $RemoteThreshold) { + $threshold_reached=1; + print "\t" . $Line . " - ". $Remote{$Line} . " Time(s)\n"; + } + } + if ($threshold_reached < 1) { + print "\t" . "None found above the threshold\n"; + } + } + + if ( (keys %Local) ) { + print "\nEmails to Local Server (Threshold of " . $LocalThreshold . "):\n"; + $threshold_reached=0; + foreach $Line (sort {$a cmp $b} keys %Local) { + if ($Local{$Line} >= $LocalThreshold) { + $threshold_reached=1; + print "\t" . $Line . " - ". $Local{$Line} . " Time(s)\n"; + } + } + if ($threshold_reached < 1) { + print "\t" . "None found above the threshold\n"; + } + } +} + +if (keys %{$ServerResponses}) { + print "\nRemote Server Responses:\n"; + foreach $Line (sort {$a cmp $b} keys %{$ServerResponses}) { + foreach $Detail (sort {$a cmp $b} keys %{$ServerResponses->{$Line}}) { + $ServerResponseTotal{$Line} += $ServerResponses->{$Line}->{$Detail}; + $ServerResponseOverallTotal += $ServerResponses->{$Line}->{$Detail}; + print "\t".ucfirst($Line)."(" . $Detail . ") - ". $ServerResponses->{$Line}->{$Detail} . " Time(s)\n"; + } + } + print "\n\tPercentage(s):\n"; + foreach $Details (sort {$a cmp $b} keys %ServerResponseTotal) { + $percentage = (($ServerResponseTotal{$Details} / $ServerResponseOverallTotal) * 100); + print "\t\t" . ucfirst($Details) . " - "; + printf("%.2f",$percentage); + print " %\n"; + } +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/raid b/log.d/configs/linux/scripts/services/raid new file mode 100755 index 0000000..a7f91e9 --- /dev/null +++ b/log.d/configs/linux/scripts/services/raid @@ -0,0 +1,32 @@ +#!/usr/bin/perl + +while (defined($_ = )) { + chomp; + $print = 0; + if (/^(... .. ..:..:..)/) { + $time = $1; + } + s/^... .. ..:..:.. [^ ]* [^ ]*\[\d*\]: //; + s/^... .. ..:..:.. [^ ]* [^ ]*: //; + + if (/^raid/) { + if (/failure/) { $print = 1; } + if (/redirecting/) { $print = 1; } + if (/rescheduling/) { $print = 1; } + } elsif (/^md/) { + if (/skipping faulty/) { $print = 1; } + if (/degraded mode/) { $print = 1; } + } elsif (/^hd/) { + if (/dma_intr/) { $print = 1; } + } elsif (/^end_request/) { + if (! /floppy/) { $print = 1; } + } else { + next; + } + if ($print) { + print("$time $_ \n"); + } +} + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/rt314 b/log.d/configs/linux/scripts/services/rt314 new file mode 100755 index 0000000..dc6c131 --- /dev/null +++ b/log.d/configs/linux/scripts/services/rt314 @@ -0,0 +1,145 @@ +#!/usr/bin/perl +########################################################################## +# $Id: rt314,v 1.4 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +############################################################################# +# rt314: logwatcher processing script for NetGear RT314 router syslog output. +# Author: Daniel J. Barrett, dbarrett@blazemonger.com. +# Public Domain. +# $Id: rt314,v 1.4 2003/12/15 18:09:23 kirk Exp $ +############################################################################# + +use Socket; + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my $separator = "-------------------------------------------------------\n"; + +### Partition the data into types + +my (@portscanlines, @genlines, @otherlines, $begin, $end); +my $psl = 0; +my $gl = 0; +my $ol = 0; +while (my $line = ) { + $line =~ s/netgear RAS: //; + unless ($begin) { + $begin = substr($line, 0, 15); + } + $end = $line; + if ( $line =~ /dpo=/ ) { + $portscanlines[$psl++] = $line; + } elsif ( $line =~ / GEN/ ) { + $genlines[$gl++] = $line; + } elsif ( $line =~ /last message repeated/ ) { + ; + } else { + $otherlines[$ol++] = $line; + } +} +exit(0) unless ($end); +$end = substr($end, 0, 15); + +### Print summary +if ($Detail >= 10) { + print "=== Summary ===\n\n"; +} + +print "Begin:\t$begin\n"; +print "End:\t$end\n"; +print "\n"; + +# Extract the port number and source IP address. +my @portarray; +my %ipaddrs; +foreach my $line (@portscanlines) { + my $portnum; + my $ipaddr; + my $dup = $line; + + $dup =~ s/^.*Src=([0-9.]+) .* dpo=([0-9]*).*$/\1/; + $ipaddr = $1; + $portnum = $2; + + $portarray[$portnum]++; + if (exists($ipaddrs{$ipaddr})) { + $ipaddrs{$ipaddr}++; + } else { + $ipaddrs{$ipaddr} = 1; + } +} + +# Summarize port scans by port number +my $total = 0; +print "Port #\t\tScans\tService Name\n"; +print $separator; +for (my $i = 0; $i <= $#portarray; $i++) { + if ( $portarray[$i] > 0 ) { + print "$i\t\t" . $portarray[$i] . "\t" . getservbyport($i, "tcp") . "\n"; + $total += $portarray[$i]; + } +} +print $separator; +print "Total\t\t$total\n"; +print "\n"; + +# Summarize port scans by initiating host +my @keys = sort {$a <=> $b} (keys %ipaddrs); +print "Scanned by\tScans\tHostname Lookup\n"; +print $separator; +$total = 0; +foreach my $ip (@keys) { + print "$ip\t" . $ipaddrs{$ip} . "\t" . gethostbyaddr(inet_aton($ip), AF_INET) . "\n"; + $total += $ipaddrs{$ip}; +} +print $separator; +print "Total\t\t$total\n"; +print "\n"; + +# Summarize other rule firings +if ( $#genlines > 0 ) { + print "Rules fired:\t" . $#genlines . "\n"; + print "\n"; +} + +# Summarize remaining output +if ( $#otherlines > 0 ) { + print "Uncategorized:\t" . $#otherlines . "!!!!!!!\n"; + print "\n"; +} + +if ($Detail >= 10) { + ## Print all data + print "=== Raw Data ===\n\n"; + + if ( $#portscanlines > 0 ) { + print "Port scans:\n"; + foreach my $line (@portscanlines) { + print $line; + } + print "\n"; + } + + if ( $#genlines > 0 ) { + print "Rule lines:\n"; + foreach my $line (@genlines) { + print $line; + } + print "\n"; + } + + if ( $#otherlines > 0 ) { + print "Other lines:\n"; + foreach my $line (@otherlines) { + print $line; + } + print "\n"; + } + +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/samba b/log.d/configs/linux/scripts/services/samba new file mode 100755 index 0000000..36dedfd --- /dev/null +++ b/log.d/configs/linux/scripts/services/samba @@ -0,0 +1,404 @@ +#!/usr/bin/perl +########################################################################## +# $Id: samba,v 1.18 2004/02/03 02:45:26 kirk Exp $ +########################################################################## +# $Log: samba,v $ +# Revision 1.18 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +$Debug = $ENV{'LOGWATCH_DEBUG'}; +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$SocketReadError = 0; +$SocketWriteError = 0; +$DbOpenFail = 0; +$GetDomainMasterStatusFail = 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside Samba Filter \n\n"; +} + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( + ($ThisLine =~ /Currently not implemented/) or + ($ThisLine =~ /version .+ started/) or + ($ThisLine =~ /oplock[_ ]break/) or + ($ThisLine =~ /No route to host/) or + ($ThisLine =~ /response packet id \d+ received with no matching record/) or + ($ThisLine =~ /matchname/i) or + # Ignore entries in smbmount logfile + ($ThisLine =~ /smbmount/) or + ($ThisLine =~ /become_local_master/) or + ($ThisLine =~ /become_domain_master/) or + ($ThisLine =~ /add_domain_logon_names/) or + ($ThisLine =~ /become_logon_server/) or + ($ThisLine =~ /start_async_dns/) or + ($ThisLine =~ /timeout connecting to/) or + ($ThisLine =~ /Operation not permitted/) or + ($ThisLine =~ /Record does not exist/) or + ($ThisLine =~ /Connection reset by peer/) or + ($ThisLine =~ /Multiple .+ responses received for a query/) or + ($ThisLine =~ /Connection timed out/) or + ($ThisLine =~ /closed connection to/) or + ($ThisLine =~ /current master browser/) or + ($ThisLine =~ /debug_message/) or + ($ThisLine =~ /process_name_refresh_request\(184\) Error - should be sent to WINS server$/) or + ($ThisLine =~ /cli_connect\(783\) Error connecting to [^ ]+ \(Operation already in progress\)$/) or + ($ThisLine =~ /nmbd_incomingrequests\.c:process_name_refresh_request\([0-9]+\)$/) or + ($ThisLine =~ /Got SIGHUP dumping debug info.$/) or + ($ThisLine =~ /Got SIGTERM: going down/) or + ($ThisLine =~ /get_socket_addr\(\d+\) getpeername failed. Error was Transport endpoint is not connected$/) or + ($ThisLine =~ /lib\/access.c:check_access\(\d+\)$/) or + ($ThisLine =~ /smbd\/process.c:process_smb\(\d+\)$/) or + ($ThisLine =~ /nmbd\/nmbd_incomingdgrams.c:process_local_master_announce\(\d+\)$/) or + ($ThisLine =~ /nmbd_namelistdb.c:standard_success_release\(\d+\) standard_success_release: Name release for name/) or + ($ThisLine =~ /===============================================================/) + ) { + #Don't care about these... + } elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^ ]+\)) connect to service ([^ ]+) as user ([^ ]+)/ ) ) { + $Connect{$Service}{$User}{$Host}++; + } elsif ( ($NoService) = ( $ThisLine =~ /couldn't find service (\S+)/ ) ) { + $NoServ{$NoService}++; + } elsif ($ThisLine =~ s/Denied connection from\s+\((\S+)\)([ *]+|)$/$1/) { + $Denied{$ThisLine}++; + } elsif ($ThisLine =~ s/ Connection denied from\s+(\S+)$/$1/) { + $Denied{$ThisLine}++; + } elsif ( ($Where,$Ip,$Browser) = ($ThisLine =~ /(.*) Denied connection from \(([^ ]+)\) Doing a node status request to the domain master browser at IP ([^ ]+) failed. Cannot get workgroup name./ ) ) { + $Temp = "$Where ($Ip)"; + $Denied{$Temp}++; + $CantGetGroup{$Browser}++; + } elsif ( + ($Where,$Ip,$Name,$Group,$Subnet) = ($ThisLine =~ /(.*) Denied connection from \(([^ ]+)\) [ *]+Samba name server ([^ ]+) is now a local master browser for workgroup ([^ ]+) on subnet ([^ ]+)/ ) or + ($Where,$Ip,$Name,$Group,$Subnet) = ($ThisLine =~ /(.*) Denied connection from \(([^ ]+)\) [ *]+Samba name server ([^ ]+) has stopped being a local master browser for workgroup ([^ ]+) on subnet ([^ ]+)/ ) + ) { + $Temp = "$Where ($Ip)"; + $Denied{$Temp}++; + $BeLocalMaster{$Subnet}{$Group}{$Name}++; + } elsif (($User) = $ThisLine =~ /rejected invalid user ([^ ]+)/ ) { + $InvalidUser{$User}++; + } elsif (($User) = $ThisLine =~ /Couldn't find user '([^ ]+)'/) { + $NotFoundUser{$User}++; + } elsif (($User) = $ThisLine =~ /Rejecting user '([^ ]+)'/) { + $RejectedUser{$User}++; + } elsif ( ( $ThisLine =~ /lib\/util_sock.c:read_data\(436\)/ ) ) { + # This is due to a nasty bug in samba which causes it to drop connections :-( + $SocketReadError++; + } elsif ( + ( $ThisLine =~ /lib\/util_sock.c:write_socket\(\d+\) write_socket: Error writing \d bytes to socket/ ) or + ( $ThisLine =~ /lib\/util_sock.c:write_socket_data\(\d+\) write_socket_data: write failure./ ) or + ( $ThisLine =~ /lib\/util_sock.c:send_smb\(\d+\) Error writing \d bytes to client. / ) + ) { + # Something more generic should be here + $SocketWriteError++; + } elsif ( ( $ThisLine =~ /unable to open passdb database.$/ ) ) { + $DbOpenFail++; + } elsif ( ($Server,$Ip,$Group) = ($ThisLine =~ /Server ([^ ]+) at IP ([^ ]+) is announcing itself as a local master browser for workgroup ([^ ]+) and we think we are master. Forcing election.$/ ) ) { + $Temp = $Server . "(" . $Ip . ")"; + $ForceElection{$Group}{$Temp}++; + } elsif ( (undef,$Command,$Server,$Ip,undef) = ($ThisLine =~ /([^ ]+): unicast name ([^ ]+) request received for name ([^ ]+) from IP ([^ ]+) on subnet (.*)\./ ) ) { $Temp = "$Command on subnet $Subnet : $Server ($Ip)"; + $Temp = "$Command on subnet $Subnet : $Server ($Ip)"; + $UnicastRegister{$Temp}++; + } elsif ( ($Group,$Subnet) = ($ThisLine =~ /standard_fail_register: Failed to register\/refresh name ([^ ]+) on subnet ([^ ]+)$/ ) ) { + $FailedRegister{$Subnet}{$Group}++; + } elsif ( ($Ip,$Group,undef) = ($ThisLine =~ /register_name_response: server at IP ([^ ]+) rejected our name registration of ([^ ]+) with error code ([^ ]+)\.$/ ) ) { + $RejectRegister{$Group}{$Ip}++; + } elsif ( ($Ip) = ($ThisLine =~ /get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP ([^ ]+) failed\. Cannot get workgroup name\.$/ ) ) { + $CantGetGroup{$Ip}++; + } elsif ( ($Signal,undef,$Version) = ($ThisLine =~ /INTERNAL ERROR: Signal ([^ ]+) in pid ([^ ]+) \(([^ ]+)\) Please read the file BUGS.txt in the distribution$/ ) ) { + $Temp = "Version $Version with signal $Signal"; + $Crash{$Temp}++; + } elsif ( ($Error) = ($ThisLine =~ /util.c:smb_panic\(\d+\) (PANIC: internal error)$/ ) ) { + $Crash{$Error}++; + } elsif ( ( $ThisLine =~ /get_domain_master_name_node_status_fail\(([^ ]+)\)/ ) ) { + $GetDomainMasterStatusFail++; + } elsif ( ($User) = ($ThisLine =~ /pass_check_smb\(552\) Account for user '([^ ]+)' was disabled.$/) ) { + $AccountDisabled{$User}++; + } elsif ( ($Version) = ($ThisLine =~ /Discarding invalid wins\.dat file \[(.*)\]$/) ) { + $DiscardWins{$Version}++; + } elsif ( ($user,$ip,$dir) = ($ThisLine =~ /smbd\/service.c:make_connection\([0-9]+\) ([a-zA-Z]+) \(([\d.]+)\) Can't change directory to ([a-zA-Z_\/]+) \(Permission denied\)$/)) { + $PermissionDenied{$user}{$ip}{$dir}++; + } elsif ( ($user) = ($ThisLine =~ /smbd\/service.c:make_connection\([0-9]+\) make_connection: ([a-zA-Z_-]+) logged in as admin user \(root privileges\)$/)) { + $RootLoggedIn{$user}++; + } elsif ( ($file,$function) = ($ThisLine =~ /([a-zA-Z_\/():\.0-9-]+) ([a-zA-Z0-9_-]+): Not yet implemented.$/)) { + $NotImplemented{$file}{$function}++; + } elsif ( ($User,$Ip,$Directory,$Reason) = ($ThisLine =~ /service.c:make_connection\([0-9]+\) ([^ ]+) \(([^ ]+)\) Can't change directory to ([^ ]+) \((.*)\)/)) { + $Temp = "Netbios name $User on $Ip"; + $CantChangeDir{$Directory}{$Reason}{$Temp}++; + } elsif ( ($Signal) = ($ThisLine =~ /open_sockets\([0-9]+\) Reloading services after ([^ ]+)/)) { + $ReloadAfter{$Signal}++; + } elsif ( ($Signal) = ($ThisLine =~ /open_sockets\([0-9]+\) Got ([^ ]+)/)) { + $ReloadAfter{$Signal}++; + } elsif ( ($Share,$Reason) = ($ThisLine =~ /cups_printername_ok\([0-9]+\) (Unable to get printer status for [^ ]+) - ([^ ]+)/)) { + $PrinterStatus{$Share}{$Reason}++; + } elsif ( ($Share,$Reason) = ($ThisLine =~ /cups_queue_get\([0-9]+\) (Unable to get jobs for [^ ]+) - ([^ ]+)/)) { + $PrinterStatus{$Share}{$Reason}++; + } elsif ( $ThisLine =~ m/main\([0-9]+\) ERROR: Failed when creating subnet lists. Exiting./) { + $SubnetFail{"Failed when creating subnet lists"}++; + } elsif ( $ThisLine =~ m/create_subnets\([0-9]+\) create_subnets: No local interfaces !/) { + $SubnetFail{"No local interfaces"}++; + } elsif ( $ThisLine =~ m/reload_interfaces: No subnets to listen to. Shutting down.../) { + $SubnetFail{"No subnets to listen to. Shutting down."}++; + } elsif ( $ThisLine =~ s/process_get_backup_list_request\([0-9]+\) process_get_backup_list_request: (.*)/$1/) { + $GetBacupList{$ThisLine}++; + } elsif ( ($Error) = ($ThisLine =~ /brl_init\([0-9]+\) (Failed to open byte range locking database)$/)) { + $LockDbError{$Error}++; + } elsif ( ($Error) = ($ThisLine =~ /locking_init\([0-9]+\) ERROR: (Failed to initialise locking database)$/)) { + $LockDbError{$Error}++; + } elsif ( ($Location,$Reason) = ($ThisLine =~ /tdb_log\([0-9]+\) tdb\(([^ ]+)\): tdb_reopen: (open failed \([^ ]+\))/)) { + $LockDbError{"$Location - $Reason"}++; + } else { + # Report any unmatched entries... + $OtherList{$ThisLine}++; + + #TODO: + #smbd/oplock.c:process_local_message(418) process_local_message: unknown UDP message command code (424d) - ignoring. + #smbd/process.c:switch_message(662) Non-SMB packet of length 156. Terminating server + #smbd/process.c:switch_message(662) Non-SMB packet of length 133. Terminating server + #libsmb/nmblib.c:send_udp(756) Packet send failed to 153.19.207.127(138) ERRNO=Invalid argument + #lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Brak drogi do systemu + } +} + +######################################### +# + +if (keys %Crash) { + print "\nWARNING!!!!!!\n"; + print "Server crashed:\n"; + foreach $Dead (sort {$a cmp $b} keys %Crash) { + print " $Dead : $Crash{$Dead} Time(s)\n"; + } +} + +if (keys %SubnetFail) { + print "\nWARNING!!!!!!\n"; + print "Errors when creating subnets:\n"; + foreach $Error (sort {$a cmp $b} keys %SubnetFail) { + print " $Error : $SubnetFail{$Error} Time(s)\n"; + } +} + +if (keys %ReloadAfter) { + print "\nReloaded services after signal:\n"; + foreach $Signal (sort {$a cmp $b} keys %ReloadAfter) { + print " $Signal : $ReloadAfter{$Signal} Time(s)\n"; + } +} + +if (keys %DiscardWins) { + print "\nDiscarded invalid wins.dat file with version:\n"; + foreach $Version (sort {$a cmp $b} keys %DiscardWins) { + print " $Version : $DiscardWins{$Version} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %Connect)) { + print "\nOpened Sessions:\n"; + foreach $Serv (sort {$a cmp $b} keys %Connect) { + print " Service $Serv as user:\n"; + foreach $Us (sort {$a cmp $b} keys %{$Connect{$Serv}}) { + print " $Us from host:\n"; + foreach $Ho (sort {$a cmp $b} keys %{$Connect{$Serv}{$Us}}) { + print " $Ho : $Connect{$Serv}{$Us}{$Ho} Time(s)\n"; + } + } + } +} + +if (keys %Denied) { + print "\nConnections Denied:\n"; + foreach $Line (sort {$a cmp $b} keys %Denied) { + print " $Line : $Denied{$Line} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %PermissionDenied)) { + print "\nPermission denied:\n"; + foreach $user (sort {$a cmp $b} keys %PermissionDenied) { + foreach $ip (sort {$a cmp $b} keys %{$PermissionDenied{$user}}) { + foreach $dir (sort {$a cmp $b} keys %{$PermissionDenied{$user}{$ip}}) { + print " Permission denied (user $user from $ip) directory $dir: $PermissionDenied{$user}{$ip}{$dir} Time(s)\n"; + } + } + } +} + +if (keys %PrinterStatus) { + print "\nPrinter Errors:\n"; + foreach $Share (sort {$a cmp $b} keys %PrinterStatus) { + print " $Share:\n"; + foreach $Reason (sort {$a cmp $b} keys %{$PrinterStatus{$Share}}) { + print " $Reason : $PrinterStatus{$Share}{$Reason} Time(s)\n"; + } + } +} + +if (($Detail >= 5) and (keys %RootLoggedIn)) { + print "\nAdmin logins (root privileges):\n"; + foreach $user (sort {$a cmp $b} keys %RootLoggedIn) { + print " User $user: $RootLoggedIn{$user} Time(s)\n"; + } +} + +if (($Detail >= 9) and (keys %NotImplemented)) { + print "\nNot implemented functions:\n"; + foreach $file (sort {$a cmp $b} keys %NotImplemented) { + foreach $func (sort {$a cmp $b} keys %{$NotImplemented{$file}}) { + print " Function $func in $file: $NotImplemented{$file}{$func} Time(s)\n"; + } + } +} + + +if (keys %ForceElection) { + print "\nForced Election:\n"; + foreach $Group (sort {$a cmp $b} keys %ForceElection) { + print " In workgroup $Group when announced server was:\n"; + foreach $Host (sort {$a cmp $b} keys %{$ForceElection{$Group}}) { + print " $Host : $ForceElection{$Group}{$Host} Time(s)\n"; + } + } +} + +if (keys %BeLocalMaster) { + print "\nChanged Local Master Browser:\n"; + foreach $Subnet (sort {$a cmp $b} keys %BeLocalMaster) { + print " On subnet $Subnet:\n"; + foreach $Group (sort {$a cmp $b} keys %{$BeLocalMaster{$Subnet}}) { + print " For workgroup $Group:\n"; + foreach $Name (sort {$a cmp $b} keys %{$BeLocalMaster{$Subnet}{$Group}}) { + print " $Name : $BeLocalMaster{$Subnet}{$Group}{$Name} Time(s)\n"; + } + } + } +} + +if (keys %CantGetGroup) { + print "\nCannot get workgroup name from domain name browser:\n"; + foreach $Ip (sort {$a cmp $b} keys %CantGetGroup) { + print " $Ip : $CantGetGroup{$Ip} Time(s)\n"; + } +} + +if ($GetDomainMasterStatusFail > 0) { + print "\nFailed to get Domain Master node name: $GetDomainMasterStatusFail Time(s)\n"; +} + +if (keys %GetBacupList) { + print "\nBackup list requests:\n"; + foreach $Request (sort {$a cmp $b} keys %GetBacupList) { + print " $Request : $GetBacupList{$Request} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %NoServ)) { + print "\nCouldn't find services:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %NoServ) { + print " $ThisOne : $NoServ{$ThisOne} Time(s)\n"; + } +} + +if (($Detail >= 5) and (keys %UnicastRegister)) { + print "\nUnicast name requests:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %UnicastRegister) { + print " $ThisOne : $UnicastRegister{$ThisOne} Time(s)\n"; + } +} + +if (keys %FailedRegister) { + print "\nFailed to register/refresh:\n"; + foreach $Subnet (sort {$a cmp $b} keys %FailedRegister) { + print " On subnet $Subnet:\n"; + foreach $Group (sort {$a cmp $b} keys %{$FailedRegister{$Subnet}}) { + print " $Group : $FailedRegister{$Subnet}{$Group} Time(s)\n"; + } + } +} + +if (keys %RejectRegister) { + print "\nRejected our name registration:\n"; + foreach $Group (sort {$a cmp $b} keys %RejectRegister) { + print " Name $Group at IP:\n"; + foreach $Ip (sort {$a cmp $b} keys %{$RejectRegister{$Group}}) { + print " $Ip : $RejectRegister{$Group}{$Ip} Time(s)\n"; + } + } +} + +if ($DbOpenFail > 0) { + print "\nFailed to open passwd database: $DbOpenFail Time(s)\n"; +} + +if (keys %InvalidUser) { + print "\nInvalid Users:\n"; + foreach $Line (sort {$a cmp $b} keys %InvalidUser) { + print " $Line : $InvalidUser{$Line} Time(s)\n"; + } +} + +if (keys %NotFoundUser) { + print "\nUsers not found in UNIX Database:\n"; + foreach $Line (sort {$a cmp $b} keys %NotFoundUser) { + print " $Line : $NotFoundUser{$Line} Time(s)\n"; + } +} + +if (keys %RejectedUser) { + print "\nRejected Users:\n"; + foreach $Line (sort {$a cmp $b} keys %RejectedUser) { + print " $Line : $RejectedUser{$Line} Time(s)\n"; + } +} + +if (keys %AccountDisabled) { + print "\nAccounts disabled:\n"; + foreach $User (sort {$a cmp $b} keys %AccountDisabled) { + print " $User : $AccountDisabled{$User} Time(s)\n"; + } +} + +if (keys %CantChangeDir) { + print "\nCan't change directory while browsing:\n"; + foreach $Directory (sort {$a cmp $b} keys %CantChangeDir) { + print " $Directory:\n"; + foreach $Reason (sort {$a cmp $b} keys %{$CantChangeDir{$Directory}}) { + print " $Reason:\n"; + foreach $Entry (sort {$a cmp $b} keys %{$CantChangeDir{$Directory}{$Reason}}) { + print " $Entry : $CantChangeDir{$Directory}{$Reason}{$Entry} Time(s)\n"; + } + } + } +} + +if ($SocketReadError > 0) { + print "\nSocket Read Error (Samba bug): $SocketReadError Time(s)\n"; +} + +if (keys %LockDbError) { + print "\nLocking Database error:\n"; + foreach $Error (sort {$a cmp $b} keys %LockDbError) { + print " $Error : $LockDbError{$Error} Time(s)\n"; + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $Line (sort {$a cmp $b} keys %OtherList) { + print "$Line : $OtherList{$Line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/secure b/log.d/configs/linux/scripts/services/secure new file mode 100755 index 0000000..21b93f7 --- /dev/null +++ b/log.d/configs/linux/scripts/services/secure @@ -0,0 +1,423 @@ +#!/usr/bin/perl +########################################################################## +# $Id: secure,v 1.46 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: secure,v $ +# Revision 1.46 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.45 2004/06/21 14:27:19 kirk +# Patch from logwatch@iamafreeman.com +# +# Revision 1.44 2004/02/03 04:26:36 kirk +# Solaris patch from Mike Tremaine +# +# Revision 1.43 2004/02/03 03:55:28 kirk +# Patch from M. B. Heath +# +# Revision 1.42 2004/02/03 03:52:20 kirk +# Added mailscanner filter and more Solaris support from Mike Tremaine +# +# Revision 1.41 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +$DoLookup = $ENV{'secure_ip_lookup'}; +$Ignore = $ENV{'ignore_services'}; +$Summarize = $ENV{'summarize_connections'}; +$ConsoleLock = 0; +$spop3d_opened=0; +$spop3d_errors=0; +use Logwatch ':ip'; + +while (defined($ThisLine = )) { + chomp($ThisLine); + $ThisLine =~ s/^... .. ..:..:.. [^ ]+ //; + #Solaris ID filter -mgt + $ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //; + my $temp = $ThisLine; + $temp =~ s/^([^[]+).*/$1/; + if ($Ignore =~ /\b\Q$temp\E\b/i) { next; } + if ( + ( $ThisLine =~ m/^[^ ]+\[\d+\]: connect from localhost$/ ) or + ( $ThisLine =~ /^\/usr\/bin\/sudo:/) or + ( $ThisLine =~ /^sudo:/) or + ( $ThisLine =~ /^halt:/) or + ( $ThisLine =~ /^reboot:/) or + ( $ThisLine =~ /^pam_xauth\[\d+\]: call_xauth: child returned \d/) or + ( $ThisLine =~ /^passwd\[\d+\]:/) or + ( $ThisLine =~ /warning: can.t get client address: Connection refused/) or + ( $ThisLine =~ /^xinetd\[\d+\]: USERID: ([^ ]+) (.+)$/ ) or + ( $ThisLine =~ /^(xinetd|xinetd-ipv6)\[\d+\]: EXIT: /) + ) { + # Ignore these entries + } elsif ($ThisLine =~ /^spop3d/) { + @line=split(": ",$ThisLine); + if ($line[1]=~/^session opened for user/) { + $spop3d_opened++; + @bzz=split(" ",$line[1]); + $PopUser= $bzz[4]; + $PopLogin{$PopUser}++; + } if ($line[1]=~/^authentication failure;/) { + # authentication failure; logname= uid=0 euid=0 tty= + # ruser= rhost= user=xavier + $spop3d_errors++; + @bzz=split(" user=",$line[1]); + $PopErr=$bzz[1]; + $PopErrors{$PopErr}++; + } + } elsif ( ($Host,$User) = ($ThisLine =~ /^login: FAILED LOGIN \d+ FROM ([^ ]+) FOR ([^,]+),/ ) ) { + $FailedLogins->{$User}->{$Host}++; + } elsif ( ($Service,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: connect(ion)? from "?(\d+\.\d+\.\d+\.\d+).*/) ) { + $Name = LookupIP($IP); + if ($Summarize =~ /\Q$Service\E/) { + $Connections->{$Service}++; + } else { + $Connections->{$Service}->{$Name}++; + } + } elsif ( ($Service,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: refused connect from (\d+\.\d+\.\d+\.\d+)$/) ) { + $Name = LookupIP($IP); + $Refused->{$Service}->{$Name}++; + } elsif ( ($Service,$Name) = ($ThisLine =~ /^([^ ]+)\[\d+\]: refused connect from (.*)$/) ) { + $Refused->{$Service}->{$Name}++; + } elsif ( ($Service,$Name) = ($ThisLine =~ /^([^ ]+)\[\d+\]: connect from ([^\n]+)$/) ) { + if ($Summarize =~ /\Q$Service\E/) { + $Connections->{$Service}++; + } else { + $Connections->{$Service}->{$Name}++; + } + } elsif ( (undef, $Service, $IP) = ($ThisLine =~ /^(xinetd|xinetd-ipv6)\[\d+\]: START: ([^ ]+) pid=\d+ from=([^\n]+)$/) ) { + if ($Ignore =~ /\b\Q$Service\E\b/i) { next; } + if ($Summarize =~ /\Q$Service\E/) { + $Connections->{$Service}++; + } else { + $Name = LookupIP($IP); + $Connections->{$Service}->{$Name}++; + } + #Solaris inetd this works if you start "inetd -s -t" then send daemon.notice to authlog -mgt + } elsif ( ($Service, $IP) = ($ThisLine =~ /^inetd\[\d+\]: (\w+)\[\d+\] from ([^ \n]+) \d+$/) ) { + if ($Ignore =~ /\b\Q$Service\E\b/i) { next; } + if ($Summarize =~ /\Q$Service\E/) { + $Connections->{$Service}++; + } else { + $Name = LookupIP($IP); + $Connections->{$Service}->{$Name}++; + } + } elsif ( ($Service,undef,$Name) = ($ThisLine =~ /^([^ ]+)\[\d+\]: warning: ([^ ]+), line \d+: can't verify hostname: getaddrinfo\(([^ ]+), AF_INET\) failed$/) ) { + $NameVerifyFail{$Service}{$Name}++; + } elsif ( ($Service,undef,$Name,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: warning: ([^ ]+), line \d+: host name\/name mismatch: ([^ ]+) != ([^ ]+)$/) ) { + $NameVerifyFail{$Service}{"$Name != $IP"}++; + } elsif ( ($Display, $User) = ($ThisLine =~ /^xscreensaver\[\d+\]: FAILED LOGIN \d ON DISPLAY \"([^ ]+)\", FOR \"([^ ]+)\"$/) ) { + $FailedSaver{$User}{$Display}++; + } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: No route to host$/$1/ ) { + $NoIP->{$ThisLine}++; + } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: Network is unreachable$/$1/ ) { + $NoIP->{$ThisLine}++; + } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: Connection reset by peer$/$1/ ) { + $NoIP->{$ThisLine}++; + } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: Connection timed out$/$1/ ) { + $NoIP->{$ThisLine}++; + } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: connect from unknown$/$1/ ) { + $NoIP->{$ThisLine}++; + } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) { + $Error{$Service}{$Err}++; + } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) { + $Error{$Service}{$Err}++; + } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) { + $Error{$Service}{$Err}++; + } elsif ( $ThisLine =~ /^login: ROOT LOGIN ON tty[0-9]+/) { + $RootLoginTTY++ + } elsif ( (undef,$User) = ($ThisLine =~ /^login: LOGIN ON (tty|pts\/)[0-9]+ BY ([^ ]+)/ )) { + $UserLogin{$User}++; + } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user `(.+)'/$1/ ) { + push @DeletedUsers, " $ThisLine\n"; + } elsif ( $ThisLine =~ s/^(useradd|adduser)\[\d+\]: new user: name=(.+), uid=(\d+).*$/$1 ($2)/ ) { + push @NewUsers, " $ThisLine\n"; + } elsif ( $ThisLine =~ s/^userdel\[\d+\]: remove group `(.+)'/$1/ ) { + push @DeletedGroups, " $ThisLine\n"; + } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) { + push @DeletedGroups, " $ThisLine\n"; + } elsif ( $ThisLine =~ s/^(useradd|adduser)\[\d+\]: new group: name=(.+), gid=(\d+).*$/$1 ($2)/ ) { + push @NewGroups, " $ThisLine\n"; + } elsif ( (undef,$User,,undef,$Group) = ($ThisLine =~ /(usermod|useradd)\[\d+\]: add `([^ ]+)' to (shadow |)group `([^ ]+)'/ )) { + $AddToGroup{$Group}{$User}++; + } elsif ( $ThisLine =~ s/^groupadd\[\d+\]: new group: name=(.+), gid=(\d+).*$/$1 ($2)/ ) { + push @NewGroups, " $ThisLine\n"; + } elsif ( $ThisLine =~ /^userdel\[\d+\]: delete `(.*)' from (shadow |)group `(.*)'\s*$/ ) { + push @RemoveFromGroup, " user $1 from group $3\n"; + # This is an inetd lookup... $1 is the service (i.e. ftp), $2 is the response + # I don't think these are important to log at this time + } elsif ( $ThisLine =~ /^sudo: ([^\s]+) : (command not allowed)?.+ ; COMMAND=(.*)$/ ) { + # sudo unauthorized commands + push @SudoList, "$1: $3\n" unless ($2 eq ""); + } elsif ( $ThisLine =~ /^\/usr\/bin\/sudo: ([^\s]+) : (command not allowed)?.+ ; COMMAND=(.*)$/ ) { + # sudo unauthorized commands + push @SudoList, "$1: $3\n" unless ($2 eq ""); + } elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) (?:address|libwrap) from=([\d.]+)/)) { + if ($Ignore =~ /\b\Q$service\E\b/i) { next; } + $Refused->{$service}->{$from}++; + } elsif ( ($User) = ($ThisLine =~ /^chage\[\d+\]: changed password expiry for ([^ ]+)/)) { + $PasswordExpiry{$User}++; + } elsif ( (undef) = ($ThisLine =~ /^pam_console\[\d+\]: console file lock already in place ([^ ]+)/ )) { + $ConsoleLock++; + } elsif ( ($Message) = ($ThisLine =~ /^pam_xauth\[\d+\]: call_xauth: (.+)/)) { + $XauthMessage{$Message}++; + } elsif ( ($Group,$NewName) = ($ThisLine =~ /^groupmod\[\d+\]: change group `(.*)' to `(.*)'/)) { + $GroupRenamed{"$Group -> $NewName"}++; + } elsif ( ($User,$Home,$NewHome) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' home from `(.*)' to `(.*)'/)) { + $HomeChange{$User}{"$Home -> $NewHome"}++; + } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]:change user `(.*)' UID from `(.*)' to `(.*)'/)) { + $UidChange{"$User: $From -> $To"}++; + } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' GID from `(.*)' to `(.*)'/)) { + $GidChange{"$User: $From -> $To"}++; + # checkpassword-pam + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Reading username and password/)) { + } elsif ( ($PID,$Username) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Username '([^']+)'/)) { + $ChkPasswdPam{$PID}{'Username'} = $Username; + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Password read successfully/)) { + } elsif ( ($PID,$Service) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Initializing PAM library using service name '([^']+)'/)) { + $ChkPasswdPam{$PID}{'Service'} = $Service; + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Pam library initialization succeeded/)) { + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: conversation\(\): msg\[0\], style PAM_PROMPT_ECHO_OFF, msg = "Password: "/)) { + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Authentication passed/)) { + $ChkPasswdPam{$PID}{'Success'} = 'true'; + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Account management succeeded/)) { + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Setting PAM credentials succeeded/)) { + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Terminating PAM library/)) { + } elsif ( ($PID) = ($ThisLine =~ /^checkpassword-pam\[(\d+)\]: Exiting with status 0/)) { + } else { + # Unmatched entries... + #push @OtherList, "$ThisLine\n"; + } +} + +####################################### + +if (@NewUsers) { + print "\nNew Users:\n@NewUsers\n"; +} + +if (@DeletedUsers) { + print "\nDeleted Users:\n@DeletedUsers\n"; +} + +if (@NewGroups) { + print "\nNew Groups:\n@NewGroups\n"; +} + +if (@DeletedGroups) { + print "\nDeleted Groups:\n@DeletedGroups\n"; +} + +if (keys %GroupRenamed) { + print "\nRenamed groups:\n"; + foreach $Group (sort {$a cmp $b} keys %GroupRenamed) { + print " $Group\n"; + } +} + +if (keys %AddToGroup) { + print "\nAdded User to group:\n"; + foreach $Group (sort {$a cmp $b} keys %AddToGroup) { + print " $Group:\n"; + foreach $User (sort {$a cmp $b} keys %{$AddToGroup{$Group}}) { + print " $User\n"; + } + } +} + +if (@RemoveFromGroup) { + print "\nRemoved From Group:\n@RemoveFromGroup\n"; +} + +if (keys %HomeChange) { + print "\nChanged users home directory:\n"; + foreach $User (sort {$a cmp $b} keys %HomeChange) { + print " $User:\n"; + # No sorting here - show it by time... + foreach $Home (keys %{$HomeChange{$User}}) { + print " $Home\n"; + } + } +} + +if (keys %UidChange) { + print "\nChanged users UID:\n"; + foreach $Entry (sort {$a cmp $b} keys %UidChange) { + print " $Entry\n"; + } +} + +if (keys %GidChange) { + print "\nChanged users GID:\n"; + foreach $Entry (sort {$a cmp $b} keys %GidChange) { + print " $Entry\n"; + } +} + +if (keys %{$Connections}) { + print "\nConnections:\n"; + foreach $ThisOne (keys %{$Connections}) { + if ($Summarize =~ /\Q$ThisOne\E/) { + print " Service " . $ThisOne . ": " . $Connections->{$ThisOne} . " Connection(s)\n"; + } else { + print " Service " . $ThisOne . ":\n"; + foreach $OtherOne (sort SortIP keys %{$Connections->{$ThisOne}}) { + print " " . $OtherOne . ": " . $Connections->{$ThisOne}->{$OtherOne} . " Time(s)\n"; + } + } + } +} + +if (keys %{$Refused}) { + print "\nRefused Connections:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %{$Refused}) { + print " Service " . $ThisOne . ":\n"; + foreach $OtherOne (sort SortIP keys %{$Refused->{$ThisOne}}) { + print " " . $OtherOne . ": " . $Refused->{$ThisOne}->{$OtherOne} . " Time(s)\n"; + } + } +} + +if (keys %{$FailedLogins}) { + print "\nFailed logins:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %{$FailedLogins}) { + print " User " . $ThisOne . ":\n"; + foreach $OtherOne (sort {$a cmp $b} keys %{$FailedLogins->{$ThisOne}}) { + print " " . $OtherOne . ": " . $FailedLogins->{$ThisOne}->{$OtherOne} . " Time(s)\n"; + } + } +} + +if (keys %{$FailedSaver}) { + print "\nFailed screensaver disable:\n"; + foreach $User (sort {$a cmp $b} keys %{$FailedSaver}) { + print " User $User on displays:\n"; + foreach $Display (sort {$a cmp $b} keys %{$FailedSaver{$User}}) { + print " $Display : $FailedSaver{$User}{$Display} Time(s)\n"; + } + } +} + +if (keys %NoIP) { + print "\nCouldn't get client IPs for connections to:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %NoIP) { + print " $ThisOne: $NoIP{$ThisOne} Time(s)\n"; + } +} + +if (keys %NameVerifyFail) { + print "\nHostname verification failed:\n"; + foreach $Service (sort {$a cmp $b} keys %NameVerifyFail) { + print " Service $Service:\n"; + foreach $Name (sort {$a cmp $b} keys %{$NameVerifyFail{$Service}}) { + print " $Name: rel5_2 $NameVerifyFail{$Service}{$Name} Time(s)\n"; + } + } +} + +if (keys %Error) { + print "\nErrors:\n"; + foreach $Service (sort {$a cmp $b} keys %Error) { + print " Service $Service:\n"; + foreach $Err (sort {$a cmp $b} keys %{$Error{$Service}}) { + print " $Err: $Error{$Service}{$Err} Time(s)\n"; + } + } +} + +if ($RootLoginTTY) { + print "\nRoot logins on tty\'s: $RootLoginTTY Time(s).\n"; +} + +if (keys %UserLogin) { + print "\nUser Login's:\n"; + foreach $User (sort {$a cmp $b} keys %UserLogin) { + print " $User : $UserLogin{$User} Time(s)\n"; + } +} + +if ($ConsoleLock > 0) { + print "\nConsole file lock already in place: $ConsoleLock Time(s).\n"; +} + +if (keys %PasswordExpiry) { + print "\nChanged password expiry for users:\n"; + foreach $User (sort {$a cmp $b} keys %PasswordExpiry) { + print " $User : $PasswordExpiry{$User} Time(s)\n"; + } +} + +if (keys %XauthMessage) { + print "\nReported by call_xauth:\n"; + foreach $Message (sort {$a cmp $b} keys %XauthMessage) { + print " $Message : $XauthMessage{$Message} Time(s)\n"; + } +} + +if (keys %PopLogin) { + print "\nspop3d user connections:\n"; + foreach $PopUser (sort {$a cmp $b} keys %PopLogin) { + print " $PopUser\:\t$PopLogin{$PopUser} Time(s)\n"; + } +} + +if (keys %PopErrors) { + print "\nspop3d connection failures:\n"; + foreach $PopErr (sort {$a cmp $b} keys %PopErrors) { + print " $PopErr\:\t$PopErrors{$PopErr} Time(s)\n"; + } +} + +if ($spop3d_opened > 0) { + print "\nspop3d connections(sum):\t".$spop3d_opened."\n"; +} + +if ($spop3d_errors > 0) { + print "spop3d connection errors:\t".$spop3d_errors."\n"; +} + +if ($#SudoList >= 0) { + print "\nUnauthorized sudo commands attempted (" . ($#SudoList + 1) . "):\n"; + print @SudoList; +} + +if (keys %ChkPasswdPam) { + print "\ncheckpassword-pam (SUID root PAM client):\n"; + foreach $PID (sort {$a cmp $b} keys %ChkPasswdPam) { + $ServiceUsernamePair = $ChkPasswdPam{$PID}{'Username'}.' => '.$ChkPasswdPam{$PID}{'Service'}; + if ($ChkPasswdPam{$PID}{'Success'} eq 'true') { + $Successes{$ServiceUsernamePair}++; + } else { + $Failures{$ServiceUsernamePair}++; + } + } + foreach $ServiceUsernamePair (sort {$a cmp $b} keys %Successes) { + $S = $Successes{$ServiceUsernamePair} ? $Successes{$ServiceUsernamePair} : 0; + $F = $Failures{$ServiceUsernamePair} ? $Failures{$ServiceUsernamePair} : 0; + print " $ServiceUsernamePair : $S success(es), $F failure(s)\n"; + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/sendmail b/log.d/configs/linux/scripts/services/sendmail new file mode 100755 index 0000000..6712989 --- /dev/null +++ b/log.d/configs/linux/scripts/services/sendmail @@ -0,0 +1,901 @@ +#!/usr/bin/perl +########################################################################## +# $Id: sendmail,v 1.41 2004/06/21 14:59:05 kirk Exp $ +########################################################################## +# $Log: sendmail,v $ +# Revision 1.41 2004/06/21 14:59:05 kirk +# Added tons of patches from Pawe? Go?aszewski" +# +# Thanks, as always! +# +# Revision 1.40 2004/06/21 14:18:55 kirk +# *** empty log message *** +# +# Revision 1.39 2004/06/21 13:57:13 kirk +# *** empty log message *** +# +# Revision 1.38 2004/02/03 18:39:34 kirk +# Patches from [ISO-8859-2] Pawe? Go?aszewski" +# +# Revision 1.37 2004/02/03 04:29:42 kirk +# Patch from Joe Digilio +# +# Revision 1.36 2004/02/03 04:10:21 kirk +# More patches from Mike Tremaine +# +# Revision 1.35 2004/02/03 03:52:20 kirk +# Added mailscanner filter and more Solaris support from Mike Tremaine +# +# Revision 1.34 2004/02/03 03:28:30 kirk +# Michael Stovenour +# +# Revision 1.33 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kenneth Porter +# +# Please send all comments, suggestions, bug reports, +# etc, to shiva@well.com. +######################################################## + +use Logwatch ':sort'; + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; +my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; + +#Local domains, used for the per-domain analysis. +my %LocalDomains; + +$MsgsSent = 0; +$BytesTransferred = 0; +$HourReturns = 0; +$DaysReturns = 0; +$UserUnknown = 0; +$TLSAcceptFailed = 0; +$SaveMailPanic = 0; +$RemoteProtocolError = 0; +$ReturnReceipt = 0; +$TooManyRcpts = 0; +$CantCreateOutput = 0; +$OutdatedAliasdb = 0; +$MaxLoadAvg = 0; +$LoadAvgReject = 0; +$LoadAvgQueueSkip = 0; + +my %relay; +my %abuse; +my %largeHdrs; +my %notLocal; +my %MailRejected; + +# Adds a new domain to the hash used for domain reporting. +sub InitDomainHash ($) { + $Domain = $_[0]; + if ( ($Domain) = ($Domain =~ /^([\S]+)/) ) { + $LocalDomains{$Domain}{"MsgsOut"} = 0; + $LocalDomains{$Domain}{"MsgsIn"} = 0; + $LocalDomains{$Domain}{"MsgsInternal"} = 0; + $LocalDomains{$Domain}{"BytesOut"} = 0; + $LocalDomains{$Domain}{"BytesIn"} = 0; + $LocalDomains{$Domain}{"BytesInternal"} = 0; + } # if +} # sub + +if ($Detail >= 10) { + # Reads the sendmail configuration files and builds the %LocalDomains + # hash containing all local and relayed domains. + my ($ThisLine,$ThisName); + my ($LocalHostNames, $SendmailAccess); + + # Check for valid local-host-names file. + if (defined($ENV{'sendmaillocalhostnames'})) { + $LocalHostNames = $ENV{'sendmaillocalhostnames'}; + } else { + $LocalHostNames = "/etc/mail/local-host-names"; + } # else + if (-s $LocalHostNames) { + # Read and process local-host-names + open (READCONFFILE, $LocalHostNames) or die "Cannot open " . $LocalHostNames ."\n"; + while (defined($ThisLine = )) { + if ( ($ThisName) = ($ThisLine =~ /^([^#][^ ]+)/) ) { + InitDomainHash($ThisName); + } # if + } # while + close(READCONFFILE); + } else { + print "\nERROR: Could not open $LocalHostNames\n"; + } # if + + # Check for valid access map file. + if (defined($ENV{'sendmailaccess'})) { + $SendmailAccess = $ENV{'sendmailaccess'}; + } else { + $SendmailAccess = "/etc/mail/access"; + } # if + if (-s $SendmailAccess) { + # Read and interpret the access map. + open (READCONFFILE, $SendmailAccess) or die "Cannot open " . $SendmailAccess ."\n"; + while (defined($ThisLine = )) { + if ( ($ThisName) = ($ThisLine =~ /^([^#0-9][\S]+)[\s]+RELAY/) ) { + InitDomainHash($ThisName); + } # if + } # while + close(READCONFFILE); + } else { + print "\nERROR: Could not open $SendmailAccess\n"; + } # if + + # Initialise the Size distribution array + my %SizeDist; + @SizeNames = ('0 - 10k', '10k - 20k', '20k - 50k', '50k - 100k', + '100k - 500k', '500k - 1Mb', '1Mb - 2Mb', '2Mb - 5Mb', + '5Mb - 10Mb', '10Mb+'); + + # Initialise the large messages hash. + my %LargeMsgs; +} # if + +# Unknown users with bounces <= $UnknownUserThreshold will only be +# printed if the detail level is >= 10. Setting this value to 0 disables +# it. +my $UnknownUsersThreshold = 0; + +while (defined($ThisLine = )) { + ($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / ); + $ThisLine =~ s/^[a-zA-Z0-9]+: //; + if ( + ( $ThisLine =~ m/^alias database [^ ]* (auto)?rebuilt by/ ) or + ( $ThisLine =~ m/[0-9]* aliases, longest [0-9]* bytes, [0-9]* bytes total/ ) or + ( $ThisLine =~ m/^starting daemon (.*):/ ) or + ( $ThisLine =~ m/premature EOM/ ) or + ( $ThisLine =~ m/unexpected close on connection from/ ) or + ( $ThisLine =~ m/timeout waiting for input from/ ) or + ( $ThisLine =~ m/lost input channel from/ ) or + ( $ThisLine =~ m/DSN: Cannot send message for \d+ day/ ) or + ( $ThisLine =~ m/: Service unavailable$/) or + ( $ThisLine =~ m/Broken pipe|Connection (reset|timed out)/ ) or + ( $ThisLine =~ m/X-Spam/ ) or + ( $ThisLine =~ m/Milter message: body replaced/ ) or + ( $ThisLine =~ m/Milter: data/ ) or + ( $ThisLine =~ m/Milter (change|delete): header/ ) or + ( $ThisLine =~ m/Milter add: header: X-Virus-Scanned/ ) or + ( $ThisLine =~ m/AUTH=server, relay=/ ) or + ( $ThisLine =~ m/discarded/ ) or + ( $ThisLine =~ m/headers too large/ ) or + # Ignore these lines for now... + # Dec 31 04:03:01 tp760 sendmail[26884]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168 + # Dec 31 04:03:01 tp760 sendmail[26887]: STARTTLS=server, relay=tp760.stovenour.net [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168 + ( $ThisLine =~ m/^STARTTLS=(server|client), relay=/ ) or + ( $ThisLine =~ m/Flushing queue from/ ) or + # I think that it's wrong... + #( $ThisLine =~ m/^SYSERR/ ) or + ( $ThisLine =~ m/^clone [a-zA-Z0-9]+, owner=/ ) or + ( $ThisLine =~ m/^SYSERR\(root\): collect: I\/O error on connection from / ) or + ( $ThisLine =~ m/^accepting connections again for daemon / ) + ) { + # We don't care about these + } elsif ( ($FromUser, $FromDomain, $Bytes, $NumRcpts, $RelayHost) = ($ThisLine =~ /^from=[\<]?([^@]+)[@]?([^\> ]+).*size=([0-9]+).*nrcpts=([0-9]+).*relay=(\[[0-9\.]+\]|[^ ]* \[[0-9\.]+\]|[^ ]+).*$/) ) { + if ($NumRcpts > 0) { + $MsgsSent++; + $TotalRcpts += $NumRcpts; + $BytesTransferred += $Bytes; + $MailBomber{$RelayHost} += $NumRcpts; + $MailBomberConn{$RelayHost}++; + + if ($Bytes <= 10240) { + $SizeDist[0]{'Num'}++; + $SizeDist[0]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 20480) { + $SizeDist[1]{'Num'}++; + $SizeDist[1]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 51200) { + $SizeDist[2]{'Num'}++; + $SizeDist[2]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 102400) { + $SizeDist[3]{'Num'}++; + $SizeDist[3]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 512000) { + $SizeDist[4]{'Num'}++; + $SizeDist[4]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 1048576) { + $SizeDist[5]{'Num'}++; + $SizeDist[5]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 2097152) { + $SizeDist[6]{'Num'}++; + $SizeDist[6]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 5242880) { + $SizeDist[7]{'Num'}++; + $SizeDist[7]{'Bytes'} += $Bytes; + } elsif ($Bytes <= 10485760) { + $SizeDist[8]{'Num'}++; + $SizeDist[8]{'Bytes'} += $Bytes; + } else { + $SizeDist[9]{'Num'}++; + $SizeDist[9]{'Bytes'} += $Bytes; + } + } + + # Add The message to a hash for later per-domain analysis. + $Msgs{$QueueID}{"Relay"} = $RelayHost; + if (($Detail >= 10)) { + $Msgs{$QueueID}{"FromDomain"} = $FromDomain; + $Msgs{$QueueID}{"FromUser"} = $FromUser; + $Msgs{$QueueID}{"Size"} = $Bytes; + $Msgs{$QueueID}{"Internal"} = 0; + $Msgs{$QueueID}{"Outgoing"} = 0; + $Msgs{$QueueID}{"Incomming"} = 0; + } # if + + } elsif ( ($ToUser, $ToDomain) = ($ThisLine =~ m/^to=[\<]?([^@]*)[@]?([^,\>]+).*stat=/ ) ) { + #Determine whether the message is local, inbound or outbound and + #update the domains hash appropriately. + if (($Detail >= 10)) { + $FromDomain = $Msgs{$QueueID}{"FromDomain"}; + if (defined($LocalDomains{$FromDomain})) { + if (defined($LocalDomains{$ToDomain})) { + if ($Msgs{$QueueID}{"Internal"} == 0) { + $Msgs{$QueueID}{"Internal"} = 1; + $LocalDomains{$FromDomain}{"MsgsInternal"}++; + $LocalDomains{$FromDomain}{"BytesInternal"} += $Msgs{$QueueID}{"Size"}; + } # if + } else { + if ($Msgs{$QueueID}{"Outgoing"} == 0) { + $Msgs{$QueueID}{"Outgoing"} = 1; + $LocalDomains{$FromDomain}{"MsgsOut"}++; + $LocalDomains{$FromDomain}{"BytesOut"} += $Msgs{$QueueID}{"Size"}; + } # if + } # else + } else { + if (defined($LocalDomains{$ToDomain})) { + if ($Msgs{$QueueID}{"Incomming"} == 0) { + $Msgs{$QueueID}{"Incomming"} = 1; + $LocalDomains{$ToDomain}{"MsgsIn"}++; + $LocalDomains{$ToDomain}{"BytesIn"} += $Msgs{$QueueID}{"Size"}; + } # if + } # if + } # else + + if ($Msgs{$QueueID}{"Size"} > 5242880) { #10485760 + $LargeMsgs{$Msgs{$QueueID}{"FromUser"} . "@" . $FromDomain . " \-\> " .$ToUser . "@" .$ToDomain}++; + } # if + } # if + + } elsif ( $ThisLine =~ m/X-Scanned-By: MIMEDefang/) { + $Defang++; + } elsif (($Size) = ($ThisLine =~ m/message size \(([0-9]+)\) exceeds maximum/)) { + $OverSize++; + $OverSizeBytes += $Size; + } elsif ( ($User) = ($ThisLine =~ /^<([^ ]*)>... (User unknown|No such user( here)?)$/i) ) { + $UnknownUsers{lc $User}{$QueueID}++; + } elsif ( ($Host) = ($ThisLine =~ /\(Name server: ([^ ]+): host not found\)/)) { + $UnknownHosts{$Host}++; + } elsif ( ($Domain) = ($ThisLine =~ /Domain of sender address ([^ ]+) does not/)) { + $UnresolvedDomains{$Domain}++; + } elsif ($ThisLine =~ /reject=550 5\.7\.1 <[^ ]*@([^ ]*)>\.\.\. Relaying Denied/) { + # We block some particularly annoying spam domains with the following in /etc/mail/access... + # From:worduphosting.com ERROR:550 5.7.1 Relaying Denied (Spammer) + $KnownSpammer{$1}++; + } elsif ($ThisLine =~ /ruleset=check_relay, arg1=([^ ]*),.* reject=550 5\.7\.1 Access denied/) { + # We block some particularly annoying spam domains with the + # following in /etc/mail/access... + # From:worduphosting.com ERROR:550 5.7.1 Access denied + # Remember the error message is user defined in /etc/mail/access + # So if anyone can make a better check please do -mgt + $KnownSpammer{$1}++; + } elsif ( + ($Host) = ($ThisLine =~ /relay=([^ ]+ \[[^ ]+\]), reject=553 5\.3\.0 .*/) or + ($Host) = ($ThisLine =~ /relay=([^ ]+ \[[^ ]+\] \(may be forged\)), reject=553 5\.3\.0 .*/) + ) { + $KnownSpammer{$Host}++; + } elsif ( ($User) = ($ThisLine =~ /^ruleset=check_rcpt, arg1=<([^ ]*)>, relay=[^,]*, reject=550\s*[\d.]*\s*<[^ ]*>\.\.\. Mailbox disabled for this recipient/) ) { + $DisabledMailbox{$User}{$QueueID}++; + # test for unknown relay users (users we would have relayed elsewhere) + } elsif ( ($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: ruleset=check_rcpt.*<(.*?)>.*... User unknown$/) ) { + $UnknownUserscheckrcpt{$User}++; + } elsif ( ($Dest,$Relay) = ($ThisLine =~ /^ruleset=check_rcpt, arg1=<([^ ]*)>, relay=([^,]*), reject=550\s*[\d.]*\s*[^ ]*\.\.\. Relaying denied/) ) { + $Temp = "From " . $Relay . " to " . $Dest; + $RelayDenied{$Temp}++; + } elsif ($ThisLine =~ /^ruleset=check_relay, arg1=[^,]*, arg2=[^,]*, relay=([^,]*), reject=550\s*[\d.]*\s*(Mail from|Rejected:) [^ ]* (refused by blackhole site|listed at) (.*)/) { + $Temp = "From " . $1 . " by " . $4; + $BlackHoled{$Temp}++; + } elsif ( ($Relay,$BlSite) = ($ThisLine =~ /^ruleset=check_relay, arg1=[^,]*, arg2=[^,]*, relay=([^,]*), reject=553\s*[\d.]*\s*.*http:\/\/([^\/]*)\//) ) { + $Temp = "From " . $Relay . " by " . $BlSite; + $BlackHoled{$Temp}++; + $BlackHoles{$BlSite}++; + } elsif ( ($Relay,$BlSite) = ($ThisLine =~ /reject=553\s*[\d.]*\s*<[^ ]*>\.\.\. +Mail from ([\d\.]+) rejected\;see http:\/\/([^\/]*)\//) ) { + #This is the another blackhole tag -mgt + $Temp = "From " . $Relay . " by " . $BlSite; + $BlackHoled{$Temp}++; + $BlackHoles{$BlSite}++; + } elsif ( ($BlSite, $Relay) = ($ThisLine =~ /reject=553\s*[\d.]*\s*<[^ ]*>\.\.\. +Email blocked using ORDB.org - see \\.\.\. Mail from [^ ]* refused by blackhole site ([^ ]*)/) ) { + $Temp = "From " . $Relay . " by " . $BlSite; + $BlackHoled{$Temp}++; + $BlackHoles{$BlSite}++; + } elsif ( ($User) = ($ThisLine =~ /^ruleset=check_mail, arg1=<([^ ]*)>, relay=[^,]*, reject=451\s*[\d.]*\s*Domain of sender address [^ ]* does not resolve/) ) { + $DomainErrors{$User . ": (does not resolve)"}++; + } elsif ( ($User) = ($ThisLine =~ /^ruleset=check_mail, arg1=<([^ ]*)>, relay=[^,]*, reject=553\s*[\d.]*\s*<[^ ]*>\.\.\. Domain of sender address [^ ]* does not exist/) ) { + $DomainErrors{$User . " (does not exist)"}++; + } elsif ( ($User) = ($ThisLine =~ /^ruleset=check_mail, arg1=<([^ ]*)>, relay=[^,]*, reject=553\s*[\d.]*\s*<[^ ]*>\.\.\. Domain name required for sender address .*/) ) { + $DomainErrors{$User . " (missing)"}++; + + # test for all kinds of rejects due check_mail + #h2G22Jq19062: ruleset=check_mail, arg1=<3popmeywsv@taylorinet.com>, relay=adsl-65-66-156-239.dsl.kscymo.swbell.net [65.66.156.239], reject=451 4.0.0 Domain must resolve. Contact us if you think this was a mistake. + #h2GCaeq27382: ruleset=check_mail, arg1=, relay=[218.5.77.88], reject=553 5.5.4 ... Domain name required for sender address juno.com + #h2G9Iuq25136: ruleset=check_mail, arg1=, relay=172071.telemar.net.br [200.165.172.71] (may be forged), reject=451 4.0.0 Domain mustresolve. Contact us if you think this was a mistake. + } elsif( ($arg,$relay,$reason) = ($ThisLine =~ /^ruleset=check_mail, arg1=<(.*?)>, relay=.*?\[(.*?)\].*?, reject=(.*)/) ) { + $Temp = "[$relay] $arg\n\t$reason"; + $CheckMailReject{$Temp}++; + + #h2GGj4q30085: ruleset=check_rcpt, arg1=, relay=[218.25.142.7], reject=450 4.7.1 ... Relaying temporarily denied. Cannotresolve PTR record for 218.25.142.7 + } elsif( ($arg,$relay,$reason) = ($ThisLine =~ /^ruleset=check_rcpt, arg1=<(.*?)>, relay=.*?\[(.*?)\].*?, reject=(.*)/) ) { + $reason =~ s/<$arg>\.\.\. //; + $Temp = "$arg ($reason)"; + $CheckRcptReject{$Temp}++; + + #h2G4jUx22325: lost input channel from localhost [127.0.0.1] to MTA after rcpt + } elsif ( ($Temp) = ($ThisLine =~ /^(lost input channel from .*? to MTA after .*)/) ) { + $LostInputChannel{$Temp}++; + + #h2G2FUx19181: timeout waiting for input from mail.bpsmailer.com. during client greeting + } elsif ( ($Temp) = ($ThisLine =~ /^(timeout waiting for input from .*? during .*)/) ) { + $TimeoutWaiting{$Temp}++; + + #NOQUEUE: [66.200.95.123] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA + #NOQUEUE: SMTP1.ADMANMAIL.COM [209.216.124.212] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA + } elsif ( ( $Host ) = ($ThisLine =~ /\[([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\] (\(may be forged\) |)did not issue MAIL\/EXPN\/VRFY\/ETRN during connection to (MTA|Daemon0)/) ) { + $DummyConnection{$Host}++; + } elsif ( ($Host) = ($ThisLine =~ /^([^ ]*) did not issue .*? during connection to (MTA|Daemon0)/) ) { + $DummyConnection{$Host}++; + + #hA29V0hK013676: hnexfe06.hetnet.nl [195.121.6.172]: Possible SMTP RCPT flood, throttling. + } elsif ( ($Temp) = ($ThisLine =~ /^.*\[(.*?)\]: Possible SMTP RCPT flood, throttling./) ) { + $BadRcptThrottle{$Temp}++; + + } elsif ($ThisLine =~ /^Too many recipients$/) { + $TooManyRcpts++; + + #h2GKtU001122: DSN: Too many hops 26 (25 max): from via localhost, to + #h2GHtSx30926: SYSERR(root): Too many hops 26 (25 max): from via localhost, to + } elsif ( ($Temp) = ($ThisLine =~ /^.*?Too many hops (.*)/) ) { + $TooManyHops{$Temp}++; + } elsif ( ($Warning) = ($ThisLine =~ /Authentication-Warning: [^ ]+: ([^ ]+ set sender to ( |)[^ ]+ using -f|.+ didn\'t use HELO protocol|[^ ]+ owned process doing -bs)/) ) { + $AuthWarns{$Warning}++; + } elsif ( ($Forward,$Error) = ($ThisLine =~ /^forward ([^ ]*): transient error: (.*)$/) ) { + $Temp = $Forward . ": " . $Error; + $ForwardErrors{$Temp}++; + } elsif ( ($Forward,$Error) = ($ThisLine =~ /^forward ([^ ]*): (.*)/) ) { + $Temp = $Forward . ": " . $Error; + $ForwardErrors{$Temp}++; + } elsif ( $ThisLine =~ m/(return to sender|sender notify): Warning: could not send message for past (\d) hours/ ) { + $NumHours = $2; + $HourReturns++; + } elsif ( $ThisLine =~ m/(return to sender|sender notify): Cannot send message for (\d) days/ ) { + $NumDays = $2; + $DaysReturns++; + } elsif ($ThisLine=~ /relay=(\S+)*.*\[(\d+.\d+.\d+.\d+)\], reject=444 4.4.4 \<([^\>]+)\>... Sorry (\S*)/) { + chomp($host=$2." ". (defined($1) ? "(".$1.")" : "(unresolved)") ); + chomp($luser=$3); + chomp($ruser=$4); + $ruser="none" if (length($ruser)==0); + $relay{$host}{$ruser}{$luser}++; + } elsif ($ThisLine=~ /arg1=\<([^\>]+)\>, relay=(\S+)*.*\[([^\]]+)\], reject=444 4.4.4 Sorry (\S*)/) { + chomp($host=$3." ". (defined($2) ? "(".$2.")" : "(unresolved)") ); + chomp($ruser=$1); + $luser="none"; + $relay{$host}{$ruser}{$luser}++; + } elsif ($ThisLine=~ /relay=(\S+)*.*\[(\d+.\d+.\d+.\d+)\], reject=441 4.4.1 \<([^\>]+)\>/) { + chomp($host=$2." ". (defined($1) ? "(".$1.")" : "(unresolved)") ); + chomp($luser=$3); + $notLocal{$host}{$luser}++; + } elsif ($ThisLine=~ /headers too large .* from \[([^\]]+)/) { + $largeHdrs{$1}++; + } elsif ($ThisLine=~ /(\S+) \[([0-9\.]+)]: VRFY (\S+) \[rejected\]/) { + chomp($host=$2." ". (defined($1) ? "(".$1.")" : "(unresolved)") ); + $luser=$3; + $abuse{$host}{$luser}++; + } elsif ( $ThisLine =~ m/(DSN|postmaster notify|return to sender|sender notify): User unknown/ ) { + $UserUnknown++; + } elsif ( $ThisLine =~ m/timeout waiting for input from (\S+)/ ) { + $Timeouts{$1}++; + } elsif ( $ThisLine =~ m/timeout writing message to (\S+?)\.?:/ ) { + $Timeouts{$1}++; + } elsif ( $ThisLine =~ /\[([0-9\.]+)]: ETRN (\S+)/ ) { + chomp($ETRN=$2." from ".$1); + $ETRNs{$ETRN}++; + } elsif ( $ThisLine =~ /rejecting connections on daemon [^ ]+: load average: ([0-9]+)/ ) { + $LoadAvg{$1}++; + $LoadAvgReject++; + } elsif ( + ($ThisLine =~ /Aborting queue run: load average too high/ ) or + ($ThisLine =~ /Skipping queue run -- load average too high/ ) + ){ + $LoadAvgQueueSkip++; + } elsif ($ThisLine=~ /reject=.*MESSAGE NOT ACCEPTED - (.+)/) { + chomp($host=$1); + $MailRejected{$host}++; + } elsif ($ThisLine=~ /TLS: error: accept failed/) { + $TLSAcceptFailed++; + } elsif ($ThisLine=~ /savemail panic/) { + $SaveMailPanic++; + } elsif ($ThisLine=~ /DSN: Return receipt/) { + $ReturnReceipt++; + } elsif ($ThisLine=~ /Remote protocol error/) { + $RemoteProtocolError++; + } elsif ( + (($Host,$Attack) = ($ThisLine =~ /POSSIBLE ATTACK from ([^ ]+): (.*)/)) or + (($Host,$Attack) = ($ThisLine =~ /([^ ]+ \[[^ ]+\]): possible SMTP attack: (.*)$/)) + ) { + $AttackAttempt{$Host}{$Attack}++; + } elsif ( + (($Attack) = ($ThisLine =~ /^(Fixed MIME MIME-Version header) \(possible attack\)$/)) or + (($Attack) = ($ThisLine =~ /^(Fixed MIME Content-Type header field) \(possible attack\)$/)) + ) { + $AttackAttempt{"UNKNOWN"}{$Attack}++; + } elsif ( ($File,$Error) = ($ThisLine =~ /^safesasl\(([^ ]+)\) failed: (.*)$/) ) { + $SaslError{$File}{$Error}++; + } elsif ( $ThisLine =~ m/Can\'t create output/ ) { + $CantCreateOutput++; + } elsif ( $ThisLine =~ m/alias database [^ ]+ out of date/ ) { + $OutdatedAliasdb++; + } elsif ( ($User,$Uid) = ($ThisLine =~ /^SYSERR\(([^ ]+)\): collect: Cannot write [^ ]+ \([^ ]+, uid=(\d+), gid=\d+\): Disk quota exceeded/) ) { + $Temp = "$User (uid=$Uid)"; + $QuotaExceed{$Temp}++; + } elsif ( ($User,$Uid) = ($ThisLine =~ /^SYSERR\(([^ ]+)\): queueup: cannot create queue file [^ ]+, euid=(\d+): Disk quota exceeded/) ) { + $Temp = "$User (uid=$Uid)"; + $QuotaExceed{$Temp}++; + } elsif ( + ($Address,$Reason) = ($ThisLine =~ /^Syntax error in mailbox address "(.+)" \(([^ ]+)\)/) or + ($Address,$Reason) = ($ThisLine =~ /^<(.+)>... (Colon illegal in host name part)/) or + ($Reason,$Address) = ($ThisLine =~ /^(8-bit character in mailbox address) "<(.+)>"/) + ) { + $AddressError{$Reason}{$Address}++; + } else { + $ThisLine =~ s/.*\: (DSN\: .*)/$1/; + $ThisLine =~ s/.*\: (postmaster notify\: .*)/$1/; + chomp($ThisLine); + # Report any unmatched entries... + $OtherList{$ThisLine}++; + } +} + +####################################################### + +if ($MsgsSent > 0) { + print "\n\nBytes Transferred: $BytesTransferred\n"; + print "Messages Sent: $MsgsSent\n"; + print "Total recipients: $TotalRcpts"; +} + +if ($Defang > 0) { + print "\n" . $Defang . " messages scanned by MIMEDefang"; +} + +if ($OverSize > 0) { + print "\n\nRejected $OverSizeBytes bytes in $OverSize message(s)"; +} + +if ($HourReturns > 0) { + print "\n\n" . $HourReturns . " messages returned after " . $NumHours . " hours"; +} + +if ($DaysReturns > 0) { + print "\n\n" . $DaysReturns . " messages returned after " . $NumDays . " days"; +} + +if($TLSAcceptFailed > 0) { + print "\n\n$TLSAcceptFailed TLS Accept Fail(s)"; +} + +if($UserUnknown > 0) { + print "\n\n$UserUnknown User Unknown notifications"; +} + +if ($TooManyRcpts > 0) { + print "\n\n$TooManyRcpts messages with too many recipients"; +} + +if($SaveMailPanic > 0) { + print "\n\n" . $SaveMailPanic . " Save Mail Panic's"; +} + +if($RemoteProtocolError > 0) { + print "\n\n" . $RemoteProtocolError . " Remote Protocol Errors's"; +} + +if($ReturnReceipt > 0) { + print "\n\n$ReturnReceipt Return Receipt's"; +} + +if ($CantCreateOutput > 0) { + print "\n\nCan't create output $CantCreateOutput Time(s)"; +} + +if ($OutdatedAliasdb > 0) { + print "\n\nAliases database out of date $OutdatedAliasdb Time(s)"; +} + +if (keys %AttackAttempt) { + print "\n\nWARNING!!!!\n"; + print "Possible Attack:\n"; + foreach $Host (sort {$a cmp $b} keys %AttackAttempt) { + print " Attempt from $Host with:\n"; + foreach $Attack (sort {$a cmp $b} keys %{$AttackAttempt{$Host}}) { + print " $Attack : $AttackAttempt{$Host}{$Attack} Time(s)\n"; + } + } +} + +if (keys %SaslError) { + print "\n\nSASL database Errors:\n"; + foreach $File (sort {$a cmp $b} keys %SaslError) { + print " In file $File :\n"; + foreach $Error (sort {$a cmp $b} keys %{$SaslError{$File}}) { + print " $Error : $SaslError{$File}{$Error} Time(s)\n"; + } + } +} + +if (($Detail >= 10) and (keys %LocalDomains)) { + print "\n\nMessage traffic by domain:\n"; + print " | Inbound | Outbound | Internal | Total\n"; + print "Domain | Msgs Kbytes | Msgs Kbytes | Msgs Kbytes | Msgs Kbytes\n"; + print "-------------------------+-------------+-------------+-------------+------------\n"; + foreach $ThisOne (sort keys %LocalDomains) { + if (($LocalDomains{$ThisOne}{"BytesIn"} + $LocalDomains{$ThisOne}{"BytesOut"} + $LocalDomains{$ThisOne}{"BytesInternal"}) > 0) { + $LineMsgs = $LocalDomains{$ThisOne}{"MsgsIn"} + $LocalDomains{$ThisOne}{"MsgsOut"} + $LocalDomains{$ThisOne}{"MsgsInternal"}; + $LineBytes = $LocalDomains{$ThisOne}{"BytesIn"} + $LocalDomains{$ThisOne}{"BytesOut"} + $LocalDomains{$ThisOne}{"BytesInternal"}; + $PrintThisOne = $ThisOne; + $PrintThisOne =~ s/^(.{25}).+$/$1/ if( length($PrintThisOne) > 25 ); + printf("%-25s|%5d %6d |%5d %6d |%5d %6d |%5d %6d\n", $PrintThisOne, $LocalDomains{$ThisOne}{"MsgsIn"}, $LocalDomains{$ThisOne}{"BytesIn"}/1024, $LocalDomains{$ThisOne}{"MsgsOut"}, $LocalDomains{$ThisOne}{"BytesOut"}/1024, $LocalDomains{$ThisOne}{"MsgsInternal"}, $LocalDomains{$ThisOne}{"BytesInternal"}/1024, $LineMsgs, $LineBytes/1024); + $TotalMsgsIn += $LocalDomains{$ThisOne}{"MsgsIn"}; + $TotalMsgsOut += $LocalDomains{$ThisOne}{"MsgsOut"}; + $TotalMsgsInternal += $LocalDomains{$ThisOne}{"MsgsInternal"}; + $TotalBytesIn += $LocalDomains{$ThisOne}{"BytesIn"}; + $TotalBytesOut += $LocalDomains{$ThisOne}{"BytesOut"}; + $TotalBytesInternal += $LocalDomains{$ThisOne}{"BytesInternal"}; + } # if + } # foreach + print "-------------------------+-------------+-------------+-------------+------------\n"; + $LineMsgs = $TotalMsgsIn + $TotalMsgsOut + $TotalMsgsInternal; + $LineBytes = $TotalBytesIn + $TotalBytesOut + $TotalBytesInternal; + printf("TOTAL |%5d %6d |%5d %6d |%5d %6d |%5d %6d\n", $TotalMsgsIn, $TotalBytesIn/1024, $TotalMsgsOut, $TotalBytesOut/1024, $TotalMsgsInternal, $TotalBytesInternal/1024, $LineMsgs, $LineBytes/1024); +} # if + +if (($Detail >= 10)) { + print "\n\nMessage Size Distribution:\n"; + print "Range # Msgs KBytes\n"; + foreach $ThisOne (0..9) { + printf("%-12s %6d %10d\n", $SizeNames[$ThisOne], $SizeDist[$ThisOne]{'Num'}, $SizeDist[$ThisOne]{'Bytes'}/1024); + $TotalNum += $SizeDist[$ThisOne]{'Num'}; + $TotalBytes += $SizeDist[$ThisOne]{'Bytes'}; + } + print "----------------------------------\n"; + printf("TOTAL %6d %10d\n", $TotalNum, $TotalBytes/1024); + if ($TotalNum > 0) { + printf("Avg. Size %10d\n", ($TotalBytes / $TotalNum)/1024); + } +} + +if (keys %LargeMsgs) { + print "\n\nLarge Messages (From \-\> To):\n"; + foreach $ThisOne (sort keys %LargeMsgs) { + print " $ThisOne : ${LargeMsgs{$ThisOne}} Time(s)\n"; + } +} + +if (keys %ETRNs) { + print "\n\nETRNs Received:\n"; + foreach $ThisOne (sort keys %ETRNs) { + print " $ThisOne : $ETRNs{$ThisOne} Time(s)\n"; + } +} + +if (keys %LoadAvg) { + print "\n\nWarning!!!:\n"; + print "Connections Rejected due to high load average $LoadAvgReject Time(s)\n"; + foreach $Load (sort keys %LoadAvg) { + if ($Detail >=5) { + print " Load Avg $Load : $LoadAvg{$Load} Time(s)\n"; + } + if ($Load > $MaxLoadAvg) { + $MaxLoadAvg = $Load; + } + } + print " Max. Load Avg reached: $MaxLoadAvg\n"; +} + +if ($LoadAvgQueueSkip > 0) { + print "\nAborted/skipped mail queue run - load average too high: $LoadAvgQueueSkip Time(s)\n"; +} + +if (keys %UnknownUsers) { + foreach $Usr (sort keys %UnknownUsers) { + foreach $QueueID (sort keys %{ $UnknownUsers{$Usr} }) { + $SortedUsers{$Usr}{$Msgs{$QueueID}{"Relay"}}++; + $ukusers++; + } + @v = values %{$SortedUsers{$Usr}}; + } + print "\n\nUnknown local users:\n"; + foreach $Usr (sort keys %SortedUsers) { + unless ($Detail >= 10) { + my $sum = 0; + grep { $sum += $_ } values %{$SortedUsers{$Usr}}; + } + if ($Detail >= 10 || $sum > $UnknownUsersThreshold) { + print "\n $Usr\n"; + my $sort = CountOrder( %{$SortedUsers{$Usr}} ); + foreach $RelayHost (sort $sort keys %{ $SortedUsers{$Usr} }) { + print " from $RelayHost $SortedUsers{$Usr}{$RelayHost} time(s).\n"; + } + } + } + print "\n\t Total: $ukusers\n"; +} + +if (keys %UnknownUserscheckrcpt) { + print "\n\nUnknown relay users: (check_rcpt)\n"; + foreach $ThisOne (keys %UnknownUserscheckrcpt) { + print " $ThisOne: $UnknownUserscheckrcpt{$ThisOne} Time(s)\n"; + } +} + +if (keys %DisabledMailbox) { + %SortedUsers = (); + foreach $Usr (sort keys %DisabledMailbox) { + foreach $QueueID (sort keys %{ $DisabledMailbox{$Usr} }) { + $SortedUsers{$Usr}{$Relays{$QueueID}}++; + } + } + print "\n\nDisabled mailboxes:\n"; + foreach $Usr (sort keys %SortedUsers) { + print "\n $Usr\n"; + foreach $RelayHost (sort keys %{ $SortedUsers{$Usr} }) { + print " from $RelayHost $SortedUsers{$Usr}{$RelayHost} Time(s).\n"; + } + } +} + +if (keys %QuotaExceed) { + print "\n\nQuota exceeded for users:\n"; + foreach $User (sort {$a cmp $b} keys %QuotaExceed) { + print " $User : $QuotaExceed{$User} Time(s)\n"; + } +} + +$count = 0; +foreach $ThisOne (sort {$MailBomber{$b}<=>$MailBomber{$a}} keys %MailBomber) { + if ($MailBomber{$ThisOne} >= 10 and $count < 50) { + print "\n\nTop relays (recipients/connections - min 10 rcpts, max 50 lines):\n" if ! $count; + print " $MailBomber{$ThisOne}/$MailBomberConn{$ThisOne}: $ThisOne\n"; + } + $count++; +} + +if (keys %KnownSpammer) { + print "\n\nRelay attempts from known spammers:\n"; + foreach $ThisOne (sort keys %KnownSpammer) { + print " $ThisOne: $KnownSpammer{$ThisOne} Time(s)\n"; + $knspam = $knspam + $KnownSpammer{$ThisOne}; + } + print "\n\tTotal: $knspam\n"; +} + +if (keys %RelayDenied) { + print "\n\nRelaying denied:\n"; + my $count = CountOrder(%RelayDenied); + foreach $ThisOne (sort $count keys %RelayDenied) { + print " $ThisOne: $RelayDenied{$ThisOne} Time(s)\n"; + $rldeny = $rldeny + $RelayDenied{$ThisOne}; + } + print "\n\tTotal: $rldeny\n"; +} + +if (keys %CheckMailReject) { + print "\n\nRejected incoming mail:\n"; + foreach $ThisOne (keys %CheckMailReject) { + print " $ThisOne: $CheckMailReject{$ThisOne} Time(s)\n"; + $chkmreject = $chkmreject + $CheckMailReject{$ThisOne}; + } + print "\n\tTotal: $chkmreject\n"; +} + +if (keys %CheckRcptReject) { + print "\n\nRejected mail:\n"; + foreach $ThisOne (keys %CheckRcptReject) { + print " $ThisOne: $CheckRcptReject{$ThisOne} Time(s)\n"; + $chkrereject = $chkrereject + $CheckRcptReject{$ThisOne}; + } + print "\n\tTotal: $chkrereject\n"; +} + +if (keys %LostInputChannel) { + print "\n\nLost input channel:\n"; + foreach $ThisOne (keys %LostInputChannel) { + print " $ThisOne: $LostInputChannel{$ThisOne} Time(s)\n"; + } +} + +if (keys %TimeoutWaiting) { + print "\n\nTimeout waiting:\n"; + foreach $ThisOne (keys %TimeoutWaiting) { + print " $ThisOne : $TimeoutWaiting{$ThisOne} Time(s)\n"; + } +} + +if (keys %DummyConnection) { + print "\n\nClient quit before communicating:\n"; + foreach $ThisOne (sort keys %DummyConnection) { + print " $ThisOne : $DummyConnection{$ThisOne} Time(s)\n"; + } +} + +if (keys %BadRcptThrottle) { + print "\n\nClient submitted too many bad recipients:\n"; + foreach $ThisOne (sort keys %BadRcptThrottle) { + print " $ThisOne : $BadRcptThrottle{$ThisOne} Time(s)\n"; + } +} + +if (keys %TooManyHops) { + print "\n\nToo many hops:\n"; + foreach $ThisOne (sort keys %TooManyHops) { + print " $ThisOne: $TooManyHops{$ThisOne} Time(s)\n"; + } +} + +if (keys %BlackHoled) { + print "\n\nBlackHole Totals:\n"; + foreach $ThisOne (sort keys %BlackHoles) { + print " $ThisOne: $BlackHoles{$ThisOne} Time(s)\n"; + $blktotal = $blktotal + $BlackHoles{$ThisOne}; + } + if ($Detail >= 10) { + print "\nBlackholed:\n"; + foreach $ThisOne (sort keys %BlackHoled) { + print " $ThisOne: $BlackHoled{$ThisOne} Times(s)\n"; + } + } +} + +if (keys %DomainErrors) { + print "\n\nUnresolveable or non-existent domains:\n"; + my $count = CountOrder(%DomainErrors); + foreach $ThisOne (sort $count keys %DomainErrors) { + print " $ThisOne: $DomainErrors{$ThisOne} Time(s)\n"; + $domainer = $domainer + $DomainErrors{$ThisOne}; + } + print "\n\tTotal: $domainer\n"; +} + +if (keys %AuthWarns) { + print "\n\nAuthentication warnings:\n"; + foreach $ThisOne (sort keys %AuthWarns) { + print " $ThisOne: $AuthWarns{$ThisOne} Time(s)\n"; + } +} + +if (keys %UnknownHosts) { + print "\n\nUnknown hosts:\n"; + my $count = CountOrder(%UnknownHosts); + foreach $ThisOne (sort $count keys %UnknownHosts) { + print " $ThisOne: $UnknownHosts{$ThisOne} Time(s)\n"; + $uknhosts = $uknhosts + $UnknownHosts{$ThisOne}; + } + print "\n\tTotal: $uknhosts\n"; +} + +if (keys %UnresolvedDomains) { + print "\n\nUnresolved sender domains:\n"; + my $count = CountOrder(%UnresolvedDomains); + foreach $ThisOne (sort $count keys %UnresolvedDomains) { + print " $ThisOne: $UnresolvedDomains{$ThisOne} Time(s)\n"; + $ukndomain = $ukndomain + $UnresolvedDomains{$ThisOne}; + } + print "\n\tTotal: $ukndomain\n"; +} + +if (keys %Timeouts) { + print "\n\nTimeouts:\n"; + my $count = CountOrder(%Timeouts); + foreach $ThisOne (sort $count keys %Timeouts) { + print " $ThisOne: $Timeouts{$ThisOne} Time(s)\n"; + } +} + +if (keys %ForwardErrors) { + print "\n\nForwarding errors:\n"; + my $count = CountOrder(%ForwardErrors); + foreach $ThisOne (sort $count keys %ForwardErrors) { + print " $ThisOne: $ForwardErrors{$ThisOne} Time(s)\n"; + } +} + +if (keys %MailRejected) { + print "\n\nMail was rejected because of the following entries in the access database:\n"; + foreach $ThisOne (sort keys %MailRejected) { + printf " %-50s : %3i Time(s)\n" , $ThisOne , $MailRejected{$ThisOne}; + } +} + +if (keys %relay) { + print "\n\nWe do not relay for these (host,ruser,luser):\n"; + foreach $host (sort keys %relay) { + print "\n $host\n"; + foreach $ruser (sort keys %{ $relay{$host} }) { + print " $ruser\n"; + foreach $luser (sort keys %{$relay{$host}{$ruser}}) { + printf " %-30s %i \n",$luser,$relay{$host}{$ruser}{$luser}; + } + } + } +} + +if (keys %notLocal) { + print "\n\nAddress not local from these (host, user): \n"; + foreach $host (sort keys %notLocal ) { + print "\n $host\n"; + foreach $luser (sort keys %{ $notLocal{$host} }) { + printf " %-30s %i \n",$luser,$notLocal{$host}{$luser}; + } + } +} + +if (keys %abuse) { + my $total; + print "\n\nrejected VRFY (host,ruser):\n"; + foreach $host (sort keys %abuse) { + print "\n $host\n"; + $total = 0; + foreach $luser (sort keys %{$abuse{$host}}) { + print " $luser\n"; + $total+=$abuse{$host}{$luser}; + } + print " Total per host:$total\n"; + } +} + +if (keys %largeHdrs) { + print "\n\nToo large headers from: \n"; + foreach $host ( sort {$largeHdrs{$b}<=>$largeHdrs{$a}} keys %largeHdrs ) { + printf " %-17s %-3i Time(s)\n",$host, $largeHdrs{$host}; + } +} + +if (keys %AddressError) { + print "\n\nErrors in mail address:\n"; + foreach $Reason (sort {$a cmp $b} keys %AddressError) { + print " $Reason:\n"; + foreach $Address (sort {$a cmp $b} keys %{$AddressError{$Reason}}) { + print " $Address: $AddressError{$Reason}{$Address} Time(s)\n"; + } + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) { + print " $line: $OtherList{$line} Time(s)\n"; + } +} + +#Besure to add any newones to this total -mgt +$TotalRejected = $ukusers + $rldeny + $knspam + $blktotal + $ukndomain + $uknhosts + $chkmreject + $chkrereject; +if ( $TotalRejected > 0 ) { + print "\n\nSummary:\n"; + print "\tTotal Mail Rejected: $TotalRejected\n"; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/sendmail-largeboxes b/log.d/configs/linux/scripts/services/sendmail-largeboxes new file mode 100755 index 0000000..2735860 --- /dev/null +++ b/log.d/configs/linux/scripts/services/sendmail-largeboxes @@ -0,0 +1,10 @@ +#!/bin/bash +########################################################################## +# $Id: sendmail-largeboxes,v 1.2 2004/06/21 15:07:21 kirk Exp $ +########################################################################## + +ls -alSh /var/spool/mail | \ + grep rw | \ + grep -E "([0-9][0-9]|[4-9])+[0-9]+([.][0-9])*[M]" | \ + gawk -F ' ' ' { print("Warning: Large mailbox: "$9" ("$5")") } ' + diff --git a/log.d/configs/linux/scripts/services/shaperd b/log.d/configs/linux/scripts/services/shaperd new file mode 100755 index 0000000..621aaf1 --- /dev/null +++ b/log.d/configs/linux/scripts/services/shaperd @@ -0,0 +1,128 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: shaperd,v 1.1 2004/02/03 02:45:26 kirk Exp $ +########################################################################## +# $Log: shaperd,v $ +# Revision 1.1 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +# Revision 1.3 2004/01/17 23:04:13 blues +# - ignored some entries +# +# Revision 1.2 2004/01/06 10:57:33 blues +# - delay decreating message +# +# Revision 1.1 2003/12/25 20:07:15 blues +# - shaperd support for logwatch +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Pawe³ Go³aszewski +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org and blues@pld-linux.org +######################################################## + +## Initial initialization: +$DelayIncCount = 0; +$DelayDecCount = 0; +$MaxDelay = 0; +$MinDelay = 0; +$TooOldSoft = 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( + ($ThisLine =~ m/^upload ip: /) or + ($ThisLine =~ m/^download ip: /) or + ($ThisLine =~ m/^Delay parameter has too low amount for this number of IP's or possibility of server.$/) or + ($ThisLine =~ m/^Dlay parameter has too high amount./) or + ($ThisLine =~ m/^starting: LAN Traffic shaper/) or + ($ThisLine =~ m/^using IP [^ ]* for [^ ]* (local|internet) interface/) or + ($ThisLine =~ m/^running, PID=/) or + ($ThisLine =~ m/^divide_upload active/) or + ($ThisLine =~ m/^Normal termination./) or + ($ThisLine =~ m/^Initialisation finished/) or + ($ThisLine =~ m/^HTB3 found - quantum option enabled./) or + ($ThisLine =~ m/^HTB Upload Class type activated/) or + ($ThisLine =~ m/^HTB Download Class type activated/) or + ($ThisLine =~ m/^Continuous traffic control enabled/) + ) { + #ignore these + } elsif ( ($Direction,$Ip) = ($ThisLine =~ /^Can't control ([^ ]*) bandwidth of IP ([^ ]*)$/)) { + $BandwidthControl{$Direction}{$Ip}++; + } elsif ( ($Direction,$Ip) = ( $ThisLine =~ /^Removing ([^ ]*) class of IP ([^ ]*)$/ ) ) { + $RemovingClass{$Direction}{$Ip}++; + } elsif ( ($Delay) = ( $ThisLine =~ /^Increasing delay to ([0-9]*) seconds$/) ) { + $IncreasingDelay{$Delay}++; + $DelayIncCount++; + } elsif ( ($Delay) = ( $ThisLine =~ /^Decreasing delay to ([0-9]*) seconds$/) ) { + $DecreasingDelay{$Delay}++; + $DelayDecCount++; + } elsif ( $ThisLine =~ m/^It seems that iproute2 did'nt work correctly. Please upgrade your iproute2 and\/or kernel./) { + $TooOldSoft++; + } else { + $OtherList{$ThisLine}++; + } +} + +########################### +# Print report: + +if ($TooOldSoft > 0) { + print "\nWarning:\n"; + print "Too old or broken iproute2/kernel reported $TooOldSoft Time(s)\n"; +} + +if (keys %IncreasingDelay) { + foreach $Delay (keys %IncreasingDelay) { + if ($Delay > $MaxDelay) { + $MaxDelay = $Delay; + } + } + print "\nDelay increased $DelayIncCount Time(s) up to $MaxDelay seconds.\n"; +} + +if (keys %DecreasingDelay) { + foreach $Delay (keys %DecreasingDelay) { + if ($Delay < $MinDelay) { + $MinDelay = $Delay; + } + } + print "\nDelay decreased $DelayDecCount Time(s) to $MinDelay seconds.\n"; +} + +if (keys %BandwidthControl) { + print "\nCan't control bandwidth:\n"; + foreach $Direction (sort {$a cmp $b} keys %BandwidthControl) { + print " $Direction:\n"; + foreach $Ip (sort {$a cmp $b} keys %{$BandwidthControl{$Direction}}) { + print " $Ip : $BandwidthControl{$Direction}{$Ip} Time(s)\n"; + } + } +} + +if (keys %RemovingClass) { + print "\nRemoving class for:\n"; + foreach $Direction (sort {$a cmp $b} keys %RemovingClass) { + print " $Direction:\n"; + foreach $Ip (sort {$a cmp $b} keys %{$RemovingClass{$Direction}}) { + print " $Ip : $RemovingClass{$Direction}{$Ip} Time(s)\n"; + } + } +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { + print "$line: $OtherList{$line} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/smartd b/log.d/configs/linux/scripts/services/smartd new file mode 100755 index 0000000..a7814c4 --- /dev/null +++ b/log.d/configs/linux/scripts/services/smartd @@ -0,0 +1,48 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: smartd,v 1.5 2004/02/03 03:36:39 kirk Exp $ +########################################################################## + +#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), No such device or address, open\(\) failed/ )) { + # ignore + } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), is SMART capable. Adding to "monitor" list./ )) { + # ignore + } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), found in smartd database./ )) { + # ignore + } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), opened/)) { + # ignore + } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), appears to lack SMART*/ )) { + # ignore +# } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), (.*)$/)) { +# $ParamChanges{$Device}{$Msg}++; + } elsif ( ($Device,$AttribType,$Code,$Name,undef,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+) changed from ([0-9]+) to ([0-9]+)/)) { + $ParamChanges{$Device}{"$AttribType: $Name ($Code)"}{$NewVal}++; + } +} + +if (keys %ParamChanges) { + foreach $Device (sort keys %ParamChanges) { + print "\n$Device :\n"; + foreach $Msg (sort keys %{$ParamChanges{$Device}}) { + print " $Msg changed to "; + $vv=""; + foreach $Val (sort keys %{$ParamChanges{$Device}{$Msg}}) { + if (! $vv eq "") { + print "$vv, "; + } + $vv = "$Val"; + #$vv .= " ($ParamChanges{$Device}{$Msg}{$Val} times)"; + } + print "$vv\n"; + } + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/sshd b/log.d/configs/linux/scripts/services/sshd new file mode 100755 index 0000000..4394add --- /dev/null +++ b/log.d/configs/linux/scripts/services/sshd @@ -0,0 +1,346 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: sshd,v 1.37 2004/02/03 19:13:14 kirk Exp $ +########################################################################## +# $Log: sshd,v $ +# Revision 1.37 2004/02/03 19:13:14 kirk +# More Solaris patches from Sean Boran +# +# Revision 1.36 2004/02/03 18:39:34 kirk +# Patches from [ISO-8859-2] Pawe? Go?aszewski" +# +# Revision 1.35 2004/02/03 03:52:20 kirk +# Added mailscanner filter and more Solaris support from Mike Tremaine +# +# Revision 1.34 2004/02/03 02:45:26 kirk +# Tons of patches, and new 'oidentd' and 'shaperd' filters from +# Pawe? Go?aszewski" +# +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use Logwatch ':all'; + +$Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0); +$Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0); + +# Avoid "Use of uninitialized value" warning messages. +sub ValueOrDefault { + my ($value, $default) = @_; + return ($value ? $value : $default); +} + +# No sense in running if 'sshd' doesn't even exist on this system... +#unless (( -f "/usr/sbin/sshd" ) or ( -f "/usr/local/sbin/sshd") or ( -f "/usr/lib/ssh/sshd")) { +# exit (0); +#} + +my $sftpRequests = 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n"; + $DebugCounter = 1; +} + +while (defined($ThisLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG($DebugCounter): $ThisLine"; + $DebugCounter++; + } + chomp($ThisLine); + if ( + ($ThisLine =~ m/^(log: )?Closing connection to/) or + ($ThisLine =~ m/^Connection closed by/) or + ($ThisLine =~ m/^(log: )?$/ ) or + ($ThisLine =~ m/^(log: )?\^\[\[60G/ ) or + ($ThisLine =~ m/^(log: )? succeeded$/ ) or + ($ThisLine =~ m/^(log: )?Starting sshd:/ ) or + ($ThisLine =~ m/^(log: )?sshd \-TERM succeeded/ ) or + ($ThisLine =~ m/^Disconnecting: Command terminated on signal \d+/) or + ($ThisLine =~ m/^Bad protocol version identification .*:? [\d.]+/ ) or + ($ThisLine =~ m/^Bad protocol version identification.*Big-Brother-Monitor/ ) or + ($ThisLine =~ m/Connection from .* port /) or + ($ThisLine =~ m/^connect from \d+\.\d+\.\d+\.\d+/) or + ($ThisLine =~ m/Read from socket failed/) or + ($ThisLine =~ m/^fatal: Timeout before authentication/ ) or + ($ThisLine =~ m/sshd startup\s+succeeded/) or + ($ThisLine =~ m/sshd shutdown\s+succeeded/) or + ($ThisLine =~ m/Postponed keyboard-interactive for [^ ]+ from [^ ]+/) + ) { + # Ignore these + } elsif ($ThisLine =~ /^Accepted (\S+) for (\S+) from ([\d\.:a-f]+) port (\d+)/) { + if ($Debug >= 5) { + print STDERR "DEBUG: Found -$2 logged in from $3 using $1\n"; + } + if ($Detail >= 20) { + $Users{$2}{$3}{$1}++; + } else { + $Users{$2}{$3}{"(all)"}++; + } + } elsif ( $ThisLine =~ m/^Failed (\S+) for (\S+) from ([^ ]+) port (\d+)/ ) { #openssh + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Failed login- line\n"; + } + $BadLogins{"$2/$1 from $3"}++; + } elsif ( $ThisLine =~ m/^Failed (\S+) for illegal user (\S+) from ([^ ]+) port (\d+)/ ) { #openssh + $Temp = "$2/$1 from $3"; + $BadLogins{$Temp}++; + $IllegalUsers{$Temp}++; + } elsif ( ($User) = ( $ThisLine =~ /Disconnecting: Too many authentication failures for ([^ ]+)/)) { + $TooManyFailures{$User}++; + } elsif ( ($User) = ($ThisLine =~ /^input_userauth_request: illegal user ([^ ]+)$/ )) { + $IllegalUsers{"$User/none from unknown"}++; + } elsif ( $ThisLine =~ m/^Illegal user (\S+) from ([^ ]+)/ ) { #redhat thing + $IllegalUsers{"$1/none from $2"}++; + } elsif ( $ThisLine =~ m/^(fatal: )?Did not receive ident(ification)? string from (.+)/ ) { # ssh/openssh + $name = LookupIP($3); + $NoIdent{$name}++; + } elsif ( ($Host) = ($ThisLine =~ /Could not write ident string to ([^ ]+)$/ )) { + $name = LookupIP($Host); + $NoIdent{$name}++; + } elsif ( + ($ThisLine =~ m/^fatal: Connection closed by remote host\./ ) or + ($ThisLine =~ m/^fatal: Read error from remote host: Connection reset by peer/ ) or + ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or + ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or + ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or + ($ThisLine =~ m/^error: chan_shutdown_read failed for .+/) + ) { + $NetworkErrors++; + } elsif ( $ThisLine =~ m/^(log: )?Received (signal 15|SIG...); (terminating|restarting)\./) { #ssh/openssh + $Kills++; + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Signal 15 Terminating- line\n"; + } + } elsif ( $ThisLine =~ m/^(log: )?Server listening on( [^ ]+)? port \d+/ ) { #ssh/openssh + $Starts++; + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Listening on port 22- line\n"; + } + } elsif ( ($Port,$Address,$Reason) = ($ThisLine =~ /^error: Bind to port ([^ ]+) on ([^ ]+) failed: (.+).$/ )) { + $Temp = "$Address port $Port ($Reason)"; + $BindFailed{$Temp}++; + } elsif ( $ThisLine =~ m/^(log: )?Generating .* \w+ key\./ ) { # ssh/openssh + # Don't care about this... + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Generating RSA key- line\n"; + } + } elsif ( $ThisLine =~ m/^packet_set_maxsize: /) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -packet_set_maxsize- line\n"; + } + } elsif ( $ThisLine =~ m/^(log: )?\w+ key generation complete\./ ) { # ssh/openssh + # Don't care about this... + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Keygen complete- line\n"; + } + } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port (\d+)/ ) { #openssh + # depending on log mode, openssh may not report these in connection context. + if ( $Debug >= 5 ) { + print STDERR "DEBUG: Found -Failed login- line\n"; + } + $BadLogins{"$2/$1 from $3"}++; + } elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]*).*$/$2/) { + $NoRevMap{$ThisLine}++; + } elsif ( ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for ([^ ]*) failed - POSSIBLE BREAKIN ATTEMPT!/)) { + $NoRevMap{$Address}++; + } elsif ( $ThisLine =~ m/subsystem request for sftp/ ) { + $sftpRequests++; + } elsif ( $ThisLine =~ m/refused connect from (.*)$/ ) { + $RefusedConnections{$1}++; + } elsif ( ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) { + $RefusedAuthentication{$Reason}++; + } elsif ( ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) { + $DisconnectReceived{$Reason}{$Host}++; + } elsif ( ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) { + $RootLogin{$Host}++; + } elsif ( ($Error) = ($ThisLine =~ /^Cannot release PAM authentication\[\d\]: (.*)$/)) { + $PamReleaseFail{$Error}++; + } elsif ( $ThisLine =~ m/^error: PAM: (.*)$/) { + $PamReleaseFail{$Error}++; + } elsif ( ($Reason) = ($ThisLine =~ /^Setting tty modes failed: (.*)$/)) { + $TTYModesFail{$Reason}++; + } elsif ( ($User,undef) = ($ThisLine =~ /^User ([^ ]*) not allowed because ([^ ]*) exists$/)) { + $LoginLock{$User}++; + } elsif ( ($IP) = ($ThisLine =~ /^scanned from ([^ ]*)/) ) { + push @Scanned, LookupIP($IP); + } else { + # Report any unmatched entries... + unless ($ThisLine =~ /fwd X11 connect/) { + push @OtherList, "$ThisLine\n"; + } + } +} + +########################################################### + +if ($NetworkErrors) { + print "\nNetwork Read Write Errors: " . $NetworkErrors . "\n"; +} +if ($Kills) { + print "\nSSHD Killed: " . $Kills . " Time(s)\n"; +} +if ($Starts) { + print "\nSSHD Started: " . $Starts . " Time(s)\n"; +} + +if (keys %RootLogin) { + print "\n\nWARNING!!!\n"; + print "Refused ROOT login attempt from:\n"; + foreach $Host (sort {$a cmp $b} keys %RootLogin) { + print " $Host : $RootLogin{$Host} Time(s)\n"; + } +} + +if (keys %BindFailed) { + print "\nFailed to bind:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %BindFailed) { + print " $ThisOne : $BindFailed{$ThisOne} Time(s)\n"; + } +} + +if ($Detail >= 10) { + if (keys %NoRevMap) { + print "\nCouldn't resolve these IPs:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %NoRevMap) { + print " $ThisOne: $NoRevMap{$ThisOne} Time(s)\n"; + } + } + if (keys %NoIdent) { + print "\nDidn't receive an ident from these IPs:\n"; + foreach $ThisOne (sort {$a cmp $b} keys %NoIdent) { + print " $ThisOne: $NoIdent{$ThisOne} Time(s)\n"; + } + } +} + +if ($#BadRSA >= 0) { + print "\nReceived a bad response to RSA challenge from these:\n"; + foreach $ThisOne (@BadRSA) { + print " $ThisOne\n"; + } +} + +if (keys %TooManyFailures) { + print "\nDisconnecting after too many authentication failures for user:\n"; + foreach $User (sort {$a cmp $b} keys %TooManyFailures) { + print " $User : $TooManyFailures{$User} Time(s)\n"; + } +} + +if (keys %TooManyFailures) { + print "\nDisconnecting after too many authentication failures for user:\n"; + foreach $User (sort {$a cmp $b} keys %TooManyFailures) { + print " $User : $TooManyFailures{$User} Time(s)\n"; + } +} + +if (keys %BadLogins) { + print "\nFailed logins from these:\n"; + for (sort keys %BadLogins) { + print " $_: $BadLogins{$_} Time(s)\n"; + } +} + +if (keys %IllegalUsers) { + print "\nIllegal users from these:\n"; + for (sort keys %IllegalUsers) { + print " $_: $IllegalUsers{$_} Time(s)\n"; + } +} + +if ((keys %LoginLock) and ($Detail >= 5)) { + print "\nUser login attempt when nologin was set:\n"; + foreach $User (sort {$a cmp $b} keys %LoginLock) { + print " $User : $LoginLock{$User} Time(s)\n"; + } +} + +if (keys %Users) { + print "\nUsers logging in through sshd:\n"; + foreach $user (sort {$a cmp $b} keys %Users) { + print " $user:\n"; + my $totalSort = TotalCountOrder(%{$Users{$user}}, \&SortIP); + foreach my $ip (sort $totalSort keys %{$Users{$user}}) { + my $name = LookupIP($ip); + if ($Detail >= 20) { + print " $name:\n"; + my $sort = CountOrder(%{$Users{$user}{$ip}}); + foreach my $method (sort $sort keys %{$Users{$user}{$ip}}) { + my $val = $Users{$user}{$ip}{$method}; + my $plural = ($val > 1) ? "s" : ""; + print " $method: $val time$plural\n"; + } + } else { + my $val = (values %{$Users{$user}{$ip}})[0]; + my $plural = ($val > 1) ? "s" : ""; + print " $name: $val time$plural\n"; + } + } + } +} + +if (keys %RefusedAuthentication) { + print "\n\nAuthentication refused:\n"; + foreach $Reason (sort {$a cmp $b} keys %RefusedAuthentication) { + print " $Reason : $RefusedAuthentication{$Reason} Time(s)\n"; + } +} + +if (keys %DisconnectReceived) { + print "\n\nReceived disconnect:\n"; + foreach $Reason (sort {$a cmp $b} keys %DisconnectReceived) { + print " $Reason\n"; + foreach $Host (sort {$a cmp $b} keys %{$DisconnectReceived{$Reason}}) { + print " $Host : $DisconnectReceived{$Reason}{$Host} Time(s)\n"; + } + } +} + +if ($#Scanned >= 0) { + print "\nScanned from these:\n"; + foreach $ThisOne (sort SortIP @Scanned) { + print " " . $ThisOne . "\n"; + } +} + +if (keys %RefusedConnections) { + print "\nRefused incoming connections:\n"; + foreach my $badguy (sort {$a cmp $b} keys %RefusedConnections ) { + print " $badguy: " . $RefusedConnections{$badguy} . " Time(s)\n"; + } +} + +if (keys %PamReleaseFail) { + print "\nCannot release PAM authentication:\n"; + foreach $Error (sort {$a cmp $b} keys %PamReleaseFail) { + print " $Error : $PamReleaseFail{$Error} Time(s)\n"; + } +} + +if (keys %TTYModesFail) { + print "\nSetting tty modes failed:\n"; + foreach $Reason (sort {$a cmp $b} keys %TTYModesFail) { + print " $Reason : $TTYModesFail{$Reason} Time(s)\n"; + } +} + +if ($sftpRequests > 0) { + print "\nSFTP subsystem requests: $sftpRequests Time(s)\n"; +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et diff --git a/log.d/configs/linux/scripts/services/sshd2 b/log.d/configs/linux/scripts/services/sshd2 new file mode 100755 index 0000000..5d5ed1c --- /dev/null +++ b/log.d/configs/linux/scripts/services/sshd2 @@ -0,0 +1,47 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: sshd2,v 1.5 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Gerald Teschl +# +# Please send all comments, suggestions, bug reports, +# etc, to and kirk@kaybee.org. +######################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + if ( ($ThisLine =~ /^Daemon is running.$/) or + ($ThisLine =~ /^Listener created on port .*$/) or + ($ThisLine =~ /^sshd2$/) ) { + # don't care about these + } + elsif ( $ThisLine =~ /^Starting sshd2: $/ ) { + $Started++; + } + else { + # Report any unmatched entries... + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +if ( ($Detail >= 10) and ($Started) ) { + print "\nStatistics:\n"; + print " Sshd2 started: $Started Time(s)\n"; +} + +if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $ThisOne (keys %OtherList) { + print "$ThisOne: $OtherList{$ThisOne} Time(s)\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/stunnel b/log.d/configs/linux/scripts/services/stunnel new file mode 100755 index 0000000..fdb771a --- /dev/null +++ b/log.d/configs/linux/scripts/services/stunnel @@ -0,0 +1,78 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: stunnel,v 1.3 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +$^W=1; +use strict; + +my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +my $DebugCounter = 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside stunnel Filter \n\n"; + $DebugCounter = 1; +} + +my @OtherList = (); +my %OtherList = (); +my %connections = (); + +sub other { + my $msg = shift; + unless (exists $OtherList{$msg}) { + $OtherList{$msg} = 1; + push(@OtherList, $msg); + } else { + $OtherList{$msg}++; + } +} + +my $ThisLine; +while (defined($ThisLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG($DebugCounter): $ThisLine"; + $DebugCounter++; + } + chomp($ThisLine); + my $origline = $ThisLine; + if ($ThisLine =~ m/^(.+) connected from (\d+\.\d+\.\d+\.\d+)/) { + my $service = $1; + my $ip = $2; + if (! exists($connections{$service}{$ip})) { + $connections{$service}{$ip} = 0; + } + ++$connections{$service}{$ip}; + } elsif ($ThisLine =~ m/^Connection (reset|closed)/) { + # ignore + } else { + # Report any unmatched entries... + other($ThisLine); + } +} + +if (keys %connections) { + print "\nconnections:\n"; + foreach my $service (sort keys %connections) { + print " $service\n"; + my $ips = $connections{$service}; + foreach my $ip (sort keys %$ips) { + print " $ip ", $ips->{$ip}, "\n"; + } + } +} + +if (@OtherList) { + print "\n**Unmatched Entries**\n"; + for (@OtherList) { + my $count = $OtherList{$_}; + print "($count) $_\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/sudo b/log.d/configs/linux/scripts/services/sudo new file mode 100755 index 0000000..347a748 --- /dev/null +++ b/log.d/configs/linux/scripts/services/sudo @@ -0,0 +1,51 @@ +#!/usr/bin/perl -nw +########################################################################### +# $Id: sudo,v 1.5 2003/12/15 18:09:23 kirk Exp $ +########################################################################### + +########################################################################### +# sudo: A logwatch script to collate and format sudo log entries from +# the secure log. Entries are broken down by the user who issued +# the command, and further by the effective user of the command. +# +# Detail Levels: +# 0: Just print the command +# 20: Include the current directory when the command was executed +# (on a separate line) +# 30: Include the TTY on the directory line +########################################################################### + +use strict; +#require 5.6.0; # our + +our ($Debug, $Detail, %byUser, $line); +$Debug = $ENV{'LOGWATCH_DEBUG'} || 0; +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 30; + +while ($line = ) { + chomp($line); + if ( ($line =~ /(\w+) : TTY=(.*) ; PWD=(.*?) ; USER=(\w+) ; COMMAND=(.*)/ ) ) { + push @{$byUser{$1}{$4}}, [$5, $3, $2]; + } +} + + foreach my $user (sort keys %byUser) { + foreach my $euser (sort keys %{$byUser{$user}}) { + print "$user => $euser\n", "-" x 78, "\n"; + foreach my $row (@{$byUser{$user}{$euser}}) { + my ($cmd, $dir, $tty) = @$row; + # make long commands easier to read + $cmd =~ s/(?=.{74,})(.{1,74}) /${1} \\\n /g + if (length($cmd) > 75); + print "$cmd\n"; + if ($Detail > 20) { + my $ttydetail = ""; + $ttydetail = "($tty) " if $Detail >= 30; + print "\t$ttydetail$dir\n"; + } # if $Detail + } # foreach $row + } # foreach $euser + } # foreach $user + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/syslogd b/log.d/configs/linux/scripts/services/syslogd new file mode 100755 index 0000000..94e113c --- /dev/null +++ b/log.d/configs/linux/scripts/services/syslogd @@ -0,0 +1,53 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: syslogd,v 1.8 2004/02/03 19:13:14 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +while (defined($ThisLine = )) { + chomp($ThisLine); + if ( $ThisLine =~ /^exiting on signal 15$/ ) { + #$Kills++; + } + elsif ($ThisLine =~ /^syslogd .* restart\.$/) { + $Starts++; + } + elsif ($ThisLine eq "restart") { + $Starts++; + } + elsif ($ThisLine =~ /^Cannot glue message parts together$/) { + $Errors++; + } + else { + # Report any unmatched entries... + chomp($ThisLine); + $OtherList{$ThisLine}++; + } +} + +if ($Errors) { + print "\nCould not glue message parts together " . $Errors . " Time(s)\n"; +} + +if ($Starts) { + print "\nSyslogd started " . $Starts . " Time(s)\n"; +} + +if (keys %OtherList) { + print "\n**** Unmatched entries ****\n"; + foreach $Error (keys %OtherList) { + print " $Error : $OtherList{$Error} Times\n"; + } +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/tac_acc b/log.d/configs/linux/scripts/services/tac_acc new file mode 100755 index 0000000..fcb4706 --- /dev/null +++ b/log.d/configs/linux/scripts/services/tac_acc @@ -0,0 +1,99 @@ +#!/usr/bin/perl -w +use strict; +######################################################## +# $Id: tac_acc,v 1.5 2003/12/15 18:09:23 kirk Exp $ +######################################################## + +######################################################## +# Please send all comments, suggestions, bug reports, +# etc, to frank@fam-breedijk.com. +######################################################## + +my ($ThisLine, @fields, %activity, %isdn, @OtherList); + +my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +while (defined($ThisLine = )) { + @fields = split /\t/, $ThisLine; + if ( @fields == 11 && $fields[10] =~ /^cmd=/ ) { + unless ( exists $activity{$fields[1]} ) { + $activity{$fields[1]} = {}; + } + unless ( exists $activity{$fields[1]}->{$fields[2]} ) { + $activity{$fields[1]}->{$fields[2]} = {}; + } + chomp $fields[10]; + $fields[10] =~ s/^cmd=//; + $activity{$fields[1]}->{$fields[2]}->{$fields[10]}++; + } + elsif ( @fields == 12 && $fields[11] =~ /^cmd=/ ) { + unless ( exists $activity{$fields[1]} ) { + $activity{$fields[1]} = {}; + } + unless ( exists $activity{$fields[1]}->{$fields[2]} ) { + $activity{$fields[1]}->{$fields[2]} = {}; + } + chomp $fields[11]; + $fields[11] =~ s/^cmd=//; + $activity{$fields[1]}->{$fields[2]}->{$fields[11]}++; + } + elsif ( @fields == 27 && $fields[24] =~ /^elapsed_time=/ ) { + unless ( exists $isdn{$fields[2]} ) { + $isdn{$fields[2]} = {}; + } + unless ( exists $isdn{$fields[2]}->{$fields[4]} ) { + $isdn{$fields[2]}->{$fields[4]} = {}; + $isdn{$fields[2]}->{$fields[4]}->{'seconds'} = 0; + } + chomp $fields[24]; + $fields[24] =~ s/^elapsed_time=//; + $isdn{$fields[2]}->{$fields[4]}->{'seconds'} += $fields[24]; + } + elsif ( @fields == 10 && $fields[5] =~ /^start/ ) { + unless ( exists $isdn{$fields[2]} ) { + $isdn{$fields[2]} = {}; + } + unless ( exists $isdn{$fields[2]}->{$fields[4]} ) { + $isdn{$fields[2]}->{$fields[4]}->{'start'} = 0; + } + $isdn{$fields[2]}->{$fields[4]}->{'start'}++; + } + else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} +if ((keys %activity) and ($Detail >= 5)) { + foreach my $host ( sort keys %activity ) { + print "\nActivity on $host:\n"; + foreach my $user ( sort keys %{$activity{$host}} ) { + print "User: $user\n"; + foreach my $command ( sort keys %{$activity{$host}->{$user}} ) { + print "$command\t$activity{$host}->{$user}->{$command} time(s)\n"; + } + } + } +} +if ((keys %isdn) and ($Detail >= 5)) { + foreach my $host ( sort keys %isdn ) { + print "\nISDN on $host:\n"; + foreach my $number ( sort keys %{$isdn{$host}} ) { + print "Number: $number dailed total $isdn{$host}->{$number}->{'seconds'} seconds"; + if ($isdn{$host}->{$number}->{'start'}) { + print " started $isdn{$host}->{$number}->{'start'} times\n"; + } else { + print "\n"; + } + } + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/up2date b/log.d/configs/linux/scripts/services/up2date new file mode 100755 index 0000000..f03f719 --- /dev/null +++ b/log.d/configs/linux/scripts/services/up2date @@ -0,0 +1,77 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: up2date,v 1.9 2003/12/15 18:09:23 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Eric Moret +# +# Please send all comments, suggestions, bug reports, +# etc, to eric.moret@epita.fr. +######################################################## + +$Debug = $ENV{'LOGWATCH_DEBUG'} || 0; +#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside up2date Filter \n\n"; + $DebugCounter = 1; +} + +while (defined($ThisLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG($DebugCounter): $ThisLine"; + $DebugCounter++; + } + if ( ( $ThisLine =~ /^updating login info$/ ) or + ( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or + ( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or + ( $ThisLine =~ /^(getA|a)vailablePackageList from network$/ ) or + ( $ThisLine =~ /^logging into up2date server$/ ) or + ( $ThisLine =~ /^A socket error occurred/ ) or + ( $ThisLine =~ /^new up2date run started/ ) or + ( $ThisLine =~ /^A protocol error occurred/ ) or + ( $ThisLine =~ /^Error communicating with server\. The message was:$/ ) or + ( $ThisLine =~ /^deleting \/var\/spool\/up2date\// ) ) { + # We don't care about these + } elsif ( $ThisLine =~ s/^installing packages: ([^ ]+)/$1/ ) { + $PackageInstalled{$ThisLine}++; + } elsif ( $ThisLine =~ s/^Adding packages to package profile: ([^ ]+)/$1/ ) { + $PackageAddedToProfile{$ThisLine}++; + } elsif ( $ThisLine =~ s/^Removing packages from package profile: ([^ ]+)/$1/ ) { + $PackageRemovedFromProfile{$ThisLine}++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if (keys %PackageInstalled) { + print "\nPackage Installed:\n"; + foreach $ThisOne (keys %PackageInstalled) { + print " " . $ThisOne; + } +} +if (keys %PackageAddedToProfile) { + print "\nPackage Added To Profile:\n"; + foreach $ThisOne (keys %PackageAddedToProfile) { + print " " . $ThisOne; + } +} +if (keys %PackageRemovedFromProfile) { + print "\nPackage Removed From Profile:\n"; + foreach $ThisOne (keys %PackageRemovedFromProfile) { + print " ". $ThisOne; + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/vpopmail b/log.d/configs/linux/scripts/services/vpopmail new file mode 100755 index 0000000..19e1b3f --- /dev/null +++ b/log.d/configs/linux/scripts/services/vpopmail @@ -0,0 +1,82 @@ +#!/usr/bin/perl +########################################################################## +# $Id: vpopmail,v 1.7 2003/12/15 18:09:23 kirk Exp $ +########################################################################## +# Written & Maintained by Chris Smith (csmith@squiz.net) +########################################################################## + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + +$ShowSuccessfulLogins = $ENV{'successful_logins'}; + +while (defined($ThisLine = )) { + if ( + ( $ThisLine =~ /vpop_mail/ ) + ) { + # We don't care about these + } elsif (($VirtAccount) = ($ThisLine =~ /no virt found (.*?)\:/i )) { + $NoAccount{$VirtAccount}++; + } elsif (($Account,$IP) = ($ThisLine =~ /login success (.*?)\:(.*)/i )) { + $Type = 'Plain'; + $SuccessfulLogin->{$Account}->{$Type}->{$IP}++; + } elsif (($Type,$Account,$IP) = ($ThisLine =~ /\((.*?)\) login success (.*?)\:(.*)/i )) { + $SuccessfulLogin->{$Account}->{$Type}->{$IP}++; + } elsif (($ThisLine =~ /bounce msg/)) { + $Bounce++; + } elsif (($Email) = ($ThisLine =~ /password fail (.*?)\:/i )) { + $PasswordFail{$Email}++; + } elsif ((undef, $NoUser) = ($ThisLine =~ /(no user found|user not found) (.*?)\:/i )) { + $NoUserFound{$NoUser}++; + } else { + # Report any unmatched entries... + push @OtherList,$ThisLine; + } +} + +if ($ShowSuccessfulLogins) { + if (keys %{$SuccessfulLogin}) { + print "\nSuccessful Logins:\n"; + foreach $Line (sort {$a cmp $b} keys %{$SuccessfulLogin}) { + foreach $Type (sort {$a cmp $b} keys %{$SuccessfulLogin->{$Line}}) { + foreach $Detail (sort {$a cmp $b} keys %{$SuccessfulLogin->{$Line}->{$Type}}) { + print "\t".$Line." ( from " . $Detail . " using " . $Type . " ) - " . $SuccessfulLogin->{$Line}->{$Type}->{$Detail} . " Time(s)\n"; + } + } + } + } +} + +if ( (keys %PasswordFail) ) { + print "\nPassword Failures:\n"; + foreach $Line (sort {$a cmp $b} keys %PasswordFail) { + print "\t" . $Line . " - ". $PasswordFail{$Line} . " Time(s)\n"; + } +} + +if ( (keys %NoAccount) ) { + print "\nNo Account Found:\n"; + foreach $Line (sort {$a cmp $b} keys %NoAccount) { + print "\t" . $Line . " - ". $NoAccount{$Line} . " Time(s)\n"; + } +} + +if ( (keys %NoUserFound) ) { + print "\nNo Such User Found:\n"; + foreach $Line (sort {$a cmp $b} keys %NoUserFound) { + print "\t" . $Line . " - ". $NoUserFound{$Line} . " Time(s)\n"; + } +} + +if ($Bounce) { + print "\nBounced messages: ". $Bounce."\n"; +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/vsftpd b/log.d/configs/linux/scripts/services/vsftpd new file mode 100755 index 0000000..f80c093 --- /dev/null +++ b/log.d/configs/linux/scripts/services/vsftpd @@ -0,0 +1,103 @@ +#!/usr/bin/perl + +$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; +$IgnoreUnmatched = $ENV{'vsftpd_ignore_unmatched'}; +$TotalBytesOut = 0; +$TotalBytesIn = 0; + +while (defined($ThisLine = )) { + if ( ( $ThisLine =~ /CONNECT/ ) or + ( $ThisLine =~ /MKDIR/ ) ){ + # We don't care about these + } elsif ( ($IP,$Email) = ( $ThisLine =~ /OK LOGIN: Client \"(.*)\", anon password \"(.*)\"$/ ) ) { + $Temp = " (" . $IP . "): " . $Email . " - "; + $AnonLogins{$Temp}++; + } elsif ( ($PID, $User,$IP) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK LOGIN: Client \"(.*)\"$/ ) ) { + $Temp = " (" . $IP . "): " . $User . " - "; + $UserLogins{$Temp}++; + } elsif ( ($PID,$User,$IP) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL LOGIN: Client \"(.*)\"$/ ) ) { + $Temp = " (" . $IP . "): " . $User . " - "; + $FailedLogins{$Temp}++; + } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK UPLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) { + $Temp = " " . $FileName . " <- " . $IP . " (User: " . $User . ")\n"; + $TotalBytesIn+= $FileSize; + push @UploadedFiles,$Temp; + } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL UPLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) { + $Temp = " " . $FileName . " <- " . $IP . " (User: " . $User . ")\n"; + $TotalBytesIn+= $FileSize; + push @FailedUploadedFiles,$Temp; + } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK DOWNLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) { + $Temp = " " . $FileName . " -> " . $IP . " (User: " . $User . ")\n"; + $TotalBytesOut+= $FileSize; + push @DownloadedFiles,$Temp; + } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL DOWNLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) { + $Temp = " " . $FileName . " -> " . $IP . " (User: " . $User . ")\n"; + $TotalBytesOut+= $FileSize; + push @FailedDownloadedFiles,$Temp; + } else { + # Report any unmatched entries... + #push @OtherList,$ThisLine; + } +} + +if ( (keys %AnonLogins) and ($Detail >= 5) ) { + print "\nAnonymous FTP Logins:\n"; + foreach $ThisOne (keys %AnonLogins) { + print $ThisOne . $AnonLogins{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %UserLogins) { + print "\nUser FTP Logins:\n"; + foreach $ThisOne (keys %UserLogins) { + print $ThisOne . $UserLogins{$ThisOne} . " Time(s)\n"; + } +} + +if (keys %FailedLogins) { + print "\nFailed FTP Logins:\n"; + foreach $ThisOne (keys %FailedLogins) { + print $ThisOne . $FailedLogins{$ThisOne} . " Time(s)\n"; + } +} + +$TotalKBytesOut = int $TotalBytesOut/1024; +$TotalKBytesIn = int $TotalBytesIn/1024; +$TotalMBytesOut = int $TotalKBytesOut/1024; +$TotalMBytesIn = int $TotalKBytesIn/1024; + +if ( ( $#UploadedFiles >= 0 ) or + ( $#FailedUploadedFiles >= 0 ) ) { + if ( $#UploadedFiles >= 0) { + print "\nIncoming FTP Files:\n"; + print @UploadedFiles; + } + if ( $#FailedUploadedFiles >= 0) { + print "\nFailed Uploads\n"; + print @FailedUploadedFiles; + } + print "\nTOTAL KB IN: " . $TotalKBytesIn . "KB (" . $TotalMBytesIn . "MB)\n"; +} + +if ( ( $#DownloadedFiles >= 0 ) or + ( $#FailedDownloadedFiles >=0 ) ) { + if ( $#DownloadedFiles >= 0) { + print "\nOutgoing FTP Files:\n"; + print @DownloadedFiles; + } + if ( $#FailedDownloadedFiles >= 0) { + print "\nFailed Downloads\n"; + print @FailedDownloadedFiles; + } + print "\nTOTAL KB OUT: " . $TotalKBytesOut . "KB (" . $TotalMBytesOut . "MB)\n"; +} + +if (($#OtherList >= 0) and (not $IngoreUnmatched)){ + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/yum b/log.d/configs/linux/scripts/services/yum new file mode 100755 index 0000000..d26e033 --- /dev/null +++ b/log.d/configs/linux/scripts/services/yum @@ -0,0 +1,56 @@ +#!/usr/bin/perl -w +$Debug = $ENV{'LOGWATCH_DEBUG'} || 0; + +if ( $Debug >= 5 ) { + print STDERR "\n\nDEBUG: Inside YUM Filter \n\n"; + $DebugCounter = 1; +} + +while (defined($ThisLine = )) { + if ( $Debug >= 5 ) { + print STDERR "DEBUG($DebugCounter): $ThisLine"; + $DebugCounter++; + } + + $ThisLine =~ s/^[^ ]* [^ ]* //; + + if ( $ThisLine =~ s/^Updated: ([^ ]+)/$1/ ) { + $PackageUpdated{$ThisLine}++; + } elsif ( $ThisLine =~ s/^Installed: ([^ ]+)/$1/ ) { + $PackageInstalled{$ThisLine}++; + } elsif ( $ThisLine =~ s/^Dep Installed: ([^ ]+)/$1/ ) { + $PackageDepInstalled{$ThisLine}++; + } else { + # Report any unmatched entries... + # push @OtherList,$ThisLine; + } +} + +if (keys %PackageInstalled) { + print "\nPackage Installed:\n"; + foreach $ThisOne (keys %PackageInstalled) { + print " " . $ThisOne; + } +} +if (keys %PackageDepInstalled) { + print "\nPackage Dependency Installed:\n"; + foreach $ThisOne (keys %PackageDepInstalled) { + print " " . $ThisOne; + } +} +if (keys %PackageUpdated) { + print "\nPackage Updated:\n"; + foreach $ThisOne (keys %PackageUpdated) { + print " ". $ThisOne; + } +} + +if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; +} + +exit(0); + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/zz-disk_space b/log.d/configs/linux/scripts/services/zz-disk_space new file mode 100755 index 0000000..f507c4f --- /dev/null +++ b/log.d/configs/linux/scripts/services/zz-disk_space @@ -0,0 +1,32 @@ +#!/bin/bash +########################################################################## +# $Id: zz-disk_space,v 1.5 2004/06/21 14:18:55 kirk Exp $ +########################################################################## + +if [ "$PRINTING" = "y" ] && [ "`uname -s`" = "Linux" ] ; then + if [ -n "$show_home_dir_sizes" ] ; then + echo + echo + echo "------------- Home Directory Sizes ---------------" + echo + echo "Size Location" + echo "(MB)" + du -s --block-size=1048576 /home/* | sort -n -r -k 1 + fi + echo + echo + echo "------------------ Disk Space --------------------" + echo + df -h | grep '^/dev/' + echo +elif [ "$PRINTING" = "y" ] ; then + echo + echo + echo "------------------ Disk Space --------------------" + echo + df -k + echo +fi + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/services/zz-fortune b/log.d/configs/linux/scripts/services/zz-fortune new file mode 100755 index 0000000..599fbbf --- /dev/null +++ b/log.d/configs/linux/scripts/services/zz-fortune @@ -0,0 +1,19 @@ +#!/bin/sh +########################################################################## +# $Id: zz-fortune,v 1.8 2003/12/15 18:09:24 kirk Exp $ +########################################################################## +# Named 'zz-fortune' so that it will be the last to execute... + +if [ "$PRINTING" = "y" ] ; then + if [ -x /usr/games/fortune ] ; then + echo + echo + echo "------------------ Fortune --------------------" + echo + /usr/games/fortune + echo + fi +fi + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/log.d/configs/linux/scripts/shared/applyhttpdate b/log.d/configs/linux/scripts/shared/applyhttpdate new file mode 100755 index 0000000..89b0ff6 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/applyhttpdate @@ -0,0 +1,39 @@ +#!/usr/bin/perl -w + +######################################################## +# This was stolen from code written and is maintained by: +# Kirk Bauer +# +######################################################## + +use POSIX qw(strftime); + +# This will pick out only the wanted date from a logfile +# in the standard /var/log/messages format. + +# I plan to add a *lot* more date flexibility at a later time... + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%d/%b/%Y", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%d/%b/%Y", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "..\/...\/...."; +} + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyStdDate...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/\[$SearchDate:..:..:../o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/shared/applystddate b/log.d/configs/linux/scripts/shared/applystddate new file mode 100755 index 0000000..36b83fe --- /dev/null +++ b/log.d/configs/linux/scripts/shared/applystddate @@ -0,0 +1,51 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: applystddate,v 1.12 2002/10/14 16:21:57 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +use POSIX qw(strftime); + +# This will pick out only the wanted date from a logfile +# in the standard /var/log/messages format. + +# I plan to add a *lot* more date flexibility at a later time... + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%b %d", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%b %d", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = "... .."; +} + +# The date might be "Dec 09", but it needs to be "Dec 9"... +$SearchDate =~ s/ 0/ /; + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyStdDate...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: /o) { + print $ThisLine; + } elsif ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*: /o) { + print $ThisLine; + } elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate ..:..:.. \d{4}/o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/shared/applyusdate b/log.d/configs/linux/scripts/shared/applyusdate new file mode 100755 index 0000000..d4c1f96 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/applyusdate @@ -0,0 +1,28 @@ +#!/usr/bin/perl -w + +use POSIX qw(strftime); + +my $time = time; + +if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') { + $SearchDate = strftime("%m/%d/%y", localtime($time-86400)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') { + $SearchDate = strftime("%m/%d/%y", localtime($time)); +} +elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') { + $SearchDate = '..\/..\/..'; +} + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside ApplyUSDate...\n"; + print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n"; + print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/^$SearchDate ..:..:.. /o) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/shared/expandrepeats b/log.d/configs/linux/scripts/shared/expandrepeats new file mode 100755 index 0000000..6622211 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/expandrepeats @@ -0,0 +1,34 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: expandrepeats,v 1.5 2002/10/13 15:24:27 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +# +######################################################## + +# This used to expand "Last Message Repeated n Times" messages in +# standard syslog files. Now, I have decided it is much better to +# just ignore the repeats, as otherwise our temporary logfiles will +# be too huge. + +$LastLine = ""; + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/last message repeated ([0123456789]+) times$/) { + # Just ignore these lines + #for ($i=0;$i<$1;$i++) { + # print $LastLine; + #} + } + else { + print $ThisLine; + $LastLine = $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/shared/hostlist b/log.d/configs/linux/scripts/shared/hostlist new file mode 100755 index 0000000..1481456 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/hostlist @@ -0,0 +1,34 @@ +#!/usr/bin/perl -w +use strict; + +my $TempDir = $ENV{'LOGWATCH_TEMP_DIR'}; + +my ($line, $host,$tothost); +my @hostlist; +my $HostFile = ("$TempDir" . "hostfile"); +if (-f $HostFile) { + open (TEMPFILE,$HostFile); + @hostlist = ; + close (TEMPFILE); +} + +while (defined($line = )) { + if ($line =~ m/^... .. ..:..:.. (\S*)/io) { + $host = $1; + if (grep(m/$host/,@hostlist)) { + } else { + push @hostlist,$host; + } + } +} + +open (TEMPFILE,">$HostFile") || die $!; +foreach $tothost (@hostlist) { + chomp $tothost; + if (length($tothost) == "0") { + } else { + print TEMPFILE "$tothost\n"; + } +} +close TEMPFILE; + diff --git a/log.d/configs/linux/scripts/shared/multiservice b/log.d/configs/linux/scripts/shared/multiservice new file mode 100755 index 0000000..90865d4 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/multiservice @@ -0,0 +1,40 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: multiservice,v 1.2 2003/12/15 22:15:49 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# This will pick out only the wanted service from a logfile +# in the standard /var/log/messages format. Case insensitive. + +@ServiceName = split(/,/,$ARGV[0]); + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside MultiService for $ServiceName[0]\n"; +} + +while (defined($ThisLine = )) { + +for $ServiceName (@ServiceName) { + if ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]:/i) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: \[ID [0-9]+ $ServiceName/io) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*: \[ID [0-9]+ $ServiceName/io) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName:/i) { + print $ThisLine; + } +} + +} diff --git a/log.d/configs/linux/scripts/shared/onlycontains b/log.d/configs/linux/scripts/shared/onlycontains new file mode 100755 index 0000000..945a00a --- /dev/null +++ b/log.d/configs/linux/scripts/shared/onlycontains @@ -0,0 +1,17 @@ +#!/bin/sh +########################################################################## +# $Id: onlycontains,v 1.8 2004/06/21 13:45:02 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# Just does a case-insensitive egrep ;) + +/bin/egrep -i "$@" + diff --git a/log.d/configs/linux/scripts/shared/onlyhost b/log.d/configs/linux/scripts/shared/onlyhost new file mode 100755 index 0000000..7f4b20f --- /dev/null +++ b/log.d/configs/linux/scripts/shared/onlyhost @@ -0,0 +1,30 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: onlyhost,v 1.4 2004/06/21 14:18:57 kirk Exp $ +########################################################################## + +# This feature concieved by mark@winksmith.com + +my $hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'}; + +if (($ENV{'LOGWATCH_DEBUG'} > 5) and $hostname) { + print STDERR "DEBUG: Inside OnlyHostname for $hostname\n"; +} + +#If called from a service config file it passes the param as an ARG +if ($#ARGV == 0) { #put in or override the host id + $hostname = $ARGV[0]; +} + +my $line; +while (defined($line = )) { + if ($hostname) { + if ($line =~ m/^... .. ..:..:.. $hostname\b/io) { + print $line; + } + } else { + print $line; + } +} + diff --git a/log.d/configs/linux/scripts/shared/onlyservice b/log.d/configs/linux/scripts/shared/onlyservice new file mode 100755 index 0000000..2520584 --- /dev/null +++ b/log.d/configs/linux/scripts/shared/onlyservice @@ -0,0 +1,36 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: onlyservice,v 1.5 2003/12/15 22:15:49 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# This will pick out only the wanted service from a logfile +# in the standard /var/log/messages format. Case insensitive. + +$ServiceName = $ARGV[0]; +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside OnlyService for $ServiceName\n"; +} + +while (defined($ThisLine = )) { + if ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]: /io) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: \[ID [0-9]+ $ServiceName/io) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*: \[ID [0-9]+ $ServiceName/io) { + print $ThisLine; + } + elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName: /io) { + print $ThisLine; + } +} + diff --git a/log.d/configs/linux/scripts/shared/remove b/log.d/configs/linux/scripts/shared/remove new file mode 100755 index 0000000..e6cd6da --- /dev/null +++ b/log.d/configs/linux/scripts/shared/remove @@ -0,0 +1,18 @@ +#!/bin/sh +########################################################################## +# $Id: remove,v 1.8 2004/06/21 13:45:02 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +# +######################################################## + +# Just a case-insensitive, inverse egrep + +/bin/egrep -vi "$@" + diff --git a/log.d/configs/linux/scripts/shared/removeheaders b/log.d/configs/linux/scripts/shared/removeheaders new file mode 100755 index 0000000..5546d4a --- /dev/null +++ b/log.d/configs/linux/scripts/shared/removeheaders @@ -0,0 +1,27 @@ +#!/usr/bin/perl -w +########################################################################## +# $Id: removeheaders,v 1.9 2004/06/21 14:18:57 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +# +######################################################## + +# Removes the beginning of each line of a standard /var/log/messages-style +# logfile. + +while (defined($ThisLine = )) { + #First line is Solaris ID tag style -mgt + $ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: \[ID [0-9]+ [[:alpha:]]+\.[[:alpha:]]+\] //; + $ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*: \[ID [0-9]+ [[:alpha:]]+\.[[:alpha:]]+\] //; + $ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: \[ID [0-9]+\]//; + $ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: //; + $ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*: //; + print $ThisLine; +} + diff --git a/log.d/configs/linux/scripts/shared/removeservice b/log.d/configs/linux/scripts/shared/removeservice new file mode 100755 index 0000000..8777d3f --- /dev/null +++ b/log.d/configs/linux/scripts/shared/removeservice @@ -0,0 +1,39 @@ +#!/usr/bin/perl -w +use strict; +########################################################################## +# $Id: removeservice,v 1.4 2002/10/12 02:08:20 kirk Exp $ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +my ($ServiceName, $ThisLine); +my ($linesin, $linesout) = (0, 0); + +# This will remove the unwanted service from a logfile +# in the standard /var/log/messages format. Case insensitive + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside RemoveService...\n"; +} + +$ServiceName = $ARGV[0]; + +while (defined($ThisLine = )) { + $linesin++; + unless ( ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]: /oi) or + ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName: /oi) ) { + $linesout++; + print $ThisLine; + } +} + +if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) { + print STDERR "DEBUG: Inside RemoveService: $linesin Lines In, $linesout Lines Out\n"; +} + diff --git a/log.d/db.conf b/log.d/db.conf new file mode 100644 index 0000000..582e9ce --- /dev/null +++ b/log.d/db.conf @@ -0,0 +1,13 @@ +# +# Database config file +# Logwatch SQL extension, Johan Allard, jallard2@csc.com.au + +$database = "TSyslog"; +$hostname = "localhost"; +$user = "msyslog"; +$password = ""; + +$DBI = "dbi:Pg:dbname=$database"; + +$temp_log_dir = "/var/tmp/var/log"; + diff --git a/log.d/lib/Logwatch.pm b/log.d/lib/Logwatch.pm new file mode 100644 index 0000000..c914dde --- /dev/null +++ b/log.d/lib/Logwatch.pm @@ -0,0 +1,350 @@ +#!/usr/bin/perl +# +# $Id: Logwatch.pm,v 1.5 2004/06/21 13:45:00 kirk Exp $ + +package Logwatch; + +use strict; +use Exporter; + +=pod + +=head1 NAME + +Logwatch -- Utility functions for Logwatch Perl modules. + +=head1 SYNOPSIS + + use Logwatch ':sort'; + + ## + ## Show CountOrder() + ## + + # Sample Data + my %UnknownUsers = (jb1o => 4, eo00 => 1, ma3d => 4, dr4b => 1); + my $sortClosure = CountOrder(%UnknownUsers); + foreach my $user (sort $sortClosure keys %UnknownUsers) { + my $plural = ($UnknownUsers{$user} > 1) ? "s" : ""; + printf " %-8s : %2d time%s\n", $user, $UnknownUsers{$user}, $plural; + } + + ## + ## Show TotalCountOrder() + ## + + # Sample Data + my %RelayDenied = ( some.server => {you@some.where => 2, foo@bar.com => 4}, + other.server => { foo@bar.com => 14 } + ); + + my $sub = TotalCountOrder(%RelayDenied); + foreach my $relay (sort $sub keys %RelayDenied) { + print " $relay:\n"; + my $countOrder = CountOrder(%{$RelayDenied{$relay}}); + foreach my $dest (sort $countOrder keys %{$RelayDenied{$relay}}) { + my $plural = ($RelayDenied{$relay}{$dest} > 1) ? "s" : ""; + printf " %-36s: %3d Time%s\n", $dest, + $RelayDenied{$relay}{$dest}, $plural; + } + } + + use Logwatch ':ip'; + + ## + ## Show SortIP() + ## + + # Sample Data + @ReverseFailures = qw{10.1.1.1 172.16.1.1 10.2.2.2 192.168.1.1 }; + @ReverseFailures = sort SortIP @ReverseFailures; + { local $" = "\n "; print "Reverse DNS Failures:\n @ReverseFailures\n" } + + -or- + + ## + ## Show LookupIP() + ## + foreach my $ip (sort SortIP @ReverseFailures) { + printf "%15s : %s\n", $ip, LookupIP($ip); + } + +=head1 DESCRIPTION + +This module provides utility functions intended for authors of Logwatch +scripts. The purpose is to abstract commonly performed actions into a +set of generally available subroutines. The subroutines can optionally +be imported into the local namespace. + +=over 4 + +=cut + +our @ISA = qw{Exporter}; +our @EXPORT; +our @EXPORT_OK; +our %EXPORT_TAGS = (sort => [qw(CountOrder TotalCountOrder SortIP)], + ip => [qw(LookupIP SortIP)]); + +Exporter::export_ok_tags(qw{sort ip}); + +$EXPORT_TAGS{all} = [@EXPORT, @EXPORT_OK]; + +=pod + +=item I + +This function returns a closure suitable to be passed to Perl's C +builtin. When two values are passed to the closure, it compares the +numeric values of those keys in C<%hash>, and if they're equal, the +lexically order of the keys. Thus: + + my $sortClosure = CountOrder(%UnknownUsers); + foreach my $user (sort $sortClosure keys %UnknownUsers) { + my $plural = ($UnknownUsers{$user} > 1) ? "s" : ""; + printf " %-8s : %2d time%s\n", $user, $UnknownUsers{$user}, $plural; + } + +Will print the keys and values of C<%UnknownUsers> in frequency order, +with keys of equal values sorted lexically. + +The optional second argument is a coderef to be used to sort the keys in +an order other than lexically. (a reference to C, for example.) + +=cut + +# Use a closure to abstract the sort algorithm +sub CountOrder(\%;&) { + my $href = shift; + my $coderef = shift; + return sub { + # $a & $b are in the caller's namespace, moving this inside + # guarantees that the namespace of the sort is used, in case + # it's different (admittedly, that's highly unlikely), at a + # miniscule performance cost. + my $package = (caller)[0]; + no strict 'refs'; # Back off, man. I'm a scientist. + my $A = $ {"${package}::a"}; + my $B = $ {"${package}::b"}; + use strict 'refs'; # We are a hedge. Please move along. + # Reverse the count, but not the compare + my $count = $href->{$B} <=> $href->{$A}; + return $count if $count; + if (ref $coderef) { + $a = $A; + $b = $B; + &$coderef(); + } else { + ($A cmp $B); + } + } +} + +=pod + +=item I + +This function returns a closure similar to that returned by +C, except that it assumes a hash of hashes, and totals the +keys of each sub hash. Thus: + + my $sub = TotalCountOrder(%RelayDenied); + foreach my $relay (sort $sub keys %RelayDenied) { + print " $relay:\n"; + my $countOrder = CountOrder(%{$RelayDenied{$relay}}); + foreach my $dest (sort $countOrder keys %{$RelayDenied{$relay}}) { + my $plural = ($RelayDenied{$relay}{$dest} > 1) ? "s" : ""; + printf " %-36s: %3d Time%s\n", $dest, + $RelayDenied{$relay}{$dest}, $plural; + } + } + +Will print the relays in the order of their total denied destinations +(equal keys sort lexically), with each sub hash printed in frequency +order (equal keys sorted lexically) + +The optional second argument is a coderef to be used to sort the keys in +an order other than lexically. (a reference to C, for example.) + +=cut + +sub TotalCountOrder(\%;&) { + my $href = shift; + my $coderef = shift; + my $cache = {}; + return sub { + # $a & $b are in the caller's namespace, moving this inside + # guarantees that the namespace of the sort is used, in case + # it's different (admittedly, that's highly unlikely), at a + # miniscule performance cost. + my $package = (caller)[0]; + no strict 'refs'; # Back off, man. I'm a scientist. + my $A = $ {"${package}::a"}; + my $B = $ {"${package}::b"}; + use strict 'refs'; # We are a hedge. Please move along. + my ($AA, $BB); + + foreach my $tuple ( [\$A, \$AA], [\$B, \$BB] ) { + my $keyRef = $tuple->[0]; + my $totalRef = $tuple->[1]; + + if (exists($cache->{$$keyRef})) { + $$totalRef = $cache->{$$keyRef}; + } else { + grep {$$totalRef += $href->{$$keyRef}->{$_}} + keys %{$href->{$$keyRef}}; + $cache->{$$keyRef} = $$totalRef; + } + } + my $count = $BB <=> $AA; + + return $count if $count; + if (ref $coderef) { + $a = $A; + $b = $B; + &$coderef(); + } else { + ($A cmp $B); + } + } +} + +=pod + +=item I + +This function is meant to be passed to the perl C builtin. It +sorts a list of "dotted quad" IP addresses by the values of the +individual octets. + +=cut + +sub canonical_ipv6_address { + my @a = split /:/, shift; + my @b = qw(0 0 0 0 0 0 0 0); + my $i = 0; + while (defined $a[0] and $a[0] ne '') {$b[$i++] = shift @a;} + @a = reverse @a; + $i = 7; + while (defined $a[0] and $a[0] ne '') {$b[$i--] = shift @a;} + @b; +} + +sub SortIP { + # $a & $b are in the caller's namespace. + my $package = (caller)[0]; + no strict 'refs'; # Back off, man. I'm a scientist. + my $A = $ {"${package}::a"}; + my $B = $ {"${package}::b"}; + $A =~ s/^::(ffff:)?(\d+\.\d+\.\d+\.\d+)$/$2/; + $B =~ s/^::(ffff:)?(\d+\.\d+\.\d+\.\d+)$/$2/; + use strict 'refs'; # We are a hedge. Please move along. + if ($A =~ /:/ and $B =~ /:/) { + my @a = canonical_ipv6_address($A); + my @b = canonical_ipv6_address($B); + while ($a[1] and $a[0] == $b[0]) {shift @a; shift @b;} + $a[0] <=> $b[0]; + } elsif ($A =~ /:/) { + -1; + } elsif ($B =~ /:/) { + 1; + } else { + my ($a1, $a2, $a3, $a4) = split /\./, $A; + my ($b1, $b2, $b3, $b4) = split /\./, $B; + $a1 <=> $b1 || $a2 <=> $b2 || $a3 <=> $b3 || $a4 <=> $b4; + } +} + +=pod + +=item I + +This function performs a hostname lookup on a passed in IP address. It +returns the hostname (with the IP in parentheses) on success and the IP +address on failure. Results are cached, so that many calls with the same +argument don't tax the resolver resources. + +For (new) backward compatibility, this function now uses the $DoLookup +variable in the caller's namespace to determine if lookups will be made. + +=cut + +# Might as well cache it for the duration of the run +my %LookupCache = (); + +sub LookupIP { + my $Addr = $_[0]; + + # OOPS! The 4.3.2 scripts have a $DoLookup variable. Time for some + # backwards compatible hand-waving. + + # for 99% of the uses of this function, assuming package 'main' would + # be sufficient, but a good perl hacker designs so that the other 1% + # isn't in for a nasty suprise. + my $pkg = (caller)[0]; + + # Default to true + my $DoLookup = 1; + { + # An eval() here would be shorter (and probably clearer to more + # people), but QUITE a bit slower. This function should be + # designed to be called a lot, so efficiency is important. + local *symTable = $main::{"$pkg\::"}; + + # here comes the "black magic," (this "no" is bound to the + # enclosing block) + no strict 'vars'; + if (exists $symTable{'DoLookup'} && defined $symTable{'DoLookup'}) { + *symTable = $symTable{'DoLookup'}; + $DoLookup = $symTable; + } + } + + return $Addr unless($DoLookup); + + return $LookupCache{$Addr} if exists ($LookupCache{$Addr}); + + if ($Addr =~ /:/ and $Addr !~ /^::ffff:(\d+\.\d+\.\d+\.\d+)/) { + return "unresolved IPv6 addr: $Addr"; + } + $Addr =~ s/::ffff://; + my $PackedAddr = pack('C4', split /\./,$Addr); + if (my $name = gethostbyaddr ($PackedAddr,2)) { + my $val = "$name ($Addr)"; + $LookupCache{$Addr} = $val; + return $val; + } else { + $LookupCache{$Addr} = $Addr; + return ($Addr); + } +} + +=pod + +=back + +=head1 TAGS + +In addition to importing each function name explicitly, the following +tags can be used. + +=over 4 + +=item I<:sort> + +Imports C, C + +=item I<:ip> + +Imports C and C + +=item I<:all> + +Imports all importable symbols. + +=cut + +1; + +# vi: shiftwidth=3 tabstop=3 et + diff --git a/msyslog-v1.08a+smac/AUTHORS b/msyslog-v1.08a+smac/AUTHORS new file mode 100644 index 0000000..a94a809 --- /dev/null +++ b/msyslog-v1.08a+smac/AUTHORS @@ -0,0 +1,19 @@ +$Id: AUTHORS,v 1.1.2.3 2001/11/30 23:13:42 alejo Exp $ + +We are probably omiting some authors. If you know about them, please notify +developers by mail at core.devel.alat@corest.com + +Eric Allman wrote the original BSD syslog +Ralph Campbell made extensive changes +Eric Allman then did more extensive changes +The NetBSD project (www.netbsd.org) adapted it +The OpenBSD project(www.openbsd.org) project did a security audit and adapted it +Alejo Sanchez (alejo@corest.com) developed Modular Syslog for Core-SDI +general coding specially autoconf, sql support, dynamic library use. +Federico Schwindt (fgsch@corest.com) did configure +Claudio Castiglia (claudio@corest.com) did makefile work, peo and linux module. +The Core-SDI consulting project did security audit for msyslog 1.0 + +Current Wisdom project (msyslog, auditd, etc.) coordinator is Ariel Aizenberg, +Msyslog mantainer/developer is Alejo Sanchez, and Audit[d] mantainer/developer is +Claudio Castiglia. diff --git a/msyslog-v1.08a+smac/COPYING b/msyslog-v1.08a+smac/COPYING new file mode 100644 index 0000000..1940405 --- /dev/null +++ b/msyslog-v1.08a+smac/COPYING @@ -0,0 +1,71 @@ + msyslog source code files have either traditional BSD license, +on the cases of files based on previous BSD syslog (syslogd.c, +syslogd.h, ttymsg.c and om_classic.c), or a more permisive license +known as modified BSD license, or MIT license, for the rest of the +source files. + However, this licensing scheme may change in the future, as BSD license +has been changed by the Regent of the University of California. For more +information on this, take a look at http://www.opensource.org/licenses + +the BSD license used is the following: + + Copyright (c) 1983, 1988, 1993, 1994 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +MIT license used is: + + Copyright (c) 2001, Core SDI S.A., Argentina + All rights reserved + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither name of the Core SDI S.A. nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/msyslog-v1.08a+smac/ChangeLog b/msyslog-v1.08a+smac/ChangeLog new file mode 100644 index 0000000..03627b2 --- /dev/null +++ b/msyslog-v1.08a+smac/ChangeLog @@ -0,0 +1,4 @@ +Tue Nov 14 15:30:00 2000 Alejo Sanchez (alejo@corest.com) + +* Changelog not implemented on release because of size (400K) +* It will be available as a cvs commit log diff --git a/msyslog-v1.08a+smac/INSTALL b/msyslog-v1.08a+smac/INSTALL new file mode 100644 index 0000000..7451ca7 --- /dev/null +++ b/msyslog-v1.08a+smac/INSTALL @@ -0,0 +1,164 @@ +$Id: INSTALL,v 1.7.2.2.2.1.4.7 2001/11/20 09:56:21 alejo Exp $ +============================================================================== + Modular Syslog package + INSTALL file + + (C)2000, 2001 Core-SDI. Buenos Aires, Argentina. +============================================================================== + + This file describes how to compile and install modular syslog. + + Msyslog has been tested on the following platforms: + + - OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 + - RedHat 6.2, 7.0, 7.1, 7.2 + - Debian Potato + - Solaris 7, 8 + - Irix64 6.5 + - Aix 4.3 + + + + + +SPECIAL NOTE +------------ + +Most of the documentation and examples are on the manual pages provided. +They are meant to be the ultimate reference. See im_bsd.8, im_linux.8 +im_udp.8, om_mysql.8, om_regex.8, peochk.8 im_doors.8, im_streams.8 +im_unix.8, om_peo.8, om_tcp.8, syslog.conf.5, im_file.8, im_tcp.8 +om_classic.8, om_pgsql.8, om_udp.8, and syslogd.8. + + +0. Packages +=========== + +There are Debian packages you can use with Debian's apt_get and friends. +(ie. apt_get msyslog) + +There are Redhat packages at the Sourceforge page. Those are built for +now by Florin Andrei. + +In the future we plan to have the package creation of RedHat, Debian, +OpenBSD, FreeBSD, NetBSD, and Solaris in the source tree. It would be done +with some make target like 'make rpm'. + + +1. Compiling +============ + +1.a. Getting the last version + + The last version of the secure syslog package will always be available +at http://www.corest.com/english/freesoft.html. You may want to check +out for a new release before installing. + The distribution file should look like 'msyslog-X.XX.tar.gz'. Where +X.XX stands for version number (i.e. 'msyslog-0.99.tar.gz'). You will +need also the GNU gunzip command in order to decompress it. + + +1.b. Extracting the sources + + Change directory to a directory you have write permissions on and type: + + gunzip msyslog-X.XX.tar.gz + tar xvf msyslog-X.XX.tar + + The words msyslog-X.XX.tar.gz and msyslog-X.XX.tar should be replaced +with full pathnames, if necesary. + + This will create a directory named msyslog-X.XX where all the sources +are placed. All other steps assume you are on that directory. + + +1.c. Configuring + + The modules are now automatically configured (since 1.04 version). You +only have to be sure the libraries you need are on the ld path. For example, +for MySQL you have to check your libmysqlclient.so.X.X is on you library path. +For mor information see your MySQL install docs. + + You must run the script "configure" to prepare the compilation headers and +makefiles for your system. + + The standard distribution will be installed on /usr/local directory, to +change this, you may specify prefix when running configure (ie.: +"configure --prefix=/usr"). + + NOTE: If you are compiling on a new OS you may want to start a new +configuration file, using the autoconf package available at +http://www.gnu.org/. We would like to help new plataform ports, please +contact the developer's mailing list (see note on mailing-lists). It should be +quite easy, since most branches of the *nix family tree are working already. + + +1.d. Compiling + + Execute: + make clean + make + + Login as root and execute: + make install + + If you successfully compile on a new platform not listed above, please +contact the developers in order to include the changes in the official +distribution (see note on contacting us below). + + +2. PLATAFORM SPECIFIC NOTES +=========================== + +2.a Linux + + Before starting msyslog, first stop running the old syslogd and also +stop running klogd. + + +3. MODULE SPECIFIC NOTES +=========================== + +3.a PEO + + See om_peo(8), peochk(8) and syslog.conf(5) manpages for details and +proper setup instructions. + +3.b MySQL + + If your libmysqlclient library isn't in your linker path, you must +add the corresponding directory on the shell variable LD_PATH. + + See "om_mysql" manpage for details and proper setup instructions. + +3.c PostgreSQL + + If your libpq library isn't in your linker path, you must add the +corresponding directory on the shell variable LD_PATH. + + See "om_pgsql" manpage for details and proper setup instructions. + + +4. HOW TO CONTACT US AND RELATED MAILING LISTS +============================================== + + There are two mailing lists for msyslog: + + msyslog-usr + This mailing list is for general discussions about the + modular syslog system. + + msyslog-dev + This mailing list is for technical discussions about + the modular syslog system. It's intended for + developers or any other person interested in the inner + working parts of msyslog. + + Send a message to majordomo@corest.com with the text: + +subscribe list-name + +in the message body, replacing list-name by the name of the +choosen list. You can also send an email to the developers only +at core.devel.alat@corest.com. + diff --git a/msyslog-v1.08a+smac/Makefile b/msyslog-v1.08a+smac/Makefile new file mode 100644 index 0000000..922e840 --- /dev/null +++ b/msyslog-v1.08a+smac/Makefile @@ -0,0 +1,72 @@ +# $CoreSDI: Makefile.in,v 1.16.2.3.4.6 2001/11/20 09:56:21 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +MODULES_SUBDIR = src/modules +SUBDIRS = src/peo $(MODULES_SUBDIR) src src/man +INSTALL_SUBDIRS = src/modules src/peo src/man src +RELEASE= msyslog-v@MSYSLOG_VERSION@ +TARBALL= ${RELEASE}-src.tar.gz + + +all: all-recursive + +all-recursive clean-recursive distclean-recursive: + @target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; \ + for subdir in $$list; do \ + (cd $$subdir && exec $(MAKE) $$target) \ + done + +install-recursive: + @target=`echo $@ | sed s/-recursive//`; \ + list='$(INSTALL_SUBDIRS)'; \ + for subdir in $$list; do \ + (cd $$subdir && exec $(MAKE) $$target) \ + done + +modules: + cd $(MODULES_SUBDIR) && make all + +modules-install: + cd $(MODULES_SUBDIR) && make install + + +.PHONY: clean distclean install +clean: clean-recursive +install: all install-recursive + +distclean: distclean-recursive + -rm -f Makefile config.cache config.log config.status + +dist distribution: cleandist + @DIR=`pwd` && cd .. && tar -z -c -s '/$$DIR/${RELEASE}/' \ + -f $$DIR/${TARBALL} \ + `find $$DIR -type f -print | egrep -v "ports|CVS|*gz"` && \ + cd - && echo "Distribution file ${TARBALL} has been created." diff --git a/msyslog-v1.08a+smac/Makefile.in b/msyslog-v1.08a+smac/Makefile.in new file mode 100644 index 0000000..922e840 --- /dev/null +++ b/msyslog-v1.08a+smac/Makefile.in @@ -0,0 +1,72 @@ +# $CoreSDI: Makefile.in,v 1.16.2.3.4.6 2001/11/20 09:56:21 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +MODULES_SUBDIR = src/modules +SUBDIRS = src/peo $(MODULES_SUBDIR) src src/man +INSTALL_SUBDIRS = src/modules src/peo src/man src +RELEASE= msyslog-v@MSYSLOG_VERSION@ +TARBALL= ${RELEASE}-src.tar.gz + + +all: all-recursive + +all-recursive clean-recursive distclean-recursive: + @target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; \ + for subdir in $$list; do \ + (cd $$subdir && exec $(MAKE) $$target) \ + done + +install-recursive: + @target=`echo $@ | sed s/-recursive//`; \ + list='$(INSTALL_SUBDIRS)'; \ + for subdir in $$list; do \ + (cd $$subdir && exec $(MAKE) $$target) \ + done + +modules: + cd $(MODULES_SUBDIR) && make all + +modules-install: + cd $(MODULES_SUBDIR) && make install + + +.PHONY: clean distclean install +clean: clean-recursive +install: all install-recursive + +distclean: distclean-recursive + -rm -f Makefile config.cache config.log config.status + +dist distribution: cleandist + @DIR=`pwd` && cd .. && tar -z -c -s '/$$DIR/${RELEASE}/' \ + -f $$DIR/${TARBALL} \ + `find $$DIR -type f -print | egrep -v "ports|CVS|*gz"` && \ + cd - && echo "Distribution file ${TARBALL} has been created." diff --git a/msyslog-v1.08a+smac/NEWS b/msyslog-v1.08a+smac/NEWS new file mode 100644 index 0000000..c0d8972 --- /dev/null +++ b/msyslog-v1.08a+smac/NEWS @@ -0,0 +1,44 @@ +/* $CoreSDI: NEWS,v 1.3.2.2.4.3 2001/05/24 00:19:10 alejo Exp $ */ + +1.0 Release Notes: + +* Move to autoconf +* Reorganize the source tree +* Fix an incorrect free that was causing syslogd to coredump on exit +* New om_regex module to filter and redirect depending on contents +* New im_linux for handling linux kernel logging (like klogd) +* PostgreSQL output module, colaboration from Oliver Teuber + (ot@penguin-power.de) + +1.01 Release Notes: + + * solaris port + * major autoconf cleanup + * multiple SQL module support + * many bugfixes + +1.02 + * clean up for Linux + +1.03 + * initial port to AIX + * tcp modules + * debug levels + * reconnect on mysql/pgsql modules + +1.04 + * automatically detect and compile modules + * major cleanup of code + * support of sysklogd's extensions + * lots of bugs squashed + * port to Irix + * finished port to AIX + * improvements on tcp modules + * pipe (fifo) support + * ansify code + * compatibility with other compilers (Irix, Aix) + * more information (ie filed and module status) + * IPv6 support + * better signal handlig with audit[d] + * poll() instead of select() + diff --git a/msyslog-v1.08a+smac/QUICK_INSTALL b/msyslog-v1.08a+smac/QUICK_INSTALL new file mode 100644 index 0000000..92d1bbd --- /dev/null +++ b/msyslog-v1.08a+smac/QUICK_INSTALL @@ -0,0 +1,85 @@ +$Id: QUICK_INSTALL,v 1.1.2.1 2001/11/30 23:47:17 alejo Exp $ +============================================================================== + Modular Syslog package + QUICK_INSTALL file + + (C)2000, 2001 Core-SDI. Buenos Aires, Argentina. +============================================================================== + + This file is a basic guide for installing modular syslog. + + +SPECIAL NOTE +------------ + +Most of the documentation and examples are on the manual pages provided. +They are meant to be the ultimate reference. See im_bsd.8, im_linux.8 +im_udp.8, om_mysql.8, om_regex.8, peochk.8 im_doors.8, im_streams.8 +im_unix.8, om_peo.8, om_tcp.8, syslog.conf.5, im_file.8, im_tcp.8 +om_classic.8, om_pgsql.8, om_udp.8, and syslogd.8. + + +0. Compile +========== + +# tar xzvf msyslog-vXX.tgz +or +# gunzip -c msyslog-vXX.tgz | tar xvf - + +and + +# cd msyslog-vXX + +then + +# ./configure + +for /usr/local installs, or for /usr (i.e. Solaris, BSDs) + +# ./configure -prefix=/usr + +or the following for / installs (i.e. Linux) + +# ./configure -prefix=/usr + +Now compile and install + +# make install + +1. Configuring +============== + +- read syslog.conf manpage, and understand the '%' usage + (it is easy, checkout the examples) +- on Solaris, remove all those LOG macros on /etc/syslog.conf. +- see peochk and om_peo manpages' examples for hash protection +- checkout all modules you may like withe their manpages. + they ALL have examples + - om_regex + - om_mysql, om_pgsql + - om_tcp, im_tcp, om_udp, im_udp + +2. Running +========== + +Fisrt stop and kill running syslogd (and klogd in linux). + +Linux + +YOU DON'T NEED klogd. + +# /sbin/syslogd -i linux -i unix + +Solaris + +# /usr/sbin/syslogd -i streams + +BSDs + +# /usr/sbin/syslogd -i bsd -i unix + + +If you want to receive on address 'myname' through TCP on port 4321, +ad to that -i tcp '-h myname -p 4321', or for UDP +-i tcp '-h myname -p 4321'. + diff --git a/msyslog-v1.08a+smac/README b/msyslog-v1.08a+smac/README new file mode 100644 index 0000000..9594c02 --- /dev/null +++ b/msyslog-v1.08a+smac/README @@ -0,0 +1,170 @@ +/* $CoreSDI: README,v 1.5.4.3.4.10 2001/11/30 23:13:42 alejo Exp $ */ + + + + +SPECIAL NOTE +------------ + +Most of the documentation and examples are on the manual pages provided. +They are meant to be the ultimate reference. See im_bsd.8, im_linux.8 +im_udp.8, om_mysql.8, om_regex.8, peochk.8 im_doors.8, im_streams.8 +im_unix.8, om_peo.8, om_tcp.8, syslog.conf.5, im_file.8, im_tcp.8 +om_classic.8, om_pgsql.8, om_udp.8, and syslogd.8. + + + + +Installation +------------ + +Please read the file INSTALL. + +About Modular Syslog +-------------------- + +This is a daemon for the syslog system log interface. It is based on OpenBSD's +syslog daemon implementation, with many improvements (ie. log hash protection). + +This project is intended as a whole revision of previous Secure Syslogd +project (wich is unsupported by now). It has all functionalities and some +more. The remaining things are Solaris support and Audit compatibility +(on the works). + +There are also a few lines taken from the sysklogd project, wich got them +modified from BSD. Specifically the '!', '=' use on configuration. + +Reporting Bugs +-------------- + +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 + +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. + +The more you describe the bug, the faster we can fix it. + +Known Bugs +---------- + +- If a module blocks on I/O the hole daemon blocks, and messages can get lost + on extremely busy hosts. + + +Thanks +------ + +We'd like to thank for helping and supporting + +Florin Andrei +Arthur Korn +Ari Edelkind + +"You guys rock!" + - Alejo + + +Main differences with previous BSD syslog +----------------------------------------- + +The whole internal structure was redesigned to work with input and output modules, +standarizing interfaces to facilitate development for using special devices and +flexible configurations. + +Special care was taken to remain backwards compatible on configuration files. +You can use you previous BSD config files with this improved version of syslog. +A new notation was made for configuration of modules. + +This new approach allows adding new functionality without complicating the code. + +Current available output modules are classic, mysql, peo, pgsql, regex and +tcp. Available input modules are bsd, linux, unix, tcp and udp. + +Classic Output Module +--------------------- + +Performs the previous BSD syslogd output tasks: save to a file or pipe, +forward to a remote host though UDP, mail a user, send a message to a console, +send a message to a tty, send message to all users (WALL). + +MySQL Output Module +------------------- + +Performs loggin in a MySQL server, either local or remote. The table format +must be specified as om_mysql(8) manpage. + +PostgreSQL Output Module +------------------------ + +Performs loggin in a PostgreSQL server, either local or remote. The table +format must be specified as om_pgsql(8) manpage. + +Regular Expression Output Module +-------------------------------- + +This module acts as a filter, applying a regular expression to a message, +hour, date or host. If message matches all, the next module in the +configuration file is called. If reverse flag is used, pass all but matching +messages. See om_regex(8) manpage for more details. + +Peo Output Module +----------------- + +This module does hash protection on logs. See om_peo(8) manpage for more +information on useage. + +TCP Output Module +----------------- + +Send messages t an TCP socket. Use it simply as this on command line +-i tcp -h -p -s . You may specify an optional +buffer to save lines on dropped connections with -s. + +BSD Input Module +---------------- + +Gets messages from a BSD special kernel logging device. Use it simply +as this on command line -i /dev/klog. + +Linux Input Module +------------------ + +Gets messages from a Linux special kernel logging device. Read im_linux(8) +manpage for more details. + +UDP Input Module +---------------- + +Read messages from an UDP socket. Use it simply as this on command line +-i udp . The port number is optional, and default is +the one specified on /etc/services for "udp" and "syslog". + +TCP Input Module +---------------- + +Read messages from an TCP socket. Use it simply as this on command line +-i tcp -h -p . + +Unix Input Module +----------------- + +Reads messages from a unix domain socket. Use it simply as this on command +line -i 'unix /dev/log' or -i unix:/dev/log. + +Streams Input Module +-------------------- + +This module handles stream devices (Solaris, and other SYSV like). Invoke +on command line like this -i streams or -i streams:/dev/log (or equivalent). +Note: this module may require Doors input module to work. + +Doors Input Module +------------------ + +May be needed on for other input modules. Invoke it like this on command +line -i doors or -i doors:/etc/.syslog_door (or equivalent). + diff --git a/msyslog-v1.08a+smac/config.log b/msyslog-v1.08a+smac/config.log new file mode 100644 index 0000000..d306201 --- /dev/null +++ b/msyslog-v1.08a+smac/config.log @@ -0,0 +1,912 @@ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by configure, which was +generated by GNU Autoconf 2.52. Invocation command line was + + $ ./configure --prefix=/usr/msyslog --sysconfdir=/etc --mandir=/usr/man + +## ---------- ## +## Platform. ## +## ---------- ## + +hostname = plato +uname -m = i686 +uname -r = 2.2.20 +uname -s = Linux +uname -v = #4 Wed Dec 12 18:01:32 CST 2001 + +/usr/bin/uname -p = unknown +/bin/uname -X = unknown + +/bin/arch = i686 +/usr/bin/arch -k = unknown +/usr/convex/getsysinfo = unknown +hostinfo = unknown +/bin/machine = unknown +/usr/bin/oslevel = unknown +/bin/universe = unknown + +PATH = /opt/kde/bin:/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/berbee/bin:.:/usr/X11R6/bin:/usr/openwin/bin:/usr/games:/usr/berbee/bin:/usr/nessus/bin:/usr/nessus/sbin:/opt/gnome/bin:/opt/www/htdig/bin:/usr/lib/jre1.3.1/bin:/usr/share/texmf/bin:/usr/openwin/bin + +## ------------ ## +## Core tests. ## +## ------------ ## + +configure:989: PATH=".;."; conftest.sh +./configure: conftest.sh: command not found +configure:992: $? = 127 +configure:1046: checking for gcc +configure:1061: found /usr/bin/gcc +configure:1069: result: gcc +configure:1297: checking for C compiler version +configure:1300: gcc --version &5 +2.95.3 +configure:1303: $? = 0 +configure:1305: gcc -v &5 +Reading specs from /usr/lib/gcc-lib/i386-slackware-linux/2.95.3/specs +gcc version 2.95.3 20010315 (release) +configure:1308: $? = 0 +configure:1310: gcc -V &5 +gcc: argument to `-V' is missing +configure:1313: $? = 1 +configure:1333: checking for C compiler default output +configure:1336: gcc conftest.c >&5 +configure:1339: $? = 0 +configure:1368: result: a.out +configure:1373: checking whether the C compiler works +configure:1379: ./a.out +configure:1382: $? = 0 +configure:1397: result: yes +configure:1404: checking whether we are cross compiling +configure:1406: result: no +configure:1409: checking for executable suffix +configure:1411: gcc -o conftest conftest.c >&5 +configure:1414: $? = 0 +configure:1436: result: +configure:1442: checking for object suffix +configure:1460: gcc -c conftest.c >&5 +configure:1463: $? = 0 +configure:1482: result: o +configure:1486: checking whether we are using the GNU C compiler +configure:1507: gcc -c conftest.c >&5 +configure:1510: $? = 0 +configure:1513: test -s conftest.o +configure:1516: $? = 0 +configure:1528: result: yes +configure:1534: checking whether gcc accepts -g +configure:1552: gcc -c -g conftest.c >&5 +configure:1555: $? = 0 +configure:1558: test -s conftest.o +configure:1561: $? = 0 +configure:1571: result: yes +configure:1598: gcc -c -g -O2 conftest.c >&5 +conftest.c:2: parse error before `me' +configure:1601: $? = 1 +configure: failed program was: +#ifndef __cplusplus + choke me +#endif +configure:1736: checking for a BSD compatible install +configure:1785: result: /usr/bin/ginstall -c +configure:1796: checking whether make sets ${MAKE} +configure:1816: result: yes +configure:1830: checking how to run the C preprocessor +configure:1856: gcc -E conftest.c +configure:1862: $? = 0 +configure:1889: gcc -E conftest.c +configure:1886: ac_nonexistent.h: No such file or directory +configure:1895: $? = 1 +configure: failed program was: +#line 1885 "configure" +#include "confdefs.h" +#include +configure:1932: result: gcc -E +configure:1947: gcc -E conftest.c +configure:1953: $? = 0 +configure:1980: gcc -E conftest.c +configure:1977: ac_nonexistent.h: No such file or directory +configure:1986: $? = 1 +configure: failed program was: +#line 1976 "configure" +#include "confdefs.h" +#include +configure:2025: checking for AIX +configure:2044: result: no +configure:2052: checking for dirent.h that defines DIR +configure:2073: gcc -c -g -O2 conftest.c >&5 +configure:2076: $? = 0 +configure:2079: test -s conftest.o +configure:2082: $? = 0 +configure:2092: result: yes +configure:2105: checking for opendir in -ldir +configure:2132: gcc -o conftest -g -O2 conftest.c -ldir >&5 +/usr/i386-slackware-linux/bin/ld: cannot find -ldir +collect2: ld returned 1 exit status +configure:2135: $? = 1 +configure: failed program was: +#line 2113 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +configure:2152: result: no +configure:2214: checking for sys/wait.h that is POSIX.1 compatible +configure:2242: gcc -c -g -O2 conftest.c >&5 +configure:2245: $? = 0 +configure:2248: test -s conftest.o +configure:2251: $? = 0 +configure:2261: result: yes +configure:2276: checking for fcntl.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for limits.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for paths.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for strings.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for inttypes.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for sys/ioctl.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for sys/types.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for sys/time.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for machine/endian.h +configure:2286: gcc -E conftest.c +configure:2283: machine/endian.h: No such file or directory +configure:2292: $? = 1 +configure: failed program was: +#line 2282 "configure" +#include "confdefs.h" +#include +configure:2311: result: no +configure:2276: checking for syslog.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for unistd.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for sysctl.h +configure:2286: gcc -E conftest.c +configure:2283: sysctl.h: No such file or directory +configure:2292: $? = 1 +configure: failed program was: +#line 2282 "configure" +#include "confdefs.h" +#include +configure:2311: result: no +configure:2276: checking for err.h +configure:2286: gcc -E conftest.c +configure:2292: $? = 0 +configure:2311: result: yes +configure:2276: checking for sys/context.h +configure:2286: gcc -E conftest.c +configure:2283: sys/context.h: No such file or directory +configure:2292: $? = 1 +configure: failed program was: +#line 2282 "configure" +#include "confdefs.h" +#include +configure:2311: result: no +configure:2321: checking for gcc option to accept ANSI C +configure:2378: gcc -c -g -O2 conftest.c >&5 +configure:2381: $? = 0 +configure:2384: test -s conftest.o +configure:2387: $? = 0 +configure:2404: result: none needed +configure:2412: checking for an ANSI C-conforming const +configure:2476: gcc -c -g -O2 conftest.c >&5 +configure:2479: $? = 0 +configure:2482: test -s conftest.o +configure:2485: $? = 0 +configure:2495: result: yes +configure:2505: checking for ANSI C header files +configure:2519: gcc -E conftest.c +configure:2525: $? = 0 +configure:2612: gcc -o conftest -g -O2 conftest.c >&5 +configure:2615: $? = 0 +configure:2617: ./conftest +configure:2620: $? = 0 +configure:2633: result: yes +configure:2649: checking for sys/types.h +configure:2680: result: yes +configure:2649: checking for sys/stat.h +configure:2661: gcc -c -g -O2 conftest.c >&5 +configure:2664: $? = 0 +configure:2667: test -s conftest.o +configure:2670: $? = 0 +configure:2680: result: yes +configure:2649: checking for stdlib.h +configure:2661: gcc -c -g -O2 conftest.c >&5 +configure:2664: $? = 0 +configure:2667: test -s conftest.o +configure:2670: $? = 0 +configure:2680: result: yes +configure:2649: checking for string.h +configure:2661: gcc -c -g -O2 conftest.c >&5 +configure:2664: $? = 0 +configure:2667: test -s conftest.o +configure:2670: $? = 0 +configure:2680: result: yes +configure:2649: checking for memory.h +configure:2661: gcc -c -g -O2 conftest.c >&5 +configure:2664: $? = 0 +configure:2667: test -s conftest.o +configure:2670: $? = 0 +configure:2680: result: yes +configure:2649: checking for strings.h +configure:2680: result: yes +configure:2649: checking for inttypes.h +configure:2680: result: yes +configure:2649: checking for stdint.h +configure:2661: gcc -c -g -O2 conftest.c >&5 +configure:2664: $? = 0 +configure:2667: test -s conftest.o +configure:2670: $? = 0 +configure:2680: result: yes +configure:2649: checking for unistd.h +configure:2680: result: yes +configure:2690: checking for off_t +configure:2711: gcc -c -g -O2 conftest.c >&5 +configure:2714: $? = 0 +configure:2717: test -s conftest.o +configure:2720: $? = 0 +configure:2730: result: yes +configure:2742: checking for size_t +configure:2763: gcc -c -g -O2 conftest.c >&5 +configure:2766: $? = 0 +configure:2769: test -s conftest.o +configure:2772: $? = 0 +configure:2782: result: yes +configure:2794: checking whether time.h and sys/time.h may both be included +configure:2816: gcc -c -g -O2 conftest.c >&5 +configure:2819: $? = 0 +configure:2822: test -s conftest.o +configure:2825: $? = 0 +configure:2835: result: yes +configure:2845: checking whether struct tm is in sys/time.h or time.h +configure:2865: gcc -c -g -O2 conftest.c >&5 +configure:2868: $? = 0 +configure:2871: test -s conftest.o +configure:2874: $? = 0 +configure:2884: result: time.h +configure:2894: checking for dlopen in -ldl +configure:2921: gcc -o conftest -g -O2 conftest.c -ldl >&5 +configure:2924: $? = 0 +configure:2927: test -s conftest +configure:2930: $? = 0 +configure:2941: result: yes +configure:2947: checking for connect in -lsocket +configure:2974: gcc -o conftest -g -O2 conftest.c -lsocket >&5 +/usr/i386-slackware-linux/bin/ld: cannot find -lsocket +collect2: ld returned 1 exit status +configure:2977: $? = 1 +configure: failed program was: +#line 2955 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char connect (); +int +main () +{ +connect (); + ; + return 0; +} +configure:2994: result: no +configure:3000: checking for gethostbyname in -lnsl +configure:3027: gcc -o conftest -g -O2 conftest.c -lnsl >&5 +configure:3030: $? = 0 +configure:3033: test -s conftest +configure:3036: $? = 0 +configure:3047: result: yes +configure:3058: checking whether gcc needs -traditional +configure:3093: result: no +configure:3100: checking for working memcmp +configure:3145: gcc -o conftest -g -O2 conftest.c >&5 +configure:3148: $? = 0 +configure:3150: ./conftest +configure:3153: $? = 0 +configure:3165: result: yes +configure:3169: checking return type of signal handlers +configure:3197: gcc -c -g -O2 conftest.c >&5 +configure:3200: $? = 0 +configure:3203: test -s conftest.o +configure:3206: $? = 0 +configure:3216: result: void +configure:3226: checking for vprintf +configure:3263: gcc -o conftest -g -O2 conftest.c >&5 +configure:3266: $? = 0 +configure:3269: test -s conftest +configure:3272: $? = 0 +configure:3282: result: yes +configure:3289: checking for _doprnt +configure:3326: gcc -o conftest -g -O2 conftest.c >&5 +/tmp/ccXINpXH.o: In function `main': +/usr/berbee/Inst/Inst/msyslog-v1.08a/configure:3317: undefined reference to `_doprnt' +collect2: ld returned 1 exit status +configure:3329: $? = 1 +configure: failed program was: +#line 3295 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _doprnt (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char _doprnt (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub__doprnt) || defined (__stub____doprnt) +choke me +#else +f = _doprnt; +#endif + + ; + return 0; +} +configure:3345: result: no +configure:3365: checking for gethostname +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for inet_ntop +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for getaddrinfo +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for regcomp +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for poll +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for select +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for socket +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for strdup +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for strerror +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for strstr +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for strtoul +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for inet_aton +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3365: checking for inet_addr +configure:3402: gcc -o conftest -g -O2 conftest.c -ldl -lnsl >&5 +configure:3405: $? = 0 +configure:3408: test -s conftest +configure:3411: $? = 0 +configure:3421: result: yes +configure:3433: checking whether byte ordering is bigendian +configure:3458: gcc -c -g -O2 conftest.c >&5 +configure:3461: $? = 0 +configure:3464: test -s conftest.o +configure:3467: $? = 0 +configure:3488: gcc -c -g -O2 conftest.c >&5 +configure: In function `main': +configure:3479: `not' undeclared (first use in this function) +configure:3479: (Each undeclared identifier is reported only once +configure:3479: for each function it appears in.) +configure:3479: parse error before `big' +configure:3491: $? = 1 +configure: failed program was: +#line 3471 "configure" +#include "confdefs.h" +#include +#include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif + + ; + return 0; +} +configure:3555: result: no +configure:3592: checking wheter optreset is needed +configure:3607: gcc -o conftest -g -O2 -Wall conftest.c >&5 +/tmp/ccbjGNA4.o: In function `main': +/usr/berbee/Inst/Inst/msyslog-v1.08a/configure:3600: undefined reference to `optreset' +collect2: ld returned 1 exit status +configure:3610: $? = 1 +configure: failed program was: +#line 3595 "configure" +#include "confdefs.h" +#include +int +main () +{ +extern int optreset; optreset = 1; + ; + return 0; +} +configure:3626: result: no +configure:3631: checking pidfile directory +configure:3640: result: root-mode pid file will go in /var/run +configure:3654: checking wether netdb.h requires _USE_IRS +configure:3664: result: no +configure:3668: checking if sigaltstack uses stack_t structure +configure:3683: result: yes +configure:3694: checking for daemon name +configure:3714: result: "syslogd" +configure:3886: checking for sys/klog.h +configure:3896: gcc -E conftest.c +configure:3902: $? = 0 +configure:3921: result: yes +configure:3943: checking for sys/socket.h +configure:3953: gcc -E conftest.c +configure:3959: $? = 0 +configure:3978: result: yes +configure:4000: checking for sys/un.h +configure:4010: gcc -E conftest.c +configure:4016: $? = 0 +configure:4035: result: yes +configure:4078: checking for sys/strlog.h +configure:4088: gcc -E conftest.c +configure:4085: sys/strlog.h: No such file or directory +configure:4094: $? = 1 +configure: failed program was: +#line 4084 "configure" +#include "confdefs.h" +#include +configure:4113: result: no +configure:4121: checking for door.h +configure:4131: gcc -E conftest.c +configure:4128: door.h: No such file or directory +configure:4137: $? = 1 +configure: failed program was: +#line 4127 "configure" +#include "confdefs.h" +#include +configure:4156: result: no +configure:4180: checking for streams module +configure:4182: result: no +configure:4222: `#include' expects "FILENAME" or +configure:4300: checking for MD5Init +configure:4337: gcc -o conftest -g -O2 -Wall conftest.c >&5 +/tmp/ccII4kkj.o: In function `main': +/usr/berbee/Inst/Inst/msyslog-v1.08a/configure:4328: undefined reference to `MD5Init' +collect2: ld returned 1 exit status +configure:4340: $? = 1 +configure: failed program was: +#line 4306 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char MD5Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char MD5Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_MD5Init) || defined (__stub___MD5Init) +choke me +#else +f = MD5Init; +#endif + + ; + return 0; +} +configure:4356: result: no +configure:4370: checking for SHA1Init +configure:4407: gcc -o conftest -g -O2 -Wall conftest.c >&5 +/tmp/cc9Cee1F.o: In function `main': +/usr/berbee/Inst/Inst/msyslog-v1.08a/configure:4398: undefined reference to `SHA1Init' +collect2: ld returned 1 exit status +configure:4410: $? = 1 +configure: failed program was: +#line 4376 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char SHA1Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char SHA1Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_SHA1Init) || defined (__stub___SHA1Init) +choke me +#else +f = SHA1Init; +#endif + + ; + return 0; +} +configure:4426: result: no +configure:4440: checking for RMD160Init +configure:4477: gcc -o conftest -g -O2 -Wall conftest.c >&5 +/tmp/ccgptLUX.o: In function `main': +/usr/berbee/Inst/Inst/msyslog-v1.08a/configure:4468: undefined reference to `RMD160Init' +collect2: ld returned 1 exit status +configure:4480: $? = 1 +configure: failed program was: +#line 4446 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char RMD160Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char RMD160Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_RMD160Init) || defined (__stub___RMD160Init) +choke me +#else +f = RMD160Init; +#endif + + ; + return 0; +} +configure:4496: result: no +configure:4529: checking for regex.h +configure:4539: gcc -E conftest.c +configure:4545: $? = 0 +configure:4564: result: yes +configure:4630: checking for socklen_t +configure:4654: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4657: $? = 0 +configure:4660: test -s conftest.o +configure:4663: $? = 0 +configure:4673: result: yes +configure:4683: checking for uint32_t +configure:4704: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4707: $? = 0 +configure:4710: test -s conftest.o +configure:4713: $? = 0 +configure:4723: result: yes +configure:4733: checking for uint64_t +configure:4754: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4757: $? = 0 +configure:4760: test -s conftest.o +configure:4763: $? = 0 +configure:4773: result: yes +configure:4783: checking for u_int32_t +configure:4804: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4807: $? = 0 +configure:4810: test -s conftest.o +configure:4813: $? = 0 +configure:4823: result: yes +configure:4833: checking for u_int64_t +configure:4854: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4857: $? = 0 +configure:4860: test -s conftest.o +configure:4863: $? = 0 +configure:4873: result: yes +configure:4883: checking for __uint32_t +configure:4904: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4907: $? = 0 +configure:4910: test -s conftest.o +configure:4913: $? = 0 +configure:4923: result: yes +configure:4933: checking for __uint64_t +configure:4954: gcc -c -g -O2 -Wall conftest.c >&5 +configure:4957: $? = 0 +configure:4960: test -s conftest.o +configure:4963: $? = 0 +configure:4973: result: yes +configure:4983: checking for CODE +configure:5007: gcc -c -g -O2 -Wall conftest.c >&5 +configure:5010: $? = 0 +configure:5013: test -s conftest.o +configure:5016: $? = 0 +configure:5026: result: yes +configure:5116: creating ./config.status + +## ----------------------- ## +## Running config.status. ## +## ----------------------- ## + +This file was extended by config.status 2.52, executed with + CONFIG_FILES = + CONFIG_HEADERS = + CONFIG_LINKS = + CONFIG_COMMANDS = + > ./config.status +on plato + +config.status:5572: creating Makefile +config.status:5572: creating src/Makefile +config.status:5572: creating src/modules/Makefile +config.status:5572: creating src/peo/Makefile +config.status:5572: creating src/man/Makefile +config.status:5572: creating src/man/BSDmakefile +config.status:5572: creating src/man/GNUmakefile +config.status:5664: creating src/config.h + +## ----------------- ## +## Cache variables. ## +## ----------------- ## + +ac_cv_c_bigendian=no +ac_cv_c_compiler_gnu=yes +ac_cv_c_const=yes +ac_cv_env_CC_set= +ac_cv_env_CC_value= +ac_cv_env_CFLAGS_set= +ac_cv_env_CFLAGS_value= +ac_cv_env_CPPFLAGS_set= +ac_cv_env_CPPFLAGS_value= +ac_cv_env_CPP_set= +ac_cv_env_CPP_value= +ac_cv_env_LDFLAGS_set= +ac_cv_env_LDFLAGS_value= +ac_cv_env_build_alias_set= +ac_cv_env_build_alias_value= +ac_cv_env_host_alias_set= +ac_cv_env_host_alias_value= +ac_cv_env_target_alias_set= +ac_cv_env_target_alias_value= +ac_cv_func_MD5Init=no +ac_cv_func_RMD160Init=no +ac_cv_func_SHA1Init=no +ac_cv_func__doprnt=no +ac_cv_func_getaddrinfo=yes +ac_cv_func_gethostname=yes +ac_cv_func_inet_addr=yes +ac_cv_func_inet_aton=yes +ac_cv_func_inet_ntop=yes +ac_cv_func_memcmp_working=yes +ac_cv_func_poll=yes +ac_cv_func_regcomp=yes +ac_cv_func_select=yes +ac_cv_func_socket=yes +ac_cv_func_strdup=yes +ac_cv_func_strerror=yes +ac_cv_func_strstr=yes +ac_cv_func_strtoul=yes +ac_cv_func_vprintf=yes +ac_cv_header_dirent_dirent_h=yes +ac_cv_header_door_h=no +ac_cv_header_err_h=yes +ac_cv_header_fcntl_h=yes +ac_cv_header_inttypes_h=yes +ac_cv_header_limits_h=yes +ac_cv_header_machine_endian_h=no +ac_cv_header_memory_h=yes +ac_cv_header_paths_h=yes +ac_cv_header_regex_h=yes +ac_cv_header_stdc=yes +ac_cv_header_stdint_h=yes +ac_cv_header_stdlib_h=yes +ac_cv_header_string_h=yes +ac_cv_header_strings_h=yes +ac_cv_header_sys_context_h=no +ac_cv_header_sys_ioctl_h=yes +ac_cv_header_sys_klog_h=yes +ac_cv_header_sys_socket_h=yes +ac_cv_header_sys_stat_h=yes +ac_cv_header_sys_strlog_h=no +ac_cv_header_sys_time_h=yes +ac_cv_header_sys_types_h=yes +ac_cv_header_sys_un_h=yes +ac_cv_header_sys_wait_h=yes +ac_cv_header_sysctl_h=no +ac_cv_header_syslog_h=yes +ac_cv_header_time=yes +ac_cv_header_unistd_h=yes +ac_cv_lib_dir_opendir=no +ac_cv_lib_dl_dlopen=yes +ac_cv_lib_nsl_gethostbyname=yes +ac_cv_lib_socket_connect=no +ac_cv_objext=o +ac_cv_path_install=$'/usr/bin/ginstall -c' +ac_cv_prog_CPP=$'gcc -E' +ac_cv_prog_ac_ct_CC=gcc +ac_cv_prog_cc_g=yes +ac_cv_prog_cc_stdc= +ac_cv_prog_gcc_traditional=no +ac_cv_prog_make_make_set=yes +ac_cv_struct_tm=time.h +ac_cv_type_CODE=yes +ac_cv_type___uint32_t=yes +ac_cv_type___uint64_t=yes +ac_cv_type_off_t=yes +ac_cv_type_signal=void +ac_cv_type_size_t=yes +ac_cv_type_socklen_t=yes +ac_cv_type_u_int32_t=yes +ac_cv_type_u_int64_t=yes +ac_cv_type_uint32_t=yes +ac_cv_type_uint64_t=yes + +## ------------ ## +## confdefs.h. ## +## ------------ ## + +#define HAVE_DIRENT_H 1 +#define HAVE_SYS_WAIT_H 1 +#define HAVE_FCNTL_H 1 +#define HAVE_LIMITS_H 1 +#define HAVE_PATHS_H 1 +#define HAVE_STRINGS_H 1 +#define HAVE_INTTYPES_H 1 +#define HAVE_SYS_IOCTL_H 1 +#define HAVE_SYS_TYPES_H 1 +#define HAVE_SYS_TIME_H 1 +#define HAVE_SYSLOG_H 1 +#define HAVE_UNISTD_H 1 +#define HAVE_ERR_H 1 +#define STDC_HEADERS 1 +#define HAVE_SYS_TYPES_H 1 +#define HAVE_SYS_STAT_H 1 +#define HAVE_STDLIB_H 1 +#define HAVE_STRING_H 1 +#define HAVE_MEMORY_H 1 +#define HAVE_STRINGS_H 1 +#define HAVE_INTTYPES_H 1 +#define HAVE_STDINT_H 1 +#define HAVE_UNISTD_H 1 +#define TIME_WITH_SYS_TIME 1 +#define SYSLOGD_LIBS $SYSLOGD_LIBS +#define RETSIGTYPE void +#define HAVE_VPRINTF 1 +#define HAVE_GETHOSTNAME 1 +#define HAVE_INET_NTOP 1 +#define HAVE_GETADDRINFO 1 +#define HAVE_REGCOMP 1 +#define HAVE_POLL 1 +#define HAVE_SELECT 1 +#define HAVE_SOCKET 1 +#define HAVE_STRDUP 1 +#define HAVE_STRERROR 1 +#define HAVE_STRSTR 1 +#define HAVE_STRTOUL 1 +#define HAVE_INET_ATON 1 +#define HAVE_INET_ADDR 1 +#define MSYSLOG_VERSION_STR "1.08" +#define MLIBNAME_STR "libmsyslog.so.1.08" +#define INSTALL_LIBDIR "/usr/msyslog/lib/alat" +#define PID_DIR "/var/run" +#define SIGALTSTACK_WITH_STACK_T 1 +#define DLOPEN_FLAGS RTLD_LAZY | RTLD_GLOBAL +#define SYMBOL_PREFIX "" +#define _GNU_SOURCE 1 +#define PID_FILE "syslogd.pid" +#define HAVE_LINUX_IMODULE 1 +#define HAVE_UNIX_IMODULE 1 +#define HAVE_FILE_IMODULE 1 +#define HAVE_SOCKLEN_T 1 +#define HAVE_UINT32_T 1 +#define HAVE_UINT64_T 1 +#define HAVE_U_INT32_T 1 +#define HAVE_U_INT64_T 1 +#define HAVE___UINT32_T 1 +#define HAVE___UINT64_T 1 +#define HAVE_CODE 1 + + +configure: exit 0 diff --git a/msyslog-v1.08a+smac/config.status b/msyslog-v1.08a+smac/config.status new file mode 100755 index 0000000..76ac96b --- /dev/null +++ b/msyslog-v1.08a+smac/config.status @@ -0,0 +1,755 @@ +#! /bin/sh +# Generated automatically by configure. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +SHELL=${CONFIG_SHELL-/bin/sh} +ac_cs_invocation="$0 $@" + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# Name of the executable. +as_me=`echo "$0" |sed 's,.*[\\/],,'` + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +as_executable_p="test -f" + +# Support unset when possible. +if (FOO=FOO; unset FOO) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + +# NLS nuisances. +$as_unset LANG || test "${LANG+set}" != set || { LANG=C; export LANG; } +$as_unset LC_ALL || test "${LC_ALL+set}" != set || { LC_ALL=C; export LC_ALL; } +$as_unset LC_TIME || test "${LC_TIME+set}" != set || { LC_TIME=C; export LC_TIME; } +$as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set || { LC_CTYPE=C; export LC_CTYPE; } +$as_unset LANGUAGE || test "${LANGUAGE+set}" != set || { LANGUAGE=C; export LANGUAGE; } +$as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set || { LC_COLLATE=C; export LC_COLLATE; } +$as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set || { LC_NUMERIC=C; export LC_NUMERIC; } +$as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; export LC_MESSAGES; } + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; } + +exec 6>&1 + +config_files=" Makefile src/Makefile src/modules/Makefile src/peo/Makefile src/man/Makefile src/man/BSDmakefile src/man/GNUmakefile" +config_headers=" src/config.h" + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to ." +ac_cs_version="\ +config.status +configured by ./configure, generated by GNU Autoconf 2.52, + with options \"--prefix=/usr/msyslog --sysconfdir=/etc --mandir=/usr/man\" + +Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=. +INSTALL="/usr/bin/ginstall -c" +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + shift + set dummy "$ac_option" "$ac_optarg" ${1+"$@"} + shift + ;; + -*);; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_need_defaults=false;; + esac + + case $1 in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running /bin/sh ./configure " --prefix=/usr/msyslog --sysconfdir=/etc --mandir=/usr/man " --no-create --no-recursion" + exec /bin/sh ./configure --prefix=/usr/msyslog --sysconfdir=/etc --mandir=/usr/man --no-create --no-recursion ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:5289: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + shift + CONFIG_FILES="$CONFIG_FILES $1" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + shift + CONFIG_HEADERS="$CONFIG_HEADERS $1" + ac_need_defaults=false;; + + # This is an error. + -*) { { echo "$as_me:5308: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +exec 5>>config.log +cat >&5 << _ACEOF + +## ----------------------- ## +## Running config.status. ## +## ----------------------- ## + +This file was extended by $as_me 2.52, executed with + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + > $ac_cs_invocation +on `(hostname || uname -n) 2>/dev/null | sed 1q` + +_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/modules/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/modules/Makefile" ;; + "src/peo/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/peo/Makefile" ;; + "src/man/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; + "src/man/BSDmakefile" ) CONFIG_FILES="$CONFIG_FILES src/man/BSDmakefile" ;; + "src/man/GNUmakefile" ) CONFIG_FILES="$CONFIG_FILES src/man/GNUmakefile" ;; + "src/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;; + *) { { echo "$as_me:5351: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. +: ${TMPDIR=/tmp} +{ + tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=$TMPDIR/cs$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in $TMPDIR" >&2 + { (exit 1); exit 1; } +} + + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t$/@;t t/; /@;t t$/s/[\\&,]/\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t$/,;t t/' >$tmp/subs.sed <<\CEOF +s,@SHELL@,/bin/sh,;t t +s,@exec_prefix@,${prefix},;t t +s,@prefix@,/usr/msyslog,;t t +s,@program_transform_name@,s,x,x,,;t t +s,@bindir@,${exec_prefix}/bin,;t t +s,@sbindir@,${exec_prefix}/sbin,;t t +s,@libexecdir@,${exec_prefix}/libexec,;t t +s,@datadir@,${prefix}/share,;t t +s,@sysconfdir@,/etc,;t t +s,@sharedstatedir@,${prefix}/com,;t t +s,@localstatedir@,${prefix}/var,;t t +s,@libdir@,${exec_prefix}/lib,;t t +s,@includedir@,${prefix}/include,;t t +s,@oldincludedir@,/usr/include,;t t +s,@infodir@,${prefix}/info,;t t +s,@mandir@,/usr/share/man,;t t +s,@PACKAGE_NAME@,,;t t +s,@PACKAGE_TARNAME@,,;t t +s,@PACKAGE_VERSION@,,;t t +s,@PACKAGE_STRING@,,;t t +s,@PACKAGE_BUGREPORT@,,;t t +s,@build_alias@,,;t t +s,@host_alias@,,;t t +s,@target_alias@,,;t t +s,@ECHO_C@,,;t t +s,@ECHO_N@,-n,;t t +s,@ECHO_T@,,;t t +s,@PATH_SEPARATOR@,:,;t t +s,@DEFS@,-DHAVE_CONFIG_H,;t t +s,@LIBS@,,;t t +s,@CC@,gcc,;t t +s,@CFLAGS@,-g -O2 -Wall,;t t +s,@LDFLAGS@,,;t t +s,@CPPFLAGS@,,;t t +s,@ac_ct_CC@,gcc,;t t +s,@EXEEXT@,,;t t +s,@OBJEXT@,o,;t t +s,@INSTALL_PROGRAM@,${INSTALL},;t t +s,@INSTALL_SCRIPT@,${INSTALL},;t t +s,@INSTALL_DATA@,${INSTALL} -m 644,;t t +s,@SET_MAKE@,,;t t +s,@CPP@,gcc -E,;t t +s,@LIBOBJS@,,;t t +s,@SYSLOGD_LIBS@, -ldl -lnsl,;t t +s,@SHARED_PARAMS@,-Bshareable,;t t +s,@DCCFLAGS@,,;t t +s,@MSRCS@, im_linux.c im_udp.c om_udp.c im_unix.c im_file.c om_classic.c ttymsg.c om_tcp.c im_tcp.c ip_misc.c om_mysql.c om_pgsql.c sql_misc.c om_peo.c om_regex.c,;t t +s,@MLIBS@,,;t t +s,@MLIBNAME@,libmsyslog.so.1.08,;t t +s,@MANPAGES@,syslog.conf.5 syslogd.8 im_linux.8 im_udp.8 om_udp.8 im_unix.8 im_file.8 om_classic.8 om_tcp.8 im_tcp.8 om_mysql.8 om_pgsql.8 om_peo.8 peochk.8 om_regex.8,;t t +s,@HASH_SRCS@,hash.c md5c.c sha1.c rmd160.c,;t t +s,@HASH_SRCS_MODULES@,../peo/hash.c ../peo/md5c.c ../peo/sha1.c ../peo/rmd160.c,;t t +s,@HASH_OBJS_MODULES@,hash.o md5c.o sha1.o rmd160.o,;t t +s,@HAVE_SOCKLEN_T@,,;t t +s,@MAIN_CPPFLAGS@,-Xlinker -E,;t t +s,@MSYSLOG_DAEMON_NAME@,syslogd,;t t +CEOF + + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + ac_dir_suffix="/`echo $ac_dir|sed 's,^\./,,'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo "$ac_dir_suffix" | sed 's,/[^/]*,../,g'` + else + ac_dir_suffix= ac_dots= + fi + + case $srcdir in + .) ac_srcdir=. + if test -z "$ac_dots"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_dots | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_dots$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_dots$srcdir ;; + esac + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_dots$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:5572: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + configure_input="Generated automatically from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:5590: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:5603: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + sed "/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +} + +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:5664: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:5675: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:5688: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + + # Handle all the #define templates only if necessary. + if egrep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then + # If there are no defines, we may have an empty if/fi + : + cat >$tmp/defines.sed <$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + + cat >$tmp/defines.sed <$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + + fi # egrep + + # Handle all the #undef templates + cat >$tmp/undefs.sed <$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + + cat >$tmp/undefs.sed <$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated automatically by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated automatically by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if cmp -s $ac_file $tmp/config.h 2>/dev/null; then + { echo "$as_me:5805: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + fi + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done + +{ (exit 0); exit 0; } diff --git a/msyslog-v1.08a+smac/configure b/msyslog-v1.08a+smac/configure new file mode 100755 index 0000000..02c5225 --- /dev/null +++ b/msyslog-v1.08a+smac/configure @@ -0,0 +1,5871 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by Autoconf 2.52. +# +# Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# Name of the executable. +as_me=`echo "$0" |sed 's,.*[\\/],,'` + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +as_executable_p="test -f" + +# Support unset when possible. +if (FOO=FOO; unset FOO) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + +# NLS nuisances. +$as_unset LANG || test "${LANG+set}" != set || { LANG=C; export LANG; } +$as_unset LC_ALL || test "${LC_ALL+set}" != set || { LC_ALL=C; export LC_ALL; } +$as_unset LC_TIME || test "${LC_TIME+set}" != set || { LC_TIME=C; export LC_TIME; } +$as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set || { LC_CTYPE=C; export LC_CTYPE; } +$as_unset LANGUAGE || test "${LANGUAGE+set}" != set || { LANGUAGE=C; export LANGUAGE; } +$as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set || { LC_COLLATE=C; export LC_COLLATE; } +$as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set || { LC_NUMERIC=C; export LC_NUMERIC; } +$as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; export LC_MESSAGES; } + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; } + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +cross_compiling=no +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +ac_unique_file="src/syslogd.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_SYS_STAT_H +# include +#endif +#if STDC_HEADERS +# include +# include +#else +# if HAVE_STDLIB_H +# include +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include +# endif +# include +#endif +#if HAVE_STRINGS_H +# include +#endif +#if HAVE_INTTYPES_H +# include +#else +# if HAVE_STDINT_H +# include +# endif +#endif +#if HAVE_UNISTD_H +# include +#endif" + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: should be removed in autoconf 3.0. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo "$ac_prog" | sed 's%[\\/][^\\/][^\\/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat < if you have libraries in a + nonstandard directory + CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have + headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +EOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_subdir in : $ac_subdirs_all; do test "x$ac_subdir" = x: && continue + cd $ac_subdir + # A "../" for each directory in /$ac_subdir. + ac_dots=`echo $ac_subdir | + sed 's,^\./,,;s,[^/]$,&/,;s,[^/]*/,../,g'` + + case $srcdir in + .) # No --srcdir option. We are building in place. + ac_sub_srcdir=$srcdir ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_sub_srcdir=$srcdir/$ac_subdir ;; + *) # Relative path. + ac_sub_srcdir=$ac_dots$srcdir/$ac_subdir ;; + esac + + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_sub_srcdir/configure.gnu; then + echo + $SHELL $ac_sub_srcdir/configure.gnu --help=recursive + elif test -f $ac_sub_srcdir/configure; then + echo + $SHELL $ac_sub_srcdir/configure --help=recursive + elif test -f $ac_sub_srcdir/configure.ac || + test -f $ac_sub_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_subdir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\EOF + +Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +EOF + exit 0 +fi +exec 5>config.log +cat >&5 </dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +PATH = $PATH + +_ASUNAME +} >&5 + +cat >&5 <\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + ac_sep=" " ;; + *) ac_configure_args="$ac_configure_args$ac_sep$ac_arg" + ac_sep=" " ;; + esac + # Get rid of the leading space. +done + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + echo >&5 + echo "## ----------------- ##" >&5 + echo "## Cache variables. ##" >&5 + echo "## ----------------- ##" >&5 + echo >&5 + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} >&5 + sed "/^$/d" confdefs.h >conftest.log + if test -s conftest.log; then + echo >&5 + echo "## ------------ ##" >&5 + echo "## confdefs.h. ##" >&5 + echo "## ------------ ##" >&5 + echo >&5 + cat conftest.log >&5 + fi + (echo; echo) >&5 + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" >&5 + echo "$as_me: exit $exit_status" >&5 + rm -rf conftest* confdefs* core core.* *.core conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:899: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + cat "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:910: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:918: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:934: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:938: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:944: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:946: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:948: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. It doesn't matter if + # we pass some twice (in addition to the command line arguments). + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` + ac_configure_args="$ac_configure_args '$ac_arg'" + ;; + *) ac_configure_args="$ac_configure_args $ac_var=$ac_new_val" + ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:967: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:969: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac +echo "#! $SHELL" >conftest.sh +echo "exit 0" >>conftest.sh +chmod +x conftest.sh +if { (echo "$as_me:989: PATH=\".;.\"; conftest.sh") >&5 + (PATH=".;."; conftest.sh) 2>&5 + ac_status=$? + echo "$as_me:992: \$? = $ac_status" >&5 + (exit $ac_status); }; then + ac_path_separator=';' +else + ac_path_separator=: +fi +PATH_SEPARATOR="$ac_path_separator" +rm -f conftest.sh + +ac_config_headers="$ac_config_headers src/config.h" + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:1011: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="${ac_tool_prefix}gcc" +echo "$as_me:1026: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:1034: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:1037: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:1046: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="gcc" +echo "$as_me:1061: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:1069: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:1072: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:1085: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="${ac_tool_prefix}cc" +echo "$as_me:1100: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:1108: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:1111: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:1120: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="cc" +echo "$as_me:1135: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:1143: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:1146: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:1159: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue +fi +ac_cv_prog_CC="cc" +echo "$as_me:1179: found $ac_dir/$ac_word" >&5 +break +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" ${1+"$@"} + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:1201: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:1204: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:1215: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="$ac_tool_prefix$ac_prog" +echo "$as_me:1230: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:1238: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:1241: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:1254: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="$ac_prog" +echo "$as_me:1269: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:1277: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:1280: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + +test -z "$CC" && { { echo "$as_me:1292: error: no acceptable cc found in \$PATH" >&5 +echo "$as_me: error: no acceptable cc found in \$PATH" >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:1297:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:1300: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:1303: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:1305: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:1308: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:1310: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:1313: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +#line 1317 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:1333: checking for C compiler default output" >&5 +echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:1336: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:1339: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. +for ac_file in `ls a.exe conftest.exe 2>/dev/null; + ls a.out conftest 2>/dev/null; + ls a.* conftest.* 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;; + a.out ) # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool --akim. + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +{ { echo "$as_me:1362: error: C compiler cannot create executables" >&5 +echo "$as_me: error: C compiler cannot create executables" >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:1368: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:1373: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:1379: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1382: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:1389: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:1397: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:1404: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:1406: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:1409: checking for executable suffix" >&5 +echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6 +if { (eval echo "$as_me:1411: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:1414: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:1430: error: cannot compute EXEEXT: cannot compile and link" >&5 +echo "$as_me: error: cannot compute EXEEXT: cannot compile and link" >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:1436: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:1442: checking for object suffix" >&5 +echo $ECHO_N "checking for object suffix... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 1448 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:1460: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1463: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +{ { echo "$as_me:1475: error: cannot compute OBJEXT: cannot compile" >&5 +echo "$as_me: error: cannot compute OBJEXT: cannot compile" >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:1482: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:1486: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 1492 "configure" +#include "confdefs.h" + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:1507: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1510: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:1513: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1516: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_compiler_gnu=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:1528: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:1534: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 1540 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:1552: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1555: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:1558: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1561: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_prog_cc_g=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:1571: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:1598: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1601: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:1604: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1607: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + ''\ + '#include ' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +#line 1619 "configure" +#include "confdefs.h" +#include +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:1632: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1635: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:1638: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1641: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +continue +fi +rm -f conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +#line 1651 "configure" +#include "confdefs.h" +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:1663: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:1666: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:1669: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:1672: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:1716: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:1736: checking for a BSD compatible install" >&5 +echo $ECHO_N "checking for a BSD compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_save_IFS=$IFS; IFS=$ac_path_separator + for ac_dir in $PATH; do + IFS=$ac_save_IFS + # Account for people who put trailing slashes in PATH elements. + case $ac_dir/ in + / | ./ | .// | /cC/* \ + | /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* \ + | /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if $as_executable_p "$ac_dir/$ac_prog"; then + if test $ac_prog = install && + grep dspmsg "$ac_dir/$ac_prog" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$ac_dir/$ac_prog" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:1785: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:1796: checking whether ${MAKE-make} sets \${MAKE}" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \${MAKE}... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,./+-,__p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftest.make +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$as_me:1816: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SET_MAKE= +else + echo "$as_me:1820: result: no" >&5 +echo "${ECHO_T}no" >&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:1830: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +#line 1851 "configure" +#include "confdefs.h" +#include + Syntax error +_ACEOF +if { (eval echo "$as_me:1856: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:1862: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +#line 1885 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:1889: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:1895: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:1932: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +#line 1942 "configure" +#include "confdefs.h" +#include + Syntax error +_ACEOF +if { (eval echo "$as_me:1947: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:1953: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +#line 1976 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:1980: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:1986: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:2014: error: C preprocessor \"$CPP\" fails sanity check" >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +echo "$as_me:2025: checking for AIX" >&5 +echo $ECHO_N "checking for AIX... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line 2028 "configure" +#include "confdefs.h" +#ifdef _AIX + yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "yes" >/dev/null 2>&1; then + echo "$as_me:2037: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +cat >>confdefs.h <<\EOF +#define _ALL_SOURCE 1 +EOF + +else + echo "$as_me:2044: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest* + +ac_header_dirent=no +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +echo "$as_me:2052: checking for $ac_hdr that defines DIR" >&5 +echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2058 "configure" +#include "confdefs.h" +#include +#include <$ac_hdr> + +int +main () +{ +if ((DIR *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2073: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2076: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2079: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2082: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_Header=no" +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2092: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for opendir in -ldir... $ECHO_C" >&6 +if test "${ac_cv_lib_dir_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldir $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 2113 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:2132: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:2135: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:2138: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2141: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dir_opendir=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_dir_opendir=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:2152: result: $ac_cv_lib_dir_opendir" >&5 +echo "${ECHO_T}$ac_cv_lib_dir_opendir" >&6 +if test $ac_cv_lib_dir_opendir = yes; then + LIBS="$LIBS -ldir" +fi + +else + echo "$as_me:2159: checking for opendir in -lx" >&5 +echo $ECHO_N "checking for opendir in -lx... $ECHO_C" >&6 +if test "${ac_cv_lib_x_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lx $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 2167 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:2186: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:2189: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:2192: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2195: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_x_opendir=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_x_opendir=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:2206: result: $ac_cv_lib_x_opendir" >&5 +echo "${ECHO_T}$ac_cv_lib_x_opendir" >&6 +if test $ac_cv_lib_x_opendir = yes; then + LIBS="$LIBS -lx" +fi + +fi + +echo "$as_me:2214: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6 +if test "${ac_cv_header_sys_wait_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2220 "configure" +#include "confdefs.h" +#include +#include +#ifndef WEXITSTATUS +# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +#endif +#ifndef WIFEXITED +# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) +#endif + +int +main () +{ + int s; + wait (&s); + s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2242: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2245: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2248: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2251: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_sys_wait_h=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_header_sys_wait_h=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2261: result: $ac_cv_header_sys_wait_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6 +if test $ac_cv_header_sys_wait_h = yes; then + +cat >>confdefs.h <<\EOF +#define HAVE_SYS_WAIT_H 1 +EOF + +fi + +for ac_header in fcntl.h limits.h paths.h strings.h inttypes.h sys/ioctl.h \ + sys/types.h sys/time.h machine/endian.h syslog.h unistd.h sysctl.h \ + err.h sys/context.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:2276: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2282 "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:2286: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:2292: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:2311: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +#line 2329 "configure" +#include "confdefs.h" +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:2378: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2381: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2384: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2387: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:2404: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:2407: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +echo "$as_me:2412: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2418 "configure" +#include "confdefs.h" + +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2476: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2479: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2482: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2485: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_const=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_const=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2495: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 +if test $ac_cv_c_const = no; then + +cat >>confdefs.h <<\EOF +#define const +EOF + +fi + +echo "$as_me:2505: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2511 "configure" +#include "confdefs.h" +#include +#include +#include +#include + +_ACEOF +if { (eval echo "$as_me:2519: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:2525: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +#line 2547 "configure" +#include "confdefs.h" +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +#line 2565 "configure" +#include "confdefs.h" +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +#line 2586 "configure" +#include "confdefs.h" +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:2612: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:2615: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:2617: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2620: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_header_stdc=no +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:2633: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:2649: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2655 "configure" +#include "confdefs.h" +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2661: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2664: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2667: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2670: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_Header=no" +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2680: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for off_t... $ECHO_C" >&6 +if test "${ac_cv_type_off_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2696 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((off_t *) 0) + return 0; +if (sizeof (off_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2711: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2714: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2717: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2720: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_off_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_off_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2730: result: $ac_cv_type_off_t" >&5 +echo "${ECHO_T}$ac_cv_type_off_t" >&6 +if test $ac_cv_type_off_t = yes; then + : +else + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for size_t... $ECHO_C" >&6 +if test "${ac_cv_type_size_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2748 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((size_t *) 0) + return 0; +if (sizeof (size_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2763: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2766: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2769: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2772: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_size_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_size_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2782: result: $ac_cv_type_size_t" >&5 +echo "${ECHO_T}$ac_cv_type_size_t" >&6 +if test $ac_cv_type_size_t = yes; then + : +else + +cat >>confdefs.h <&5 +echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6 +if test "${ac_cv_header_time+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2800 "configure" +#include "confdefs.h" +#include +#include +#include + +int +main () +{ +if ((struct tm *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2816: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2819: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2822: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2825: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_time=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_header_time=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2835: result: $ac_cv_header_time" >&5 +echo "${ECHO_T}$ac_cv_header_time" >&6 +if test $ac_cv_header_time = yes; then + +cat >>confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + +echo "$as_me:2845: checking whether struct tm is in sys/time.h or time.h" >&5 +echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6 +if test "${ac_cv_struct_tm+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 2851 "configure" +#include "confdefs.h" +#include +#include + +int +main () +{ +struct tm *tp; tp->tm_sec; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:2865: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:2868: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:2871: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2874: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_struct_tm=time.h +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_struct_tm=sys/time.h +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:2884: result: $ac_cv_struct_tm" >&5 +echo "${ECHO_T}$ac_cv_struct_tm" >&6 +if test $ac_cv_struct_tm = sys/time.h; then + +cat >>confdefs.h <<\EOF +#define TM_IN_SYS_TIME 1 +EOF + +fi + +echo "$as_me:2894: checking for dlopen in -ldl" >&5 +echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6 +if test "${ac_cv_lib_dl_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 2902 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char dlopen (); +int +main () +{ +dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:2921: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:2924: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:2927: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2930: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dl_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_dl_dlopen=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:2941: result: $ac_cv_lib_dl_dlopen" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6 +if test $ac_cv_lib_dl_dlopen = yes; then + SYSLOGD_LIBS="$SYSLOGD_LIBS -ldl" +fi + +echo "$as_me:2947: checking for connect in -lsocket" >&5 +echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_connect+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 2955 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char connect (); +int +main () +{ +connect (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:2974: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:2977: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:2980: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:2983: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_connect=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_socket_connect=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:2994: result: $ac_cv_lib_socket_connect" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6 +if test $ac_cv_lib_socket_connect = yes; then + SYSLOGD_LIBS="$SYSLOGD_LIBS -lsocket" +fi + +echo "$as_me:3000: checking for gethostbyname in -lnsl" >&5 +echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6 +if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 3008 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char gethostbyname (); +int +main () +{ +gethostbyname (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:3027: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3030: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:3033: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3036: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_nsl_gethostbyname=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_nsl_gethostbyname=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:3047: result: $ac_cv_lib_nsl_gethostbyname" >&5 +echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6 +if test $ac_cv_lib_nsl_gethostbyname = yes; then + SYSLOGD_LIBS="$SYSLOGD_LIBS -lnsl" +fi + +cat >>confdefs.h <<\EOF +#define SYSLOGD_LIBS $SYSLOGD_LIBS +EOF + +if test $ac_cv_c_compiler_gnu = yes; then + echo "$as_me:3058: checking whether $CC needs -traditional" >&5 +echo $ECHO_N "checking whether $CC needs -traditional... $ECHO_C" >&6 +if test "${ac_cv_prog_gcc_traditional+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_pattern="Autoconf.*'x'" + cat >conftest.$ac_ext <<_ACEOF +#line 3065 "configure" +#include "confdefs.h" +#include +Autoconf TIOCGETP +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "$ac_pattern" >/dev/null 2>&1; then + ac_cv_prog_gcc_traditional=yes +else + ac_cv_prog_gcc_traditional=no +fi +rm -f conftest* + + if test $ac_cv_prog_gcc_traditional = no; then + cat >conftest.$ac_ext <<_ACEOF +#line 3080 "configure" +#include "confdefs.h" +#include +Autoconf TCGETA +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "$ac_pattern" >/dev/null 2>&1; then + ac_cv_prog_gcc_traditional=yes +fi +rm -f conftest* + + fi +fi +echo "$as_me:3093: result: $ac_cv_prog_gcc_traditional" >&5 +echo "${ECHO_T}$ac_cv_prog_gcc_traditional" >&6 + if test $ac_cv_prog_gcc_traditional = yes; then + CC="$CC -traditional" + fi +fi + +echo "$as_me:3100: checking for working memcmp" >&5 +echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6 +if test "${ac_cv_func_memcmp_working+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_memcmp_working=no +else + cat >conftest.$ac_ext <<_ACEOF +#line 3109 "configure" +#include "confdefs.h" + +int +main () +{ + + /* Some versions of memcmp are not 8-bit clean. */ + char c0 = 0x40, c1 = 0x80, c2 = 0x81; + if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0) + exit (1); + + /* The Next x86 OpenStep bug shows up only when comparing 16 bytes + or more and with at least one buffer not starting on a 4-byte boundary. + William Lewis provided this test program. */ + { + char foo[21]; + char bar[21]; + int i; + for (i = 0; i < 4; i++) + { + char *a = foo + i; + char *b = bar + i; + strcpy (a, "--------01111111"); + strcpy (b, "--------10000000"); + if (memcmp (a, b, 16) >= 0) + exit (1); + } + exit (0); + } + + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:3145: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3148: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:3150: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3153: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_memcmp_working=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_memcmp_working=no +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:3165: result: $ac_cv_func_memcmp_working" >&5 +echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6 +test $ac_cv_func_memcmp_working = no && LIBOBJS="$LIBOBJS memcmp.$ac_objext" + +echo "$as_me:3169: checking return type of signal handlers" >&5 +echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6 +if test "${ac_cv_type_signal+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3175 "configure" +#include "confdefs.h" +#include +#include +#ifdef signal +# undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int +main () +{ +int i; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3197: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3200: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3203: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3206: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_signal=void +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_signal=int +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:3216: result: $ac_cv_type_signal" >&5 +echo "${ECHO_T}$ac_cv_type_signal" >&6 + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3232 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:3263: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3266: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:3269: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3272: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:3282: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6 +if test "${ac_cv_func__doprnt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3295 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _doprnt (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char _doprnt (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub__doprnt) || defined (__stub____doprnt) +choke me +#else +f = _doprnt; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:3326: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3329: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:3332: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3335: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func__doprnt=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func__doprnt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:3345: result: $ac_cv_func__doprnt" >&5 +echo "${ECHO_T}$ac_cv_func__doprnt" >&6 +if test $ac_cv_func__doprnt = yes; then + +cat >>confdefs.h <<\EOF +#define HAVE_DOPRNT 1 +EOF + +fi + +fi +done + +LIBS_SAVE="$LIBS" +LIBS="$LIBS $SYSLOGD_LIBS" + +for ac_func in gethostname inet_ntop getaddrinfo regcomp poll select\ + socket strdup strerror strstr strtoul inet_aton inet_addr +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:3365: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3371 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:3402: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3405: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:3408: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3411: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:3421: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 +if test "${ac_cv_c_bigendian+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_c_bigendian=unknown +# See if sys/param.h defines the BYTE_ORDER macro. +cat >conftest.$ac_ext <<_ACEOF +#line 3441 "configure" +#include "confdefs.h" +#include +#include + +int +main () +{ +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3458: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3461: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3464: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3467: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + # It does; now see whether it defined to BIG_ENDIAN or not. +cat >conftest.$ac_ext <<_ACEOF +#line 3471 "configure" +#include "confdefs.h" +#include +#include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3488: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3491: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3494: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3497: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_bigendian=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_bigendian=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext +if test $ac_cv_c_bigendian = unknown; then +if test "$cross_compiling" = yes; then + { { echo "$as_me:3513: error: cannot run test program while cross compiling" >&5 +echo "$as_me: error: cannot run test program while cross compiling" >&2;} + { (exit 1); exit 1; }; } +else + cat >conftest.$ac_ext <<_ACEOF +#line 3518 "configure" +#include "confdefs.h" +int +main () +{ + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long l; + char c[sizeof (long)]; + } u; + u.l = 1; + exit (u.c[sizeof (long) - 1] == 1); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:3534: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3537: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:3539: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3542: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_bigendian=no +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_bigendian=yes +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:3555: result: $ac_cv_c_bigendian" >&5 +echo "${ECHO_T}$ac_cv_c_bigendian" >&6 +if test $ac_cv_c_bigendian = yes; then + +cat >>confdefs.h <<\EOF +#define WORDS_BIGENDIAN 1 +EOF + +fi + +if test "x$GCC" = "xyes" +then + CFLAGS="$CFLAGS -Wall" +fi + +MSYSLOG_VERSION="1.08" +cat >>confdefs.h <>confdefs.h <>confdefs.h <&5 +echo $ECHO_N "checking wheter optreset is needed... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line 3595 "configure" +#include "confdefs.h" +#include +int +main () +{ +extern int optreset; optreset = 1; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:3607: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3610: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:3613: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3616: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cat >>confdefs.h <<\EOF +#define HAVE_OPTRESET 1 +EOF + echo "$as_me:3621: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +echo "$as_me:3626: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + +echo "$as_me:3631: checking pidfile directory" >&5 +echo $ECHO_N "checking pidfile directory... $ECHO_C" >&6 + +for dir in "/var/run" "/etc" +do + if test -d $dir ; then + break + fi +done +echo "$as_me:3640: result: root-mode pid file will go in $dir" >&5 +echo "${ECHO_T}root-mode pid file will go in $dir" >&6 +cat >>confdefs.h <&5 +echo $ECHO_N "checking wether netdb.h requires _USE_IRS... $ECHO_C" >&6 +if grep _USE_IRS /usr/include/netdb.h >/dev/null ;then + cat >>confdefs.h <<\EOF +#define _USE_IRS 1 +EOF + + echo "$as_me:3661: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me:3664: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +echo "$as_me:3668: checking if sigaltstack uses stack_t structure" >&5 +echo $ECHO_N "checking if sigaltstack uses stack_t structure... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line 3671 "configure" +#include "confdefs.h" +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "stack_t" >/dev/null 2>&1; then + + cat >>confdefs.h <<\EOF +#define SIGALTSTACK_WITH_STACK_T 1 +EOF + + echo "$as_me:3683: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +else + + echo "$as_me:3688: result: no" >&5 +echo "${ECHO_T}no" >&6 + +fi +rm -f conftest* + +echo "$as_me:3694: checking for daemon name" >&5 +echo $ECHO_N "checking for daemon name... $ECHO_C" >&6 + +MSYSLOG_DAEMON_NAME="syslogd"; + +# Check whether --with-daemon-name or --without-daemon-name was given. +if test "${with_daemon_name+set}" = set; then + withval="$with_daemon_name" + + if test "X$withval" = "Xyes" ; then + error_tmp="You have to specify a value, --with-daemon-name"; + { { echo "$as_me:3705: error: \"$error_tmp\"" >&5 +echo "$as_me: error: \"$error_tmp\"" >&2;} + { (exit 1); exit 1; }; } + else + MSYSLOG_DAEMON_NAME="$withval"; + fi + +fi; + +echo "$as_me:3714: result: \"$MSYSLOG_DAEMON_NAME\"" >&5 +echo "${ECHO_T}\"$MSYSLOG_DAEMON_NAME\"" >&6 + +# Check whether --with-maximum-optimization or --without-maximum-optimization was given. +if test "${with_maximum_optimization+set}" = set; then + withval="$with_maximum_optimization" + maxopt="yes"; +else + maxopt="no"; +fi; + +MAIN_CPPFLAGS=""; +UNAME=`uname` +if test "$UNAME" = "OpenBSD" ; then + cat >>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY +EOF + + cat >>confdefs.h <>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY | RTLD_GLOBAL +EOF + + cat >>confdefs.h <>confdefs.h <<\EOF +#define _GNU_SOURCE 1 +EOF + +elif test "$UNAME" = "SunOS" ; then + cat >>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY +EOF + + cat >>confdefs.h <<\EOF +#define _REENTRANT 1 +EOF + + cat >>confdefs.h <>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY +EOF + + cat >>confdefs.h <>confdefs.h <<\EOF +#define INET6 1 +EOF + + CFLAGS="-D_BSD_SIGNALS" + if test "x$GCC" == "xyes" + then + DCCFLAGS="-Bshared" + else + if test "x$maxopt" = "xyes" + then + CFLAGS="$CFLAGS -g3 -Ofast" + fi + fi + SHARED_PARAMS="-shared -soname $MLIBNAME -all" +elif test "$UNAME" = "AIX" ; then + cat >>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY | RTLD_GLOBAL +EOF + + cat >>confdefs.h <<\EOF +#define NEEDS_DLOPEN_NULL 1 +EOF + + cat >>confdefs.h < src/modules/libmsyslog.imp <<-EOF + #! . + dprintf + logerror + add_fd_input + place_signal + remove_fd_input + printline + EOF + + SYSLOGD_LIBS="$SYSLOGD_LIBS -Wl,-bexpall" +else + { echo "$as_me:3820: WARNING: cannot determine system type falling to defaults" >&5 +echo "$as_me: WARNING: cannot determine system type falling to defaults" >&2;} + cat >>confdefs.h <>confdefs.h <<\EOF +#define DLOPEN_FLAGS RTLD_LAZY +EOF + + SHARED_PARAMS="-Bshareable" +fi + +# Name of pidfile +if test "$UNAME" = "Linux" ; then + cat >>confdefs.h <<\EOF +#define PID_FILE "syslogd.pid" +EOF + +else + cat >>confdefs.h <<\EOF +#define PID_FILE "syslog.pid" +EOF + +fi + +temp_res="no"; + +# Check whether --with-bsd or --without-bsd was given. +if test "${with_bsd+set}" = set; then + withval="$with_bsd" + temp_res="$with_bsd"; +else + + if test "$UNAME" = "OpenBSD" -o "$UNAME" = "NetBSD" \ + -o "$UNAME" = "FreeBSD" -o "$UNAME" = "BSDi" \ + -o "$UNAME" = "386BSD" -o "$UNAME" = "ArchBSD" \ + -o "$UNAME" = "TrustedBSD" ; then + temp_res="yes"; + fi + +fi; +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_bsd.c"; + MANPAGES="$MANPAGES im_bsd.8"; + cat >>confdefs.h <<\EOF +#define HAVE_BSD_IMODULE 1 +EOF + +fi + +# Check whether --with-linux or --without-linux was given. +if test "${with_linux+set}" = set; then + withval="$with_linux" + + if test "$with_linux" = "yes" ; then + MSRCS="$MSRCS im_linux.c" + MANPAGES="$MANPAGES im_linux.8" + cat >>confdefs.h <<\EOF +#define HAVE_LINUX_IMODULE 1 +EOF + + fi + +else + + echo "$as_me:3886: checking for sys/klog.h" >&5 +echo $ECHO_N "checking for sys/klog.h... $ECHO_C" >&6 +if test "${ac_cv_header_sys_klog_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3892 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:3896: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3902: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_sys_klog_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_sys_klog_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:3921: result: $ac_cv_header_sys_klog_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_klog_h" >&6 +if test $ac_cv_header_sys_klog_h = yes; then + + MSRCS="$MSRCS im_linux.c" + MANPAGES="$MANPAGES im_linux.8" + cat >>confdefs.h <<\EOF +#define HAVE_LINUX_IMODULE 1 +EOF + +fi + +fi; + +temp_res="no"; + +# Check whether --with-udp or --without-udp was given. +if test "${with_udp+set}" = set; then + withval="$with_udp" + temp_res="$with_udp"; +else + + echo "$as_me:3943: checking for sys/socket.h" >&5 +echo $ECHO_N "checking for sys/socket.h... $ECHO_C" >&6 +if test "${ac_cv_header_sys_socket_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3949 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:3953: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3959: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_sys_socket_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_sys_socket_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:3978: result: $ac_cv_header_sys_socket_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_socket_h" >&6 +if test $ac_cv_header_sys_socket_h = yes; then + + temp_res="yes"; + +fi + +fi; +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_udp.c om_udp.c" + MANPAGES="$MANPAGES im_udp.8 om_udp.8"; +fi + +temp_res="yes"; + +# Check whether --with-unix or --without-unix was given. +if test "${with_unix+set}" = set; then + withval="$with_unix" + temp_res="$with_unix"; +else + + echo "$as_me:4000: checking for sys/un.h" >&5 +echo $ECHO_N "checking for sys/un.h... $ECHO_C" >&6 +if test "${ac_cv_header_sys_un_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4006 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:4010: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:4016: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_sys_un_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_sys_un_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:4035: result: $ac_cv_header_sys_un_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_un_h" >&6 +if test $ac_cv_header_sys_un_h = yes; then + temp_res="yes"; +fi + +fi; +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_unix.c" + cat >>confdefs.h <<\EOF +#define HAVE_UNIX_IMODULE 1 +EOF + + MANPAGES="$MANPAGES im_unix.8" +fi +temp_res="yes"; + +# Check whether --with-file or --without-file was given. +if test "${with_file+set}" = set; then + withval="$with_file" + temp_res="$with_file"; +fi; +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_file.c" + cat >>confdefs.h <<\EOF +#define HAVE_FILE_IMODULE 1 +EOF + + MANPAGES="$MANPAGES im_file.8" +fi + +temp_res=no + +# Check whether --with-streams or --without-streams was given. +if test "${with_streams+set}" = set; then + withval="$with_streams" + + if test "$with_streams" = "yes" ; then + temp_res="yes" + fi + +else + + echo "$as_me:4078: checking for sys/strlog.h" >&5 +echo $ECHO_N "checking for sys/strlog.h... $ECHO_C" >&6 +if test "${ac_cv_header_sys_strlog_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4084 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:4088: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:4094: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_sys_strlog_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_sys_strlog_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:4113: result: $ac_cv_header_sys_strlog_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_strlog_h" >&6 +if test $ac_cv_header_sys_strlog_h = yes; then + strlog_h="yes" +else + strlog_h="no" +fi + + echo "$as_me:4121: checking for door.h" >&5 +echo $ECHO_N "checking for door.h... $ECHO_C" >&6 +if test "${ac_cv_header_door_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4127 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:4131: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:4137: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_door_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_door_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:4156: result: $ac_cv_header_door_h" >&5 +echo "${ECHO_T}$ac_cv_header_door_h" >&6 +if test $ac_cv_header_door_h = yes; then + door_h="yes" +else + door_h="no" +fi + + if test "$strlog_h" = "yes" -a "$door_h" = "yes" ; then + temp_res="yes" + fi + +fi; + +if test "$temp_res" = "yes" ; then + MSRCS="$MSRCS im_streams.c" + MLIBS="$MLIBS -lpthread" + MANPAGES="$MANPAGES im_streams.8" + SYSLOGD_LIBS="$SYSLOGD_LIBS -lthread -ldoor" + cat >>confdefs.h <<\EOF +#define HAVE_STREAMS_IMODULE 1 +EOF + +fi +echo "$as_me:4180: checking for streams module" >&5 +echo $ECHO_N "checking for streams module... $ECHO_C" >&6 +echo "$as_me:4182: result: $temp_res" >&5 +echo "${ECHO_T}$temp_res" >&6 + +temp_res=no + +# Check whether --with-classic or --without-classic was given. +if test "${with_classic+set}" = set; then + withval="$with_classic" + temp_res="$with_classic"; +else + temp_res="yes"; +fi; +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS om_classic.c ttymsg.c" + MANPAGES="$MANPAGES om_classic.8" +fi + +# Check whether --with-tcp or --without-tcp was given. +if test "${with_tcp+set}" = set; then + withval="$with_tcp" + + if test $with_tcp = "yes" ; then + MSRCS="$MSRCS om_tcp.c im_tcp.c ip_misc.c" + MANPAGES="$MANPAGES om_tcp.8 im_tcp.8" + temp_res="yes" + else + temp_res="no" + fi + +else + + MSRCS="$MSRCS om_tcp.c im_tcp.c ip_misc.c" + MANPAGES="$MANPAGES om_tcp.8 im_tcp.8" + temp_res="yes" + +fi; + +if test "$temp_res" = "yes" ; then + cat >conftest.$ac_ext <<_ACEOF +#line 4221 "configure" +#include "confdefs.h" +#include <#include > + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "sa_len" >/dev/null 2>&1; then + cat >>confdefs.h <<\EOF +#define HAVE_SOCKADDR_SA_LEN 1 +EOF + +fi +rm -f conftest* + +fi + +# Check whether --with-mysql or --without-mysql was given. +if test "${with_mysql+set}" = set; then + withval="$with_mysql" + + if test $with_mysql = "yes" ; then + MSRCS="$MSRCS om_mysql.c" + MANPAGES="$MANPAGES om_mysql.8" + fi + +else + + MSRCS="$MSRCS om_mysql.c" + MANPAGES="$MANPAGES om_mysql.8" + USESQL="yes" + +fi; + +# Check whether --with-pgsql or --without-pgsql was given. +if test "${with_pgsql+set}" = set; then + withval="$with_pgsql" + + if test $with_pgsql = "yes" ; then + MSRCS="$MSRCS om_pgsql.c" + MANPAGES="$MANPAGES om_pgsql.8" + fi + +else + + MSRCS="$MSRCS om_pgsql.c" + MANPAGES="$MANPAGES om_pgsql.8" + USESQL="yes" + +fi; + +if test "$USESQL" = "yes" ; then + MSRCS="$MSRCS sql_misc.c" +fi + +# Check whether --with-peo or --without-peo was given. +if test "${with_peo+set}" = set; then + withval="$with_peo" + + if test $with_peo = "yes" ; then + PEO=yes + else + PEO=no + fi + +else + + PEO=yes + +fi; + +HASH_SRCS=""; +if test $PEO = "yes" ; then + + MSRCS="$MSRCS om_peo.c" + MANPAGES="$MANPAGES om_peo.8 peochk.8" + + HASH_SRCS="hash.c"; + HASH_SRCS_MODULES="../peo/hash.c"; + HASH_OBJS_MODULES="hash.o"; + echo "$as_me:4300: checking for MD5Init" >&5 +echo $ECHO_N "checking for MD5Init... $ECHO_C" >&6 +if test "${ac_cv_func_MD5Init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4306 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char MD5Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char MD5Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_MD5Init) || defined (__stub___MD5Init) +choke me +#else +f = MD5Init; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4337: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4340: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4343: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4346: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_MD5Init=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_MD5Init=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4356: result: $ac_cv_func_MD5Init" >&5 +echo "${ECHO_T}$ac_cv_func_MD5Init" >&6 +if test $ac_cv_func_MD5Init = yes; then + cat >>confdefs.h <<\EOF +#define HAVE_MD5 1 +EOF + +else + HASH_SRCS="$HASH_SRCS md5c.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/md5c.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES md5c.o"; + +fi + + echo "$as_me:4370: checking for SHA1Init" >&5 +echo $ECHO_N "checking for SHA1Init... $ECHO_C" >&6 +if test "${ac_cv_func_SHA1Init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4376 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char SHA1Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char SHA1Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_SHA1Init) || defined (__stub___SHA1Init) +choke me +#else +f = SHA1Init; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4407: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4410: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4413: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4416: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_SHA1Init=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_SHA1Init=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4426: result: $ac_cv_func_SHA1Init" >&5 +echo "${ECHO_T}$ac_cv_func_SHA1Init" >&6 +if test $ac_cv_func_SHA1Init = yes; then + cat >>confdefs.h <<\EOF +#define HAVE_SHA1 1 +EOF + +else + HASH_SRCS="$HASH_SRCS sha1.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/sha1.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES sha1.o"; + +fi + + echo "$as_me:4440: checking for RMD160Init" >&5 +echo $ECHO_N "checking for RMD160Init... $ECHO_C" >&6 +if test "${ac_cv_func_RMD160Init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4446 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char RMD160Init (); below. */ +#include +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char RMD160Init (); +char (*f) (); + +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_RMD160Init) || defined (__stub___RMD160Init) +choke me +#else +f = RMD160Init; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4477: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4480: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4483: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4486: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_RMD160Init=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_RMD160Init=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4496: result: $ac_cv_func_RMD160Init" >&5 +echo "${ECHO_T}$ac_cv_func_RMD160Init" >&6 +if test $ac_cv_func_RMD160Init = yes; then + cat >>confdefs.h <<\EOF +#define HAVE_RMD160 1 +EOF + +else + HASH_SRCS="$HASH_SRCS rmd160.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/rmd160.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES rmd160.o"; + +fi + + if test -r /dev/srandom ; then + cat >>confdefs.h <<\EOF +#define HAVE_SRANDOM 1 +EOF + + fi +fi + +# Check whether --with-regex or --without-regex was given. +if test "${with_regex+set}" = set; then + withval="$with_regex" + + if test $with_regex = "yes" ; then + MSRCS="$MSRCS om_regex.c" + MANPAGES="$MANPAGES om_regex.8" + fi + +else + + echo "$as_me:4529: checking for regex.h" >&5 +echo $ECHO_N "checking for regex.h... $ECHO_C" >&6 +if test "${ac_cv_header_regex_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4535 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:4539: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:4545: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_regex_h=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_header_regex_h=no +fi +rm -f conftest.err conftest.$ac_ext +fi +echo "$as_me:4564: result: $ac_cv_header_regex_h" >&5 +echo "${ECHO_T}$ac_cv_header_regex_h" >&6 +if test $ac_cv_header_regex_h = yes; then + + MSRCS="$MSRCS om_regex.c" + MANPAGES="$MANPAGES om_regex.8" + +fi + +fi; + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overriden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if cmp -s $cache_file confcache; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +echo "$as_me:4630: checking for socklen_t" >&5 +echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6 +if test "${ac_cv_type_socklen_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4636 "configure" +#include "confdefs.h" +#include +#include +#include + +int +main () +{ +if ((socklen_t *) 0) + return 0; +if (sizeof (socklen_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4654: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4657: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4660: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4663: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_socklen_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_socklen_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4673: result: $ac_cv_type_socklen_t" >&5 +echo "${ECHO_T}$ac_cv_type_socklen_t" >&6 +if test $ac_cv_type_socklen_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint32_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4689 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((uint32_t *) 0) + return 0; +if (sizeof (uint32_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4704: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4707: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4710: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4713: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint32_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_uint32_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4723: result: $ac_cv_type_uint32_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint32_t" >&6 +if test $ac_cv_type_uint32_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint64_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4739 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((uint64_t *) 0) + return 0; +if (sizeof (uint64_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4754: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4757: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4760: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4763: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint64_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_uint64_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4773: result: $ac_cv_type_uint64_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint64_t" >&6 +if test $ac_cv_type_uint64_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6 +if test "${ac_cv_type_u_int32_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4789 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((u_int32_t *) 0) + return 0; +if (sizeof (u_int32_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4804: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4807: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4810: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4813: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_u_int32_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_u_int32_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4823: result: $ac_cv_type_u_int32_t" >&5 +echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6 +if test $ac_cv_type_u_int32_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6 +if test "${ac_cv_type_u_int64_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4839 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((u_int64_t *) 0) + return 0; +if (sizeof (u_int64_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4854: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4857: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4860: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4863: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_u_int64_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_u_int64_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4873: result: $ac_cv_type_u_int64_t" >&5 +echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6 +if test $ac_cv_type_u_int64_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for __uint32_t... $ECHO_C" >&6 +if test "${ac_cv_type___uint32_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4889 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((__uint32_t *) 0) + return 0; +if (sizeof (__uint32_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4904: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4907: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4910: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4913: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type___uint32_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type___uint32_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4923: result: $ac_cv_type___uint32_t" >&5 +echo "${ECHO_T}$ac_cv_type___uint32_t" >&6 +if test $ac_cv_type___uint32_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for __uint64_t... $ECHO_C" >&6 +if test "${ac_cv_type___uint64_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4939 "configure" +#include "confdefs.h" +$ac_includes_default +int +main () +{ +if ((__uint64_t *) 0) + return 0; +if (sizeof (__uint64_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:4954: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:4957: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:4960: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4963: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type___uint64_t=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type___uint64_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:4973: result: $ac_cv_type___uint64_t" >&5 +echo "${ECHO_T}$ac_cv_type___uint64_t" >&6 +if test $ac_cv_type___uint64_t = yes; then + +cat >>confdefs.h <&5 +echo $ECHO_N "checking for CODE... $ECHO_C" >&6 +if test "${ac_cv_type_CODE+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 4989 "configure" +#include "confdefs.h" +#include +#define SYSLOG_NAMES +#include + +int +main () +{ +if ((CODE *) 0) + return 0; +if (sizeof (CODE)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:5007: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:5010: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:5013: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5016: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_CODE=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_CODE=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:5026: result: $ac_cv_type_CODE" >&5 +echo "${ECHO_T}$ac_cv_type_CODE" >&6 +if test $ac_cv_type_CODE = yes; then + +cat >>confdefs.h <confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overriden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if cmp -s $cache_file confcache; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:5116: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated automatically by configure. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +SHELL=\${CONFIG_SHELL-$SHELL} +ac_cs_invocation="\$0 \$@" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# Name of the executable. +as_me=`echo "$0" |sed 's,.*[\\/],,'` + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +as_executable_p="test -f" + +# Support unset when possible. +if (FOO=FOO; unset FOO) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + +# NLS nuisances. +$as_unset LANG || test "${LANG+set}" != set || { LANG=C; export LANG; } +$as_unset LC_ALL || test "${LC_ALL+set}" != set || { LC_ALL=C; export LC_ALL; } +$as_unset LC_TIME || test "${LC_TIME+set}" != set || { LC_TIME=C; export LC_TIME; } +$as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set || { LC_CTYPE=C; export LC_CTYPE; } +$as_unset LANGUAGE || test "${LANGUAGE+set}" != set || { LANGUAGE=C; export LANGUAGE; } +$as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set || { LC_COLLATE=C; export LC_COLLATE; } +$as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set || { LC_NUMERIC=C; export LC_NUMERIC; } +$as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; export LC_MESSAGES; } + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; } + +exec 6>&1 + +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\EOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to ." +EOF + +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + shift + set dummy "$ac_option" "$ac_optarg" ${1+"$@"} + shift + ;; + -*);; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_need_defaults=false;; + esac + + case $1 in + # Handling of the options. +EOF +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:5289: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + shift + CONFIG_FILES="$CONFIG_FILES $1" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + shift + CONFIG_HEADERS="$CONFIG_HEADERS $1" + ac_need_defaults=false;; + + # This is an error. + -*) { { echo "$as_me:5308: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +exec 5>>config.log +cat >&5 << _ACEOF + +## ----------------------- ## +## Running config.status. ## +## ----------------------- ## + +This file was extended by $as_me 2.52, executed with + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + > $ac_cs_invocation +on `(hostname || uname -n) 2>/dev/null | sed 1q` + +_ACEOF +EOF + +cat >>$CONFIG_STATUS <<\EOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/modules/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/modules/Makefile" ;; + "src/peo/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/peo/Makefile" ;; + "src/man/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; + "src/man/BSDmakefile" ) CONFIG_FILES="$CONFIG_FILES src/man/BSDmakefile" ;; + "src/man/GNUmakefile" ) CONFIG_FILES="$CONFIG_FILES src/man/GNUmakefile" ;; + "src/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;; + *) { { echo "$as_me:5351: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. +: ${TMPDIR=/tmp} +{ + tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=$TMPDIR/cs$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in $TMPDIR" >&2 + { (exit 1); exit 1; } +} + +EOF + +cat >>$CONFIG_STATUS <\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@DEFS@,$DEFS,;t t +s,@LIBS@,$LIBS,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@CPP@,$CPP,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@SYSLOGD_LIBS@,$SYSLOGD_LIBS,;t t +s,@SHARED_PARAMS@,$SHARED_PARAMS,;t t +s,@DCCFLAGS@,$DCCFLAGS,;t t +s,@MSRCS@,$MSRCS,;t t +s,@MLIBS@,$MLIBS,;t t +s,@MLIBNAME@,$MLIBNAME,;t t +s,@MANPAGES@,$MANPAGES,;t t +s,@HASH_SRCS@,$HASH_SRCS,;t t +s,@HASH_SRCS_MODULES@,$HASH_SRCS_MODULES,;t t +s,@HASH_OBJS_MODULES@,$HASH_OBJS_MODULES,;t t +s,@HAVE_SOCKLEN_T@,$HAVE_SOCKLEN_T,;t t +s,@MAIN_CPPFLAGS@,$MAIN_CPPFLAGS,;t t +s,@MSYSLOG_DAEMON_NAME@,$MSYSLOG_DAEMON_NAME,;t t +CEOF + +EOF + + cat >>$CONFIG_STATUS <<\EOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +EOF +cat >>$CONFIG_STATUS <<\EOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + ac_dir_suffix="/`echo $ac_dir|sed 's,^\./,,'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo "$ac_dir_suffix" | sed 's,/[^/]*,../,g'` + else + ac_dir_suffix= ac_dots= + fi + + case $srcdir in + .) ac_srcdir=. + if test -z "$ac_dots"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_dots | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_dots$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_dots$srcdir ;; + esac + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_dots$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:5572: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + configure_input="Generated automatically from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:5590: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:5603: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +EOF +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +EOF +cat >>$CONFIG_STATUS <<\EOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:5664: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:5675: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:5688: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +EOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\EOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\(\([^ (][^ (]*\)([^)]*)\)[ ]*\(.*\)$,${ac_dA}\2${ac_dB}\1${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +EOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\EOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +EOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if egrep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # egrep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\EOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated automatically by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated automatically by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if cmp -s $ac_file $tmp/config.h 2>/dev/null; then + { echo "$as_me:5805: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + fi + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done +EOF + +cat >>$CONFIG_STATUS <<\EOF + +{ (exit 0); exit 0; } +EOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + exec 5>/dev/null + $SHELL $CONFIG_STATUS || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + diff --git a/msyslog-v1.08a+smac/configure.in b/msyslog-v1.08a+smac/configure.in new file mode 100644 index 0000000..c9c374c --- /dev/null +++ b/msyslog-v1.08a+smac/configure.in @@ -0,0 +1,481 @@ +dnl $CoreSDI: configure.in,v 1.17.2.8.2.3.4.22 2001/11/30 23:13:43 alejo Exp $ +dnl Process this file with autoconf to produce a configure script. +AC_INIT(src/syslogd.c) +AC_CONFIG_HEADER(src/config.h) + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_INSTALL +AC_PROG_MAKE_SET + +dnl Do some AIX stuff before +AC_AIX + +dnl Checks for libraries. + +dnl Checks for header files. +AC_HEADER_DIRENT + +dnl This will be needed by later ports +dnl AC_HEADER_STDC + +AC_HEADER_SYS_WAIT + +AC_CHECK_HEADERS(fcntl.h limits.h paths.h strings.h inttypes.h sys/ioctl.h \ + sys/types.h sys/time.h machine/endian.h syslog.h unistd.h sysctl.h \ + err.h sys/context.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_HEADER_TIME +AC_STRUCT_TM + +dnl Checks for library functions. +AC_CHECK_LIB(dl, dlopen, SYSLOGD_LIBS="$SYSLOGD_LIBS -ldl") +AC_CHECK_LIB(socket, connect, SYSLOGD_LIBS="$SYSLOGD_LIBS -lsocket") +AC_CHECK_LIB(nsl, gethostbyname, SYSLOGD_LIBS="$SYSLOGD_LIBS -lnsl") +AC_DEFINE(SYSLOGD_LIBS, $SYSLOGD_LIBS) +AC_PROG_GCC_TRADITIONAL +AC_FUNC_MEMCMP +AC_TYPE_SIGNAL +dnl It should have strftime! +dnl AC_FUNC_STRFTIME +AC_FUNC_VPRINTF +LIBS_SAVE="$LIBS" +LIBS="$LIBS $SYSLOGD_LIBS" +AC_CHECK_FUNCS(gethostname inet_ntop getaddrinfo regcomp poll select\ + socket strdup strerror strstr strtoul inet_aton inet_addr ) +LIBS="$LIBS_SAVE" + +dnl Check endianness +AC_C_BIGENDIAN + +dnl +dnl Here are our checks... +dnl + +if test "x$GCC" = "xyes" +then + CFLAGS="$CFLAGS -Wall" +fi + +MSYSLOG_VERSION="1.08" +AC_DEFINE_UNQUOTED(MSYSLOG_VERSION_STR, "$MSYSLOG_VERSION") +echo msyslog version... $MSYSLOG_VERSION + +MLIBNAME="libmsyslog.so.$MSYSLOG_VERSION" ; +AC_DEFINE_UNQUOTED(MLIBNAME_STR, "$MLIBNAME") + +MANPAGES="syslog.conf.5 syslogd.8" + +if test "x$prefix" = "xNONE" +then + prefix=$ac_default_prefix +fi +AC_DEFINE_UNQUOTED(INSTALL_LIBDIR, "$prefix/lib/alat") + +AC_MSG_CHECKING(wheter optreset is needed) +AC_TRY_LINK([#include ], + [extern int optreset; optreset = 1;], + [AC_DEFINE(HAVE_OPTRESET) AC_MSG_RESULT(yes)], + AC_MSG_RESULT(no)) + +AC_MSG_CHECKING(pidfile directory) + +for dir in "/var/run" "/etc" +do + if test -d $dir ; then + break + fi +done +AC_MSG_RESULT(root-mode pid file will go in $dir) +AC_DEFINE_UNQUOTED(PID_DIR, "$dir") + +dnl search mandir for non bsd systems +for MANDIR in "/usr/share/man" "/usr/man" +do + if test -d $MANDIR ; then + mandir=$MANDIR; + break; + fi +done + +dnl Check underscore requirement for dlsym() + +AC_MSG_CHECKING(wether netdb.h requires _USE_IRS) +if grep _USE_IRS /usr/include/netdb.h >/dev/null ;then + AC_DEFINE(_USE_IRS) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +AC_MSG_CHECKING(if sigaltstack uses stack_t structure) +AC_EGREP_HEADER(stack_t, [signal.h],[ + AC_DEFINE(SIGALTSTACK_WITH_STACK_T) + AC_MSG_RESULT(yes) +], [ + AC_MSG_RESULT(no) +]) + + +AC_MSG_CHECKING(for daemon name) + +MSYSLOG_DAEMON_NAME="syslogd"; + +AC_ARG_WITH(daemon-name, +[ --with-daemon-name Set a different daemon name, instead of syslogd +],[ + if test "X$withval" = "Xyes" ; then + error_tmp="You have to specify a value, --with-daemon-name"; + AC_MSG_ERROR("$error_tmp") + else + MSYSLOG_DAEMON_NAME="$withval"; + fi +]) + +AC_MSG_RESULT("$MSYSLOG_DAEMON_NAME") + +AC_ARG_WITH(maximum-optimization, +[ --without-maximum-optimization + Activate maximum possible compile and link optimization +],[ maxopt="yes"; ],[ maxopt="no"; ]) + +MAIN_CPPFLAGS=""; +UNAME=`uname` +if test "$UNAME" = "OpenBSD" ; then + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "_") + SHARED_PARAMS="-Bshareable" + DCCFLAGS="-fPIC" +elif test "$UNAME" = "Linux" ; then + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY | RTLD_GLOBAL) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "") + MAIN_CPPFLAGS="-Xlinker -E"; + SHARED_PARAMS="-Bshareable" + DCCFLAGS="" + AC_DEFINE(_GNU_SOURCE, 1) +elif test "$UNAME" = "SunOS" ; then + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY) + AC_DEFINE(_REENTRANT) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "") + SHARED_PARAMS="-G" + DCCFLAGS="-fPIC" +elif test "$UNAME" = "IRIX" -o "$UNAME" = "IRIX64" ; then + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "") + AC_DEFINE(INET6) + CFLAGS="-D_BSD_SIGNALS" + if test "x$GCC" == "xyes" + then + DCCFLAGS="-Bshared" + else + if test "x$maxopt" = "xyes" + then + CFLAGS="$CFLAGS -g3 -Ofast" + fi + fi + SHARED_PARAMS="-shared -soname $MLIBNAME -all" +elif test "$UNAME" = "AIX" ; then + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY | RTLD_GLOBAL) + AC_DEFINE(NEEDS_DLOPEN_NULL) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "") + DCCFLAGS="-shared" + SHARED_PARAMS="-lc -bI:libmsyslog.imp -bexpall -bnoentry -brtl" + cat > src/modules/libmsyslog.imp <<-EOF + #! . + dprintf + logerror + add_fd_input + place_signal + remove_fd_input + printline + EOF + + SYSLOGD_LIBS="$SYSLOGD_LIBS -Wl,-bexpall" +else + AC_MSG_WARN(cannot determine system type falling to defaults) + AC_DEFINE_UNQUOTED(SYMBOL_PREFIX, "") + AC_DEFINE(DLOPEN_FLAGS, RTLD_LAZY) + SHARED_PARAMS="-Bshareable" +fi + +# Name of pidfile +if test "$UNAME" = "Linux" ; then + AC_DEFINE(PID_FILE, "syslogd.pid") +else + AC_DEFINE(PID_FILE, "syslog.pid") +fi + +dnl +dnl Here we check module support +dnl + +temp_res="no"; +AC_ARG_WITH(bsd, +[ --without-bsd + Use bsd input module. Automatically detected. +],[ temp_res="$with_bsd"; ],[ + if test "$UNAME" = "OpenBSD" -o "$UNAME" = "NetBSD" \ + -o "$UNAME" = "FreeBSD" -o "$UNAME" = "BSDi" \ + -o "$UNAME" = "386BSD" -o "$UNAME" = "ArchBSD" \ + -o "$UNAME" = "TrustedBSD" ; then + temp_res="yes"; + fi +]) +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_bsd.c"; + MANPAGES="$MANPAGES im_bsd.8"; + AC_DEFINE(HAVE_BSD_IMODULE) +fi + +AC_ARG_WITH(linux, +[ --without-linux + Use linux kernel input module. Automatically detected. +],[ + if test "$with_linux" = "yes" ; then + MSRCS="$MSRCS im_linux.c" + MANPAGES="$MANPAGES im_linux.8" + AC_DEFINE(HAVE_LINUX_IMODULE) + fi +],[ + AC_CHECK_HEADER(sys/klog.h, [ + MSRCS="$MSRCS im_linux.c" + MANPAGES="$MANPAGES im_linux.8" + AC_DEFINE(HAVE_LINUX_IMODULE) + ]) +]) + +temp_res="no"; +AC_ARG_WITH(udp, +[ --without-udp + Use udp socket input module. Activated by default. +],[ temp_res="$with_udp"; ],[ + AC_CHECK_HEADER(sys/socket.h, [ + temp_res="yes"; + ]) +]) +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_udp.c om_udp.c" + MANPAGES="$MANPAGES im_udp.8 om_udp.8"; +fi + +temp_res="yes"; + +AC_ARG_WITH(unix, +[ --without-unix + Use unix socket domain input module. Activated by default. +],[ temp_res="$with_unix"; ],[ + AC_CHECK_HEADER(sys/un.h, [ temp_res="yes"; ]) +]) +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_unix.c" + AC_DEFINE(HAVE_UNIX_IMODULE) + MANPAGES="$MANPAGES im_unix.8" +fi +temp_res="yes"; + +AC_ARG_WITH(file, +[ --without-file + Use file/pip input module. Activated by default. +],[ temp_res="$with_file"; ]) +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS im_file.c" + AC_DEFINE(HAVE_FILE_IMODULE) + MANPAGES="$MANPAGES im_file.8" +fi + +dnl Doors should only be used with streams + +temp_res=no +AC_ARG_WITH(streams, +[ --without-streams + Use streams input module. Activated by default. +],[ + + if test "$with_streams" = "yes" ; then + temp_res="yes" + fi +],[ + AC_CHECK_HEADER(sys/strlog.h, strlog_h="yes", strlog_h="no") + AC_CHECK_HEADER(door.h, door_h="yes", door_h="no") + if test "$strlog_h" = "yes" -a "$door_h" = "yes" ; then + temp_res="yes" + fi +]) + +if test "$temp_res" = "yes" ; then + MSRCS="$MSRCS im_streams.c" + MLIBS="$MLIBS -lpthread" + MANPAGES="$MANPAGES im_streams.8" + SYSLOGD_LIBS="$SYSLOGD_LIBS -lthread -ldoor" + AC_DEFINE(HAVE_STREAMS_IMODULE) +fi +AC_MSG_CHECKING(for streams module) +AC_MSG_RESULT($temp_res) + +temp_res=no +AC_ARG_WITH(classic, +[ --without-classic + Use classic output module. Activated by default. +],[ temp_res="$with_classic"; ],[ temp_res="yes"; ],[ +]) +if test "X$temp_res" = "Xyes" ; then + MSRCS="$MSRCS om_classic.c ttymsg.c" + MANPAGES="$MANPAGES om_classic.8" +fi + +AC_ARG_WITH(tcp, +[ --without-tcp + Use tcp input and output modules. Activated by default. +],[ + if test $with_tcp = "yes" ; then + MSRCS="$MSRCS om_tcp.c im_tcp.c ip_misc.c" + MANPAGES="$MANPAGES om_tcp.8 im_tcp.8" + temp_res="yes" + else + temp_res="no" + fi +],[ + MSRCS="$MSRCS om_tcp.c im_tcp.c ip_misc.c" + MANPAGES="$MANPAGES om_tcp.8 im_tcp.8" + temp_res="yes" +]) + +if test "$temp_res" = "yes" ; then + AC_EGREP_HEADER(sa_len, [#include ], + AC_DEFINE(HAVE_SOCKADDR_SA_LEN)) +fi + +AC_ARG_WITH(mysql, +[ --without-mysql + Use mysql MySQL output module. Activated by default. +],[ + if test $with_mysql = "yes" ; then + MSRCS="$MSRCS om_mysql.c" + MANPAGES="$MANPAGES om_mysql.8" + fi +],[ + MSRCS="$MSRCS om_mysql.c" + MANPAGES="$MANPAGES om_mysql.8" + USESQL="yes" +]) + +AC_ARG_WITH(pgsql, +[ --without-pgsql + Use pgsql PostgreSQL output module. Activated by default. +],[ + if test $with_pgsql = "yes" ; then + MSRCS="$MSRCS om_pgsql.c" + MANPAGES="$MANPAGES om_pgsql.8" + fi +],[ + MSRCS="$MSRCS om_pgsql.c" + MANPAGES="$MANPAGES om_pgsql.8" + USESQL="yes" +]) + +if test "$USESQL" = "yes" ; then + MSRCS="$MSRCS sql_misc.c" +fi + +AC_ARG_WITH(peo, +[ --without-peo + Use peo log integrity verification module. Activated by default. +],[ + if test $with_peo = "yes" ; then + PEO=yes + else + PEO=no + fi +],[ + PEO=yes +]) + +HASH_SRCS=""; +if test $PEO = "yes" ; then + + MSRCS="$MSRCS om_peo.c" + MANPAGES="$MANPAGES om_peo.8 peochk.8" + + HASH_SRCS="hash.c"; + HASH_SRCS_MODULES="../peo/hash.c"; + HASH_OBJS_MODULES="hash.o"; + AC_CHECK_FUNC(MD5Init, AC_DEFINE(HAVE_MD5), + HASH_SRCS="$HASH_SRCS md5c.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/md5c.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES md5c.o"; + ) + AC_CHECK_FUNC(SHA1Init, AC_DEFINE(HAVE_SHA1), + HASH_SRCS="$HASH_SRCS sha1.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/sha1.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES sha1.o"; + ) + AC_CHECK_FUNC(RMD160Init, AC_DEFINE(HAVE_RMD160), + HASH_SRCS="$HASH_SRCS rmd160.c"; + HASH_SRCS_MODULES="$HASH_SRCS_MODULES ../peo/rmd160.c"; + HASH_OBJS_MODULES="$HASH_OBJS_MODULES rmd160.o"; + ) + if test -r /dev/srandom ; then + AC_DEFINE(HAVE_SRANDOM) + fi +fi + +AC_ARG_WITH(regex, +[ --without-regex + Use regex pattern matching output module. Activated by default. +],[ + if test $with_regex = "yes" ; then + MSRCS="$MSRCS om_regex.c" + MANPAGES="$MANPAGES om_regex.8" + fi +],[ + AC_CHECK_HEADER(regex.h, [ + MSRCS="$MSRCS om_regex.c" + MANPAGES="$MANPAGES om_regex.8" + ]) +]) + +AC_CACHE_SAVE + +AC_CHECK_TYPES(socklen_t,,,[#include +#include +#include ]) + +AC_CHECK_TYPES(uint32_t) +AC_CHECK_TYPES(uint64_t) +AC_CHECK_TYPES(u_int32_t) +AC_CHECK_TYPES(u_int64_t) +AC_CHECK_TYPES(__uint32_t) +AC_CHECK_TYPES(__uint64_t) + +AC_CHECK_TYPES(CODE,,,[#include +#define SYSLOG_NAMES +#include ]) + + +AC_SUBST(SYSLOGD_LIBS) +AC_SUBST(SHARED_PARAMS) +AC_SUBST(DCCFLAGS) +AC_SUBST(MSRCS) +AC_SUBST(MLIBS) +AC_SUBST(MLIBNAME) +AC_SUBST(MANPAGES) +AC_SUBST(HASH_SRCS) +AC_SUBST(HASH_SRCS_MODULES) +AC_SUBST(HASH_OBJS_MODULES) +AC_SUBST(HAVE_SOCKLEN_T) +AC_SUBST(MAIN_CPPFLAGS) +AC_SUBST(MSYSLOG_DAEMON_NAME) + +dnl AC_SUBST(SYMBOL_PREFIX) + +AC_OUTPUT([Makefile + src/Makefile + src/modules/Makefile + src/peo/Makefile + src/man/Makefile + src/man/BSDmakefile + src/man/GNUmakefile]) diff --git a/msyslog-v1.08a+smac/doc/HOW-TO-UPGRADE b/msyslog-v1.08a+smac/doc/HOW-TO-UPGRADE new file mode 100644 index 0000000..cd483ea --- /dev/null +++ b/msyslog-v1.08a+smac/doc/HOW-TO-UPGRADE @@ -0,0 +1,44 @@ +OpenBSD +======= + +Uncompress msyslog-1.04.tar.gz and do a "./configure" and then a "make". +If everything goes well (it should! ;), do a "make install". + +This version of "msyslog" is full compatible with previous configuration files +from BSD syslog and sysklogd's. + +RedHat GNU/Linux +================ + +You need /proc filesystem to let im_linux work. + +FreeBSD +======= + +No thorough testing yet, so no help available yet. But everything should work +just fine. + +NetBSD +====== + +No thorough testing yet, so no help available yet. But everythyng should work +just fine. + + +Solaris +======= + +Specific differences on configuration file not supported (like 'ifdef' +conditionals). + + +Irix +==== + +You may compile with -O3 level, but it is not default. + +Aix +=== + +Check your library settings, since it is ugly on Aix! + diff --git a/msyslog-v1.08a+smac/doc/HOW_TO_WRITE_A_MODULE b/msyslog-v1.08a+smac/doc/HOW_TO_WRITE_A_MODULE new file mode 100644 index 0000000..79f2860 --- /dev/null +++ b/msyslog-v1.08a+smac/doc/HOW_TO_WRITE_A_MODULE @@ -0,0 +1,20 @@ + HOW TO WRITE A SYSLOGD MODULE + ============================= + +First, it is recommended that you use the templates for module creations, +im_myodule.c and om_mymodule.c. Take care with getopt optreset present +on some OSs. + +Some extra care should be taken of repeated messages too. + +Names +----- + +Names used should be alphanumeric using '_' as separation. + +Libraries +--------- + +Your module should handle it's libraries with dlopen() and dlsym(). + +For more information join our developer list (see INSTALL). diff --git a/msyslog-v1.08a+smac/doc/README.mysql b/msyslog-v1.08a+smac/doc/README.mysql new file mode 100644 index 0000000..f45ac24 --- /dev/null +++ b/msyslog-v1.08a+smac/doc/README.mysql @@ -0,0 +1,7 @@ +Notes on using MySQL output module +================================== + +When using mysql module, you may have to modify your library path directory +to match the directory in wich the file libmysqlclient.X.X was installed. +This is not dependant on msyslog installation, but on the specific +package you used to install MySQL on your system. diff --git a/msyslog-v1.08a+smac/doc/copyright b/msyslog-v1.08a+smac/doc/copyright new file mode 100644 index 0000000..5f5d497 --- /dev/null +++ b/msyslog-v1.08a+smac/doc/copyright @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff --git a/msyslog-v1.08a+smac/install-sh b/msyslog-v1.08a+smac/install-sh new file mode 100755 index 0000000..33d8e0d --- /dev/null +++ b/msyslog-v1.08a+smac/install-sh @@ -0,0 +1,108 @@ +#!/bin/sh + +# +# install - install a program, script, or datafile +# +# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $ +# +# This script is compatible with the BSD install script, but was written +# from scratch. +# + + +# set DOITPROG to echo to test this script + +doit="${DOITPROG:-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG:-mv}" +cpprog="${CPPROG:-cp}" +chmodprog="${CHMODPROG:-chmod}" +chownprog="${CHOWNPROG:-chown}" +chgrpprog="${CHGRPPROG:-chgrp}" +stripprog="${STRIPPROG:-strip}" +rmprog="${RMPROG:-rm}" + +instcmd="$mvprog" +chmodcmd="" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +src="" +dst="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +fi + +if [ x"$dst" = x ] +then + echo "install: no destination specified" + exit 1 +fi + + +# if destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + +if [ -d $dst ] +then + dst="$dst"/`basename $src` +fi + + +# get rid of the old one and mode the new one in + +$doit $rmcmd $dst +$doit $instcmd $src $dst + + +# and set any options; do chmod last to preserve setuid bits + +if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi +if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi +if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi +if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi + +exit 0 diff --git a/msyslog-v1.08a+smac/src/Makefile b/msyslog-v1.08a+smac/src/Makefile new file mode 100644 index 0000000..84a4742 --- /dev/null +++ b/msyslog-v1.08a+smac/src/Makefile @@ -0,0 +1,82 @@ +# $CoreSDI: Makefile.in,v 1.3.2.8.4.7 2001/11/20 09:56:22 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= gcc +CFLAGS= -g -O2 -Wall +CPPFLAGS= -I. +MAIN_CPPFLAGS= -Xlinker -E +LIBS= +SYSLOGD_LIBS= -ldl -lnsl + +INSTALL= /usr/bin/ginstall -c +INSTALL_DIR= /usr/msyslog/sbin + +PROG= syslogd +PROG_FLAGS= $(CFLAGS) $(CPPFLAGS) $(LIBS) $(SYSLOGD_LIBS) $(MAIN_CPPFLAGS) +SRCS= modules.c syslogd.c +OBJS= $(SRCS:.c=.o) + +all: $(PROG) + +.c.o: + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ + +modules.o: config.h + +$(OBJS): $(SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) -c $(@:.o=.c) -o $@ + +$(PROG): $(OBJS) + $(CC) $(PROG_FLAGS) $(OBJS) -o $@ + +.PHONY: clean distclean + +clean: + -rm -f $(OBJS) core *.core $(PROG) + +distclean: clean + -rm -f Makefile config.h + +install-prog: + @if [ ! -d $(INSTALL_DIR) ]; then \ + mkdir -p $(INSTALL_DIR); \ + fi + @if [ -f "$(INSTALL_DIR)/$(PROG)" ]; then \ + mv -f "$(INSTALL_DIR)/$(PROG)" "$(INSTALL_DIR)/$(PROG).old"; \ + fi + $(INSTALL) -s $(PROG) $(INSTALL_DIR)/ ; + +install: install-prog + @echo -e \ + " **********************************************************\n"\ + "** A new syslog daemon was installed !! **\n"\ + "** Please read the INSTALL and README files **\n"\ + "** to get your syslog configuration ready **\n"\ + "**********************************************************\n" diff --git a/msyslog-v1.08a+smac/src/Makefile.in b/msyslog-v1.08a+smac/src/Makefile.in new file mode 100644 index 0000000..b94d08c --- /dev/null +++ b/msyslog-v1.08a+smac/src/Makefile.in @@ -0,0 +1,82 @@ +# $CoreSDI: Makefile.in,v 1.3.2.8.4.7 2001/11/20 09:56:22 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= @CC@ +CFLAGS= @CFLAGS@ +CPPFLAGS= @CPPFLAGS@ -I. +MAIN_CPPFLAGS= @MAIN_CPPFLAGS@ +LIBS= @LIBS@ +SYSLOGD_LIBS= @SYSLOGD_LIBS@ + +INSTALL= @INSTALL@ +INSTALL_DIR= @prefix@/sbin + +PROG= @MSYSLOG_DAEMON_NAME@ +PROG_FLAGS= $(CFLAGS) $(CPPFLAGS) $(LIBS) $(SYSLOGD_LIBS) $(MAIN_CPPFLAGS) +SRCS= modules.c syslogd.c +OBJS= $(SRCS:.c=.o) + +all: $(PROG) + +.c.o: + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ + +modules.o: config.h + +$(OBJS): $(SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) -c $(@:.o=.c) -o $@ + +$(PROG): $(OBJS) + $(CC) $(PROG_FLAGS) $(OBJS) -o $@ + +.PHONY: clean distclean + +clean: + -rm -f $(OBJS) core *.core $(PROG) + +distclean: clean + -rm -f Makefile config.h + +install-prog: + @if [ ! -d $(INSTALL_DIR) ]; then \ + mkdir -p $(INSTALL_DIR); \ + fi + @if [ -f "$(INSTALL_DIR)/$(PROG)" ]; then \ + mv -f "$(INSTALL_DIR)/$(PROG)" "$(INSTALL_DIR)/$(PROG).old"; \ + fi + $(INSTALL) -s $(PROG) $(INSTALL_DIR)/ ; + +install: install-prog + @echo -e \ + " **********************************************************\n"\ + "** A new syslog daemon was installed !! **\n"\ + "** Please read the INSTALL and README files **\n"\ + "** to get your syslog configuration ready **\n"\ + "**********************************************************\n" diff --git a/msyslog-v1.08a+smac/src/TODO b/msyslog-v1.08a+smac/src/TODO new file mode 100644 index 0000000..2f80dd1 --- /dev/null +++ b/msyslog-v1.08a+smac/src/TODO @@ -0,0 +1,59 @@ +/* $CoreSDI: TODO,v 1.20.2.1.4.11 2001/05/24 00:19:11 alejo Exp $ */ + +FOR THIS RELEASE + +- More docs on source code +- unify documentation + +FOR NEXT RELEASE + +- finish log structure stuff, including some queue handling + - after that, improve om_regex, and join reduntant code. + - have in mind new standards +- Move buffer of lost messages out of modules, so all om can use it. +- Check "" errors on solaris / support spaces intead the tabs on configfile +- Change strcpy and strncpy to strlcpy (same w/ strlcat) +- define STYLE for names (ie. underscore or caps, indentation) +- redo parsing functions +- CHECK LIBC and GLIBC's way to work +- use more cache on autoconf +- %subst module +- Make source compile on non gcc systems. +- Makefiles should let compile a single module as a .so + +FOR UNKNOWN FUTURE + +- Use one function per module, with action as a parameter. +- Check linux kernel 2.4 potential header problems +- Let im_tcp do the connect, and om_tcp do the listen. + +For handling errors logging in a particular module, create a om_onerror +function to do proper reinit or whatever (and after that the module should +get in the exactly same state as before the error). + +Check for buffer overflows, as we now may get things from the outside world. + +- divide classic in om_file, om_udp, om_console, om_wall, om_user. +- We need to change the decode function on syslogd.c and use the strcasecmp() + function +- Kill filed structure, associate ins and outs so no for(;;) is needed +- Optimize each input/output module +- create a single file with all networking primitives used +- chroot +- new syntax on config files +- redo line format while keeping "<" and ">" usage (prevent new syslog proto) +- Add linux extensions on selector field on configuration file +- We need to allow several others log methods like syscalls (ex.: im_linux) +- Reconfiguing input modules on the fly (syslog -i "unix /dev/klog" when + syslog is already running) +- Keep alive [remote] saying how many messages have been sent from the previous + keep alive +- optimize peochk (readline) +- Create a module configuration file outside /etc/syslog.conf +- threads per output module +- Create a message structure to be pased from ins to outs +- Make a dbm/ndbm output module. talk w/ audit for that +- Check why messages to console take a while to pop up +- A bug report form +- check M$ MAPI +- check pager stuff formats diff --git a/msyslog-v1.08a+smac/src/config.h b/msyslog-v1.08a+smac/src/config.h new file mode 100644 index 0000000..ebc8c7e --- /dev/null +++ b/msyslog-v1.08a+smac/src/config.h @@ -0,0 +1,154 @@ +/* src/config.h. Generated automatically by configure. */ +/* config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define to empty if the keyword does not work. */ +/* #undef const */ + +/* Define if you don't have vprintf but do have _doprnt. */ +/* #undef HAVE_DOPRNT */ + +/* Define if you have the vprintf function. */ +#define HAVE_VPRINTF 1 + +/* Define to `long' if doesn't define. */ +/* #undef off_t */ + +/* Define as the return type of signal handlers (int or void). */ +#define RETSIGTYPE void + +/* Define to `unsigned' if doesn't define. */ +/* #undef size_t */ + +/* Define if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define if you can safely include both and . */ +#define TIME_WITH_SYS_TIME 1 + +/* Define if your declares struct tm. */ +/* #undef TM_IN_SYS_TIME */ + +/* Define if you have the gethostname function. */ +#define HAVE_GETHOSTNAME 1 + +/* Define if you have the regcomp function. */ +#define HAVE_REGCOMP 1 + +/* Define if you have the select function. */ +#define HAVE_POLL 1 + +/* Define if you have the select function. */ +#define HAVE_SELECT 1 + +/* Define if you have the socket function. */ +#define HAVE_SOCKET 1 + +/* Define if you have the strdup function. */ +#define HAVE_STRDUP 1 + +/* Define if you have the strerror function. */ +#define HAVE_STRERROR 1 + +/* Define if you have the strstr function. */ +#define HAVE_STRSTR 1 + +/* Define if you have the strtoul function. */ +#define HAVE_STRTOUL 1 + +/* Define if you have the header file. */ +#define HAVE_DIRENT_H 1 + +/* Define if you have the header file. */ +#define HAVE_FCNTL_H 1 + +/* Define if you have the header file. */ +#define HAVE_LIMITS_H 1 + +/* Define if you have the header file. */ +/* #undef HAVE_NDIR_H */ + +/* Define if you have the header file. */ +#define HAVE_PATHS_H 1 + +/* Define if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define if you have the header file. */ +/* #undef HAVE_SYS_DIR_H */ + +/* Define if you have the header file. */ +#define HAVE_SYS_IOCTL_H 1 + +/* Define if you have the header file. */ +/* #undef HAVE_SYS_NDIR_H */ + +/* Define if you have the header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define if you have the header file. */ +#define HAVE_SYSLOG_H 1 + +/* Define if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* #undef HAVE_SYSCTL_H */ +#define HAVE_ERR_H 1 + +#define MSYSLOG_VERSION_STR "1.08" +#define MLIBNAME_STR "libmsyslog.so.1.08" +#define INSTALL_LIBDIR "/usr/msyslog/lib/alat" +#define PID_DIR "/var/run" +#define PID_FILE "syslogd.pid" + +/* #undef HAVE_OPTRESET */ + +#define DLOPEN_FLAGS RTLD_LAZY | RTLD_GLOBAL +#define SYMBOL_PREFIX "" + +/* #undef HAVE_SRANDOM */ +/* #undef HAVE_MD5 */ +/* #undef HAVE_SHA1 */ +/* #undef HAVE_RMD160 */ + +#define HAVE_SOCKLEN_T 1 +#define HAVE_UINT32_T 1 +#define HAVE_UINT64_T 1 +#define HAVE_U_INT32_T 1 +#define HAVE___UINT32_T 1 +#define HAVE_U_INT64_T 1 +#define HAVE___UINT64_T 1 + +#define HAVE_CODE 1 + +/* #undef MLIBNAME */ + +#define HAVE_SYS_WAIT_H 1 + +#define HAVE_GETADDRINFO 1 + +#define HAVE_INET_NTOP 1 +#define HAVE_INET_ATON 1 +#define HAVE_INET_ADDR 1 + +/* #undef HAVE_STREAMS_IMODULE */ +#define HAVE_LINUX_IMODULE 1 +/* #undef HAVE_BSD_IMODULE */ +#define HAVE_UNIX_IMODULE 1 + +/* #undef HAVE_SOCKADDR_SA_LEN */ + +/* #undef _USE_IRS */ +#define SIGALTSTACK_WITH_STACK_T 1 +/* #undef HAVE_SYS_CONTEXT_H */ + +/* #undef NEEDS_DLOPEN_NULL */ + +/* #undef _SGIAPI */ +/* #undef INET6 */ + +/* #undef WORDS_BIGENDIAN */ + +#define _GNU_SOURCE 1 + +/* for Solaris */ +/* #undef _REENTRANT */ diff --git a/msyslog-v1.08a+smac/src/config.h.in b/msyslog-v1.08a+smac/src/config.h.in new file mode 100644 index 0000000..2ab944b --- /dev/null +++ b/msyslog-v1.08a+smac/src/config.h.in @@ -0,0 +1,153 @@ +/* config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define if you don't have vprintf but do have _doprnt. */ +#undef HAVE_DOPRNT + +/* Define if you have the vprintf function. */ +#undef HAVE_VPRINTF + +/* Define to `long' if doesn't define. */ +#undef off_t + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define to `unsigned' if doesn't define. */ +#undef size_t + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if you can safely include both and . */ +#undef TIME_WITH_SYS_TIME + +/* Define if your declares struct tm. */ +#undef TM_IN_SYS_TIME + +/* Define if you have the gethostname function. */ +#undef HAVE_GETHOSTNAME + +/* Define if you have the regcomp function. */ +#undef HAVE_REGCOMP + +/* Define if you have the select function. */ +#undef HAVE_POLL + +/* Define if you have the select function. */ +#undef HAVE_SELECT + +/* Define if you have the socket function. */ +#undef HAVE_SOCKET + +/* Define if you have the strdup function. */ +#undef HAVE_STRDUP + +/* Define if you have the strerror function. */ +#undef HAVE_STRERROR + +/* Define if you have the strstr function. */ +#undef HAVE_STRSTR + +/* Define if you have the strtoul function. */ +#undef HAVE_STRTOUL + +/* Define if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define if you have the header file. */ +#undef HAVE_LIMITS_H + +/* Define if you have the header file. */ +#undef HAVE_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_DIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the header file. */ +#undef HAVE_SYSLOG_H + +/* Define if you have the header file. */ +#undef HAVE_UNISTD_H + +#undef HAVE_SYSCTL_H +#undef HAVE_ERR_H + +#undef MSYSLOG_VERSION_STR +#undef MLIBNAME_STR +#undef INSTALL_LIBDIR +#undef PID_DIR +#undef PID_FILE + +#undef HAVE_OPTRESET + +#undef DLOPEN_FLAGS +#undef SYMBOL_PREFIX + +#undef HAVE_SRANDOM +#undef HAVE_MD5 +#undef HAVE_SHA1 +#undef HAVE_RMD160 + +#undef HAVE_SOCKLEN_T +#undef HAVE_UINT32_T +#undef HAVE_UINT64_T +#undef HAVE_U_INT32_T +#undef HAVE___UINT32_T +#undef HAVE_U_INT64_T +#undef HAVE___UINT64_T + +#undef HAVE_CODE + +#undef MLIBNAME + +#undef HAVE_SYS_WAIT_H + +#undef HAVE_GETADDRINFO + +#undef HAVE_INET_NTOP +#undef HAVE_INET_ATON +#undef HAVE_INET_ADDR + +#undef HAVE_STREAMS_IMODULE +#undef HAVE_LINUX_IMODULE +#undef HAVE_BSD_IMODULE +#undef HAVE_UNIX_IMODULE + +#undef HAVE_SOCKADDR_SA_LEN + +#undef _USE_IRS +#undef SIGALTSTACK_WITH_STACK_T +#undef HAVE_SYS_CONTEXT_H + +#undef NEEDS_DLOPEN_NULL + +#undef _SGIAPI +#undef INET6 + +#undef WORDS_BIGENDIAN + +#undef _GNU_SOURCE + +/* for Solaris */ +#undef _REENTRANT diff --git a/msyslog-v1.08a+smac/src/examples/im_mymodule.c b/msyslog-v1.08a+smac/src/examples/im_mymodule.c new file mode 100644 index 0000000..24d4ea7 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/im_mymodule.c @@ -0,0 +1,99 @@ +/* $CoreSDI: im_mymodule.c,v 1.1.2.1.4.7 2001/05/24 00:19:12 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_mymodule -- Give some description + * + * Author: Alejo Sanchez for Core SDI S.A. + * + */ + +/* Get system information */ +#include "config.h" + +#include +#include +#include +#include "modules.h" +#include "syslogd.h" + +/* + * get message + * + */ + +int +im_mymodule_read(struct i_module *im, int index, struct im_msg *ret) +{ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_read: Entering\n"); + + /* read from input */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_read: Leaving\n"); + + return (1); +} + +/* + * initialize mymodule input + * + */ + +int +im_mymodule_init (struct i_module *I, char **argv, int argc) +{ + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_init: Entering\n"); + + /* initialize */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_init: Leaving\n"); + + add_fd_input(I->im_fd , I, 0); + + return (1); +} + + +/* + * the following function is not mandatory, you can omit it + */ +int +im_mymodule_close (struct i_module *im) +{ + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_close: Entering\n"); + + /* close */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_close: Leaving\n"); + + return (1); +} diff --git a/msyslog-v1.08a+smac/src/examples/om_mymodule.c b/msyslog-v1.08a+smac/src/examples/om_mymodule.c new file mode 100644 index 0000000..b45e959 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/om_mymodule.c @@ -0,0 +1,187 @@ +/* $CoreSDI: om_mymodule.c,v 1.1.2.2.4.8 2001/05/24 00:19:12 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_mymodule -- some explanation for this baby + * + * Author: Alejo Sanchez for Core-SDI SA + * + * + */ + +/* Get system information */ +#include "config.h" + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include "syslogd.h" +#include "modules.h" + +int +om_mymodule_write(struct filed *f, int flags, char *msg, + void *context) { +/* + * struct filed *f; Current filed struct + * int flags; Flags for this message + * char *msg; The message string + * void *context; Our context + */ + + /* always check, just in case ;) */ + if (msg == NULL || !strcmp(msg, "")) { + logerror("om_mymodule_write: no message!"); + return (-1); + } + + /* here you must do your loggin + take care with repeats and if message was repeated + increase f->f_prevcount, else set f->f_prevcount to 0. + */ + + /* return: + 1 successfull + 0 stop logging it (used by filters) + -1 error logging (but let other modules process it) + */ + + return (1); +} + + +/* + * INIT -- Initialize om_mymodule + * + */ +int +om_mymodule_init (int argc, char **argv, struct filed *f, char *prog, + void **context) { +/* + * int argc; Argumemt count + * char **argv; Argumemt array, like main() + * struct filed *f; Our filed structure + * char *prog; Program name doing this log + * void **context; Our context + */ + char *myArg; + + /* for debugging purposes */ + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_init: Entering\n"); + + /* + * Parse your options with getopt(3) + * + * we give an example for a -s argument + * + * + */ + + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "s:")) != -1) { + switch (ch) { + case 's': + myArg = optarg; + break; + default : + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule: " + "error on arguments\n"); + return (-1); + } + } + + + /* open files, connect to database, initialize algorithms, + etc. Save them in your context if necesary. + */ + + /* return: + 1 OK + -1 something went wrong + */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_init: Leaving ok\n"); + return (1); +} + + +/* + * xx_close and xx_flush functions are not mandatory, you can omit them + */ +int +om_mymodule_close (struct filed *f, void *ctx) { + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_close: Entering\n"); + + /* flush any buffered data and close this output */ + + /* return: + 1 OK + -1 BAD + */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_close: Leaving ok\n"); + + return (ret); +} + +int +om_mymodule_flush (struct filed *f, void *context) { + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_flush: Entering\n"); + /* flush any pending output */ + + /* return: + 1 OK + -1 BAD + */ + + dprintf(MSYSLOG_INFORMATIVE, "om_mymodule_flush: Leaving ok\n"); + + return (1); +} diff --git a/msyslog-v1.08a+smac/src/examples/syslog.conf.classic b/msyslog-v1.08a+smac/src/examples/syslog.conf.classic new file mode 100644 index 0000000..7e433c4 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/syslog.conf.classic @@ -0,0 +1,19 @@ +#This lines are equivalent we recommend the latter for msyslog +*.* /var/log/all +*.* %classic /var/log/all + +#This lines are equivalent we recommend the latter for msyslog +#This sends a WALL message. A message to all logged users +*.emerg * +*.emerg %classic * + +#This lines are equivalent we recommend the latter for msyslog +#This sends syslog output to a logging host through UDP transport +*.notice @loghost.domain.com +*.notice %classic @loghost.domain.com + +#This lines are equivalent we recommend the latter for msyslog +#This sends all alert and higher messages to root +*.alert root +*.alert %classic root + diff --git a/msyslog-v1.08a+smac/src/examples/syslog.conf.mysql b/msyslog-v1.08a+smac/src/examples/syslog.conf.mysql new file mode 100644 index 0000000..557654e --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/syslog.conf.mysql @@ -0,0 +1,12 @@ +# +# SECURITY NOTE!! +# +# Since msyslog needs here the password to log to MySQL, +# this file shouldn't be world readable!!! +# + +# Log to server logger.mydomain.edu through MySQL +*.* %mysql -s logger.mydomain.edu -u loguser -p loguserpassword -d syslogDB -t syslogTB + +# Log to server logger.mydomain.edu through MySQL, using DELAYED inserts +*.* %mysql -D -s logger.mydomain.edu -u loguser -p loguserpassword -d syslogDB -t syslogTB diff --git a/msyslog-v1.08a+smac/src/examples/syslog.conf.peo b/msyslog-v1.08a+smac/src/examples/syslog.conf.peo new file mode 100644 index 0000000..8889486 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/syslog.conf.peo @@ -0,0 +1,3 @@ +# Protect a log of classic module +auth.info %peo -l -k /var/ssyslog/.var.log.authlog.key %classic /var/log/authlog + diff --git a/msyslog-v1.08a+smac/src/examples/syslog.conf.pgsql b/msyslog-v1.08a+smac/src/examples/syslog.conf.pgsql new file mode 100644 index 0000000..875e639 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/syslog.conf.pgsql @@ -0,0 +1,10 @@ +# +# SECURITY NOTE!! +# +# Since msyslog needs here the password to log to PGSQL, +# this file shouldn't be world readable!!! +# + +# Log to server logger.mydomain.edu thru PGSQL +*.* %pgsql -s logger.mydomain.edu -u loguser -p loguserpassword -d syslogDB -t syslogTB + diff --git a/msyslog-v1.08a+smac/src/examples/syslog.conf.regex b/msyslog-v1.08a+smac/src/examples/syslog.conf.regex new file mode 100644 index 0000000..bb6a1a3 --- /dev/null +++ b/msyslog-v1.08a+smac/src/examples/syslog.conf.regex @@ -0,0 +1,13 @@ +# PASS only logs NOT containing the string 'connection reset by peer' to next module +*.emerg %regex -v -m 'connection reset by peer' %classic root + +# PASS only logs containing the string 'disk full' to next module +*.emerg %regex -m 'disk full' %classic root + +# PASS ONLY logs with host matching 'www' +*.emerg %regex -h 'www' %classic /var/log/webserver + +# PASS ONLY logs with host from 8pm to 9am (20:00:00 to 09:00:00) +# and also matching 'root' +auth.info %regex -v -t '^1' %regex -m 'root' %classic /var/log/webserver + diff --git a/msyslog-v1.08a+smac/src/man/BSDmakefile b/msyslog-v1.08a+smac/src/man/BSDmakefile new file mode 100644 index 0000000..4952620 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/BSDmakefile @@ -0,0 +1,45 @@ +# $CoreSDI: BSDmakefile.in,v 1.1.2.4.2.2.2.6 2001/05/24 00:19:12 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +MAN= syslog.conf.5 syslogd.8 im_linux.8 im_udp.8 om_udp.8 im_unix.8 im_file.8 om_classic.8 om_tcp.8 im_tcp.8 om_mysql.8 om_pgsql.8 om_peo.8 peochk.8 om_regex.8 +MANDIR= /usr/share/man/cat + +install: maninstall + +clean: cleandir + +distclean: clean + -rm -f BSDmakefile + -rm -f GNUmakefile + -rm -f Makefile + +.include +.include + diff --git a/msyslog-v1.08a+smac/src/man/BSDmakefile.in b/msyslog-v1.08a+smac/src/man/BSDmakefile.in new file mode 100644 index 0000000..2a65e1c --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/BSDmakefile.in @@ -0,0 +1,45 @@ +# $CoreSDI: BSDmakefile.in,v 1.1.2.4.2.2.2.6 2001/05/24 00:19:12 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +MAN= @MANPAGES@ +MANDIR= /usr/share/man/cat + +install: maninstall + +clean: cleandir + +distclean: clean + -rm -f BSDmakefile + -rm -f GNUmakefile + -rm -f Makefile + +.include +.include + diff --git a/msyslog-v1.08a+smac/src/man/GNUmakefile b/msyslog-v1.08a+smac/src/man/GNUmakefile new file mode 100644 index 0000000..393bafc --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/GNUmakefile @@ -0,0 +1,54 @@ +# $CoreSDI: GNUmakefile.in,v 1.4.2.5.4.8 2001/11/20 09:56:23 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +prefix= /usr/msyslog +MANDIR= /usr/share/man +MAN= syslog.conf.5 syslogd.8 im_linux.8 im_udp.8 om_udp.8 im_unix.8 im_file.8 om_classic.8 om_tcp.8 im_tcp.8 om_mysql.8 om_pgsql.8 om_peo.8 peochk.8 om_regex.8 +OMAN= $(MAN:=.gz) +INSTALL= /usr/bin/ginstall -c + +all: + @echo "all done" + +install maninstall: $(OMAN) + +$(OMAN): + @if [ ! -d $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/ ]; then \ + mkdir -p $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/ ;\ + fi + -gzip -cf $(@:%.gz=%) > $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/$@ + +clean: + +distclean cleandir: + -rm -f GNUmakefile + -rm -f BSDmakefile + -rm -f Makefile + diff --git a/msyslog-v1.08a+smac/src/man/GNUmakefile.in b/msyslog-v1.08a+smac/src/man/GNUmakefile.in new file mode 100644 index 0000000..008c631 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/GNUmakefile.in @@ -0,0 +1,54 @@ +# $CoreSDI: GNUmakefile.in,v 1.4.2.5.4.8 2001/11/20 09:56:23 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +prefix= @prefix@ +MANDIR= @mandir@ +MAN= @MANPAGES@ +OMAN= $(MAN:=.gz) +INSTALL= @INSTALL@ + +all: + @echo "all done" + +install maninstall: $(OMAN) + +$(OMAN): + @if [ ! -d $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/ ]; then \ + mkdir -p $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/ ;\ + fi + -gzip -cf $(@:%.gz=%) > $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/$@ + +clean: + +distclean cleandir: + -rm -f GNUmakefile + -rm -f BSDmakefile + -rm -f Makefile + diff --git a/msyslog-v1.08a+smac/src/man/Makefile b/msyslog-v1.08a+smac/src/man/Makefile new file mode 100644 index 0000000..d921d09 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/Makefile @@ -0,0 +1,54 @@ +# $CoreSDI: Makefile.in,v 1.1.2.8 2001/11/20 09:56:23 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +prefix= /usr/msyslog +MANDIR= /usr/share/man +MAN= syslog.conf.5 syslogd.8 im_linux.8 im_udp.8 om_udp.8 im_unix.8 im_file.8 om_classic.8 om_tcp.8 im_tcp.8 om_mysql.8 om_pgsql.8 om_peo.8 peochk.8 om_regex.8 +OMAN= $(MAN:=.gz) +INSTALL = /usr/bin/ginstall -c + +all: + @echo "all done" + +install maninstall: $(OMAN) + +$(OMAN): + @if [ ! -d $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%))) ]; then \ + mkdir -p $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%))); \ + fi + -gzip -cf $(@:%.gz=%) > $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/$@ + + +.PHONY: clean distclean +clean: +distclean: + -rm -f Makefile + -rm -f BSDmakefile + -rm -f GNUmakefile diff --git a/msyslog-v1.08a+smac/src/man/Makefile.in b/msyslog-v1.08a+smac/src/man/Makefile.in new file mode 100644 index 0000000..4e28b05 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/Makefile.in @@ -0,0 +1,54 @@ +# $CoreSDI: Makefile.in,v 1.1.2.8 2001/11/20 09:56:23 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +prefix= @prefix@ +MANDIR= @mandir@ +MAN= @MANPAGES@ +OMAN= $(MAN:=.gz) +INSTALL = @INSTALL@ + +all: + @echo "all done" + +install maninstall: $(OMAN) + +$(OMAN): + @if [ ! -d $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%))) ]; then \ + mkdir -p $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%))); \ + fi + -gzip -cf $(@:%.gz=%) > $(MANDIR)/man$(subst .,,$(suffix $(@:%.gz=%)))/$@ + + +.PHONY: clean distclean +clean: +distclean: + -rm -f Makefile + -rm -f BSDmakefile + -rm -f GNUmakefile diff --git a/msyslog-v1.08a+smac/src/man/im_bsd.8 b/msyslog-v1.08a+smac/src/man/im_bsd.8 new file mode 100644 index 0000000..4fc5963 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_bsd.8 @@ -0,0 +1,75 @@ +.\" $CoreSDI: im_bsd.8,v 1.1.2.4 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2000, 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Apr 05, 2001 +.Dt IM_BSD 8 +.Os Core-SDI +.Sh NAME +.Nm BSD input module +.Nd +.Xr syslogd 8 +input module used to log BSD kernel messages +.Sh SYNOPSIS +.Nm bsd +.Sh DESCRIPTION +.Nm BSD input module +allows +.Xr syslogd 8 +daemon to log BSD kernel messges. There are no options. +.Sh EXAMPLES +.Bl -bullet +.It +The following command starts the +.Xr syslogd 8 +daemon and logs BSD kernel messages only: +.Pp +.Dl syslogd -i bsd +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_unix 8 , +.Xr im_udp 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_doors.8 b/msyslog-v1.08a+smac/src/man/im_doors.8 new file mode 100644 index 0000000..568a33e --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_doors.8 @@ -0,0 +1,81 @@ +.\" $CoreSDI: im_doors.8,v 1.1.2.7 2001/10/18 21:39:03 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Jun 13, 2000 +.Dt IM_DOORS 8 +.Os Core-SDI +.Sh NAME +.Nm doors input module +.Nd +.Xr syslogd 8 +input module used to use doors +.Sh SYNOPSIS +.Nm doors +.Op Fl path +.Sh DESCRIPTION +.Nm doors input module +allows +.Xr syslogd 8 +daemon to use doors IPC. The argument path is optional. +.Sh EXAMPLES +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon and activates doors system (you'll need some other input!): +.Pp +.Dl syslogd -i "doors" +.Pp +.It +The following command is equivalent but defines a new door path: +.Pp +.Dl syslogd -i "doors /etc/.syslog_door" +.El +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd.8 , +.Xr im_linux.8 , +.Xr im_streams.8 , +.Xr im_tcp.8 , +.Xr im_unix.8 , +.Xr im_udp.8 , +.Xr syslogd.8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_file.8 b/msyslog-v1.08a+smac/src/man/im_file.8 new file mode 100644 index 0000000..30b228f --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_file.8 @@ -0,0 +1,92 @@ +.\" $CoreSDI: im_file.8,v 1.1.2.1 2001/11/21 06:37:31 alejo Exp $ +.\" +.\" Copyright (c) 2000, 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Nov 06, 2001 +.Dt IM_FILE 8 +.Os Core-SDI +.Sh NAME +.Nm FILE input module +.Nd +.Xr syslogd 8 +input module for reading files and pipes +.Sh SYNOPSIS +.Nm file +.Op Fl f Ar path +.Op Fl p Ar path +.Op Fl n Ar program +.Sh DESCRIPTION +Reads the log messages from a file/pipe writen by another program +for processing by the +.Xr syslogd 8 +daemon. It's options are: +.Bl -tag -width Ds +.It Ar log_socket +Socket to use, default is /dev/log. +.Sh EXAMPLES +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon reading from file /some/path: +.Pp +.Dl syslogd -i 'file -f /some/path' +.El +.Bl -bullet +.It +Same as above, but sets the name to 'myapp': +.Pp +.Dl syslogd -i 'file -n myapp -f /some/path' +.El +.Bl -bullet +.It +Same as above, but on /some/named/pipe pipe instead of the file: +.Pp +.Dl syslogd -i 'file -n myapp -p /some/named/pipe' +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_udp 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_linux.8 b/msyslog-v1.08a+smac/src/man/im_linux.8 new file mode 100644 index 0000000..ef1fa3e --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_linux.8 @@ -0,0 +1,122 @@ +.\" $CoreSDI: im_linux.8,v 1.11.2.1.4.8 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Jun 13, 2000 +.Dt IM_LINUX 8 +.Os Core-SDI +.Sh NAME +.Nm linux input module +.Nd +.Xr syslogd 8 +input module used to log linux kernel messages +.Sh SYNOPSIS +.Nm linux +.Op Fl c Ar loglevel +.Op Fl C Ar loglevel +.Op Fl k Ar ksym_path +.Op Fl r +.Op Fl s +.Op Fl x +.Op Fl h +.Sh DESCRIPTION +.Nm linux input module +allows +.Xr syslogd 8 +daemon to log linux kernel messges. The options are as follows: +.Bl -tag -width Ds +.It Fl c Ar loglevel +Sets the default console log level. +.It Fl C Ar loglevel +Sets the default console log level and exits; this is useful +to change log level when the syslogd daemon is already loaded. +.It Fl k Ar ksym_path +Specify the kernel symbol table file pathname; the default is +.Pa /proc/ksyms. +.It Fl r +This option forces to read the symbol table file into memory; the +default is to read it in 'realtime'. +.It Fl s +This option forces to use the syscall method to read kernel +messages; the default is to read from +.Pa /proc/kmsg. +.It Fl x +This option forces not to translate kernel symbols. +.It Fl h +This options prints a little help on standard output and exits. +.Sh EXAMPLES +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon and logs linux kernel messages only: +.Pp +.Dl syslogd -i "linux -r" +.Pp +.It +The following command sets the default console log level to 5 and exits: +.Pp +.Dl syslogd -i "linux -C 5" +.El +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_unix 8 , +.Xr im_udp 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +If reading from +.Pa /proc/kmsg +and +.Fl r +option is specified, symbols from modules installed after +.Xr syslogd 8 +being a daemon are not recognized. +.It +.Fl s +option is not supported yet. +.It +If you specify a kernel symbol table file other than +.Pa /proc/ksyms, +module symbols translation are not done. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_streams.8 b/msyslog-v1.08a+smac/src/man/im_streams.8 new file mode 100644 index 0000000..a0f69f8 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_streams.8 @@ -0,0 +1,81 @@ +.\" $CoreSDI: im_streams.8,v 1.1.2.8 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Jun 13, 2000 +.Dt IM_STREAMS 8 +.Os Core-SDI +.Sh NAME +.Nm streams input module +.Nd +.Xr syslogd 8 +input module used to use streams +.Sh SYNOPSIS +.Nm streams +.Op Fl path +.Sh DESCRIPTION +.Nm streams input module +allows +.Xr syslogd 8 +daemon to use streams IPC. The argument path is optional. +.Sh EXAMPLES +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon and activates streams system: +.Pp +.Dl syslogd -i streams +.Pp +.It +The following command is equivalent but defines a new streams path: +.Pp +.Dl syslogd -i "streams /dev/log" +.El +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_tcp 8 , +.Xr im_unix 8 , +.Xr im_udp 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_tcp.8 b/msyslog-v1.08a+smac/src/man/im_tcp.8 new file mode 100644 index 0000000..3aa0a58 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_tcp.8 @@ -0,0 +1,103 @@ +.\" $CoreSDI: im_tcp.8,v 1.3.2.6 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Feb 28, 2001 +.Dt IM_TCP 8 +.Os Core-SDI +.Sh NAME +.Nm tcp input module +.Nd +.Xr syslogd 8 +input module used to receive from tcp connections +.Sh SYNOPSIS +.Nm tcp +.Op Fl a +.Op Fl q +.Op Fl h Ar host +.Op Fl p Ar port +.Sh DESCRIPTION +.Nm tcp input module +allows +.Xr syslogd 8 +daemon to use tcp IPC. +.Sh EXAMPLES +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon and activates tcp system accepting remote connections on local +address machinename.example.com port 3210: +.Pp +.Dl syslogd -i 'tcp -h machinename.somedomainexample.com -p 3210' +.El +.Bl -bullet +.It +The following command installs +.Xr syslogd 8 +daemon and activates tcp system accepting remote connections on all local +addresses port 3210: +.Pp +.Dl syslogd -i 'tcp -p 3210' +.El +.Bl -bullet +.It +The following is the similar to the previous, but extracts the host name +from the message: +.Pp +.Dl syslogd -i 'tcp -a -p 3210' +.It +The following is the same, but avoids adding full fomain (FQDN): +.Pp +.Dl syslogd -i 'tcp -q -p 3210' +.Pp +.Sh BUGS +.Bl -bullet +.It +We are sending everything not encrypted! You may want to use a tunnel +such as SSL. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_unix 8 , +.Xr im_udp 8 , +.Xr om_tcp 8 , +.Xr syslogd 8 diff --git a/msyslog-v1.08a+smac/src/man/im_udp.8 b/msyslog-v1.08a+smac/src/man/im_udp.8 new file mode 100644 index 0000000..3836c51 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_udp.8 @@ -0,0 +1,96 @@ +.\" $CoreSDI: im_udp.8,v 1.1.2.4 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2000, 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Apr 05, 2001 +.Dt IM_UDP 8 +.Os Core-SDI +.Sh NAME +.Nm UDP input module +.Nd +.Xr syslogd 8 +input module for UDP network logging +.Sh SYNOPSIS +.Nm udp +.Op Fl a +.Op Fl q +.Op Fl h Ar host +.Op Fl p Ar port +.Sh DESCRIPTION +Listens on an UDP port for incoming log messages for the +.Xr syslogd 8 +daemon. +.Sh EXAMPLES +.Bl -bullet +.It +The following command starts the +.Xr syslogd 8 +daemon and logs UDP logging information coming in on the default port only: +.Pp +.Dl syslogd -i udp +.Pp +.It +This does the same as above, but listens on address local.example.com +port 1777 instead: +.Pp +.Dl syslogd -i udp '-h local.example.com -p 1777' +.El +.Pp +.Bl -bullet +.It +This does the same as above, but gets host name from message: +.Pp +.Dl syslogd -i udp '-a -h local.example.com -p 1777' +.El +.Bl -bullet +.It +The following is the same, but avoids adding full fomain (FQDN): +.Pp +.Dl syslogd -i 'udp -q -a -h local.example.com -p 1777' +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_unix 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/im_unix.8 b/msyslog-v1.08a+smac/src/man/im_unix.8 new file mode 100644 index 0000000..dddc95f --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/im_unix.8 @@ -0,0 +1,83 @@ +.\" $CoreSDI: im_unix.8,v 1.1.2.4 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2000, 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Apr 06, 2001 +.Dt IM_UNIX 8 +.Os Core-SDI +.Sh NAME +.Nm UNIX input module +.Nd +.Xr syslogd 8 +input module for unix system logging +.Sh SYNOPSIS +.Nm unix Ns Ar <:log_socket> +.Sh DESCRIPTION +Reads the log messages from a socket (traditionally +.Pa /dev/log ) +for processing by the +.Xr syslogd 8 +daemon. It's options are: +.Bl -tag -width Ds +.It Ar log_socket +Socket to use, default is /dev/log. +.Sh EXAMPLES +.Bl -bullet +.It +Starts +.Xr syslogd 8 +, reading logs from +.Pa /dev/log : +.Pp +.Dl syslogd -i unix +.It +or reading from /some/log_device: +.Dl syslogd -i unix:/some/log_device +.El +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_udp 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_classic.8 b/msyslog-v1.08a+smac/src/man/om_classic.8 new file mode 100644 index 0000000..a77983d --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_classic.8 @@ -0,0 +1,102 @@ +.\" $CoreSDI: om_classic.8,v 1.1.2.4 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2000, 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Apr 06, 2001 +.Dt IM_CLASSIC 8 +.Os Core-SDI +.Sh NAME +.Nm classic output module +.Nd +.Xr syslogd 8 +output module for output to files, users or other hosts (UDP) +.Sh SYNOPSIS +.Nm classic +.Ar filename | user{,user} | * | @hostname +.Sh DESCRIPTION +If there is no module mentioned in a +.Xr syslog.conf 5 +line, +.Xr om_classic 8 +is used. +.Bl -tag -width Ds +.It Ar filename +Appends logs to +.Pa filename . +Note that +.Xr om_classic 8 +will not create the logfile for you. +.It Ar user{,user} +Writes the log messages to the tty of the listed users. +.It Ar * +Writes the logs to all logged in users. +.It Ar @hostname +Sends logs with UDP to the "syslog" port on +.Ar hostname . +.El +.Pp +.Sh EXAMPLES +.Bd -literal -offset indent +# logs to a file +*.* /var/log/all +# the same, with module syntax +*.* %classic /var/log/all +.Pp +# to all logged in users +*.emerg %classic * +.Pp +# to another machine by means of UDP +*.notice %classic @loghost.domain.com +.Pp +# to the terminal where root is logged in. +*.alert %classic root +.Ed +.Pp +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_mysql.8 b/msyslog-v1.08a+smac/src/man/om_mysql.8 new file mode 100644 index 0000000..5d6ffd4 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_mysql.8 @@ -0,0 +1,123 @@ +.\" $CoreSDI: om_mysql.8,v 1.1.2.2.4.13 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Jun 13, 2000 +.Dt OM_MYSQL 8 +.Os Core-SDI +.Sh NAME +.Nm MySQL output module +.Nd +.Xr syslogd 8 +output module used to log on MySQL servers +.Sh SYNOPSIS +.Nm mysql +.Op Fl D +.Op Fl s Ar host<:port> +.Op Fl u Ar username +.Op Fl p Ar password +.Op Fl d Ar database +.Op Fl t Ar table +.Op Fl F +.Op Fl P +.Sh DESCRIPTION +.Nm MySQL output module +receives a message as an ascii string and logs it on a MySQL server. For +proper initialization, the following parameters should be set: +.Bl -tag -width Ds +.It Fl s Ar hostname<:port> +Specify the MySQL server hostname and optionally the port. +.It Fl u Ar username +Specifies the username to use on the MySQL server. This user +must have enough permissions to insert on the specified database and table. +.It Fl p Ar password +The plaintext password for this MySQL user. Thus it is recommended NOT to +leave +.Xr syslog.conf 5 +world readable if this module is used. +.It Fl d Ar database +The database name to use on the specified MySQL server. +.It Fl t Ar table +The table name to use on the specified MySQL database. +.It Fl D +Do DELAYED inserts. See your MySQL documentation. +.It Fl F +Insert the facility level name on the table on a field named "facility" +.It Fl P +Insert the priority level name on the table on a field named "priority" +.Sh EXAMPLES +The table should have a format like this: +.Pp +.Bd -literal + CREATE TABLE syslogTB ( + facility char(10), # OPTIONAL field for facility + priority char(10), # OPTIONAL field for priority + date date, # date of this log message + time time, # time of this message + host varchar(128), # host logging + message text, # message + seq int unsigned auto_increment primary key # optional sequence number + ); +.Ed +.Pp +The field names should be respected. The type of fields +.Va host +and +.Va msg +can be any text format smaller than 128 and 1024 chars respectively. +.Pp +The field seq may be needed for some +.Xr audit 1 +features. +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Since the MySQL module is used to connect with username and password, +care must be pointed on file permissions and that user permissions +on the MySQL server. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_peo.8 b/msyslog-v1.08a+smac/src/man/om_peo.8 new file mode 100644 index 0000000..9becdae --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_peo.8 @@ -0,0 +1,137 @@ +.\" $CoreSDI: om_peo.8,v 1.7.2.1.2.1.4.10 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd May 10, 2000 +.Dt OM_PEO 8 +.Os Core-SDI +.Sh NAME +.Nm peo output module +.Nd +.Xr syslogd 8 +output module used to protect log files +.Sh SYNOPSIS +.Nm peo +.Op Fl k Ar keyfile +.Op Fl l +.Op Fl m Ar hash_method +.Sh DESCRIPTION +.Nm peo +output module receives a message as an ascii string and calculates its +.Em hash +key based on the last one generated for the previous message; the +module removes the last key and writes the new one into +.Ar keyfile . +This module's options are as follows: +.Bl -tag -width Ds +.It Fl k Ar keyfile +Specify the key file pathname; the default is +.Pa /var/ssyslog/.var.log.messages.key +.It Fl l +This option enables the line corrupted detection mode; +the module generates two keys, the first explained above and a second +key using a +.Em mac +method based on two consecutive +.Em hash +functions, this new key is added into the +.Em mac +file whose pathname is the same as +.Ar keyfile +with a ".mac" string added at the end (if this file does not exists, +is created automatically). +.It Fl m Ar hash_method +Specifies the hash method used to generate the key to put into the +.Ar keyfile, hash_method +should be one of +.Cm md5, sha1, +or +.Cm rmd160; +the default is +.Cm sha1. +.El +.Sh EXAMPLES +If you want to protect the +.Pa /var/log/authlog +file you should edit the +.Pa /etc/syslog.conf +file (see +.Xr syslog.conf 5 +) and add a line with something like this: +.Pp +.Dl auth.info %peo -l -k /var/ssyslog/.var.log.authlog.key %classic /var/log/authlog +.Pp +You should generate the initial key with +.Xr peochk 8 +program, then rotate the logfile(s) and restart msyslog. Afterwards +you can check the logfile integrity with the same program. +.Sh SEE ALSO +.Li Vcr and Peo Revised documentation - http://www.corest.com/papers/peo.ps +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Since the peo module is used to determine if a logfile is corrupted, care +must be taken on the configuration file, the following is not correct: +.Pp +.Dl *.err /var/log/messages +.Pp +.Dl *.err %peo -k /var/ssyslog/.var.log.messages.key +.Pp +the following is wrong either: +.Pp +.Dl *.err %classic /var/log/messages +.Pp +.Dl *.err %peo -k /var/ssyslog/.var.log.messages.key +.Pp +The correct line is: +.Pp +.Dl *.err %classic /var/log/messages %peo -k /var/ssyslog/.var.log.messages.key +.Pp +or +.Pp +.Dl *.err %peo -k /var/ssyslog/.var.log.messages.key %classic /var/log/messages +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_pgsql.8 b/msyslog-v1.08a+smac/src/man/om_pgsql.8 new file mode 100644 index 0000000..f043bd2 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_pgsql.8 @@ -0,0 +1,120 @@ +.\" $CoreSDI: om_pgsql.8,v 1.1.2.10 2001/12/03 20:17:22 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" derived from om_PostgreSQL.8 by Arthur Korn (arthur@korn.ch) on Thu, 5 Oct 2000 +.Dd Oct 5, 2000 +.Dt OM_PGSQL 8 +.Os Core-SDI +.Sh NAME +.Nm PostgreSQL output module +.Nd +.Xr syslogd 8 +output module used to log on PostgreSQL servers +.Sh SYNOPSIS +.Nm pgsql +.Op Fl s Ar host<:port> +.Op Fl u Ar username +.Op Fl p Ar password +.Op Fl d Ar database +.Op Fl t Ar table +.Op Fl c +.Sh DESCRIPTION +.Nm PostgreSQL output module +receives a message as an ascii string and logs it on a PostgreSQL server. For +proper initialization, the following parameters should be set: +.Bl -tag -width Ds +.It Fl s Ar hostname<:port> +Specify the PostgreSQL server hostname and optionally the port. +.It Fl u Ar username +Specifies the username to use on the PostgreSQL server. This user +must have enough permissions to insert on the specified database and table. +.It Fl p Ar password +The plaintext password for this PostgreSQL user. Thus it is recommended NOT to +leave +.Xr syslog.conf 5 +world readable if this module is used. +.It Fl d Ar database +The database name to use on the specified PostgreSQL server. +.It Fl t Ar table +The table name to use on the specified PostgreSQL database. +.It Fl c +Create the table. +.Sh EXAMPLES +Example entry for +.Xr syslog.conf 5 +: +.Pp +.Bd -literal + *.* %pgsql -s logger.mydomain.edu \e + -u loguser -p loguserpassword \e + -d syslogDB -t syslogTB +.Pp +The table should have a format like this: +.Pp +.Bd -literal + CREATE TABLE syslogTB ( + date date, # date of this log message + time time, # time of this message + host varchar(128), # host logging + message text # message + ); +.Ed +.Pp +The field names should be resected. The type of fields +.Va host +and +.Va msg +can be any text format smaller than 128 and 1024 chars respectively. +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Since the PostgreSQL module is used to connect with username and password, +care must be pointed on file permissions and that user permissions +on the PostgreSQL server. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_regex.8 b/msyslog-v1.08a+smac/src/man/om_regex.8 new file mode 100644 index 0000000..4aad904 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_regex.8 @@ -0,0 +1,89 @@ +.\" $CoreSDI: om_regex.8,v 1.1.2.7.2.1.4.10 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Aug 20, 2000 +.Dt OM_REGEXP 8 +.Os Core-SDI +.Sh NAME +.Nm msyslog regex output module +.Nd +.Xr syslogd 8 +output module used to filter and redirect logs +.Sh SYNOPSIS +.Nm regex +.Op Fl v +.Op Fl mhdt Ar exp +.Sh DESCRIPTION +.Nm regex output module +receives a message and checks whether the regular expression +.Ar exp +matches given field of a log. You must select ONE of the following parameters: +.Bl -tag -width Ds +.It Fl v +reverse result +.It Fl m Ar exp +match exp in message +.It Fl h Ar exp +match exp in host +.It Fl d Ar exp +match exp in date +.It Fl t Ar exp +match exp in time +.El +.Sh EXAMPLES +.Bd -literal +# PASS ONLY logs with host from 8pm to 9am (20:00:00 to 09:00:00) +# and also matching 'root' on logins +auth.info %regex -v -t '^1' %regex -m 'root' %classic /var/log/webserver +.Ed +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh BUGS +.Bl -bullet +.It +Still can't escape quotes within expression. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/om_tcp.8 b/msyslog-v1.08a+smac/src/man/om_tcp.8 new file mode 100644 index 0000000..a384eed --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_tcp.8 @@ -0,0 +1,84 @@ +.\" $CoreSDI: om_tcp.8,v 1.3.2.4 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Feb 28, 2001 +.Dt OM_TCP 8 +.Os Core-SDI +.Sh NAME +.Nm msyslog tcp +output module +.Nd +.Xr syslogd 8 +output module used to forward messages to remote hosts through TCP +.Sh SYNOPSIS +.Nm tcp +.Op Fl a +.Op Fl h Ar host +.Op Fl p Ar port +.Op Fl m Ar seconds +.Op Fl s Ar buffer_size +.Sh DESCRIPTION +.Nm tcp +output module forwards messages to remote hosts trhoug a TCP connection. +.Sh EXAMPLES +.Bd -literal +# Send all logs to host loghost.somedomainexample.com port 3210 +# with a maximum retry limit of 30 seconds and a buffer for lost +# messages of 8192 characters +*.* %tcp -h loghost.somedomainexample.com -p 3210 -m 30 -s 8192 +# Same, but add host to message string (with -a) +*.* %tcp -a -h loghost.somedomainexample.com -p 3210 -m 30 -s 8192 +.Ed +.Sh BUGS +.Bl -bullet +.It +We are sending everything not encrypted! You may want to use a tunnel +such as SSL. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El +.Sh SEE ALSO +.Xr im_tcp 8 , +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 diff --git a/msyslog-v1.08a+smac/src/man/om_udp.8 b/msyslog-v1.08a+smac/src/man/om_udp.8 new file mode 100644 index 0000000..625e8e0 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/om_udp.8 @@ -0,0 +1,81 @@ +.\" $CoreSDI: om_udp.8,v 1.1.2.3 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Feb 28, 2001 +.Dt OM_UDP 8 +.Os Core-SDI +.Sh NAME +.Nm msyslog udp +output module +.Nd +.Xr syslogd 8 +output module used to forward messages to remote hosts through UDP +.Sh SYNOPSIS +.Nm udp +.Op Fl a +.Op Fl h Ar host +.Op Fl p Ar port +.Sh DESCRIPTION +.Nm udp +output module forwards messages to remote hosts trhoug a UDP connection. +.Sh EXAMPLES +.Bd -literal +# Send all logs to host loghost.somedomainexample.com port syslog (514) +*.* %udp -h loghost.somedomainexample.com -p syslog +# Same, but add host to message string (with -a) +*.* %udp -a -h loghost.somedomainexample.com -p syslog +.Ed +.Sh BUGS +.Bl -bullet +.It +Messages sent through UDP get lost, consider using TCP +.It +We are sending everything not encrypted! You may want to use a tunnel +such as SSL. +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr peochk 8 , +.Xr syslogd 8 diff --git a/msyslog-v1.08a+smac/src/man/peochk.8 b/msyslog-v1.08a+smac/src/man/peochk.8 new file mode 100644 index 0000000..7848e32 --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/peochk.8 @@ -0,0 +1,194 @@ +.\" $CoreSDI: peochk.8,v 1.7.2.2.2.1.4.8 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 2001 +.\" Core-SDI SA. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Core-SDI SA nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd May 10, 2000 +.Dt PEOCHK 8 +.Os Core-SDI +.Sh NAME +.Nm peochk +.Nd Initial key generator and integrity log file checker +.Sh SYNOPSIS +.Nm peochk +.Op Fl f Ar logfile +.Op Fl g +.Op Fl h +.Op Fl i Ar key0file +.Op Fl k Ar keyfile +.Op Fl l +.Op Fl m Ar hash_method +.Op Fl q +.Op Ar logfile +.Sh DESCRIPTION +.Nm peochk +generates the initial key file and checks log files generated by +.Xr syslogd 8 +using +.Em peo output module +.Xr om_peo 8 . +The options are as follows: +.Bl -tag -width Ds +.It Fl f Ar logfile +Specify the pathname of a log file, if +.Ar logfile +is not specified using this option, data is read from standard input +and the pathname is used only to generate reports and/or to obtain the +key files pathnames when the +.Fl k +and/or +.Fl i +options are not specified; the default is +.Pa /var/log/messages . +.It Fl g +Generates two key files with an initial key into them, one in binary mode +( +.Ar keyfile , +to be used by +.Em peo output module +) and the other in ascii mode ( +.Ar key0file +), the admin should put the +last one into a secure place and remove it from the specified path (see +.Fl i +and +.Fl k +options); when this option is not specified +.Nm +is in check mode. +.It Fl h +Displays a little help. +.It Fl i Ar key0file +Specify the initial key pathname; the default is +.Ar keyfile +pathname with a "0" char added at the end (see +.Fl k +option). +.It Fl k Ar keyfile +Specify the key pathname (this file is used by the +.Em peo output module +to generate a hash key from the last logged message); the default is +.Pa /var/ssyslogd/xxx.key +where +.Pa xxx +is +.Ar logfile +(specified with +.Fl f +option or without it) with all '/' replaced by '.'. +.It Fl l +Used only in check mode to detect the first corrupted line; it is ignored +when specified with the +.Fl g +option. +.It Fl m Ar hash_method +Specifies the hash method used to generate the keys, +.Ar hash_method +should be one of +.Cm md5, sha1, +or +.Cm rmd160; +the default is +.Cm sha1. +.It Fl q +Quiet mode; prints '0' on stdout when logfile is not corrupted, and '1' or +line number (see +.Fl l +option) when the logfile is corrupted. +.El +.Sh EXAMPLES +If you want to protect the +.Pa /var/log/authlog +file you can: +.Pp +.Bl -enum +.It +run the command: +.Pp +.Dl peochk -g -f /var/log/authlog -i authkey0 -m rmd160 +.Pp +this will generate the +.Pa /var/ssylog/var.log.authlog.key +file with the initial key in binary mode and the +.Ar ./authkey0 +file with that key translated to ascii, the hash method used to generate +the key is +.Cm rmd160; +you should memorice the contents of +.Ar ./authkey0 +file and +.Xr rm 1 +it. +.Pp +.It +Edit +.Xr syslog.conf 5 +file and enable +.Em peo output module +with something like this: +.Pp +.Dl auth.info %classic /var/log/authlog %peo -m rmd160 -l -k /var/ssyslog/.var.log.authlog.key +.Pp +.It +Inform new changes on +.Xr syslog.conf 5 +to +.Xr syslogd 8 : +.Pp +.Dl kill -HUP `cat /var/run/syslog.pid` +.Pp +.It +When you believe that someone owned your machine you can: +.Pp +.Dl peochk -m rmd160 -f /var/log/authlog -i mykey +.Pp +the contents of +.Ar mykey +should be the same as +.Ar ./authkey0 +generated in step 1; with the command above you can verify that the +file was (or not) corrupted (it is important not to forget the +.Fl m +option because the default used is +.Cm sha1 +and the keys generated was using +.Cm rmd160 +). +.El +.Sh SEE ALSO +.Xr syslog.conf 5 , +.Xr om_peo 8 , +.Xr syslogd 8 +.Sh BUGS +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. diff --git a/msyslog-v1.08a+smac/src/man/syslog.conf.5 b/msyslog-v1.08a+smac/src/man/syslog.conf.5 new file mode 100644 index 0000000..c7659db --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/syslog.conf.5 @@ -0,0 +1,370 @@ +.\" $CoreSDI: syslog.conf.5,v 1.7.2.1.2.1.4.6 2001/11/20 09:56:23 alejo Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)syslog.conf.5 8.1 (Berkeley) 6/9/93 +.\" $OpenBSD: syslog.conf.5,v 1.4 1997/11/09 09:45:04 todd Exp $ +.\" $NetBSD: syslog.conf.5,v 1.4 1996/01/02 17:41:46 perry Exp $ +.\" +.Dd June 9, 1993 +.Dt SYSLOG.CONF 5 +.Os Core-SDI +.Sh NAME +.Nm syslog.conf +.Nd +.Xr syslogd 8 +configuration file +.Sh DESCRIPTION +The +.Nm +file is the configuration file for the +.Xr syslogd 8 +program. +It consists of blocks of lines separated by +.Em program +specifications, with each line containing two fields: the +.Em selector +field which specifies the types of messages and priorities to which the +line applies, and an +.Em action +field which specifies the action to be taken if a message +.Xr syslogd +receives matches the selection criteria. +The +.Em selector +field is separated from the +.Em action +field by one or more tab characters. +.Pp +The +.Em Selectors +function +are encoded as a +.Em facility , +a period (``.''), and a +.Em level , +with no intervening white-space. +Both the +.Em facility +and the +.Em level +are case insensitive. +.Pp +The +.Em facility +describes the part of the system generating the message, and is one of +the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, +mark, news, syslog, user, uucp and local0 through local7. +These keywords (with the exception of mark) correspond to the +similar +.Dq Dv LOG_ +values specified to the +.Xr openlog 3 +and +.Xr syslog 3 +library routines. +.Pp +The +.Em level +describes the severity of the message, and is a keyword from the +following ordered list (higher to lower): emerg, alert, crit, err, +warning, notice, info and debug. +These keywords correspond to the +similar +.Pq Dv LOG_ +values specified to the +.Xr syslog +library routine. +.Pp +Each block of lines is separated from the previous block by a tag. The tag +is a line beginning with +.Em #!prog +or +.Em !prog +(the former is for compatibility with the previous syslogd, if one is sharing +syslog.conf files, for example) +and each block will be associated with calls to syslog from that specific +program. +.Pp +See +.Xr syslog 3 +for a further descriptions of both the +.Em facility +and +.Em level +keywords and their significance. It's preferred that selections be made on +.Em facility +rather than +.Em program , +since the latter can easily vary in a networked environment. In some cases, +though, an appropriate +.Em facility +simply doesn't exist. +.Pp +If a received message matches the specified +.Em facility +and is of the specified +.Em level +.Em (or a higher level) , +and the first word in the message after the date matches the +.Em program , +the action specified in the +.Em action +field will be taken. Beware, all rules after it are assigned this program +name, to disable you may add a line with just +.Em #! +or +.Em ! +to make it handle all programs. +.Pp +Multiple +.Em selectors +may be specified for a single +.Em action +by separating them with semicolon (``;'') characters. +It is important to note, however, that each +.Em selector +can modify the ones preceding it. +.Pp +Multiple +.Em facilities +may be specified for a single +.Em level +by separating them with comma (``,'') characters. +.Pp +An asterisk (``*'') can be used to specify all +.Em facilities , +all +.Em levels +or all +.Em programs . +.Pp +The special +.Em facility +``mark'' receives a message at priority ``info'' every 20 minutes +(see +.Xr syslogd 8 ) . +This is not enabled by a +.Em facility +field containing an asterisk. +.Pp +The special +.Em level +``none'' disables a particular +.Em facility . +.Pp +The +.Em action +field of each line specifies the action to be taken when the +.Em selector +field selects a message. +There are four old forms: +.Bl -bullet +.It +A pathname (beginning with a leading slash). +Selected messages are appended to the file. +.It +A hostname (preceded by an at (``@'') sign). +Selected messages are forwarded to the +.Xr syslogd +program on the named host. +.It +A comma separated list of users. +Selected messages are written to those users +if they are logged in. +.It +An asterisk. +Selected messages are written to all logged-in users. +.El +.Pp +Because the new +.Xr syslogd 8 +daemon is now modularized, the last +four forms are included into a ``classic'' module. The new +modular form is as follows: +.Bl -bullet +.It +%classic +.Pa xxx, +where +.Pa xxx +is one of the last four. +.El +.Pp +Blank lines and lines whose first non-blank character is a hash (``#'') +character are ignored with the exception of lines beginning with (``#!''). +These lines are treated as section headers in the same way as lines +beginning with (``!''). This allows +.Nm +files to be shared with systems that don't recognise the (``!'') syntax. +.Sh EXAMPLES +.Bl -bullet +.It +A configuration file that doesn't include modules might appear as follows: +.Pp +.Bd -literal -offset indent +# Log all kernel messages, authentication messages of +# level notice or higher and anything of level err or +# higher to the console. +# Don't log private authentication messages! +.Pp +*.err;kern.*;auth.notice;authpriv.none /dev/console +.Pp +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +.Pp +*.info;mail.none;authpriv.none /var/log/messages +.Pp +# The authpriv file has restricted access. +.Pp +authpriv.* /var/log/secure +.Pp +# Log all the mail messages in one place. +.Pp +mail.* /var/log/maillog +.Pp +# Everybody gets emergency messages, plus log them on another +# machine. +.Pp +*.emerg * +*.emerg @arpa.berkeley.edu +.Pp +# Root and Eric get alert and higher messages. +.Pp +*.alert root,eric +.Pp +# Save mail and news errors of level err and higher in a +# special file. +.Pp +uucp,news.crit /var/log/spoolerr +.Pp +# Save ftpd transactions along with mail and news +.Pp +!ftpd +*.* /var/log/spoolerr +.Ed +.Pp +.It +A configuration file using modules might appear as follows: +.Bd -literal -offset indent +# Log all kernel messages, authentication messages of +# level notice or higher and anything of level err or +# higher to the console. +# Don't log private authentication messages! +.Pp +*.err;kern.*;auth.notice;authpriv.none %classic /dev/console +.Pp +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +.Pp +*.info;mail.none;authpriv.none %classic /var/log/messages +.Pp +# The authpriv file has restricted access. +.Pp +authpriv.* %classic /var/log/secure +.Pp +# Log all the mail messages in one place. +.Pp +mail.* %classic /var/log/maillog +.Pp +# Everybody gets emergency messages, plus log them on another +# machine. +.Pp +*.emerg %classic * +*.emerg %classic @arpa.berkeley.edu +.Pp +# Root and Eric get alert and higher messages. +.Pp +*.alert %classic root,eric +.Pp +# Save mail and news errors of level err and higher in a +# special file. +.Pp +uucp,news.crit %classic /var/log/spoolerr +.Pp +# Save ftpd transactions along with mail and news +.Pp +!ftpd +*.* %classic /var/log/spoolerr +.Ed +.El +.Sh FILES +.Bl -tag -width /etc/syslog.conf -compact +.It Pa /etc/syslog.conf +The +.Xr syslogd 8 +configuration file. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh HISTORY +The +.Nm +file appeared in +.Bx 4.3 , +along with +.Xr syslogd 8 . +.Sh BUGS +.Bl -bullet +.It +The effects of multiple selectors are sometimes not intuitive. +For example ``mail.crit,*.err'' will select ``mail'' facility messages at +the level of ``err'' or higher, not at the level of ``crit'' or higher. +.It +Even it works to mix configuration lines that uses the old and the +new modular method, avoid this. Future releases may not support mixing +old and new styles. +.It +On each line there should be only one classic module so, +the following is wrong: +.Pp +.Dl *.* %classic /dev/console %classic /var/log/messages +.Pp +the correct lines are: +.Pp +.Dl *.* %classic /dev/console +.Dl *.* %classic /var/log/messages +.It +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. +.El diff --git a/msyslog-v1.08a+smac/src/man/syslogd.8 b/msyslog-v1.08a+smac/src/man/syslogd.8 new file mode 100644 index 0000000..2059a1e --- /dev/null +++ b/msyslog-v1.08a+smac/src/man/syslogd.8 @@ -0,0 +1,215 @@ +.\" $CoreSDI: syslogd.8,v 1.8.2.1.2.1.4.12 2001/11/30 23:13:44 alejo Exp $ +.\" +.\" Copyright (c) 1983, 1986, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 +.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ +.\" +.Dd June 6, 1993 +.Dt SYSLOGD 8 +.Os Core-SDI +.Sh NAME +modular +.Nm syslog daemon +.Nd log systems messages +.Sh SYNOPSIS +.Nm syslogd +.Op Fl c +.Op Fl u +.Op Fl n +.Op Fl A +.Op Fl d Ar level +.Op Fl f Ar config_file +.Op Fl m Ar mark_interval +.Op Fl a Ar path +.Op Fl p Ar log_socket +.Op Fl i Ar input +.Op Fl P Ar pidfile +.Sh DESCRIPTION +Modular +.Nm syslog +daemon reads and logs messages to the system console, log files, other +machines and/or users as specified by its configuration file. This +implementation was based on OpenBSD's syslog daemon. +.Pp +Supported command line options are: +.Bl -tag -width Ds +.It Fl d Ar level +Enable debugging to the standard output, +and do not disassociate from the controlling terminal. The +.Pa level +is a number used to differentiate error reports. Up to 10 reports all +critical errors that stop the daemon from working; up to 20 are the +serious errors that stop some input or output; up to 30 are noncritical +errors; up to 100 are warnings and potential errors; up to 100 are informative +messages; and finally up to 250 are all possible reporting on what is going +on. +.It Fl f Ar config_file +Specify the pathname of an alternate configuration file; +the default is +.Pa /etc/syslog.conf . +.It Fl m Ar mark_interval +Select the number of minutes between ``mark'' messages; +the default is 20 minutes. +.It Fl u +Allow the historical ``insecure'' mode, in which syslogd will +accept input from the UDP port as specified in +.Pa /etc/services . +Some software wants this, but you can be subjected to a variety of +attacks over the network, including attackers remotely filling logs. +.It Fl P Ar pidfile +Specify an alternate pidfile. +.It Fl p Ar log_socket +Specify the pathname of an alternate log socket to be used instead; +the default is +.Pa /dev/log . +This option is deprecated by +.Fl i +option. +.It Fl a Pa path +Specify a location where +.Nm syslogd +should place an additional log socket. +The primary use for this is to place additional log sockets in +.Pa /dev/log +of various chroot filespaces. This option is predecated by +.Fl i +option. +.It Fl i Ar input_module [ module_arguments ] +Enables the specified input modules, see +.Xr im_* 8 . +.It Fl n +Disables opening default inputs when there aren't given on command line. +.It Fl c +Disables opening console device, useful for non root testing. +.It Fl A +Use local host name with it's domain. +.El +.Pp +.Nm Syslogd +reads its configuration file when it starts up and whenever it +receives a hangup signal. +For information on the format of the configuration file, +see +.Xr syslog.conf 5 . +.Pp +.Nm Syslogd +creates the file +.Pa /var/run/syslog.pid , +and stores its process +id there. +This can be used to kill or reconfigure +.Nm syslogd . +.Pp +The message sent to +.Nm syslogd +should consist of a single line. +The message can contain a priority code, which should be a preceding +decimal number in angle braces, for example, +.Sq Aq 5 . +This priority code should map into the priorities defined in the +include file +.Aq Pa sys/syslog.h . +.Sh EXAMPLES +To run modular +.Nm +on BSD systems you should: +.Pp +.Dl # syslogd +.Pp +with the command above two inputs modules are created, +.Cm bsd, +that reads BSD kernel messages from +.Pa /dev/klog, +and +.Cm unix, +opens +.Pa /dev/log +socket to log standard messages. +To run modular +.Nm +on Linux systems you should: +.Pp +.Dl # syslogd +.Pp +with the command above two inputs modules are created, +.Cm linux, +that reads linux kernel messages from +.Pa /dev/klog, +and +.Cm unix, +opens +.Pa /dev/log +socket to log standard messages. +.Sh FILES +.Bl -tag -width /var/run/syslog.pid -compact +.It Pa /etc/syslog.conf +The configuration file. +.It Pa /var/run/syslog.pid +The process id of current +.Nm syslogd . +.It Pa /dev/log +Name of the +.Tn UNIX +domain datagram log socket. +.It Pa /dev/klog +The kernel log device. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr syslog.conf 5 , +.Xr im_bsd 8 , +.Xr im_doors 8 , +.Xr im_linux 8 , +.Xr im_streams 8 , +.Xr im_tcp 8 , +.Xr im_unix 8 , +.Xr im_udp 8 , +.Xr om_classic 8 , +.Xr om_mysql 8 , +.Xr om_peo 8 , +.Xr om_pgsql 8 , +.Xr om_regex 8 , +.Xr om_tcp 8 , +.Xr om_udp 8 , +.Xr peochk 8 , +.Xr syslogd 8 +.Sh HISTORY +Modular +.Nm +is based on the original syslogd daemon appeared in +.Bx 4.3 . +.Sh BUGS +Submit bugs at this project's Sourceforge Bug reporting system at: +http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 +You may also report them directly to the authors; send an email to +core.devel.alat@corest.com, describing the problem the most you can, +containing also machine description, hardware description, the +configuration file (/etc/syslog.conf), the OS description, and the +invoking command line. +The more you describe the bug, the faster we can fix it. diff --git a/msyslog-v1.08a+smac/src/modules.c b/msyslog-v1.08a+smac/src/modules.c new file mode 100644 index 0000000..178e3a1 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules.c @@ -0,0 +1,703 @@ +/* $CoreSDI: modules.c,v 1.89.2.6.2.4.4.17 2001/11/20 09:56:22 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * syslogd generic module functions + * + * Authors: Alejo Sanchez for Core-SDI S.A. + * Federico Schwindt for Core-SDI S.A. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "modules.h" +#include "syslogd.h" + +#ifdef _POSIX_PATH_MAX +#define LIB_PATH_MAX _POSIX_PATH_MAX +#else +#define LIB_PATH_MAX 254 +#endif + +void logerror(char *); + +int parseParams(char ***, char *); +struct imodule *getImodule(char *); +struct omodule *getOmodule(char *); +struct imodule *addImodule(char *); +struct omodule *addOmodule(char *); + +struct omodule *omodules; +struct imodule *imodules; + +extern char *libdir; +extern int Debug; +char err_buf[MAXLINE]; + +extern void *main_lib; + + +/* + * Prepare libraries for a module + */ + +int +prepare_module_libs(const char *modname, void **ret) { +#if BUGGY_LIBRARY_OPEN + int i; + char buf[LIB_PATH_MAX]; + + dprintf(MSYSLOG_INFORMATIVE, "prepare_module_libs: called for " + "module:%s\n", modname); + + snprintf(buf, sizeof(buf), "%s/" MLIBNAME_STR, + libdir ? libdir : INSTALL_LIBDIR); + + dprintf(MSYSLOG_INFORMATIVE, "prepare_module_libs: Going to open %s\n", + buf); + + /* Try ./ if debugging. We don't care if it is not open */ + if ( Debug && ((*ret = dlopen(buf, DLOPEN_FLAGS)) == NULL) ) { + snprintf(buf, sizeof(buf), "./" MLIBNAME_STR); + dprintf(MSYSLOG_INFORMATIVE, "prepare_module_libs: Going" + " to open %s\n", buf); + *ret = dlopen(buf, DLOPEN_FLAGS); + } + + + dprintf(MSYSLOG_INFORMATIVE, "prepare_module_libs: lib %s was " + "%sopened\n", buf, *ret == NULL? "not " : ""); + +#endif + return (1); +} + +/* + * This function gets function name from + * the main libalat.so.X.X library or + * if not there try to open this module + * library. (main libname is MLIBNAME_STR ! + */ + +int +get_symbol(const char *modname, const char *funcname, void *h, void **ret) { + char buf[LIB_PATH_MAX]; + + snprintf(buf, sizeof(buf), SYMBOL_PREFIX "%s_%s", modname, funcname); + + *ret = NULL; + /* + * Search for symbol on main library + * and in module libs + */ + if (main_lib == NULL || ( (*ret = dlsym(main_lib, buf)) == NULL && + (*ret = dlsym(main_lib, buf + 1)) == NULL ) ) { + + dprintf(MSYSLOG_INFORMATIVE, "get_symbol: func %s not found " + "on main lib \n", buf); + + } + + if (*ret == NULL && h && ( (*ret = dlsym(h, buf)) == NULL && + (*ret = dlsym(h, buf + 1)) == NULL) ) { + dprintf(MSYSLOG_SERIOUS, "get_symbol: error linking function " + "%s, %s\n", buf, dlerror()); + return(-1); + } + + /* not on main lib, not on this module's lib */ + if (*ret == NULL) + return(-1); + + return(1); + +} + +/* + * Create a new input module, and assign module functions to generic pointer + * + * I is a pointer to a list of input modules, where new one will be appended + * line is the command line of the input module + */ + +int +imodule_create(struct i_module *I, char *line) +{ + int argc, ret, i; + char **argv = NULL; + struct i_module *im, *im_prev; + + /* create initial node for Inputs list */ + if (I == NULL) { + dprintf(MSYSLOG_SERIOUS, "imodule_create: Error from caller\n"); + return (-1); + } + + /* go to last item on list */ + for (im_prev = I; im_prev->im_next != NULL; im_prev = im_prev->im_next); + + if (im_prev == I && im_prev->im_fd == -1) { + im = im_prev; + } else { + if((im_prev->im_next = (struct i_module *) calloc(1, + sizeof(struct i_module))) == NULL) { + dprintf(MSYSLOG_SERIOUS, "No memory available for " + "calloc\n"); + return (-1); + } + im = im_prev->im_next; + im->im_fd = -1; + } + + if ((argc = parseParams(&argv, line)) < 1) { + snprintf(err_buf, sizeof(err_buf), "Error initializing module " + "%s [%s]\n", argv[0], line); + ret = -1; + goto imodule_create_bad; + } + + /* is it already initialized ? searching... */ + if ((im->im_func = getImodule(argv[0])) == NULL) + if ((im->im_func = addImodule(argv[0])) == NULL) { + snprintf(err_buf, sizeof(err_buf), "Error loading " + "dynamic input module %s [%s]\n", + argv[0], line); + ret = -1; + goto imodule_create_bad; + } + + /* got it, now try to initialize it */ + if ((*(im->im_func->im_init))(im, argv, argc) < 0) { + snprintf(err_buf, sizeof(err_buf), "Error initializing " + "input module %s [%s]\n", argv[0], line); + ret = -1; + goto imodule_create_bad; + } + + ret = 1; + +imodule_create_bad: + + if (ret == -1) { + + /* log error first */ + logerror(err_buf); + + /* free allocated input module on queue */ + if (im_prev == I && im_prev->im_next == NULL) { + im_prev->im_fd = -1; + } else if (im_prev->im_next == im) { + free (im); + im_prev->im_next = NULL; + } + } + + /* free argv params if there */ + if (argv != NULL) { + char *f; + + for (i = 0; (f = argv[i]) != NULL ; i++) + free(f); + + free(argv); + } + + return (ret); + +} + +/* + * Create a new input module, and assign module functions to generic pointer + * while addinf it to a filed + * + * c (line) is the command line of the input module + * f is a pointer to a filed structure + * prog is the program to match + * + */ + +int +omodule_create(char *c, struct filed *f, char *prog) +{ + char *line, *p, quotes, *argv[20]; + int argc; + struct o_module *om, *om_prev; + + line = strdup(c); quotes = 0; + p = line; + + /* create context and initialize module for logging */ + while (*p) { + if (f->f_omod == NULL) { + f->f_omod = (struct o_module *) calloc(1, sizeof(*f->f_omod)); + om = f->f_omod; + om_prev = NULL; + } else { + for (om_prev = f->f_omod; om_prev->om_next; om_prev = om_prev->om_next); + om_prev->om_next = (struct o_module *) calloc(1, sizeof *f->f_omod); + om = om_prev->om_next; + } + + switch (*p) { + case '%': + /* get this module name */ + argc = 0; + while (isspace((int)*(++p))); + argv[argc++] = p; + while (!isspace((int)*p)) p++; + + *p++ = 0; + + /* find for matching module */ + if ((om->om_func = getOmodule(argv[0])) + == NULL) { + if ((om->om_func = addOmodule(argv[0])) + == NULL) { + + snprintf(err_buf, + sizeof(err_buf), "Error " + "loading dynamic output " + "module %s [%s]\n", + argv[0], line); + goto omodule_create_bad; + + } + } + + dprintf(MSYSLOG_INFORMATIVE, "omodule_create: " + "got output module %s\n", argv[0]); + + /* build argv and argc, modifies input p */ + while (isspace((int)*p)) p++; + while (*p && *p != '%' && *p != '\n' && + *p != '\r' && argcom_func = getOmodule(argv[0])) + == NULL) { + if ((om->om_func = addOmodule(argv[0])) + == NULL) { + snprintf(err_buf, + sizeof(err_buf), "Error " + "loading dynamic output " + "module %s [%s]\n", + argv[0], line); + goto omodule_create_bad; + } + } + + break; + } + + if (!om->om_func->om_init || + (*(om->om_func->om_init))(argc, argv, f, prog, (void *) + &(om->ctx), &om->status) < 0) { + snprintf(err_buf, sizeof(err_buf), "Error " + "initializing dynamic output module %s [%s]\n", + argv[0], line); + goto omodule_create_bad; + } + } + + dprintf(MSYSLOG_INFORMATIVE, "omodule_create: all done for output " + "module %s\n", argv[0]); + + free(line); + + return (1); + +omodule_create_bad: + + dprintf(MSYSLOG_SERIOUS, err_buf); + + if (line) + free(line); + + /* free allocated module */ + if (f->f_omod == om) { + f->f_omod = NULL; + } else if (om_prev) + om_prev->om_next = NULL; + + if (om) + free(om); + + return (-1); + +} + +/* + * Parse a line and return argc & argv + * + * space and tabs are separators + * + */ + +int +parseParams(char ***ret, char *c) +{ + char *line, *p, *q; + int argc; + + line = strdup(c); + p = line; + + /* initialize arguments before starting */ + *ret = (char **) calloc(20, sizeof(char *)); + argc = 0; + + for(q = p; *p != '\0'; p = q) { + /* skip initial spaces */ + while (isspace((int)*p)) p++; + if (*p == '\0') + break; + + if (*p == '\"') { + for(q = ++p; *q != '\"' && *q != '\0'; q++); + + if (*q != '\0') { + *q++ = '\0'; + } + + } else if (*p == '\'') { + for(q = ++p; *q != '\'' && *q != '\0'; q++); + + if (*q != '\0') { + *q++ = '\0'; + } + + } else { + /* see how long this word is, alloc, and copy */ + for(q = p; *q != '\0' && !isspace((int)*q); q++); + if (*q != '\0') { + *q++ = '\0'; + } + + } + + (*ret)[argc++] = strdup(p); + if ((argc % 20) == 18) + if ( (*ret = (char **) realloc(*ret, sizeof(char *) * + (argc + 20))) == NULL) { + free(line); + return(-1); + } + if (*ret != NULL) + (*ret)[argc] = NULL; + } + + free(line); + return (argc); +} + +struct imodule * +addImodule(char *name) +{ + struct imodule *im; + char buf[LIB_PATH_MAX]; + + if (name == NULL) + return (NULL); + + if (imodules == NULL) { + imodules = (struct imodule *) calloc(1, sizeof(*im)); + im = imodules; + } else { + for(im = imodules; im->im_next; im = im->im_next); + im->im_next = (struct imodule *) calloc(1, sizeof(*im)); + im = im->im_next; + } + + snprintf(buf, sizeof(buf), "im_%s", name); + + if (prepare_module_libs(buf, &im->h) == -1 || + get_symbol(buf, "init", im->h, (void *) &im->im_init) == -1 || + get_symbol(buf, "read", im->h, (void *) &im->im_read) == -1) { + + if (imodules == im) { + imodules = NULL; + } else { + struct imodule *i = imodules; + for (; i && i->im_next == im; i = i->im_next); + if (i) + i->im_next = NULL; + } + + free(im); + + dprintf(MSYSLOG_SERIOUS, "addImodule: couldn't config %s input" + " module\n", buf); + return(NULL); + } + + /* this is not mandatory */ + get_symbol(buf, "close", im->h, (void *) &im->im_close); + + im->im_name = strdup(name); + + dprintf(MSYSLOG_INFORMATIVE, "addImodule: successfully configured %s " + "input module\n", buf); + + return (im); +} + + +struct omodule * +addOmodule(char *name) +{ + struct omodule *om; + char buf[LIB_PATH_MAX]; + + if (name == NULL) + return (NULL); + + if (omodules == NULL) { + omodules = (struct omodule *) calloc(1, sizeof(*om)); + om = omodules; + } else { + for(om = omodules; om->om_next; om = om->om_next); + om->om_next = (struct omodule *) calloc(1, sizeof(*om)); + om = om->om_next; + } + + snprintf(buf, sizeof(buf), "om_%s", name); + + if (prepare_module_libs(buf, &om->h) == -1 || + get_symbol(buf, "init", om->h, (void *) &om->om_init) == -1 || + get_symbol(buf, "write", om->h, (void *) &om->om_write) == -1) { + + if (omodules == om) { + omodules = NULL; + } else { + struct omodule *o = omodules; + + for (; o && o->om_next == om; o = o->om_next); + if (o) + o->om_next = NULL; + } + + free(om); + + return(NULL); + } + + /* this is not mandatory */ + get_symbol(buf, "close", om->h, (void *) &om->om_close); + get_symbol(buf, "flush", om->h, (void *) &om->om_flush); + + dprintf(MSYSLOG_INFORMATIVE, "addOmodule: successfully configured %s " + "output module\n", buf); + + + om->om_name = strdup(name); + + return (om); +} + +int +omoduleDestroy(struct omodule *om) +{ + if (om == NULL || om->h == NULL || om->om_next) + return (-1); + + if (om->h && dlclose(om->h) < 0) { + dprintf(MSYSLOG_SERIOUS, "Error [%s]\n", dlerror()); + return (-1); + } + + free(om->om_name); + + return (1); +} + +struct imodule * +getImodule(char *name) +{ + struct imodule *im; + unsigned int len; + + if (imodules == NULL || name == NULL) + return (NULL); + + for(im = imodules, len = strlen(name); im; im = im->im_next) + if (im->im_name && !strncmp(im->im_name, name, len)) + break; + + return (im); +} + +struct omodule * +getOmodule(char *name) { + struct omodule *om; + unsigned int len; + + if (omodules == NULL || name == NULL) + return (NULL); + + for(om = omodules, len = strlen(name); om; om = om->om_next) + if (om->om_name && !strncmp(om->om_name, name, len)) + break; + + return (om); +} + + +/* + * This function removes an output module and + * its dynamic libraries + * + */ + +int +imodules_destroy(struct imodule *i) +{ + struct imodule *im, *im_next, *last; + + for (im = i, last = NULL; im; im = im_next) { + + im_next = im->im_next; + + if (!im->h) { + last = im; + continue; + } + + if (last) + last->im_next = im->im_next; + + dlclose(im->h); + + free(im); + } + + if (last) { + last->im_next = NULL; + return (1); /* there are some static modules on */ + } + + return (0); +} + + +/* + * This function removes an output module and + * its dynamic libraries + * + */ + +int +omodules_destroy(struct omodule *o) +{ + struct omodule *om, *om_next, *last; + + for (om = o, last = NULL; om; om = om_next) { + + om_next = om->om_next; + + if (!om->h) { + last = om; + continue; + } + + if (last) + last->om_next = om->om_next; + + dlclose(om->h); + free(om); + } + + if (last) { + last->om_next = NULL; + return (1); /* there are some static modules on */ + } + + return (0); +} + + diff --git a/msyslog-v1.08a+smac/src/modules.h b/msyslog-v1.08a+smac/src/modules.h new file mode 100644 index 0000000..f7b0e42 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules.h @@ -0,0 +1,94 @@ +/* $CoreSDI: modules.h,v 1.27.2.1.4.9 2001/11/21 06:31:02 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef SYSLOG_MODULES_H +#define SYSLOG_MODULES_H + +#ifndef MAXHOSTNAMELEN +# include +# ifndef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 254 +# endif +#endif + + +/* this MUST be the same value as syslogd.h */ +#define MAXLINE 2048 + +#define MAX_MODULE_NAME_LEN 255 + + +/* + * This structure represents main details for the output modules + */ + +struct o_module { + struct o_module *om_next; + struct omodule *om_func; /* where are this puppy's functions? */ + void *ctx; + char *status; +}; + +/* + * This structure represents main details for the input modules + */ + +struct i_module { + struct i_module *im_next; + struct imodule *im_func; /* where are this puppy's functions? */ + int im_fd; /* for use with select() */ + int im_flags; /* 1 to 8 are reserved */ +#define IMODULE_FLAG_KERN 0x01 +#define IMODULE_FLAG_CONN 0x02 + char *im_path; + char im_buf[MAXLINE + 1]; + void *im_ctx; +}; + +int add_fd_input(int , struct i_module *); /* add this fd to array */ +void remove_fd_input(int); /* remove this fd from poll arrays */ + +/* + * This structure represents the return of the input modules + */ + +struct im_msg { + int im_pid; + int im_pri; + int im_flags; +#define SYSLOG_IM_PID_CHECKED 0x01 +#define SYSLOG_IM_HOST_CHECKED 0x02 + char im_msg[MAXLINE + 1]; + int im_len; /* size of contents of im_msg buffer */ + char im_host[MAXHOSTNAMELEN + 1]; +}; + +#endif diff --git a/msyslog-v1.08a+smac/src/modules/Makefile b/msyslog-v1.08a+smac/src/modules/Makefile new file mode 100644 index 0000000..119d51e --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/Makefile @@ -0,0 +1,70 @@ +# $CoreSDI: Makefile.in,v 1.3.2.12.2.3.4.11 2001/11/20 09:56:24 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= gcc +LD= ld +CFLAGS= -g -O2 -Wall +DCCFLAGS= +CPPFLAGS= -I.. + +INSTALL= /usr/bin/ginstall -c +INSTALL_LIBDIR= /usr/msyslog/lib/alat + +MLIBNAME= libmsyslog.so.1.08 +MSRCS= im_linux.c im_udp.c om_udp.c im_unix.c im_file.c om_classic.c ttymsg.c om_tcp.c im_tcp.c ip_misc.c om_mysql.c om_pgsql.c sql_misc.c om_peo.c om_regex.c +MLIBS= +MOBJS= $(MSRCS:.c=.o) +HASH_SRCS= ../peo/hash.c ../peo/md5c.c ../peo/sha1.c ../peo/rmd160.c +HASH_OBJS= hash.o md5c.o sha1.o rmd160.o + +SHARED_PARAMS= -Bshareable + +$(MLIBNAME): $(MSRCS) $(HASH_SRCS) ../config.h + $(CC) $(CFLAGS) $(CPPFLAGS) $(DCCFLAGS) -c $(HASH_SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(DCCFLAGS) -c $(MSRCS) + $(LD) $(SHARED_PARAMS) -o $(MLIBNAME) $(MOBJS) $(HASH_OBJS) + +all: $(MLIBNAME) + +.PHONY: clean distclean + +clean: + -rm -f core *.core *.o *.so.* *.so + +distclean: clean + -rm -f Makefile *.imp + +install: + @echo "installing shared library..." + @if [ ! -d $(INSTALL_LIBDIR) ]; then \ + mkdir -p $(INSTALL_LIBDIR); \ + fi + @$(INSTALL) $(MLIBNAME) $(INSTALL_LIBDIR)/ && echo "$(INSTALL_LIBDIR)/$(MLIBNAME)" + diff --git a/msyslog-v1.08a+smac/src/modules/Makefile.in b/msyslog-v1.08a+smac/src/modules/Makefile.in new file mode 100644 index 0000000..fd49d92 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/Makefile.in @@ -0,0 +1,70 @@ +# $CoreSDI: Makefile.in,v 1.3.2.12.2.3.4.11 2001/11/20 09:56:24 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= @CC@ +LD= ld +CFLAGS= @CFLAGS@ +DCCFLAGS= @DCCFLAGS@ +CPPFLAGS= -I.. @CPPFLAGS@ + +INSTALL= @INSTALL@ +INSTALL_LIBDIR= @prefix@/lib/alat + +MLIBNAME= @MLIBNAME@ +MSRCS= @MSRCS@ +MLIBS= @MLIBS@ +MOBJS= $(MSRCS:.c=.o) +HASH_SRCS= @HASH_SRCS_MODULES@ +HASH_OBJS= @HASH_OBJS_MODULES@ + +SHARED_PARAMS= @SHARED_PARAMS@ + +$(MLIBNAME): $(MSRCS) $(HASH_SRCS) ../config.h + $(CC) $(CFLAGS) $(CPPFLAGS) $(DCCFLAGS) -c $(HASH_SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(DCCFLAGS) -c $(MSRCS) + $(LD) $(SHARED_PARAMS) -o $(MLIBNAME) $(MOBJS) $(HASH_OBJS) + +all: $(MLIBNAME) + +.PHONY: clean distclean + +clean: + -rm -f core *.core *.o *.so.* *.so + +distclean: clean + -rm -f Makefile *.imp + +install: + @echo "installing shared library..." + @if [ ! -d $(INSTALL_LIBDIR) ]; then \ + mkdir -p $(INSTALL_LIBDIR); \ + fi + @$(INSTALL) $(MLIBNAME) $(INSTALL_LIBDIR)/ && echo "$(INSTALL_LIBDIR)/$(MLIBNAME)" + diff --git a/msyslog-v1.08a+smac/src/modules/im_bsd.c b/msyslog-v1.08a+smac/src/modules/im_bsd.c new file mode 100644 index 0000000..0db9e56 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_bsd.c @@ -0,0 +1,146 @@ +/* $CoreSDI: im_bsd.c,v 1.51.2.6.4.10 2001/11/21 06:31:03 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_bsd -- classic behaviour module for BSD like systems + * + * Author: Alejo Sanchez for Core-SDI SA + * from syslogd.c by Eric Allman and Ralph Campbell + * + */ + +#include "config.h" + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* + * initialize BSD input + * + */ + + +int +im_bsd_init(struct i_module *I, char **argv, int argc) +{ + + dprintf(MSYSLOG_INFORMATIVE, "im_bsd_init: Entering\n"); + + if ((I->im_fd = open(_PATH_KLOG, O_RDONLY, 0)) < 0) { + dprintf(MSYSLOG_SERIOUS, "can't open %s (%d)\n", _PATH_KLOG, + errno); + return (-1); + } + + I->im_path = _PATH_KLOG; + I->im_flags |= IMODULE_FLAG_KERN; + add_fd_input(I->im_fd , I); + return (I->im_fd); +} + + +/* + * get messge + * + * Take a raw input line from /dev/klog, split and format similar to syslog(). + */ + +int +im_bsd_read(struct i_module *im, int infd, struct im_msg *ret) +{ + char *p, *q, *lp; + int i, c; + + strncpy(ret->im_msg, _PATH_UNIX, sizeof(ret->im_msg) - 4); + strncat(ret->im_msg, ": ", 2); + lp = ret->im_msg + strlen(ret->im_msg); + + i = read(im->im_fd, im->im_buf, sizeof(im->im_buf) - 1); + if (i > 0) { + (im->im_buf)[i] = '\0'; + for (p = im->im_buf; *p != '\0'; ) { + /* fsync file after write */ + ret->im_flags = SYNC_FILE | ADDDATE; + ret->im_pri = DEFSPRI; + if (*p == '<') { + ret->im_pri = 0; + while (isdigit((int)*++p)) + ret->im_pri = 10 * ret->im_pri + + (*p - '0'); + if (*p == '>') + ++p; + } else { + /* kernel printf's come out on console */ + ret->im_flags |= IGN_CONS; + } + if (ret->im_pri &~ (LOG_FACMASK|LOG_PRIMASK)) + ret->im_pri = DEFSPRI; + q = lp; + while (*p != '\0' && (c = *p++) != '\n' && + q < &ret->im_msg[sizeof(ret->im_msg) - 1]) + *q++ = c; + *q = '\0'; + ret->im_host[0] = '\0'; + ret->im_len = strlen(ret->im_msg); + logmsg(ret->im_pri, ret->im_msg, ret->im_host, + ret->im_flags); + } + } else if (i < 0 && errno != EINTR) { + logerror("im_bsd_read"); + im->im_fd = -1; + } + + /* if ok return (2) wich means already logged */ + return (im->im_fd == -1 ? -1: 2); +} + +int +im_bsd_close (struct i_module *im) +{ + if (im->im_fd >= 0) + close(im->im_fd); + + return (0); +} diff --git a/msyslog-v1.08a+smac/src/modules/im_doors.c b/msyslog-v1.08a+smac/src/modules/im_doors.c new file mode 100644 index 0000000..74edfa0 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_doors.c @@ -0,0 +1,158 @@ +/* $CoreSDI: im_doors.c,v 1.2.2.8 2001/09/21 12:18:49 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_doors -- use syslog doors for a syslog helper + * + * Author: Ari Edelkind (11/02/2000) + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../modules.h" +#include "../syslogd.h" + + +void im_door_func (); + +#define DEFAULT_DOOR "/etc/.syslog_door" +#define DOOR_MODE 00644 /* Drw-r--r-- */ +#define LB_SIZE 128 /* log buffer */ + + +/* + * initialize doors input + * + */ + +int +im_doors_init(struct i_module *I, char **argv, int argc) +{ + char *door_path = DEFAULT_DOOR; + int fd; + + dprintf(MSYSLOG_INFORMATIVE, "im_doors_init: Entering\n"); + + if (argc < 1 || argc > 2) { + dprintf(MSYSLOG_SERIOUS, "doors usage: -i doors[:path]\n\n"); + return (-1); + } + + if (argc == 2) + door_path = argv[1]; + + if (unlink(door_path) == -1) { + if (errno != ENOENT) { + dprintf(MSYSLOG_SERIOUS, "im_doors: unlink(%s): %s\n", + door_path, strerror (errno)); + return (-1); + } + dprintf(MSYSLOG_INFORMATIVE, "%s didn't exist; it will be " + "created\n", door_path); + } + + if ((fd = open (door_path, O_CREAT | O_RDWR, 00644)) == -1) { + dprintf(MSYSLOG_SERIOUS, "im_doors: open(%s): %s\n", door_path, + strerror (errno)); + return (-1); + } + + if (close(fd) == -1) { + /* if close() fails here, there's probably an fs error */ + dprintf(MSYSLOG_SERIOUS, "im_doors: close(%s): %s\n", + door_path, strerror (errno)); + return (-1); + } + + if ((fd = door_create(im_door_func, NULL, 0)) == -1) { + dprintf(MSYSLOG_SERIOUS, "im_doors: door_create: %s\n", + strerror (errno)); + return (-1); + } + + if (fattach(fd, door_path) == -1) { + dprintf(MSYSLOG_SERIOUS, "im_doors: fattach(%s): %s\n", + door_path, strerror (errno)); + return (-1); + } + + return(1); +} + + +/* door function */ +void im_door_func(cookie, dataptr, datasize, descptr, ndesc) + void *cookie; + char *dataptr; + size_t datasize; + door_desc_t *descptr; + size_t ndesc; +{ + struct door_cred dcred; + char logbuf[LB_SIZE]; + + if (door_cred(&dcred) == -1) { + snprintf (logbuf, LB_SIZE, "door_cred failed: %s\n", + strerror (errno)); + logerror (logbuf); + } else { + + dprintf(MSYSLOG_INFORMATIVE, "door connection from uid %lu", + (unsigned long)dcred.dc_euid); + + if (dcred.dc_euid != dcred.dc_ruid) + dprintf(MSYSLOG_INFORMATIVE) (" (%lu)", + (unsigned long)dcred.dc_ruid); + + dprintf(MSYSLOG_INFORMATIVE) ("\n"); + } + + /* this function does absolutely nothing except return */ + door_return(NULL, 0, NULL, 0); + + /* if control reaches here, something went wrong */ + snprintf(logbuf, LB_SIZE, "door_return failed: %s\n", + strerror(errno)); + logerror(logbuf); +} + diff --git a/msyslog-v1.08a+smac/src/modules/im_file.c b/msyslog-v1.08a+smac/src/modules/im_file.c new file mode 100644 index 0000000..e583e2d --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_file.c @@ -0,0 +1,264 @@ +/* $CoreSDI: im_file.c,v 1.11.2.1 2001/11/21 06:34:27 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_file -- read from a log file being written by other program + * + * Author: Alejo Sanchez for Core-SDI SA + * http://www.corest.com/ + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +struct im_file_ctx { + char *timefmt; + int start; +}; + +/* + * initialize file input + * + */ + +int +im_file_init(struct i_module *I, char **argv, int argc) +{ + char *path; + struct im_file_ctx *c; + int ch, optind_s, start; + + dprintf(MSYSLOG_INFORMATIVE, "im_file_init: Entering\n"); + + I->im_path = NULL; + start = 0; + path = NULL; + c = NULL; /* just to make compiler happy */ + + /* parse command line */ + optind_s = optind; /* save main's optind */ + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "f:p:n:t:s:")) != -1) { + switch (ch) { + case 'f': + /* file to read */ + path = optarg; + break; + case 'p': + /* pipe to read */ + path = optarg; + break; + case 'n': + I->im_path = strdup(optarg); + break; + case 's': + start = strtol(optarg, NULL, 10); + break; + case 't': + if ((I->im_ctx = malloc(sizeof(struct im_file_ctx))) + == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_file_init: error" + " allocating context!\n"); + return (-1); + } + c = (struct im_file_ctx *) I->im_ctx; + c->timefmt = strdup(optarg); + break; + default: + dprintf(MSYSLOG_SERIOUS, "om_file_init: command line" + " error, at arg %c [%s]\n", ch, optarg? optarg: ""); + return (-1); + } + } + + optind = optind_s; /* restore main's optind */ + + if (I->im_ctx != NULL && c->timefmt == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_file_init: start of time string but" + " no string!\n"); + return (-1); + } + + if (I->im_ctx != NULL) + c->start = start; + + if (path == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_file_init: no file/pipe to read\n"); + return (-1); + } + + if ((I->im_fd = open(path, O_RDONLY, 0)) < 0) { + dprintf(MSYSLOG_SERIOUS, "im_file_init: can't open %s (%d)\n", + argv[1], errno); + return (-1); + } + + if (I->im_path == NULL) + I->im_path = path; /* no name specified */ + + add_fd_input(I->im_fd , I); + + return (1); +} + +/* + * get message + * + */ + +int +im_file_read(struct i_module *im, int infd, struct im_msg *ret) +{ + char *p, *q; + int i, c; + RETSIGTYPE (*sigsave)(int); + + /* ignore sigpipes for mysql_ping */ + sigsave = place_signal(SIGPIPE, SIG_IGN); + + i = read(im->im_fd, im->im_buf, sizeof(im->im_buf) - 1); + if (i > 0) { + (im->im_buf)[i] = '\0'; + for (p = im->im_buf; *p != '\0'; ) { + + /* fsync file after write */ + ret->im_flags = ADDDATE; + ret->im_pri = DEFSPRI; + + if (im->im_ctx != NULL) { + struct tm tm; + struct im_file_ctx *c; + char *start, *end; + + /* apply strftime */ + c = (struct im_file_ctx *) im->im_ctx; + if ((end = strptime((p + c->start), c->timefmt, &tm)) + == NULL) { + + dprintf(MSYSLOG_WARNING, "om_file_read" + ": error parsing time!\n"); + + } else { + + for (start = p + c->start; *end != '\0';) + *start++ = *end++; + *start = '\0'; + + if (strftime(ret->im_msg, + sizeof(ret->im_msg) - 1, + "%b %e %H:%M:%S ", &tm) == 0) { + dprintf(MSYSLOG_WARNING, + "om_file_read: error " + "printing time!\n"); + } else { + ret->im_flags &= !ADDDATE; + } + } + } else if (*p == '<') { + ret->im_pri = 0; + while (isdigit((int)*++p)) + ret->im_pri = 10 * ret->im_pri + + (*p - '0'); + if (*p == '>') + ++p; + } + + strncat(ret->im_msg, im->im_path, strlen(ret->im_msg) + - sizeof(ret->im_msg) - 1); + strncat(ret->im_msg, ":", strlen(ret->im_msg) + - sizeof(ret->im_msg) - 1); + dprintf(MSYSLOG_INFORMATIVE, "im_file_read: Entering " + "with header %s\n", ret->im_msg); + + if (ret->im_pri &~ (LOG_FACMASK|LOG_PRIMASK)) + ret->im_pri = DEFSPRI; + q = ret->im_msg + strlen(ret->im_msg); + while (*p != '\0' && (c = *p++) != '\n' && + q < &ret->im_msg[sizeof(ret->im_msg) - 1]) { + *q++ = c; + } + *q = '\0'; + ret->im_host[0] = '\0'; + ret->im_len = strlen(ret->im_msg); + logmsg(ret->im_pri, ret->im_msg, ret->im_host, + ret->im_flags); + } + } else if (i < 0 && errno != EINTR) { + logerror("im_file_read"); + im->im_fd = -1; + } + + /* restore previous SIGPIPE handler */ + place_signal(SIGPIPE, sigsave); + + /* if ok return (2) wich means already logged */ + return (im->im_fd == -1 ? -1: 2); +} + +int +im_file_close( struct i_module *im) +{ + if (im->im_ctx != NULL) { + struct im_file_ctx *c; + + c = (struct im_file_ctx *) im->im_ctx; + + if (c->timefmt) + free(c->timefmt); + free(c); + } + + if (im->im_path != NULL) + free(im->im_path); + + if (im->im_fd >= 0) + close(im->im_fd); + + return (0); +} diff --git a/msyslog-v1.08a+smac/src/modules/im_linux.c b/msyslog-v1.08a+smac/src/modules/im_linux.c new file mode 100644 index 0000000..768f83b --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_linux.c @@ -0,0 +1,597 @@ +/* $CoreSDI: im_linux.c,v 1.31.2.4.4.15 2001/11/30 23:13:44 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_linux -- input module to log linux kernel messages + * + * Author: Claudio Castiglia, Core-SDI S.A. + * + */ + +#include "config.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + + +#define KSYM_TRANSLATE 0x01 +#define KSYM_READ_TABLE 0x02 +#define KLOG_USE_SYSCALL 0x04 +#define KLOG_HAVE_NEWLINE 0x08 +int flags; +char *linux_input_module = "linux input module"; + + +/* + * kernel symbols + */ +#define PATH_KSYM "/proc/ksyms" +#define MAX_ADDR_LEN 16 +#define MAX_NAME_LEN 80 +#define MAX_MNAME_LEN 20 + +typedef struct _Symbol { + char addr[MAX_ADDR_LEN + 1]; + char name[MAX_NAME_LEN + 1]; + char mname[MAX_MNAME_LEN + 1]; + struct _Symbol *next; +} Symbol; + +FILE *ksym_fd = NULL; +char *ksym_path = PATH_KSYM; +Symbol *ksym_first = NULL; +Symbol *ksym_current = NULL; +char saveline[MAXLINE + 1]; +int savelen; + +int ksym_init(); +void ksym_close(); +int ksym_snprintf (char*, int, char*); +Symbol *ksym_lookup (Symbol*, char*); +int ksym_get_symbol (Symbol*); +int ksym_parseline (char*, Symbol*); +char *ksym_copyword (char*, char*, int); + + +/* + * Usage + */ +void +im_linux_usage() +{ + dprintf(MSYSLOG_INFORMATIVE, "linux input module options:\n" + " [ -k file ] Use the specified file as source of kernel\n" + " symbol information instead of %s.\n" + " [ -r ] Force read symbol table on memory.\n" + " [ -s ] Force to use syscall instead of %s\n" + " to log kernel messages.\n" + " [ -x ] Do not translate kernel symbols.\n" + "Defaults:\n" + " Reads kernel messages from %s; " +#if 0 + " if this file doesn't exists\n" + " it uses the syscall method.\n" +#endif + " Symbols are translated only if %s exists.\n\n", + PATH_KSYM, _PATH_KLOG, _PATH_KLOG, PATH_KSYM); +} + + +/* + * getLine: + * Search for a line on a string buffer + * returns a pointer to the line or NULL if the buffer is empty + */ +char* +getLine (char *buf, int *i) +{ + if (*buf == '\0') + return (NULL); + while (buf[*i] != '\n' && buf[*i] != '\0') + (*i)++; + if (buf[*i] == '\0') { + (*i)--; + } else { + if (buf[*i] == '\n') + flags |= KLOG_HAVE_NEWLINE; + + buf[*i] = '\0'; + } + return (buf); +} + + +/* + * Sets console loglevel + */ +int +im_linux_set_console_loglevel (char *strlv) +{ + char *err; + unsigned long loglevel; + + if ( (loglevel = strtoul(strlv, &err, 10)) < 0 || + loglevel > 7 || *err != '\0') { + warnx("%s: invalid loglevel <%s>", linux_input_module, optarg); + return (-1); + } + warnx("%s: setting console loglevel to <%lu>", linux_input_module, + loglevel); + if (klogctl(8, NULL, loglevel) < 0) { + warn("%s", linux_input_module); + return (-1); + } + return (0); +} + + +/* + * Initialize linux input module + */ +int +im_linux_init (struct i_module *I, char **argv, int argc) +{ + int ch; + int current_optind; + + dprintf(MSYSLOG_INFORMATIVE, "im_linux_init: Entering\n"); + + /* parse command line */ + current_optind = optind; /* syslogd calls im_linux_init when + * parsing command line + * This should be changed + */ + flags = KSYM_TRANSLATE; + if (argc > 1) { + optind = 1; + while ( (ch = getopt(argc, argv, "c:C:k:rsxh?")) != -1) + switch(ch) { + case 'c': /* specify console loglevel */ + if (im_linux_set_console_loglevel(optarg) < 0) + return (-1); + break; + + case 'C': /* specify console loglevel and force exit */ + im_linux_set_console_loglevel(optarg); + return (-1); + + case 'k': /* specify symbol file */ + if (strcmp(ksym_path, optarg)) + if ( (ksym_path = strdup(optarg)) == NULL) { + warn("%s", linux_input_module); + return (-1); + } + break; + + case 'r': /* force to read symbol table and keep + * it in memory + */ + flags |= KSYM_READ_TABLE; + break; + +/* not supported yet, we need to talk about somethings */ +#if 0 + case 's': /* force to use syscall instead + * of _PATH_KLOG + */ + flags |= KLOG_USE_SYSCALL; + break; +#endif + + case 'x': /* do not translate kernel symbols */ + flags &= ~KSYM_TRANSLATE; + break; + + case 'h': /* usage */ + case '?': + default: + im_linux_usage(); + return (-1); + } + } + + I->im_path = NULL; + I->im_fd = 0; + if (flags & ~KLOG_USE_SYSCALL) { + if ( (I->im_fd = open(_PATH_KLOG, O_RDONLY, 0)) >= 0) + I->im_path = _PATH_KLOG; + +/* if /proc not mounted.. sorry: syscall not supported yet */ +#if 0 + else if (errno != ENOENT) { + warn("%s: %s: %s\n", + linux_input_module, _PATH_KLOG, strerror(errno)); + return (-1); + } else + /* /proc not mounted, use syscall */ + I->im_fd = 0; +#endif +#if 1 + else { + warn("%s: %s: %s\n", + linux_input_module, _PATH_KLOG, strerror(errno)); + return (-1); + } +#endif + + } + + /* open/read symbol table file */ + if ((flags & KSYM_TRANSLATE) && ksym_init() < 0) + return (-1); + + I->im_flags |= IMODULE_FLAG_KERN; + optind = current_optind; + saveline[0] = '\0'; /* yes, globals are zeroed, but... */ + savelen = 0; + add_fd_input(I->im_fd , I); + return (I->im_fd); +} + + +/* + * get kernel message: + * take input line from _PATH_KLOG or klogctl(2) + * and log it. + */ +int +im_linux_read (struct i_module *im, int infd, struct im_msg *ret) +{ + int i; + char *ptr; + + if (im->im_fd < 0) + return (-1); + + /* read message from kernel */ + +/* syscall not supported yet */ +#if 0 + if (im->im_path == NULL || flags & KLOG_USE_SYSCALL) + /* this blocks */ + /* i = klogctl(2, im->im_buf, sizeof(im->im_buf)-1); + */ + /* ;;;this don't block... testing */ + i = klogctl(4, im->im_buf, sizeof(im->im_buf)-1); + else +#endif + i = read(im->im_fd, im->im_buf, sizeof(im->im_buf)-1); + + if (i < 0 && errno != EINTR) { + logerror("im_linux_read"); + return (-1); + } + + if (i) { + im->im_buf[i] = '\0'; + + /* log each msg line */ + i = 0; + ptr = im->im_buf; + while ( (ptr = getLine(ptr, &i)) != NULL) { + char *msg; + int buflen; + + /* get priority */ + if (i >= 3 && ptr[0] == '<' && + ptr[2] == '>' && isdigit(ptr[1])) { + ret->im_pri = ptr[1] - '0'; + ptr += 3; + i -= 3; + } + else + /* from printk.c: DEFAULT_MESSAGE_LOGLEVEL */ + ret->im_pri = LOG_WARNING; + + msg = &saveline[savelen - 1]; + buflen = sizeof(saveline) - savelen; + + /* + * Parse kernel/module symbols and print. + */ + if (flags & KSYM_TRANSLATE) + savelen = ksym_snprintf(msg, buflen, ptr); + else + savelen = snprintf(msg, buflen, + savelen == 0 ? "kernel: %s" : "%s", ptr); + + ret->im_host[0] = '\0'; + + if (flags & KLOG_HAVE_NEWLINE) { + logmsg(ret->im_pri, saveline, ret->im_host, im->im_flags); + saveline[0] = '\0'; + savelen = 0; + flags &= ~KLOG_HAVE_NEWLINE; + } + ptr += i + 1; + i = 0; + } + } + return (0); +} + + +/* + * Close linux input module + */ +int +im_linux_close (struct i_module *im) +{ + ksym_close(); + if (im->im_path != NULL) + return (close(im->im_fd)); + + return (0); +} + + +/* + * Open/load symbol table + * Returns 0 on success and -1 on error + */ +int +ksym_init() +{ + char buf[128]; + Symbol *last; + Symbol *next; + + ksym_close(); + if ( (ksym_fd = fopen(ksym_path, "r")) == NULL) { + warn("%s: ksym_init: %s", linux_input_module, ksym_path); + return (-1); + } + if (flags & KSYM_READ_TABLE) { + last = NULL; + while (fgets(buf, sizeof(buf), ksym_fd) != NULL) { + if ( (next = (Symbol*) malloc(sizeof(Symbol))) == NULL) { + warn("%s: ksym_init", linux_input_module); + ksym_close(); + return (-1); + } + next->next = NULL; + if (last) + last->next = next; + else + ksym_first = next; + if (ksym_parseline(buf, next) < 0) { + warnx("%s: ksym_init: incorrect symbol file: %s" + , linux_input_module, ksym_path); + ksym_close(); /* this also frees *next */ + return (-1); + } + last = next; + } + fclose(ksym_fd); + ksym_fd = NULL; + } + return (0); +} + + +/* + * Close/delete symbol table + */ +void +ksym_close() +{ + Symbol *s; + + if (ksym_fd != NULL) { + fclose(ksym_fd); + ksym_fd = NULL; + } + while (ksym_first) { + s = ksym_first->next; + free(ksym_first); + ksym_first = s; + } + if (ksym_path != PATH_KSYM) + free(ksym_path); +} + + +/* + * ksym_snprintf + */ +int +ksym_snprintf (char *buf, int bufsize, char *raw) +{ + int i; + int printed; + char *p1; + char *p2; + Symbol sym; + + if ( (printed = snprintf(buf, bufsize, "kernel: ")) < 0) + return (-1); + bufsize -= printed; + + while (bufsize && *raw != '\0') { + if ( (p1 = strstr(raw, "[<")) != NULL && + (p2 = strstr(p1, ">]")) != NULL) { + for (i = 2; p1+i < p2 && isxdigit(p1[i]); i++); + if (p1+i == p2) { + *p2 = '\0'; + if (ksym_lookup(&sym, p1+2) != NULL) { + *p1 = '\0'; + if ( (printed += + snprintf(buf+printed, bufsize, + "%s [<%s> %s.%s ]", raw, sym.addr, + sym.mname, sym.name)) < 0) + return (-1); + bufsize -= printed; + + /* we need to solve some things + * about buf and msg params on + * im_xxxxx_read. + * so, i think that is better + * not to change raw data ;;; + */ + *p1 = '['; + *p2 = '>'; + raw = p2+2; + continue; + } + *p2 = '>'; + } + } + break; + } + + if (*raw) { + /* kernel message without symbols */ + if ( (i = snprintf(buf+printed, bufsize, "%s", raw)) < 0) + return (-1); + else + printed += i; + } + + return (printed); +} + + +/* + * Lookup symbol: + * search for a symbol on internal table/file that + * matches an address. + * If the symbol does not exists it returns NULL + */ +Symbol* +ksym_lookup (Symbol *sym, char *addr) +{ + /* reset symbol table/file pointer */ + if (ksym_fd == NULL) + ksym_current = ksym_first; + else + fseek(ksym_fd, 0, SEEK_SET); + + /* search for symbol */ + while (!ksym_get_symbol(sym)) + if (!strcasecmp(sym->addr, addr)) + return (sym); + + return (NULL); +} + + +/* + * Get a symbol from table/file + * returns 0 on success and -1 on end of file/table + */ +int +ksym_get_symbol (Symbol *sym) +{ + char msg[MAXLINE]; + + if (ksym_fd == NULL) { + if (ksym_current != NULL) { + *sym = *ksym_current; + ksym_current = ksym_current->next; + return (0); + } + } else if (fgets(msg, sizeof(msg), ksym_fd) != NULL) + return (ksym_parseline(msg, sym)); + return (-1); +} + + +/* + * ksym_parseline: converts a line onto a Symbol + * returns 0 on success and -1 on error + */ +#define QUIT_BLANK(a) while (*a == ' ' || *a == '\t') a++; + +int +ksym_parseline (char *p, Symbol *sym) +{ + if (sym == NULL || p == NULL || p[0] == '\0') + return (-1); + + sym->addr[0] = sym->name[0] = sym->mname[0] = '\0'; + + /* copy address */ + QUIT_BLANK(p); + if (*p == '\0' || *p == '\n') + return (-1); + p = ksym_copyword(sym->addr, p, MAX_ADDR_LEN); + + /* copy name */ + QUIT_BLANK(p); + if (*p == '\0' || *p == '\n') + return (-1); + p = ksym_copyword(sym->name, p, MAX_NAME_LEN); + + /* copy module name (if any) */ + QUIT_BLANK(p); + ksym_copyword(sym->mname, p, MAX_MNAME_LEN); + + return (0); +} + + +/* + * copyword(dst, src, len) + * Copy from src to dst until reaches + * len bytes or '\0' or '\n' + */ +char* +ksym_copyword (char *dst, char *src, int max) +{ + int i = 0; + + if (max) { + max--; + while (*src != ' ' && *src != '\t' && + *src != '\0' && *src != '\n' && i < max) + dst[i++] = *src++; + dst[i] = '\0'; + } + return (src); +} + diff --git a/msyslog-v1.08a+smac/src/modules/im_streams.c b/msyslog-v1.08a+smac/src/modules/im_streams.c new file mode 100644 index 0000000..b64bbd1 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_streams.c @@ -0,0 +1,231 @@ +/* $CoreSDI: im_streams.c,v 1.3.2.8 2001/11/21 06:31:03 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_streams -- gather logging information from streams device (for sysv) + * + * Author: ari edelkind (10/31/2000) + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../modules.h" +#include "../syslogd.h" + +/* local functions */ +int do_streams_init (); +void streams_datfmt (); + +/* global variables and definitions */ +#define DEFAULT_LOGGER "/dev/log" + + + +/* + * get message + * + */ + +int +im_streams_read (struct i_module *im, int infd, struct im_msg *ret) +{ + struct strbuf ctl, dat; + struct log_ctl lc; + char msgbuf[MAXLINE]; + int r, flags = 0; + + ctl.maxlen = sizeof(lc); + dat.maxlen = sizeof(msgbuf); + ctl.buf = (char *)&lc; + dat.buf = (char *)msgbuf; + ctl.len = ctl.maxlen; + dat.len = 0; + + if (im->im_fd < 0) + return (-1); + + r = getmsg (im->im_fd, &ctl, &dat, &flags); + + if (r & MORECTL) { + dprintf(MSYSLOG_SERIOUS, "im_streams_read: getmsg() " + "returned too much control information\n"); + logerror("im_streams_read: getmsg() returned too much" + " control information"); + return (-1); + } + + do { + if (r & MOREDATA) { + /* message is too long for im_msg */ + dprintf(MSYSLOG_INFORMATIVE, "im_streams_read: " + "STREAMS device offered too much data (remainder " + "to come) ...\n"); + } + + streams_datfmt(&dat); + /* msgbuf still points to the old data */ + + if (dat.len) { + ret->im_msg[dat.len] = '\0'; + memmove (ret->im_msg, dat.buf, dat.len); + ret->im_len = dat.len; + ret->im_pri = lc.pri; + + ret->im_host[0] = '\0'; + logmsg(ret->im_pri, ret->im_msg, ret->im_host, + ret->im_flags); + } else { + dprintf(MSYSLOG_INFORMATIVE, "im_streams_read: " + "STREAMS device offered no data?\n"); + logerror("im_streams_read: STREAMS device offered" + " no data?"); + } + } while (r & MOREDATA); + + return(0); +} + +/* + * initialize streams input + * + */ + +int +im_streams_init (struct i_module *I, char **argv, int argc) +{ + char *streams_logpath; + + dprintf(MSYSLOG_INFORMATIVE, "im_streams_init: Entering\n"); + + if (I == NULL || argv == NULL || argc < 1 || argc > 2) { + dprintf(MSYSLOG_SERIOUS, "usage: -i streams[:path]\n\n"); + return(-1); + } + + if (argc == 2) { + streams_logpath = strdup(argv[1]); + } else { + streams_logpath = strdup(DEFAULT_LOGGER); + } + dprintf(MSYSLOG_INFORMATIVE, "streams_logpath = %s\n", + streams_logpath); + + I->im_path = streams_logpath; + + return(do_streams_init(I)); +} + + +/* + * the following function is not mandatory, you can omit it + */ +int +im_streams_close (struct i_module *im) +{ + close (im->im_fd); + if (im->im_path) + free(im->im_path); + im->im_path = NULL; + + return(1); +} + + +/* local function */ +int do_streams_init (I) + struct i_module *I; +{ + I->im_fd = open (I->im_path, O_RDONLY|O_NOCTTY|O_NONBLOCK); + + if (I->im_fd == -1) { + dprintf(MSYSLOG_SERIOUS, "couldn't open %s: %s\n", I->im_path, + strerror (errno)); + return (-1); + } else { + struct strioctl ioctbuf; + + memset (&ioctbuf, 0, sizeof(ioctbuf)); + + ioctbuf.ic_cmd = I_CONSLOG; /* why I_CONSLOG? */ + if (ioctl (I->im_fd, I_STR, &ioctbuf) == -1) { + dprintf(MSYSLOG_SERIOUS, "ioctl(%s): %s\n", + I->im_path, strerror (errno)); + close (I->im_fd); + return (-1); + } + add_fd_input(I->im_fd , I); + } + + return (1); +} + + +/* ensure the data buffer is in the proper format */ +void streams_datfmt (data) + struct strbuf *data; +{ + register char *dataptr; + register char c; + register int i; + + dataptr = data->buf; + i = data->len; + + /* this is necessary on some platforms (i.e. irix), but + not others (i.e. solaris). */ + if (*dataptr == '<') { + for (;;) { + c = *(++dataptr); --i; + if (c == '>') { ++dataptr; --i; break; } + if (c >= '0' && c <= '9') continue; + break; /* not a digit, not an end-bracket */ + } + } + + data->buf = dataptr; + data->len = i; +} + diff --git a/msyslog-v1.08a+smac/src/modules/im_tcp.c b/msyslog-v1.08a+smac/src/modules/im_tcp.c new file mode 100644 index 0000000..7f74b7b --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_tcp.c @@ -0,0 +1,433 @@ +/* $CoreSDI: im_tcp.c,v 1.16.2.6 2001/11/30 23:13:44 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_tcp -- input from INET using TCP + * + * Author: Alejo Sanchez for Core SDI S.A. + * + * This input module is a bit tricky, because of the nature of TCP + * connections, and the use of poll() for I/O on syslogd + * + * The main idea is that first a im_tcp module will be called + * and it will bind to a port and wait for connections to it. + * + * Whenever a conection is established it will add it to an + * array of file descriptors of connections. + * + */ + +#include "config.h" + + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* recvfrom() and others like socklen_t, Irix doesn't provide it */ +#ifndef HAVE_SOCKLEN_T + typedef int socklen_t; +#endif + +struct tcp_conn { + struct tcp_conn *next; + int fd; + char name[MAXHOSTNAMELEN + 1]; + char port[20]; + char saveline[MAXLINE + 3]; /* maxline + cr lf */ +}; + +struct im_tcp_ctx { + socklen_t addrlen; + struct tcp_conn *first; + struct tcp_conn *last; + int flags; +}; + +#define M_USEMSGHOST 0x01 +#define M_NOTFQDN 0x02 + + +void printline(char *, char *, size_t, int); +int listen_tcp(char *host, char *port, socklen_t *); +int accept_tcp(int, socklen_t, char *, int, char *, int); + + +/* + * initialize tcp input + * + * this module takes a host argument (ie. 0.0.0.0, 0::0, server.example.com) + * and a port/service ('syslog' or numerical) + * + */ + +int +im_tcp_init(struct i_module *I, char **argv, int argc) +{ + struct im_tcp_ctx *c; + char *host, *port; + int ch, optind_s; + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_init: entering\n"); + + if ( (I->im_ctx = calloc(1, sizeof(struct im_tcp_ctx))) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_tcp_init: cant alloc memory"); + return (-1); + } + + c = (struct im_tcp_ctx *) I->im_ctx; + + host = "0.0.0.0"; + port = "syslog"; + + /* parse command line */ + optind_s = optind; /* save main's optind */ + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "h:p:aq")) != -1) { + switch (ch) { + case 'h': + /* get addr to bind */ + host = optarg; + break; + case 'p': + /* get remote host port */ + port = optarg; + break; + case 'a': + c->flags |= M_USEMSGHOST; + break; + case 'q': + /* don't use domain in hostname (FQDN) */ + c->flags |= M_NOTFQDN; + break; + default: + dprintf(MSYSLOG_SERIOUS, "om_tcp_init: parsing error" + " [%c]\n", ch); + free(c); + return (-1); + } + } + + optind = optind_s; /* restore main's optind */ + + if ( (I->im_fd = listen_tcp(host, port, &c->addrlen)) < 0) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_init: error with listen_tcp() %s\n", + strerror(errno)); + free(c); + return (-1); + } + + I->im_path = NULL; + + add_fd_input(I->im_fd , I); + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_init: running\n"); + + return (1); +} + + +/* + * im_tcp_read: accept a connection and add it to the queue + * + */ + +int +im_tcp_read(struct i_module *im, int infd, struct im_msg *ret) +{ + struct im_tcp_ctx *c; + struct tcp_conn *con; + int n; + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: entering...\n"); + + if (im == NULL || ret == NULL) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_read: arg %s%s is null\n", + ret? "ret":"", im? "im" : ""); + return (-1); + } + + if ((c = (struct im_tcp_ctx *) im->im_ctx) == NULL) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_read: null context\n"); + return (-1); + } + + if (infd == im->im_fd) { + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: new connection\n"); + + /* create a new connection */ + if ((con = (struct tcp_conn *) calloc(1, sizeof(*con))) + == NULL) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_read: " + "error allocating conn struct\n"); + return (-1); + } + + /* accept it and add to queue */ + if ((con->fd = accept_tcp(infd, c->addrlen, con->name, + sizeof(con->name), con->port, sizeof(con->port))) < 0) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_read: couldn't accept\n"); + free (con); + return (-1); + } + + /* add to queue */ + if (c->last == NULL) { + c->first = con; + } else { + c->last->next = con; + } + c->last = con; + + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: new conection from" + " %s with fd %d\n", con->name, con->fd); + + /* add to inputs list */ + add_fd_input(con->fd , im); + + return (0); /* 0 because there is no line to log */ + + } + + /* read connected socket */ + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: reading connection fd %d\n", + infd); + + /* find connection */ + for (con = c->first; con && con->fd != infd; con = con->next); + + if (con == NULL || con->fd != infd) { + dprintf(MSYSLOG_SERIOUS, "im_tcp_read: no such connection " + "fd %d !\n", infd); + remove_fd_input(infd); + return (-1); + } + + n = read(con->fd, im->im_buf, sizeof(im->im_buf) - 1); + if (n == 0) { + struct tcp_conn *prev; + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: conetion from %s" + " closed\n", con->name); + + remove_fd_input(con->fd); + + /* connection closed, remove its tcp_con struct */ + close (con->fd); + + if (con == c->first) { + c->first = con->next; + if (con == c->last) + c->last = NULL; + } else { + for(prev = c->first; prev->next != con; + prev = prev->next); + prev->next = con->next; + } + + if (con->saveline[0] != '\0') + printline(ret->im_host, con->saveline, + strlen(con->saveline), 0); + + free(con); + + return (0); + + } else if (n < 0 && errno != EINTR) { + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: conetion from %s" + " closed with error [%s]\n", con->name, strerror(errno)); + logerror("im_tcp_read"); + con->fd = -1; + remove_fd_input(con->fd); + return (0); + } else { + char *p, *nextline, *cr; + + /* terminate it */ + (im->im_buf)[n] = '\0'; + p = &im->im_buf[0]; + + dprintf(MSYSLOG_INFORMATIVE, "im_tcp_read: read: %s [%s]", + con->name, im->im_buf); + + /* change non printable chars to X, just in case */ + for(p = im->im_buf; *p != '\0'; p++) + if (!isprint((unsigned int) *p) && *p != '\n') + *p = 'X'; + p = im->im_buf; + + do { + char *msg; + + msg = p; + + /* multiple lines ? */ + if((nextline = strchr(p, '\n')) != NULL) { + /* terminate this line and advance */ + *nextline++ = '\0'; + if (*nextline == '\0') + nextline = NULL; /* no more lines */ + } else { + /* save this partial line and return */ + strncat(con->saveline, p, + sizeof(con->saveline) - 1); + con->saveline[sizeof(con->saveline) - 1] = '\0'; + } + + /* remove trailing carriage returns */ + if ((cr = strchr(p, '\r')) != NULL) + *cr = '\0'; + + if (*p == '\0') { + if (nextline != NULL) { + p = nextline; + continue; + } else + return (0); + } + + if (c->flags & M_USEMSGHOST) { + char host[90]; + int n1, n2; + + if (con->saveline[0] != '\0') { + strncat(con->saveline, p, + sizeof(con->saveline) - 1); + con->saveline[sizeof(con->saveline) - 1] + = '\0'; + msg = con->saveline; + } else { + msg = p; + } + + /* extract hostname from message */ + if ((sscanf(msg, "<%*d>%*3s %*i %*i:%*i:%*i %n%89s" + " %n", &n1, host, &n2) != 1 && + sscanf(msg, "%*3s %*i %*i:%*i:%*i %n%89s %n", + &n1, host, &n2) != 1 && + sscanf(msg, "%n%89s %n", &n1, + host, &n2) != 1) + || im->im_buf[n2] == '\0') { + dprintf(MSYSLOG_INFORMATIVE, + "im_tcp_read: ignoring invalid " + "message [%s]\n", msg); + if (nextline != NULL) { + p = nextline; + continue; + } else { + return (0); + con->saveline[0] = '\0'; + } + } + + /* remove host from message */ + while (im->im_buf[n2] != '\0') + im->im_buf[n1++] = im->im_buf[n2++]; + im->im_buf[n1] = '\0'; + + strncpy(ret->im_host, host, + sizeof(ret->im_host) - 1); + ret->im_host[sizeof(ret->im_host) - 1] = '\0'; + + } else { + + /* get hostname from originating addr */ + strncpy(ret->im_host, con->name, + sizeof(ret->im_host) - 1); + ret->im_host[sizeof(ret->im_host) - 1] = '\0'; + } + + if (c->flags & M_NOTFQDN) { + char *dot; + + if ((dot = strchr(ret->im_host, '.')) != NULL) + *dot = '\0'; + } + + printline(ret->im_host, msg, strlen(msg), 0); + *msg = '\0'; + + p = nextline; + + } while (nextline != NULL); + } + + return (0); /* we already logged the lines */ +} + +int +im_tcp_close(struct i_module *im) +{ + struct im_tcp_ctx *c; + struct tcp_conn *con, *cnext; + + c = (struct im_tcp_ctx *) im->im_ctx; + + /* close all connections */ + for (con = c->first; con; con = cnext) { + if (con->fd > -1) + close(con->fd); + cnext = con->next; + free(con); + } + + im->im_ctx = NULL; + + /* close listening socket */ + return (close(im->im_fd)); +} diff --git a/msyslog-v1.08a+smac/src/modules/im_udp.c b/msyslog-v1.08a+smac/src/modules/im_udp.c new file mode 100644 index 0000000..8546391 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_udp.c @@ -0,0 +1,260 @@ +/* $CoreSDI: im_udp.c,v 1.37.2.5.2.6.4.16 2001/11/30 23:13:44 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_udp -- input from INET using UDP + * + * Author: Alejo Sanchez for Core SDI S.A. + * from syslogd.c by Eric Allman and Ralph Campbell + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* recvfrom() and others like socklen_t, Irix doesn't provide it */ +#ifndef HAVE_SOCKLEN_T + typedef int socklen_t; +#endif + +struct im_udp_ctx { + int flags; +}; + +#define M_USEMSGHOST 0x01 +#define M_NOTFQDN 0x02 + +/* prototypes */ +struct sockaddr *resolv_name(char *, char *, char *, socklen_t *); + + +/* + * get messge + * + */ + +int +im_udp_read(struct i_module *im, int infd, struct im_msg *ret) +{ + struct sockaddr_in frominet; + struct im_udp_ctx *c; + char *p; + int slen; + + if (ret == NULL) { + dprintf(MSYSLOG_SERIOUS, "im_udp: arg is null\n"); + return (-1); + } + + ret->im_pid = -1; + ret->im_pri = -1; + ret->im_flags = 0; + + slen = sizeof(frominet); + if ((ret->im_len = recvfrom(im->im_fd, ret->im_msg, + sizeof(ret->im_msg) - 1, 0, (struct sockaddr *)&frominet, + (socklen_t *)&slen)) < 1) { + if (ret->im_len < 0 && errno != EINTR) + logerror("recvfrom inet"); + return (1); + } + + ret->im_msg[ret->im_len] = '\0'; + + c = (struct im_udp_ctx *) im->im_ctx; + + /* change non printable chars to X, just in case */ + for(p = ret->im_msg; *p != '\0'; p++) + if (!isprint((unsigned int) *p) && *p != '\n') + *p = 'X'; + + if (c->flags & M_USEMSGHOST) { + char host[90]; + int n1, n2; + + n1 = 0; + n2 = 0; + /* extract hostname from message */ + if ((sscanf(ret->im_msg, "<%*d>%*3s %*i %*i:%*i:%*i %n%89s " + "%n%*s", &n1, host, &n2) != 1 && + sscanf(ret->im_msg, "%*3s %*i %*i:%*i:%*i %n%89s %n%*s", + &n1, host, &n2) != 1 && + sscanf(ret->im_msg, "%n%89s %n%*s", &n1, host, + &n2) != 1) || + ret->im_msg[n2] == '\0') { + dprintf(MSYSLOG_INFORMATIVE, "im_udp_read: skipped" + " invalid message [%s]\n", ret->im_msg); + return (0); + } + + if (ret->im_msg[n2] == '\0') + return (0); + + /* remove host from message */ + while (ret->im_msg[n2] != '\0') + ret->im_msg[n1++] = ret->im_msg[n2++]; + ret->im_msg[n1] = '\0'; + + strncat(ret->im_host, host, sizeof(ret->im_host)); + ret->im_host[sizeof(ret->im_host) - 1] = '\0'; + + } else { + struct hostent *hent; + + hent = gethostbyaddr((char *) &frominet.sin_addr, + sizeof(frominet.sin_addr), frominet.sin_family); + if (hent) { + strncpy(ret->im_host, hent->h_name, + sizeof(ret->im_host)); + } else { + strncpy(ret->im_host, inet_ntoa(frominet.sin_addr), + sizeof(ret->im_host)); + } + } + + ret->im_host[sizeof(ret->im_host) - 1] = '\0'; + + if (c->flags & M_NOTFQDN) { + char *dot; + + if ((dot = strchr(ret->im_host, '.')) != NULL) + *dot = '\0'; + } + + return (1); +} + +/* + * initialize udp input + * + */ + +int +im_udp_init(struct i_module *I, char **argv, int argc) +{ + struct sockaddr *sa; + struct im_udp_ctx *c; + char *host, *port; + int ch, optind_save; + socklen_t salen; + + if ( (I->im_ctx = calloc(1, sizeof(struct im_udp_ctx))) == NULL) + return (-1); + + c = (struct im_udp_ctx *) I->im_ctx; + + port = "syslog"; + host = "0.0.0.0"; + + /* parse command line */ + optind_save = optind; + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "h:p:aq")) != -1) { + switch (ch) { + case 'h': + /* get addr to bind */ + host = optarg; + break; + case 'p': + /* get remote host port */ + port = optarg; + break; + case 'a': + c->flags |= M_USEMSGHOST; + break; + case 'q': + /* dont use domain in hostname (FQDN) */ + c->flags |= M_NOTFQDN; + break; + default: + dprintf(MSYSLOG_SERIOUS, "im_udp_init: parsing error" + " [%c]\n", ch); + free(c); + return (-1); + } + } + + optind = optind_save; + + I->im_fd = socket(AF_INET, SOCK_DGRAM, 0); + + if ((sa = resolv_name(host, port, "udp", &salen)) == NULL) { + dprintf(MSYSLOG_SERIOUS, "im_udp_init: error resolving host" + "[%s] and port [%s]", host, port); + free(c); + return (-1); + } + + if (bind(I->im_fd, sa, salen) < 0) { + dprintf(MSYSLOG_SERIOUS, "im_udp_init: error binding to host" + "[%s] and port [%s]", host, port); + free(c); + return (-1); + } + + I->im_path = NULL; + + add_fd_input(I->im_fd , I); + + dprintf(MSYSLOG_INFORMATIVE, "im_udp: running\n"); + return (1); +} + +int +im_udp_close(struct i_module *im) +{ + + close(im->im_fd); + + return (0); +} diff --git a/msyslog-v1.08a+smac/src/modules/im_unix.c b/msyslog-v1.08a+smac/src/modules/im_unix.c new file mode 100644 index 0000000..e7570bd --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/im_unix.c @@ -0,0 +1,162 @@ +/* $CoreSDI: im_unix.c,v 1.27.2.4.4.11 2001/11/21 06:31:03 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * im_unix -- classic behaviour module for BSD like systems + * + * Author: Alejo Sanchez for Core-SDI SA + * from syslogd.c by Eric Allman and Ralph Campbell + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* recvfrom() and others like socklen_t, Irix doesn't provide it */ +#ifndef HAVE_SOCKLEN_T + typedef int socklen_t; +#endif + +#define DEFAULT_LOGGER "/dev/log" + +/* + * get message + * + */ + +int +im_unix_read(struct i_module *im, int infd, struct im_msg *ret) +{ + struct sockaddr_un fromunix; + int slen; + + ret->im_pid = -1; + ret->im_pri = -1; + ret->im_flags = 0; + + slen = sizeof(fromunix); + + ret->im_len = recvfrom(im->im_fd, ret->im_msg, + sizeof(ret->im_msg) - 1, 0, (struct sockaddr *)&fromunix, + (socklen_t *)&slen); + + if (ret->im_len > 0) { + ret->im_msg[ret->im_len] = '\0'; + ret->im_host[0] = '\0'; + } else if (ret->im_len < 0 && errno != EINTR) { + logerror("recvfrom unix"); + ret->im_msg[0] = '\0'; + ret->im_len = 0; + ret->im_host[0] = '\0'; + return (-1); + } + + return (1); +} + +/* + * initialize unix input + * + */ + +int +im_unix_init(struct i_module *I, char **argv, int argc) +{ + struct sockaddr_un sunx; + char *logger; + + dprintf(MSYSLOG_INFORMATIVE, "im_unix_init: Entering\n"); + + if (I == NULL || argv == NULL || (argc != 2 && argc != 1)) + return (-1); + + if (argc == 2) + logger = argv[1]; + else + logger = DEFAULT_LOGGER; + +#ifndef SUN_LEN +#define SUN_LEN(unp) (strlen((unp)->sun_path) + 2) +#endif + (void) unlink(logger); + + memset(&sunx, 0, sizeof(sunx)); + sunx.sun_family = AF_UNIX; + (void)strncpy(sunx.sun_path, logger, sizeof(sunx.sun_path)); + I->im_fd = socket(AF_UNIX, SOCK_DGRAM, 0); + if (I->im_fd < 0 || + bind(I->im_fd, (struct sockaddr *)&sunx, SUN_LEN(&sunx)) < 0 || + chmod(logger, 0666) < 0) { + (void) snprintf(I->im_buf, sizeof(I->im_buf), + "cannot create %s", logger); + logerror(I->im_buf); + dprintf(MSYSLOG_SERIOUS, "cannot create %s (%d)\n", + logger, errno); + return (-1); + } + + I->im_path = strdup(logger); + + add_fd_input(I->im_fd , I); + + return (1); +} + +int +im_unix_close( struct i_module *im) +{ + close(im->im_fd); + + if (im->im_path) + unlink(im->im_path); + + return (0); +} + + diff --git a/msyslog-v1.08a+smac/src/modules/ip_misc.c b/msyslog-v1.08a+smac/src/modules/ip_misc.c new file mode 100644 index 0000000..85e5299 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/ip_misc.c @@ -0,0 +1,441 @@ +/* $CoreSDI: ip_misc.c,v 1.13.2.7 2001/11/30 23:13:45 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * ip_misc -- basic TCP/UDP/IP functions + * + * Author: Alejo Sanchez for Core SDI S.A. + * + */ + +#include "config.h" + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_MACHINE_ENDIAN_H +# include +#endif +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* recvfrom() and others like socklen_t, Irix doesn't provide it */ +#ifndef HAVE_SOCKLEN_T + typedef int socklen_t; +#endif + + +#define TCP_KEEPALIVE 30 /* seconds to probe TCP connection */ +#define MSYSLOG_MAX_TCP_CLIENTS 100 +#define LISTENQ 35 + +/* + * resolv_addr: get a host name from a generic sockaddr structure + * + */ + +int +resolv_addr(struct sockaddr *addr, socklen_t addrlen, char *host, int hlen, + char *port, int plen) +{ +#ifdef HAVE_GETNAMEINFO + + if (getnameinfo((struct sockaddr *) addr, addrlen, + host, hlen - 1, port, plen, 0) == 0) + return (1); + +#else /* no HAVE_GETNAMEINFO, old socket API */ + struct hostent *hp; + struct sockaddr_in *sin4; + + sin4 = (struct sockaddr_in *) addr; + + hp = gethostbyaddr((char *) &sin4->sin_addr, + sizeof(sin4->sin_addr), sin4->sin_family); + + if (hp) { + strncpy(host, hp->h_name, (unsigned) hlen - 1); + host[hlen] = '\0'; + if (port) + snprintf(port, (unsigned) plen, "%u", ntohs(sin4->sin_port)); + return (1); + } + +#endif /* HAVE_GETNAMEINFO */ + +#ifdef HAVE_INET_NTOP + switch (addr->sa_family) { + case AF_INET: { + struct sockaddr_in *caddr; + + caddr = (struct sockaddr_in *) addr; + if (inet_ntop(AF_INET, &caddr->sin_addr, host, hlen) != NULL) { +# ifdef HAVE_INET_NTOHS + if (ntohs(caddr->sin_port)) != 0) + snprintf(port, (unsigned) plen, "%u", + ntohs(caddr->sin_port)); +# endif /* HAVE_INET_NTOHS */ + return (1); + } + } + case AF_INET6: { + struct sockaddr_in6 *caddr; + + caddr = (struct sockaddr_in6 *) addr; + if (inet_ntop(AF_INET6, &caddr->sin6_addr, host, hlen) != NULL) { +# ifdef HAVE_INET_NTOHS + if (ntohs(caddr->sin6_port)) != 0) + snprintf(port, (unsigned) plen, "%u", + ntohs(caddr->sin6_port)); +# endif /* HAVE_INET_NTOHS */ + return (1); + } + } + default: + return (-1); + } +#endif /* HAVE_INET_NTOP */ + + dprintf(MSYSLOG_SERIOUS, "resolv_addr: error resolving " + "remote host name!\n"); + if (host) + host[0] = '\0'; + if (port) + port[0] = '\0'; + + return (-1); +} + + +/* + * resolv_name: get a sockaddr address from host and port string + * + * NOTE: you must free the struct returned! + */ + +struct sockaddr * +resolv_name(char *host, char *port, char *proto, socklen_t *salen) +{ + struct sockaddr *sa; +#ifdef HAVE_GETADDRINFO + struct addrinfo hints, *res; + int i; + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = AF_UNSPEC; + if (proto != NULL && strcmp(proto, "udp") == 0) + hints.ai_socktype = SOCK_DGRAM; + else + hints.ai_socktype = SOCK_STREAM; + + + if ( (i = getaddrinfo(host, port, &hints, &res)) != 0) { + + dprintf(MSYSLOG_SERIOUS, "resolv_name: error on address " + "to listen %s, %s: %s\n", host, port, gai_strerror(i)); + + return (NULL); + } + + sa = (struct sockaddr *) malloc(res->ai_addrlen); + memcpy(sa, res->ai_addr, res->ai_addrlen); + *salen = res->ai_addrlen; + freeaddrinfo(res); + +#else /* we are on an extremely outdated and ugly api */ + struct sockaddr_in *sin; + struct hostent *hp; + struct servent *se; + short portnum; + + if (port != NULL && isdigit((int) *port)) { + + portnum = strtol(port, NULL, 10); + + } else if ((se = getservbyname(port == NULL? "syslog" : port, + proto == NULL? "tcp" : proto)) != NULL) { + + portnum = se->s_port; + + } else + portnum = 514; + +#ifndef WORDS_BIGENDIAN + portnum = htons(portnum); +#endif + + sin = (struct sockaddr_in *) malloc(sizeof(*sin)); +#ifdef HAVE_SOCKADDR_SA_LEN + sin->sin_len = sizeof(*sin); +#endif + sin->sin_family = AF_INET; + sin->sin_port = portnum; + memset(&sin->sin_addr, 0, sizeof(sin->sin_addr)); + + if (host == NULL || +#ifdef HAVE_INET_ATON + +inet_aton(host, &sin->sin_addr) == 1 + +#elif defined(HAVE_INET_ADDR) + + (addr = inet_addr(host)) > 0 && + memcpy(&sin->sin_addr, &addr, sizeof(sin->sin_addr)) != NULL + +#else +# error NEED RESOLVING FUNCTION, PLEASE REPORT +#endif + ) { + + return ((struct sockaddr *) sin); + + } else if ((hp = gethostbyname(host)) == NULL) { + + dprintf(MSYSLOG_SERIOUS, "resolv_name: error " + "resolving host address %s, %s\n", host, port); + return (NULL); + } + + if (hp->h_addrtype == AF_INET) { + struct sockaddr_in *sin4; + + sin4 = (struct sockaddr_in *) + malloc(sizeof(struct sockaddr_in)); + *salen = sizeof(struct sockaddr_in); +#ifdef HAVE_SOCKADDR_SA_LEN + sin4->sin_len = sizeof(struct sockaddr_in); +#endif + sin4->sin_port = portnum; + sin4->sin_family = AF_INET; + memcpy(&sin4->sin_addr, *hp->h_addr_list, + sizeof(struct in_addr)); + sa = (struct sockaddr *) sin4; + } +#ifdef AF_INET6 + else if (hp->h_addrtype == AF_INET) { + struct sockaddr_in6 *sin6; + + sin6 = (struct sockaddr_in6 *) + malloc(sizeof(*sin6)); + *salen = sizeof(struct sockaddr_in); +# ifdef HAVE_SOCKADDR_SA_LEN + sin6->sin6_len = sizeof(struct sockaddr_in6); +# endif + sin6->sin6_port = portnum; + sin6->sin6_family = AF_INET6; + sin6->sin6_port = 0; /* this should be specified later */ + memcpy(&sin6->sin6_addr, *hp->h_addr_list, + sizeof(struct in6_addr)); + sa = (struct sockaddr *) sin6; + } +#endif /* AF_INET6 */ + else /* no match ?!? */ + sa = NULL; + +#endif /* HAVE_GETADDRINFO */ + + return (sa); +} + + +/* + * connect_tcp: connect to a remote host/port + * return the file descriptor + */ + +int +connect_tcp(char *host, char *port) { + int fd, n; + struct sockaddr *sa; + socklen_t salen; + + if ( (sa = resolv_name(host, port, "tcp", &salen)) == NULL) + return (-1); + + n = TCP_KEEPALIVE; + + if (sa->sa_family != AF_INET +#ifdef AF_INET6 + && sa->sa_family != AF_INET6 +#endif + ) { + free(sa); + return (-1); + } + + if ( (fd = socket(sa->sa_family, SOCK_STREAM, 0)) > -1 ) + + if ( (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &n, + sizeof(n)) != 0) || (connect(fd, sa, salen) != 0) ) { + close(fd); /* couldn't set option or connect */ + fd = -1; + } + + free(sa); + return (fd); +} + + +/* + * listen_tcp: listen on a host/port + * return the file descriptor + */ + +int +listen_tcp(char *host, char *port, socklen_t *addrlenp) { + int fd, n, r; + struct sockaddr *sa; + + if ( (sa = resolv_name(host, port, "tcp", addrlenp)) == NULL) + return (-1); + + n = TCP_KEEPALIVE; + r = 1; + + if ( (fd = socket(sa->sa_family, SOCK_STREAM, 0)) > -1 ) + + if ( (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &n, + sizeof(n)) != 0) || (setsockopt(fd, SOL_SOCKET, + SO_REUSEADDR, &r, sizeof(r)) != 0) || + (bind(fd, sa, *addrlenp) != 0) || + (listen(fd, LISTENQ) != 0) ) { + close(fd); /* couldn't set option or connect */ + fd = -1; + } + + free(sa); + + return (fd); +} + + + +/* + * accept_tcp: accept a listen file descriptor + * return the connected file descriptor + */ + +int +accept_tcp(int fd, socklen_t addrlen, char *host, int hlen, char *port, + int plen) +{ + struct sockaddr *connsa; + int connfd; + + if (addrlen < 1 || (connsa = (struct sockaddr *) + calloc(1, addrlen)) == NULL ) + return (-1); + + if ((connfd = accept(fd, connsa, (socklen_t *) &addrlen)) != -1) + (void) resolv_addr(connsa, addrlen, host, hlen, port, plen); + + free(connsa); + + return (connfd); +} + +/* + * sock_udp: create a generic socket for sending udp packets + * + * NOTE: you must free the struct returned! + */ + +int +sock_udp(char *host, char *port, void **addr, int *addrlen) +{ + struct sockaddr *sa; + + if (addr == NULL || addrlen == NULL) + return (-1); + + if ( (sa = resolv_name(host, port, "udp", (socklen_t *) addrlen)) + == NULL) + return (-1); + + *addr = sa; + + return (socket(sa->sa_family, SOCK_DGRAM, 0)); +} + +/* + * udp_send: send an UDP packet + */ + +int +udp_send(int fd, char *msg, int mlen, void *addr, int addrlen) +{ + return (sendto(fd, msg, mlen, 0, (struct sockaddr *) addr, addrlen)); +} + +/* + * resolv_domain: get a domain for a name, used to get local domain + * + */ + +int +resolv_domain(char *buf, int buflen, char *host) +{ + struct sockaddr *sa; + socklen_t salen; + + if ((sa = resolv_name(host, NULL, NULL, &salen)) == NULL || + resolv_addr(sa, salen, buf, buflen, NULL, 0) == -1) { + + *buf = '\0'; + } + + return (1); +} diff --git a/msyslog-v1.08a+smac/src/modules/om_classic.c b/msyslog-v1.08a+smac/src/modules/om_classic.c new file mode 100644 index 0000000..a1fc362 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_classic.c @@ -0,0 +1,510 @@ +/* $CoreSDI: om_classic.c,v 1.31.2.8.2.4.4.22 2001/11/21 06:31:03 alejo Exp $ */ +/* + * Copyright (c) 1983, 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * om_classic -- classic behaviour module + * + * Author: Alejo Sanchez for Core-SDI SA + * from syslogd.c Eric Allman and Ralph Campbell + * + */ + +#include "config.h" + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* if _PATH_UTMP isn't defined, define it here... */ +#ifndef _PATH_UTMP +# ifdef UTMP_FILE +# define _PATH_UTMP UTMP_FILE +# else /* if UTMP_FILE */ +# define _PATH_UTMP "/var/adm/utmp" +# endif /* if UTMP_FILE */ +#endif + + +#include "../modules.h" +#include "../syslogd.h" + +#define TTYMSGTIME 1 /* timeout passed to ttymsg */ + +/* values for f_type */ +#define F_UNUSED 0 /* unused entry */ +#define F_FILE 1 /* regular file */ +#define F_TTY 2 /* terminal */ +#define F_CONSOLE 3 /* console terminal */ +#define F_FORW 4 /* remote machine */ +#define F_USERS 5 /* list of users */ +#define F_WALL 6 /* everyone logged on */ +#define F_PIPE 7 /* named pipe */ + +/* names for f_types */ +char *TypeNames[] = { "UNUSED", "FILE", "TTY", "CONSOLE", + "FORW", "USERS", "WALL", "PIPE", NULL}; + +struct om_classic_ctx { + int fd; + union { + char f_uname[MAXUNAMES][UT_NAMESIZE+1]; + struct { + char f_hname[MAXHOSTNAMELEN]; + struct sockaddr f_addr; + } f_forw; /* forwarding address */ + char f_fname[MAXPATHLEN]; + } f_un; + int f_type; /* entry type, see below */ +}; + +void wallmsg (struct filed *, struct iovec *, struct om_classic_ctx *c); +char *ttymsg(struct iovec *, int , char *, int); +struct sockaddr *resolv_name(char *, char *, char *, size_t *); + + +/* + * Write to file, tty, user and network udp + */ + +int +om_classic_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + struct iovec iov[6]; + struct iovec *v; + struct om_classic_ctx *c; + int l; + char line[MAXLINE + 1], greetings[500], time_buf[16]; + time_t now; + + if (m == NULL || m->msg == NULL || !strcmp(m->msg, "")) { + dprintf(MSYSLOG_INFORMATIVE, "om_classic_write: no message!"); + return (-1); + } + + c = (struct om_classic_ctx *) ctx; + + /* prepare buffers for writing */ + v = iov; + if (c->f_type == F_WALL) { + v->iov_base = greetings; + v->iov_len = snprintf(greetings, sizeof(greetings), + "\r\n\7Message from syslogd@%s at %.24s ...\r\n", + f->f_prevhost, ctime(&now)); + if (v->iov_len >= sizeof(greetings)) + v->iov_len = sizeof(greetings) - 1; + v++; + v->iov_base = ""; + v->iov_len = 0; + v++; + } else { + strftime(time_buf, sizeof(time_buf), "%b %e %H:%M:%S", &f->f_tm); + v->iov_base = time_buf; + v->iov_len = 15; + v++; + v->iov_base = " "; + v->iov_len = 1; + v++; + } + v->iov_base = f->f_prevhost; + v->iov_len = strlen(v->iov_base); + v++; + v->iov_base = " "; + v->iov_len = 1; + v++; + + v->iov_base = m->msg; + v->iov_len = strlen(m->msg); + v++; + + dprintf(MSYSLOG_INFORMATIVE, "Logging to %s", TypeNames[c->f_type]); + + switch (c->f_type) { + case F_UNUSED: + dprintf(MSYSLOG_INFORMATIVE, "\n"); + break; + + case F_FORW: + if (c->fd < 0) { + dprintf(MSYSLOG_SERIOUS, "om_classic: write: " + "can't forward message, socket down\n"); + return(-1); + } + + dprintf(MSYSLOG_INFORMATIVE, " %s\n", c->f_un.f_forw.f_hname); + l = snprintf(line, sizeof(line), "<%d>%.15s %s", f->f_prevpri, + (char *) iov[0].iov_base, (char *) iov[4].iov_base); + + if (sendto(c->fd, line, l, 0, &c->f_un.f_forw.f_addr, +#ifdef AF_INET6 + c->f_un.f_forw.f_addr.sa_family == AF_INET6 ? + sizeof(struct sockaddr_in6) : +#endif + sizeof(struct sockaddr_in)) != l) { + c->f_type = F_UNUSED; + dprintf(MSYSLOG_WARNING, "om_classic: error on sendto()"); + } + + break; + + case F_CONSOLE: + if (flags & IGN_CONS) { + dprintf(MSYSLOG_INFORMATIVE, " (ignored)\n"); + break; + } + /* FALLTHROUGH */ + + case F_TTY: + case F_PIPE: + case F_FILE: + dprintf(MSYSLOG_INFORMATIVE, " %s\n", c->f_un.f_fname); + if (c->f_type != F_FILE) { + v->iov_base = "\r\n"; + v->iov_len = 2; + } else { + v->iov_base = "\n"; + v->iov_len = 1; + } + again: + if (writev(c->fd, iov, 6) < 0) { + int e = errno; + + /* from sysklogd */ + /* If a named pipe is full, just ignore */ + if (c->f_type == F_PIPE && e == EAGAIN) + break; + + close(c->fd); + + /* + * Check for errors on TTY's due to loss of tty + */ + if ((e == EIO || e == EBADF) && c->f_type != F_FILE) { + c->fd = open(c->f_un.f_fname, + O_WRONLY|O_APPEND, 0); + if (c->fd < 0) { + c->f_type = F_UNUSED; + dprintf(MSYSLOG_WARNING, "om_classic: " + "error on %s", c->f_un.f_fname); + } else + goto again; + } else { + c->f_type = F_UNUSED; + c->fd = -1; + errno = e; + dprintf(MSYSLOG_WARNING, "om_classic: error " + "on %s", c->f_un.f_fname); + } + } else if (flags & SYNC_FILE) + fsync(c->fd); + break; + + case F_USERS: + case F_WALL: + dprintf(MSYSLOG_INFORMATIVE, "\n"); + v->iov_base = "\r\n"; + v->iov_len = 2; + wallmsg(f, iov, c); + break; + } + f->f_prevcount = 0; + + return (1); +} + + +/* + * INIT -- Initialize om_classic + * + * taken mostly from syslogd's cfline + */ +int +om_classic_init(int argc, char **argv, struct filed *f, char *prog, void **ctx, + char **status) +{ + struct sockaddr *sa; + struct om_classic_ctx *c; + size_t salen; + int i, statbuf_len; + char *p, *q, statbuf[1024]; + + dprintf(MSYSLOG_INFORMATIVE, "om_classic_init: Entering\n"); + + /* accepts "%classic /file" or "%classic -t TYPE /file" */ + if ( (argc != 2 && argc != 4) || argv == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_classic_init: incorrect " + "parameters %d args [%s %s %s %s]\n", argc, + argc > 0? argv[1] : "", + argc > 1? argv[2] : "", + argc > 2? argv[3] : "", + argc > 3? argv[4] : ""); + return (-1); + } + + if ((*ctx = (void *) calloc(1, sizeof(struct om_classic_ctx))) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_classic_init: cannot allocate " + "context\n"); + return (-1); + } + + c = (struct om_classic_ctx *) *ctx; + + if (argc > 2) { + + if (strncmp(argv[1], "-t", 2)) { + dprintf(MSYSLOG_SERIOUS, "om_classic_init: incorrect" + " parameter %s, should be '-t'\n", argv[1]); + free(*ctx); + *ctx = NULL; + return (-1); + } + + /* look for entry # in table */ + for (i = 0; TypeNames[i] && strncmp(TypeNames[i], argv[2], + strlen(argv[2])); i++); + if (TypeNames[i] == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_classic_init: couldn't" + " determine type %s\n", argv[2]); + free(*ctx); + *ctx = NULL; + return (-1); + } + + c->f_type = i; + p = argv[3]; + + } else + /* regular config line, no type */ + p = argv[1]; + + switch (*p) { + case '@': + c->fd = socket(AF_INET, SOCK_DGRAM, 0); + + strncpy(c->f_un.f_forw.f_hname, ++p, + sizeof(c->f_un.f_forw.f_hname) - 1); + c->f_un.f_forw.f_hname[sizeof(c->f_un.f_forw.f_hname) - 1] + = '\0'; + + if ((sa = resolv_name(c->f_un.f_forw.f_hname, "syslog", "udp", + &salen)) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_classic: error resolving " + "host %s\n", c->f_un.f_forw.f_hname); + break; + } + + memmove(&c->f_un.f_forw.f_addr, sa, salen); + free(sa); + c->f_type = F_FORW; + snprintf(statbuf, sizeof(statbuf), "om_classic: " + "forwarding messages through UDP to host %s", + c->f_un.f_forw.f_hname); + break; + + case '-': /* ignore this, we do it by default */ + p++; + case '|': /* from sysklogd */ + case '/': + strncpy(c->f_un.f_fname, p, sizeof c->f_un.f_fname); + c->f_un.f_fname[sizeof (c->f_un.f_fname) - 1] = 0; + if ( *p == '|' ) { + c->fd = open(++p, O_RDWR|O_NONBLOCK); + c->f_type = F_PIPE; + } else { + c->fd = open(p, O_WRONLY|O_APPEND, 0); + c->f_type = F_FILE; + } + + if (c->fd < 0) { + dprintf(MSYSLOG_CRITICAL, "om_classic_init: error " + "opening log file: %s\n", p); + free(*ctx); + *ctx = NULL; + return (-1); + } + + if (!c->f_type) { + if (isatty(c->fd)) + c->f_type = F_TTY; + else + c->f_type = F_FILE; + } + + snprintf(statbuf, sizeof(statbuf), "om_classic: " + "saving messages to file %s", c->f_un.f_fname); + break; + + case '*': + c->f_type = F_WALL; + snprintf(statbuf, sizeof(statbuf), "om_classic: sending " + "messages to all logged users"); + + default: + for (i = 0; i < MAXUNAMES && *p; i++) { + for (q = p; *q && *q != ','; ) + q++; + (void)strncpy(c->f_un.f_uname[i], p, UT_NAMESIZE); + if ((q - p) > UT_NAMESIZE) + c->f_un.f_uname[i][UT_NAMESIZE] = '\0'; + else + c->f_un.f_uname[i][q - p] = '\0'; + while (*q == ',' || *q == ' ') + q++; + p = q; + } + c->f_type = F_USERS; + statbuf_len = snprintf(statbuf, sizeof(statbuf), + "om_classic: forwarding messages to users:"); + for (i = 0; i < MAXUNAMES && + c->f_un.f_uname[i][0] != '\0'; i++) { + statbuf_len += snprintf(statbuf, + sizeof(statbuf) - statbuf_len, " %s", + c->f_un.f_uname[i]); + } + break; + } + + *status = strdup(statbuf); + + return (1); +} + +int +om_classic_close(struct filed *f, void *ctx) +{ + struct om_classic_ctx *c; + + c = (struct om_classic_ctx *) ctx; + + if (c->fd > -1) + close(c->fd); + + return (0); +} + +int +om_classic_flush(struct filed *f, void *ctx) +{ + /* flush any pending output */ + if (f->f_prevcount) + om_classic_write(f, 0, NULL, NULL); + + return (1); +} + +/* + * WALLMSG -- Write a message to the world at large + * + * Write the specified message to either the entire + * world, or a list of approved users. + */ +void +wallmsg( struct filed *f, struct iovec *iov, struct om_classic_ctx *c) +{ + static int reenter; /* avoid calling ourselves */ + FILE *uf; + struct utmp ut; + int i; + char *p; + char line[sizeof(ut.ut_line) + 1]; + + if (reenter++) + return; + if ( (uf = fopen(_PATH_UTMP, "r")) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_classic: error opening " + "%s\n", _PATH_UTMP); + reenter = 0; + return; + } + /* NOSTRICT */ + while (fread(&ut, sizeof(ut), 1, uf) == 1) { + +#ifndef __linux__ + if (ut.ut_name[0] == '\0') +#else + if ((ut.ut_type != USER_PROCESS && ut.ut_type != LOGIN_PROCESS) || + ut.ut_line[0] == ':' /* linux logs users that are not logged in (?!) */) +#endif + continue; + + strncpy(line, ut.ut_line, sizeof(ut.ut_line)); + line[sizeof(ut.ut_line)] = '\0'; + if (c->f_type == F_WALL) { + if ((p = ttymsg(iov, 6, line, TTYMSGTIME)) != NULL) { + errno = 0; /* already in msg */ + dprintf(MSYSLOG_SERIOUS, "om_classic: error " + "%s\n", p); + } + continue; + } + /* should we send the message to this user? */ + for (i = 0; i < MAXUNAMES; i++) { + if (!c->f_un.f_uname[i][0]) + break; + if (!strncmp(c->f_un.f_uname[i], ut.ut_name, + UT_NAMESIZE)) { + if ((p = ttymsg(iov, 6, line, TTYMSGTIME)) + != NULL) { + errno = 0; /* already in msg */ + dprintf(MSYSLOG_SERIOUS, "om_classic: error " + "%s\n", p); + } + break; + } + } + } + fclose(uf); + reenter = 0; +} diff --git a/msyslog-v1.08a+smac/src/modules/om_mysql.c b/msyslog-v1.08a+smac/src/modules/om_mysql.c new file mode 100644 index 0000000..76240b1 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_mysql.c @@ -0,0 +1,395 @@ +/* $CoreSDI: om_mysql.c,v 1.36.2.4.2.3.4.33 2001/11/30 23:13:45 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_mysql -- MySQL database support Module + * + * Author: Alejo Sanchez for Core-SDI SA + * + */ + +#include "config.h" + +#include +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#define SYSLOG_NAMES +#include +#include +#include +#include "../modules.h" +#include "../syslogd.h" +#include "sql_misc.h" + +/* size of query buffer */ +#define MAX_QUERY 8192 +/* how many seconds to wait to give again the error message */ +#define MSYSLOG_MYSQL_ERROR_DELAY 30 + +struct om_mysql_ctx { + void *h; + int lost; + char *table; + char *host; + int port; + char *user; + char *passwd; + char *db; + void *lib; + int flags; + int (*mysql_ping)(void *); + void * (*mysql_init)(void *); + void * (*mysql_real_connect)(void *, char *, char *, char *, + char *, int, void *, int); + int (*mysql_query)(void *, char *); + void (*mysql_close)(void *); + char * (*mysql_error)(void *); +}; +#define OM_MYSQL_DELAYED_INSERTS 0x2 +#define OM_MYSQL_FACILITY 0x4 +#define OM_MYSQL_PRIORITY 0x8 + +int om_mysql_close(struct filed *, void *); +char *decode_val(int, CODE *); + +/* + * Define our prototypes for MySQL functions + */ + +#define MYSQL_PORT 3306 + + +int +om_mysql_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + struct om_mysql_ctx *c; + char query[MAX_QUERY], err_buf[100], facility[16], priority[16]; + int i; + RETSIGTYPE (*sigsave)(int); + + dprintf(MSYSLOG_INFORMATIVE, "om_mysql_write: entering [%s] [%s]\n", + m->msg, f->f_prevline); + + c = (struct om_mysql_ctx *) ctx; + + /* ignore sigpipes for mysql_ping */ + sigsave = place_signal(SIGPIPE, SIG_IGN); + + if ( ((c->mysql_ping)(c->h)) != 0 && (((c->mysql_init)(c->h) == NULL) + || ((c->mysql_real_connect)(c->h, c->host, c->user, c->passwd, c->db, + c->port, NULL, 0)) == NULL) ) { + + /* restore previous SIGPIPE handler */ + place_signal(SIGPIPE, sigsave); + c->lost++; + if (c->lost == 1) { + snprintf(err_buf, sizeof(err_buf), "om_mysql_write: " + "Lost connection! [%s]", c->mysql_error? + c->mysql_error(c->h) : ""); + dprintf(MSYSLOG_SERIOUS, "%s", err_buf); + logerror(err_buf); + } + return (1); + } + + /* restore previous SIGPIPE handler */ + place_signal(SIGPIPE, sigsave); + + /* + * NOTE: could use prioritynames[] and facilitynames[] + */ + if (c->flags & OM_MYSQL_FACILITY) + snprintf(facility, sizeof(facility), "'%s',", decode_val(m->fac<<3, facilitynames)); + if (c->flags & OM_MYSQL_PRIORITY) + snprintf(priority, sizeof(priority), "'%s',", decode_val(m->pri, prioritynames)); + + /* table, yyyy-mm-dd, hh:mm:ss, host, msg */ + i = snprintf(query, sizeof(query), "INSERT %sINTO %s (%s%s date, time, " + "host, message) VALUES(%s%s '%.4d-%.2d-%.2d', '%.2d:%.2d:%.2d', '%s', '", + (c->flags & OM_MYSQL_DELAYED_INSERTS)? "DELAYED " : "", c->table, + (c->flags & OM_MYSQL_FACILITY)? "facility, " : "", + (c->flags & OM_MYSQL_PRIORITY)? "priority, " : "", + (c->flags & OM_MYSQL_FACILITY)? facility : "", + (c->flags & OM_MYSQL_PRIORITY)? priority : "", + f->f_tm.tm_year + 1900, f->f_tm.tm_mon + 1, f->f_tm.tm_mday, + f->f_tm.tm_hour, f->f_tm.tm_min, f->f_tm.tm_sec, f->f_prevhost); + + if (c->lost) { + int pos = i; + + /* + * Report lost messages, but 2 of them are lost of + * connection and this one (wich we are going + * to log anyway) + */ + snprintf(err_buf, sizeof(err_buf), "om_mysql_write: %i " + "messages were lost due to lack of connection", + c->lost - 2); + + /* count reset */ + c->lost = 0; + + /* put message escaping special SQL characters */ + pos += to_sql(query + pos, err_buf, sizeof(query) - pos); + + /* finish it with "')" */ + query[pos++] = '\''; + query[pos++] = ')'; + if (pos < sizeof(query)) + query[pos] = '\0'; + else + query[sizeof(query) - 1] = '\0'; + + dprintf(MSYSLOG_INFORMATIVE2, "om_mysql_write: query [%s]\n", + query); + + if ((c->mysql_query)(c->h, query) < 0) + return (-1); + } + + /* put message escaping special SQL characters */ + i += to_sql(query + i, m->msg, sizeof(query) - i); + + /* finish it with "')" */ + query[i++] = '\''; + query[i++] = ')'; + if (i < sizeof(query)) + query[i] = '\0'; + else + query[sizeof(query) - 1] = '\0'; + + dprintf(MSYSLOG_INFORMATIVE2, "om_mysql_write: query [%s]\n", + query); + + if ((i = (c->mysql_query)(c->h, query)) < 0) { + snprintf(err_buf, sizeof(err_buf), "om_mysql_write: error " + "inserting on table [%s]", c->mysql_error? + c->mysql_error(c->h) : ""); + dprintf(MSYSLOG_SERIOUS, "%s\n", err_buf); + return (-1); + } + + return (1); +} + +/* + * INIT -- Initialize om_mysql + * + * Parse options and connect to database + * + * params: + * -s + * -u + * -p + * -b + * -t + * -P + * -F + * + */ + +int +om_mysql_init(int argc, char **argv, struct filed *f, char *prog, void **c, + char **status) +{ + struct om_mysql_ctx *ctx; + char *p, err_buf[256], statbuf[1024]; + int ch; + + if (argv == NULL || *argv == NULL || argc < 2 || f == NULL || + c == NULL || *c != NULL) + return (-1); + + dprintf(MSYSLOG_INFORMATIVE, "om_mysql_init: alloc context\n"); + /* alloc context */ + if ((*c = (void *) calloc(1, sizeof(struct om_mysql_ctx))) == NULL) + return (-1); + ctx = (struct om_mysql_ctx *) *c; + + if ((ctx->lib = dlopen("libmysqlclient.so", DLOPEN_FLAGS)) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_mysql_init: Error loading" + " api library, %s\n", dlerror()); + free(ctx); + return (-1); + } + + if ( !(ctx->mysql_ping = (int(*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "mysql_ping")) || !(ctx->mysql_init = + (void * (*)(void*)) dlsym(ctx->lib, SYMBOL_PREFIX "mysql_init")) + || !(ctx->mysql_real_connect = (void *(*)(void *, char *, char *, + char *, char *, int, void *, int)) dlsym(ctx->lib, SYMBOL_PREFIX + "mysql_real_connect")) + || !(ctx->mysql_query = (int (*)(void *, char *)) dlsym(ctx->lib, + SYMBOL_PREFIX "mysql_query")) + || !(ctx->mysql_close = (void (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "mysql_close")) ) { + dprintf(MSYSLOG_SERIOUS, "om_mysql_init: Error resolving" + " api symbols, %s\n", dlerror()); + free(ctx); + return (-1); + } + + /* this may be missing on old versions */ + ctx->mysql_error = (char * (*)(void *)) dlsym(ctx->lib, SYMBOL_PREFIX + "mysql_error"); + + /* parse line */ + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "s:u:p:d:t:DPF")) != -1) { + switch (ch) { + case 's': + /* get database host name and port */ + if ((p = strstr(optarg, ":")) == NULL) { + ctx->port = MYSQL_PORT; + } else { + *p = '\0'; + ctx->port = atoi(++p); + } + ctx->host = strdup(optarg); + break; + case 'u': + ctx->user = strdup(optarg); + break; + case 'p': + ctx->passwd = strdup(optarg); + break; + case 'd': + ctx->db = strdup(optarg); + break; + case 't': + ctx->table = strdup(optarg); + break; + case 'D': + ctx->flags |= OM_MYSQL_DELAYED_INSERTS; + break; + case 'P': + ctx->flags |= OM_MYSQL_FACILITY; + break; + case 'F': + ctx->flags |= OM_MYSQL_PRIORITY; + break; + default: + goto om_mysql_init_bad; + } + } + + if (ctx->user == NULL || ctx->db == NULL || ctx->port == 0 || + ctx->host == NULL || ctx->table == NULL) + goto om_mysql_init_bad; + + /* connect to the database */ + if (! (ctx->h = (ctx->mysql_init)(NULL)) ) { + + snprintf(err_buf, sizeof(err_buf), "om_mysql_init: Error " + "initializing handle"); + logerror(err_buf); + goto om_mysql_init_bad; + } + + dprintf(MSYSLOG_INFORMATIVE, "om_mysql_init: mysql_init returned %p\n", + ctx->h); + + dprintf(MSYSLOG_INFORMATIVE, "om_mysql_init: params %p %s %s %s %i" + " \n", ctx->h, ctx->host, ctx->user, ctx->db, ctx->port); + + snprintf(statbuf, sizeof(statbuf), "om_mysql: sending " + "messages to %s, database %s, table %s.", ctx->host, + ctx->db, ctx->table); + *status = strdup(statbuf); + + if (!((ctx->mysql_real_connect)(ctx->h, ctx->host, ctx->user, + ctx->passwd, ctx->db, ctx->port, NULL, 0)) ) { + + snprintf(err_buf, sizeof(err_buf), "om_mysql_init: Error " + "connecting to db server [%s], [%s:%i] user [%s] db [%s]", + ctx->mysql_error? ctx->mysql_error(ctx->h) : "", + ctx->host, ctx->port, ctx->user, ctx->db); + logerror(err_buf); + return (1); + } + + return (1); + +om_mysql_init_bad: + if (ctx) { + om_mysql_close(f, ctx); + free(ctx); + *c = NULL; + } + + *status = NULL; + + return(-1); +} + + +int +om_mysql_close(struct filed *f, void *ctx) +{ + struct om_mysql_ctx *c; + + c = (struct om_mysql_ctx*) ctx; + + (c->mysql_close)(c->h); + + if (c->table) + free(c->table); + if (c->host) + free(c->host); + if (c->user) + free(c->user); + if (c->passwd) + free(c->passwd); + if (c->db) + free(c->db); + if (c->lib) + dlclose(c->lib); + + return (0); +} diff --git a/msyslog-v1.08a+smac/src/modules/om_peo.c b/msyslog-v1.08a+smac/src/modules/om_peo.c new file mode 100644 index 0000000..e2f680d --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_peo.c @@ -0,0 +1,283 @@ +/* $CoreSDI: om_peo.c,v 1.41.2.5.4.17 2001/11/30 23:13:45 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_peo -- peo autentication + * + * Author: Claudio Castiglia + * + */ + +#include "config.h" + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" +#if 1 +#include "../peo/hash.h" +#else +extern char *default_keyfile; +#define SHA1 0 +#endif + +#define MAXBUF MAXSVLINE+MAXHOSTNAMELEN+20 + +struct om_peo_ctx { + short flags; + int size; + int hash_method; + char *keyfile; + char *macfile; +}; + +int +om_peo_write(struct filed *f, int flags, struct m_msg *msg, void *ctx) +{ + struct om_peo_ctx *c; + int fd, mfd, len, keylen, newkeylen; + u_char key[41], mkey[41]; + unsigned char m[MAXBUF], newkey[41]; + char time_buf[16]; + + dprintf(MSYSLOG_INFORMATIVE, "om_peo_write: Entering\n"); + + if (f == NULL || ctx == NULL || msg == NULL) + return (-1); + + c = (struct om_peo_ctx *) ctx; + + strftime(time_buf, sizeof(time_buf), "%b %e %H:%M:%S", &f->f_tm); + time_buf[15] = '\0'; + len = snprintf((char *) m, MAXBUF, "%s %s %s\n", time_buf, + f->f_prevhost, msg->msg ? msg->msg : f->f_prevline) - 1; + + dprintf(MSYSLOG_INFORMATIVE, "om_peo_write: len = %i, msg->msg = %s\n ", + len, m); + + /* Open keyfile and read last key */ + if ( (fd = open(c->keyfile, O_RDWR, 0)) < 0) { + dprintf(MSYSLOG_SERIOUS, "om_peo_write: opening keyfile: %s:" + " %s\n", c->keyfile, strerror(errno)); + return (-1); + } + bzero(key, sizeof(key)); + if ( (keylen = read(fd, key, 40)) < 0) { + close(fd); + dprintf(MSYSLOG_SERIOUS, "om_peo_write: reading form: %s:" + " %s\n", c->keyfile, strerror(errno)); + return (-1); + } + + /* Open macfile and write mac'ed msg */ + if (c->macfile) { + if ( (mfd = open(c->macfile, O_WRONLY, 0)) < 0) { + close(fd); + dprintf(MSYSLOG_SERIOUS, "om_peo_write: opening " + "macfile: %s: %s\n", c->macfile, + strerror(errno)); + return (-1); + } + lseek(mfd, (off_t) 0, SEEK_END); + write(mfd, mkey, mac2(key, keylen, m, len, mkey)); + dprintf(MSYSLOG_INFORMATIVE, "om_peo_write: write to macfile" + " ok\n"); + close(mfd); + } + + /* Generate new key and save it on keyfile */ + lseek(fd, (off_t)0, SEEK_SET); + ftruncate(fd, (off_t)0); + newkeylen = mac(c->hash_method, key, keylen, m, len, newkey); + if (newkeylen == -1) { + close(fd); + dprintf(MSYSLOG_INFORMATIVE, "om_peo_write: generating " + "key[i+1]: keylen = %i: %s\n", newkeylen, + strerror(errno)); + return (-1); + } + write(fd, newkey, newkeylen); + close(fd); + return (1); +} + + +/* + * INIT -- Initialize om_peo + * args: + * + * -k (default: /var/ssyslog/.var.log.messages) + * -l line number corruption detect mode + * (generates a strcat(keyfile, ".mac") file) + * -m md5, rmd160, or sha1 (default: sha1) + * + */ +char *keyfile; +char *macfile; +void + +release(void) +{ + if (keyfile != default_keyfile) + free(keyfile); + if (macfile != NULL) + free(macfile); +} + +int +om_peo_init(int argc, char **argv, struct filed *f, char *prog, void **ctx, + char **status) +{ + int ch; + struct om_peo_ctx *c; + int hash_method; + int mfd; + char statbuf[2048]; + + dprintf(MSYSLOG_INFORMATIVE, "om_peo_init: Entering, called by %s\n", + prog); + + if (argv == NULL || *argv == NULL || argc == 0 || f == NULL || + ctx == NULL) + return (-1); + + /* default values */ + hash_method = SHA1; + keyfile = default_keyfile; + macfile = NULL; + mfd = 0; + + /* parse command line */ +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + optind = 1; + while ( (ch = getopt(argc, argv, "k:lm:")) != -1) { + switch (ch) { + case 'k': + /* set keyfile */ + release(); + if ( (keyfile = strdup(optarg)) == NULL) + return (-1); + break; + case 'l': + /* set macfile */ + mfd = 1; + break; + case 'm': + /* set method */ + if ( (hash_method = gethash(optarg)) < 0) { + release(); + errno = EINVAL; + return (-1); + } + break; + default: + release(); + errno = EINVAL; + return (-1); + } + } + + /* set macfile */ + if (mfd) { + if ( (macfile = (char *) strmac(keyfile)) == NULL) { + release(); + return (-1); + } + if (! (mfd = open(macfile, O_CREAT, S_IRUSR | S_IWUSR))) { + if (errno != EEXIST) { + release(); + return (-1); + } + } else + close(mfd); + } + + /* save data on context */ + if ( (c = (struct om_peo_ctx*) + calloc(1, sizeof(struct om_peo_ctx))) == NULL) { + release(); + return (-1); + } + + c->size = sizeof(struct om_peo_ctx); + c->hash_method = hash_method; + c->keyfile = keyfile; + c->macfile = macfile; + *ctx = (void *) c; + + snprintf(statbuf, sizeof(statbuf), "om_peo: method: " + "%d\nkeyfile: %s\nmacfile: %s\n", hash_method, keyfile, + macfile); + *status = strdup(statbuf); + + return (1); +} + + +int +om_peo_close(struct filed *f, void *ctx) +{ + struct om_peo_ctx *c; + + c = (struct om_peo_ctx *) ctx; + dprintf(MSYSLOG_INFORMATIVE, "om_peo_close\n"); + + if (c->keyfile != default_keyfile) + free(c->keyfile); + if (c->macfile != NULL) + free(c->macfile); + return (0); +} + diff --git a/msyslog-v1.08a+smac/src/modules/om_pgsql.c b/msyslog-v1.08a+smac/src/modules/om_pgsql.c new file mode 100644 index 0000000..45abe8b --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_pgsql.c @@ -0,0 +1,382 @@ +/* $CoreSDI: om_pgsql.c,v 1.17.2.4.2.2.4.24 2001/11/30 23:13:45 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_pgsql -- PostgreSQL database support Module + * + * Author: Oliver Teuber (ot@penguin-power.de) + * Based on om_mysql from Alejo Sanchez + * + * Changes: + * + * 06/08/2000 - Gerardo_Richarte@corest.com + * Moved to_sql() to sql_misc.c to reuse it in om_mysql + * removed some code regarding msg being NULL, this is checked before calling + * write + * 10/10/2000 - Federico Schwindt + * Cleanup code + * 10/12/2000 - Alejo Sanchex + * Move alloc query and dates to context structure + * + */ + +#include "config.h" + +#include +#include +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../modules.h" +#include "../syslogd.h" +#include "sql_misc.h" + +#define MAX_QUERY 8192 + +/* + * Define needed PostgreSQL functions + */ + +typedef enum +{ + CONNECTION_OK, + CONNECTION_BAD +} Some_psql_needed_ConnStatusType; +typedef enum +{ + PGRES_EMPTY_QUERY = 0, + PGRES_COMMAND_OK +/* all other enums are not needed */ +} ExecStatusType; + + + +struct om_pgsql_ctx { + void *h; + char *table; + int lost; + void *lib; + int (*PQstatus)(void *); + int (*PQresultStatus)(void *); + void (*PQreset)(void *); + void * (*PQexec)(void *, char *); + char * (*PQresultErrorMessage)(void *); + void (*PQclear)(void *); + void * (*PQsetdbLogin)(char *, char *, void *, void *, + char *, char *,char *); + void (*PQfinish)(void *); +}; + +int +om_pgsql_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + void *r; + struct om_pgsql_ctx *c; + int err, i; + char query[MAX_QUERY], err_buf[512]; + + dprintf(MSYSLOG_INFORMATIVE, "om_pgsql_write: entering [%s] [%s]\n", + m->msg, f->f_prevline); + + c = (struct om_pgsql_ctx *) ctx; + + if ((c->h) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_write: error, no " + "connection\n"); + return (-1); + } + + if ((c->PQstatus(c->h)) == CONNECTION_BAD) { + + /* try to reconnect */ + (c->PQreset(c->h)); + + /* connection can't be established */ + if ((c->PQstatus(c->h)) == CONNECTION_BAD) { + + c->lost++; + if (c->lost == 1) { + logerror("om_pgsql_write: Lost connection!"); + } + } + return (1); + + } + + /* table, YYYY-Mmm-dd, hh:mm:ss, host, msg */ + i = snprintf(query, sizeof(query), "INSERT INTO %s (date, time, facility, severity, " + "host, message) VALUES('%.4d-%.2d-%.2d', '%.2d:%.2d:%.2d', %d, %d, '%s', '", + c->table, f->f_tm.tm_year + 1900, f->f_tm.tm_mon + 1, + f->f_tm.tm_mday, f->f_tm.tm_hour, f->f_tm.tm_min, f->f_tm.tm_sec, + m->fac, m->pri, f->f_prevhost); + + if (c->lost) { + int pos = i; + + /* + * Report lost messages, but 2 of them are lost of + * connection and this one (wich we are going + * to log anyway) + */ + snprintf(err_buf, sizeof(err_buf), "om_pgsql_write: %i " + "messages were lost due to lack of connection", + c->lost - 2); + + /* count reset */ + c->lost = 0; + + /* put message escaping special SQL characters */ + pos += to_sql(query + pos, err_buf, sizeof(query) - pos); + + /* finish it with "')" */ + query[pos++] = '\''; + query[pos++] = ')'; + if (pos < sizeof(query)) + query[pos] = '\0'; + else + query[sizeof(query) - 1] = '\0'; + + dprintf(MSYSLOG_INFORMATIVE2, "om_pgsql_write: query [%s]\n", + query); + + r = (c->PQexec(c->h, query)); + if ((c->PQresultStatus(r)) != PGRES_COMMAND_OK) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_write: %s\n", + (c->PQresultErrorMessage(r))); + return (-1); + } + (c->PQclear(r)); + } + + /* put message escaping special SQL characters */ + i += to_sql(query + i, m->msg, sizeof(query) - i); + + /* finish it with "')" */ + query[i++] = '\''; + query[i++] = ')'; + if (i < sizeof(query)) + query[i] = '\0'; + else + query[sizeof(query) - 1] = '\0'; + + dprintf(MSYSLOG_INFORMATIVE2, "om_pgsql_write: query [%s]\n", query); + + err = 1; + r = (c->PQexec(c->h, query)); + if ((c->PQresultStatus(r)) != PGRES_COMMAND_OK) { + dprintf(MSYSLOG_INFORMATIVE, "%s\n", + (c->PQresultErrorMessage(r))); + err = -1; + } + + (c->PQclear(r)); + + return (err); +} + +/* + * INIT -- Initialize om_pgsql + * + * Parse options and connect to database + * + * params: + * -s + * -u + * -p + * -b + * -t + * + */ + +int +om_pgsql_init(int argc, char **argv, struct filed *f, char *prog, void **c, + char **status) +{ + void *h; + struct om_pgsql_ctx *ctx; + char *host, *user, *passwd, *db, *table, *port, *p; + char statbuf[1024]; + int ch = 0; + + dprintf(MSYSLOG_INFORMATIVE, "om_pgsql_init: entering " + "initialization\n"); + + if (argv == NULL || *argv == NULL || argc < 2 || f == NULL || + c == NULL) + return (-1); + + user = NULL; passwd = NULL; db = NULL; port = 0; host = NULL; + table = NULL; + + /* save handle and stuff on context */ + if (! (*c = calloc(1, sizeof(struct om_pgsql_ctx)))) + return (-1); + ctx = (struct om_pgsql_ctx *) *c; + + if ((ctx->lib = dlopen("libpq.so", DLOPEN_FLAGS)) == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_init: Error loading" + " api library, %s\n", dlerror()); + free(ctx); + return (-1); + } + + if ( !(ctx->PQstatus = (int (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQstatus")) + || !(ctx->PQresultStatus = (int (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQresultStatus")) + || !(ctx->PQreset = (void (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQreset")) + || !(ctx->PQexec = (void * (*)(void *, char *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQexec")) + || !(ctx->PQresultErrorMessage = (char * (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX + "PQresultErrorMessage")) + || !(ctx->PQclear = (void (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQclear")) + || !(ctx->PQsetdbLogin = (void * (*)(char *, char *, void *, + void *, char *, char *, char *)) dlsym(ctx->lib, SYMBOL_PREFIX + "PQsetdbLogin")) + || !(ctx->PQfinish = (void (*)(void *)) dlsym(ctx->lib, + SYMBOL_PREFIX "PQfinish"))) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_init: Error resolving" + " api symbols, %s\n", dlerror()); + free(ctx); + return (-1); + } + + /* parse line */ + optind = 1; + +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + + while ((ch = getopt(argc, argv, "s:u:p:d:t:c")) != -1) { + switch (ch) { + case 's': + /* get database host name and port */ + if ((p = strstr(optarg, ":")) == NULL) { + port = NULL; + } else { + *p = '\0'; + port = ++p; + } + host = optarg; + break; + case 'u': + user = optarg; + break; + case 'p': + passwd = optarg; + break; + case 'd': + db = optarg; + break; + case 't': + table = optarg; + break; + case 'c': + dprintf(MSYSLOG_INFORMATIVE, "(om_pgsql_init: " + "ignoring 'c')\n"); + break; + default: + dprintf(MSYSLOG_INFORMATIVE, "(om_pgsql_init: " + "error on parameter '%c')\n", ch); + return (-1); + } + } + + if (user == NULL || db == NULL || table == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_init: Error missing " + "params!\n"); + dlclose(ctx->lib); + free(ctx); + return (-1); + } + + /* connect to the database */ + + h = (ctx->PQsetdbLogin)(host, port, NULL, NULL, db, user,passwd); + + /* check to see that the backend connection was successfully made */ + if ((ctx->PQstatus)(h) == CONNECTION_BAD) { + dprintf(MSYSLOG_SERIOUS, "om_pgsql_init: Error connecting " + "to db server [%s:%s] user [%s] db [%s]\n", + host?host:"(unix socket)", port?port:"(none)", user, db); + (ctx->PQfinish)(h); + dlclose(ctx->lib); + free(ctx); + return (-1); + } + + ctx->h = h; + ctx->table = strdup(table); + + snprintf(statbuf, sizeof(statbuf), "om_pgsql: sending " + "messages to host %s, database %s, table %s", host, + db, table); + *status = strdup(statbuf); + + return (1); +} + +int +om_pgsql_close(struct filed *f, void *ctx) { + struct om_pgsql_ctx *c; + + c = (struct om_pgsql_ctx *) ctx; + + if (((struct om_pgsql_ctx *)ctx)->h) { + (c->PQfinish)(((struct om_pgsql_ctx *)ctx)->h); + } + + if (c->table) + free(c->table); + + return (0); +} + diff --git a/msyslog-v1.08a+smac/src/modules/om_regex.c b/msyslog-v1.08a+smac/src/modules/om_regex.c new file mode 100644 index 0000000..18eebb3 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_regex.c @@ -0,0 +1,260 @@ +/* $CoreSDI: om_regex.c,v 1.13.2.10.4.17 2001/11/30 23:13:45 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_regex -- Filter messages using regular exressions + * + * Author: Alejo Sanchez for Core-SDI SA + * Idea of Emiliano Kargieman + * + */ + +#include "config.h" + +#if TIME_WITH_SYS_TIME + +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../modules.h" +#include "../syslogd.h" + +/* current time from syslogd */ + +struct om_regex_ctx { + short flags; + int size; + int filters; +#define OM_FILTER_MESSAGE 0x01 +#define OM_FILTER_HOST 0x02 +#define OM_FILTER_DATE 0x04 +#define OM_FILTER_TIME 0x08 +#define OM_FILTER_INVERSE 0x10 + regex_t msg_exp; + regex_t host_exp; + regex_t date_exp; + regex_t time_exp; +}; + + +/* + * INIT -- Initialize om_regex + * + */ +int +om_regex_init(int argc, char **argv, struct filed *f, char *prog, void **ctx, + char **status) +{ + struct om_regex_ctx *c; + regex_t *creg; + int ch, statbuf_len; + char statbuf[1048], *p; + + creg = NULL; + p = NULL; + + /* for debugging purposes */ + dprintf(MSYSLOG_INFORMATIVE, "om_regex init\n"); + + if (argc < 2 || argv == NULL || argv[1] == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_regex: error on " + "initialization\n"); + return (-1); + } + + if ((*ctx = (void *) calloc(1, sizeof(struct om_regex_ctx))) == NULL) + return (-1); + + c = (struct om_regex_ctx *) *ctx; + c->size = sizeof(struct om_regex_ctx); + + statbuf_len = snprintf(statbuf, sizeof(statbuf), + "om_regex: filtering"); + + /* + * Parse options with getopt(3) + * + * we give an example for a -s argument + * -v flag means INVERSE matching + * -m flag match message + * -h flag match host + * -d flag match date + * -t flag match time + * + */ + p = NULL; + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "vm:h:d:t:")) != -1) { + switch (ch) { + case 'v': + c->filters |= OM_FILTER_INVERSE; + statbuf_len += snprintf(statbuf + statbuf_len, + sizeof(statbuf) - statbuf_len, ", inverse"); + continue; + + case 'm': + c->filters |= OM_FILTER_MESSAGE; + creg = &c->msg_exp; + p = ", message"; + break; + + case 'h': + c->filters |= OM_FILTER_HOST; + creg = &c->host_exp; + p = ", host"; + break; + + case 'd': + c->filters |= OM_FILTER_DATE; + creg = &c->date_exp; + p = ", date"; + break; + + case 't': + c->filters |= OM_FILTER_TIME; + creg = &c->time_exp; + p = ", time"; + break; + + default: + dprintf(MSYSLOG_SERIOUS, "om_regex: unknown parameter" + " [%c]\n", ch); + free(*ctx); + return (-1); + } + + if (regcomp(creg, optarg, REG_EXTENDED | REG_NOSUB) != 0) { + dprintf(MSYSLOG_SERIOUS, "om_regex: error compiling " + "regular expression [%s] for message\n", optarg); + free(*ctx); + return (-1); + } + + if (p) + statbuf_len += snprintf(statbuf + statbuf_len, + sizeof(statbuf) - statbuf_len, " %s [%s]", p, + optarg); + } + + *status = strdup(statbuf); + + return (1); +} + +/* return: + -1 error + 1 match -> successfull + 0 nomatch -> stop logging it + */ + +int +om_regex_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + struct om_regex_ctx *c; + regex_t *creg; + char *str, time_buf[16]; + int i, iflag; + + creg = NULL; + str = NULL; + + c = (struct om_regex_ctx *) ctx; + + if (m == NULL || m->msg == NULL || !strcmp(m->msg, "")) { + logerror("om_regex_write: no message!"); + return (-1); + } + + /* Split date and time if filters are present. */ + if ((c->filters & OM_FILTER_DATE) || (c->filters & OM_FILTER_TIME)) { + strftime(time_buf, sizeof(time_buf), "%b %e %H:%M:%S", + &f->f_tm); + + time_buf[6] = 0; + time_buf[15] = 0; + } + + iflag = ((c->filters & OM_FILTER_INVERSE) != 0); + + for (i = 1; i < OM_FILTER_INVERSE; i <<= 1) { + if ((c->filters & i) == 0) + continue; + + switch (i) { + case OM_FILTER_MESSAGE: + creg = &c->msg_exp; + str = m->msg; + break; + + case OM_FILTER_HOST: + creg = &c->host_exp; + str = f->f_prevhost; + break; + + case OM_FILTER_DATE: + creg = &c->date_exp; + str = time_buf; + break; + + case OM_FILTER_TIME: + creg = &c->time_exp; + str = time_buf + 7; + break; + } + + if ((regexec(creg, str, 0, NULL, 0) != 0) ^ iflag) + return (0); + } + + return (1); + +} + diff --git a/msyslog-v1.08a+smac/src/modules/om_tcp.c b/msyslog-v1.08a+smac/src/modules/om_tcp.c new file mode 100644 index 0000000..8bf642c --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_tcp.c @@ -0,0 +1,329 @@ +/* $CoreSDI: om_tcp.c,v 1.17.2.4 2001/11/30 23:13:45 alejo Exp $ */ +/* + Copyright (c) 2001, Core SDI S.A., Argentina + All rights reserved + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither name of the Core SDI S.A. nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_tcp -- TCP output module + * + * Author: Alejo Sanchez for Core-SDI SA + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include "../modules.h" +#include "../syslogd.h" + +#define OM_TCP_MAX_RETRY_SLEEP_SECONDS 60 + +struct om_tcp_ctx { + int fd; + char *host; + char *port; /* either 'syslog' or number up to XXXXX */ + char *saved; + int savesize; + int savelen; + unsigned int msec; /* maximum seconds to wait until connection retry */ + unsigned int inc; /* increase save */ + time_t savet; /* saved time of last failed reconnect */ + int flags; +}; + +#define M_ADDHOST 0x01 + +int connect_tcp(char *, char *); +int om_tcp_close(struct filed *, void *); + +/* + * INIT -- Initialize om_tcp + * + * we get remote host and port + * + * usage: -r tries to reconnect always (optional) + * -h host (required) + * -p port (required) + * + * we try to make it the most IPv6 compatible as we can + * for future porting + * + * NOTE: connection will be established on first om_tcp_write !! + */ + +int +om_tcp_init(int argc, char **argv, struct filed *f, char *prog, void **ctx, + char **status) +{ + struct om_tcp_ctx *c; + int ch; + char statbuf[1024]; + + dprintf(MSYSLOG_INFORMATIVE, "om_tcp init: Entering\n"); + + if ((*ctx = (void *) calloc(1, sizeof(struct om_tcp_ctx))) == NULL) { + dprintf(MSYSLOG_CRITICAL, "om_tcp_init: couldn't allocate" + " context\n"); + return (-1); + } + c = (struct om_tcp_ctx *) *ctx; + + /* parse line */ + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "h:p:m:s:a")) != -1) { + switch (ch) { + case 'h': + /* get remote host name/addr */ + c->host = strdup(optarg); + break; + case 'p': + /* get remote host port */ + c->port = strdup(optarg); + break; + case 'm': + /* get maximum seconds to wait on connect retry */ + c->msec = (unsigned int) strtol(optarg, NULL, 10); + break; + case 's': + /* set saved buffer size */ + c->savesize = strtol(optarg, NULL, 10); + c->saved = (char *) malloc(c->savesize); + break; + case 'a': + c->flags |= M_ADDHOST; + break; + default: + dprintf(MSYSLOG_SERIOUS, "om_tcp_init: parsing error" + " [%c]\n", ch); + if (c->host) + free(c->host); + if (c->port) + free(c->port); + free(*ctx); + return (-1); + } + } + + if ( !c->host || !c->port ) { + dprintf(MSYSLOG_SERIOUS, "om_tcp_init: parsing\n"); + om_tcp_close(NULL, c); + return (-1); + } + + if (c->msec == 0) + c->msec = OM_TCP_MAX_RETRY_SLEEP_SECONDS; + c->inc = 2; + c->savet = 0; + c->fd = -1; + + snprintf(statbuf, sizeof(statbuf), "om_tcp: forwarding " + "messages through TCP to host %s, port %s", c->host, + c->port); + *status = strdup(statbuf); + + return (1); +} + + +/* + * WRITE -- Initialize om_tcp + * + */ + +int +om_tcp_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + struct om_tcp_ctx *c; + RETSIGTYPE (*sigsave)(int); + char time_buf[16]; + char line[MAXLINE + 1]; + int l; + + if (m->msg == NULL || !strcmp(m->msg, "")) { + logerror("om_tcp_write: no message!"); + return (-1); + } + + c = (struct om_tcp_ctx *) ctx; + + strftime(time_buf, sizeof(time_buf), "%b %e %H:%M:%S", &f->f_tm); + + /* we give a newline termination to difference lines, unlike UDP */ + if (c->flags & M_ADDHOST) { + l = snprintf(line, sizeof(line), "<%d>%.15s %s %s\n", + f->f_prevpri, time_buf, f->f_prevhost, m->msg); + } else { + l = snprintf(line, sizeof(line), "<%d>%.15s %s\n", + f->f_prevpri, time_buf, m->msg); + } + + dprintf(MSYSLOG_INFORMATIVE, "om_tcp_write: sending to %s, %s", + c->host, line); + + /* Ignore sigpipes so broken connections won't bother */ + sigsave = place_signal(SIGPIPE, SIG_IGN); + + /* + * reconnect using (max_seconds - (max_seconds/n)) + */ + + /* If down or couldn't write, reconnect */ + if ( c->fd < 0 || (c->savelen && (write(c->fd, c->saved, c->savelen) + != c->savelen)) || (write(c->fd, line, l) != l) ) { + time_t t; + + t = time(NULL); + + if (c->savet == 0) { + c->savet = t; + } else { + register unsigned int n, s; + + n = (unsigned int) t; + s = c->msec - (c->msec / c->inc); + n -= s; + + dprintf(MSYSLOG_INFORMATIVE, "om_tcp_write: should " + "I retry? (now %u, lasttime %u, sleep %u," + " next %u)...", (unsigned int) t, + (unsigned int) c->savet, s, n); + + if (n < c->savet) { + dprintf(MSYSLOG_INFORMATIVE, "no!\n"); + if (c->saved && l < (c->savesize - c->savelen + - 1)) { + strncat(c->saved, line, c->savesize + - 1 - c->savelen); + c->savelen = strlen(c->saved); + } + return(0); + } + + dprintf(MSYSLOG_INFORMATIVE, "yes!\n"); + + } + + dprintf(MSYSLOG_SERIOUS, "om_tcp_write: no connection " + "to remote host %s, port %s. retry %i... ", c->host, + c->port, c->inc - 1); + + /* just in case */ + if (c->fd > -1); + close(c->fd); + if ( ((c->fd = connect_tcp(c->host, c->port)) < 0) || + (c->savelen && (write(c->fd, c->saved, c->savelen) + != c->savelen)) || (write(c->fd, line, l) != l) ) { + + dprintf(MSYSLOG_SERIOUS, "still down! next retry " + "in %i seconds\n", c->msec - (c->msec / c->inc)); + + c->inc++; + c->savet = t; + if (c->fd) + close(c->fd); + c->fd = -1; + + place_signal(SIGPIPE, sigsave); + + /* save this line too if posible */ + if (c->saved && l < (c->savesize - c->savelen - 1)) { + strncat(c->saved, line, c->savesize - 1 - + c->savelen); + c->savelen = strlen(c->saved); + } + + return(0); + + } else { + dprintf(MSYSLOG_SERIOUS, "reconnected!\n"); + c->inc = 2; + c->savet = 0; + if (c->savelen) { + c->savelen = 0; + c->saved[0] = '\0'; + } + } + } else if (c->savelen) { /* yes this code is repeated, but CLEAR */ + c->savelen = 0; + c->saved[0] = '\0'; + } + + + place_signal(SIGPIPE, sigsave); + + f->f_prevcount = 0; + return (1); +} + + +/* + * CLOSE -- close om_tcp + * + */ + +int +om_tcp_close(struct filed *f, void *ctx) +{ + struct om_tcp_ctx *c; + + c = (struct om_tcp_ctx *) ctx; + if (c->host) + free(c->host); + if (c->port) + free(c->port); + + if (c->fd); + close (c->fd); + if (c->saved); + free(c->saved); + + return (1); +} diff --git a/msyslog-v1.08a+smac/src/modules/om_udp.c b/msyslog-v1.08a+smac/src/modules/om_udp.c new file mode 100644 index 0000000..e7074b6 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/om_udp.c @@ -0,0 +1,222 @@ +/* $CoreSDI: om_udp.c,v 1.1.2.2 2001/11/30 23:13:45 alejo Exp $ */ +/* + Copyright (c) 2001, Core SDI S.A., Argentina + All rights reserved + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither name of the Core SDI S.A. nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * om_udp -- UDP output module + * + * Author: Alejo Sanchez for Core-SDI SA + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include "../modules.h" +#include "../syslogd.h" + +struct om_udp_ctx { + int fd; + char *host; + char *port; + void *addr; /* remote address */ + int addrlen; + int flags; +}; + +#define M_ADDHOST 0x01 + +int sock_udp(char *, char *, void **, int *); +int udp_send(int, char *, int, void *, int); + +/* + * INIT -- Initialize om_udp + * + * we get remote host and port + * + * usage: -h host (required) + * -p port (required) + * -a (add hostname to message) + * + * we try to make it the most IPv6 compatible as we can + * for future porting + * + */ + +int +om_udp_init(int argc, char **argv, struct filed *f, char *prog, void **ctx, + char **status) +{ + struct om_udp_ctx *c; + int ch; + + dprintf(MSYSLOG_INFORMATIVE, "om_udp init: Entering\n"); + + if ((*ctx = (void *) calloc(1, sizeof(struct om_udp_ctx))) == NULL) { + dprintf(MSYSLOG_INFORMATIVE, "om_udp_init: couldn't allocate" + " context\n"); + return (-1); + } + c = (struct om_udp_ctx *) *ctx; + + /* parse line */ + optind = 1; +#ifdef HAVE_OPTRESET + optreset = 1; +#endif + while ((ch = getopt(argc, argv, "h:p:m:s:a")) != -1) { + switch (ch) { + case 'h': + /* get remote host name/addr */ + c->host = strdup(optarg); + break; + case 'p': + /* get remote host port */ + c->port = strdup(optarg); + break; + case 'a': + c->flags |= M_ADDHOST; + break; + default: + dprintf(MSYSLOG_SERIOUS, "om_udp_init: parsing error" + " [%c]\n", ch); + if (c->host) + free(c->host); + if (c->port) + free(c->port); + free(*ctx); + return (-1); + } + } + + if ( c->host == NULL) { + dprintf(MSYSLOG_SERIOUS, "om_udp_init: host unspecified\n"); + return (-1); + } + + errno = 0; + if ((c->fd = sock_udp(c->host, c->port == NULL? "syslog" : c->port, + &c->addr, &c->addrlen)) == -1) { + dprintf(MSYSLOG_SERIOUS, "om_udp_init: error creating generic" + " outgoing UDP socket [%s]", strerror(errno)); + return (-1); + } + + return (1); +} + + +/* + * WRITE -- Send a message + * + */ + +int +om_udp_write(struct filed *f, int flags, struct m_msg *m, void *ctx) +{ + struct om_udp_ctx *c; + char time_buf[16]; + char line[MAXLINE + 1]; + int l; + + if (m == NULL || m->msg == NULL || !strcmp(m->msg, "")) { + logerror("om_udp_write: no message!"); + return (-1); + } + + c = (struct om_udp_ctx *) ctx; + + strftime(time_buf, sizeof(time_buf), "%b %e %H:%M:%S", &f->f_tm); + + /* we give a newline termination to difference lines, unlike UDP */ + if (c->flags & M_ADDHOST) { + l = snprintf(line, sizeof(line), "<%d>%.15s %s %s\n", + f->f_prevpri, time_buf, f->f_prevhost, m->msg); + } else { + l = snprintf(line, sizeof(line), "<%d>%.15s %s\n", + f->f_prevpri, time_buf, m->msg); + } + + dprintf(MSYSLOG_INFORMATIVE, "om_udp_write: sending to %s:%s, %s", + c->host, c->port, line); + + if (udp_send(c->fd, line, l, c->addr, c->addrlen) == -1) { + + dprintf(MSYSLOG_SERIOUS, "om_udp_write: error sending " + "to remote host [%s]", strerror(errno)); + } + + return (1); +} + + +/* + * CLOSE -- close om_udp + * + */ + +int +om_udp_close(struct filed *f, void *ctx) +{ + struct om_udp_ctx *c; + + c = (struct om_udp_ctx *) ctx; + + if (c->host) + free(c->host); + if (c->port) + free(c->port); + if (c->addr) + free(c->addr); + + close(c->fd); + + return (1); +} diff --git a/msyslog-v1.08a+smac/src/modules/sql_misc.c b/msyslog-v1.08a+smac/src/modules/sql_misc.c new file mode 100644 index 0000000..65d481f --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/sql_misc.c @@ -0,0 +1,74 @@ +/* $CoreSDI: sql_misc.c,v 1.3.2.1.2.1.4.11 2001/10/18 21:39:10 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * sql_misc - Functions shared by SQL modules + * + * Author: Gerardo_Richarte@corest.com + * Extracted from om_pgsql.c by Oliver Teuber (ot@penguin-power.de) + * + */ + +#include "config.h" + +#include +#include + +int +to_sql(char *dst, char *src, int maxlen) +{ + int i; + + if(dst == NULL || src == NULL || maxlen < 2) + return -1; + + for(i = 0; *src && i < (maxlen - 2) ; src++) { + + /* + * escape \n \r \\ \' " and del (ctrl-z 127) + */ + + if (*src == '\'' || *src == '\n' || *src == '\r' || + *src == '\\' || *src == '"' || *src == 127) { + dst[i++] = '\\'; + } + + dst[i++] = *src; + + } + + /* terminate string if possible */ + if (i < maxlen) + dst[i] = 0; + + return i; +} + diff --git a/msyslog-v1.08a+smac/src/modules/sql_misc.h b/msyslog-v1.08a+smac/src/modules/sql_misc.h new file mode 100644 index 0000000..eb59563 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/sql_misc.h @@ -0,0 +1,39 @@ +/* $CoreSDI: sql_misc.h,v 1.1.2.1.4.10 2001/10/18 21:39:11 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * sql_misc header - Functions shared by SQL modules + * + * Author: Gerardo_Richarte@corest.com + */ + +int to_sql(char *, const char *, int); + diff --git a/msyslog-v1.08a+smac/src/modules/ttymsg.c b/msyslog-v1.08a+smac/src/modules/ttymsg.c new file mode 100644 index 0000000..f80a203 --- /dev/null +++ b/msyslog-v1.08a+smac/src/modules/ttymsg.c @@ -0,0 +1,191 @@ +/* $OpenBSD: ttymsg.c,v 1.3 1996/10/25 06:06:30 downsj Exp $ */ +/* $NetBSD: ttymsg.c,v 1.3 1994/11/17 07:17:55 jtc Exp $ */ + +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#include "config.h" + +#include +#include +#ifdef HAVE_DIRENT_H +# include +#elif defined(HAVE_SYS_HNDIR_H) +# include +#elif defined(HAVE_SYS_HDIR_H) +# include +#elif defined(HAVE_NDIR_H) +# include +#else +# define MAXNAMLEN 128 +# warning Using MAXNAMLEN of 128 +#endif +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif +#include +#include +#include +#include +#include + +#ifndef _PATH_DEV +#define _PATH_DEV "/dev/" +/* #warning Using "/dev/" for _PATH_DEV */ +#endif + +#ifndef sigsetmask +int sigsetmask(int); +#endif + +/* + * Display the contents of a uio structure on a terminal. Used by wall(1), + * syslogd(8), and talkd(8). Forks and finishes in child if write would block, + * waiting up to tmout seconds. Returns pointer to error string on unexpected + * error; string is not newline-terminated. Various "normal" errors are + * ignored (exclusive-use, lack of permission, etc.). + */ +char * +ttymsg(struct iovec *iov, int iovcnt, char *line, int tmout) +{ + static char device[MAXNAMLEN] = { _PATH_DEV }; + static char errbuf[1024]; + register int cnt, fd, left, wret; + struct iovec localiov[6]; + int forked = 0; + + + if (iovcnt > sizeof(localiov) / sizeof(localiov[0])) + return ("too many iov's (change code in wall/ttymsg.c)"); + + /* + * Ignore lines that start with "ftp" or "uucp". + */ + if ((strncmp(line, "ftp", 3) == 0) + || (strncmp(line, "uucp", 4) == 0)) + return (NULL); + + (void) strcpy(device + sizeof(_PATH_DEV) - 1, line); + +#ifndef HAVE_LINUX + if (strchr(device + sizeof(_PATH_DEV) - 1, '/')) { + /* A slash is an attempt to break security... */ + (void) snprintf(errbuf, sizeof(errbuf), "'/' in \"%s\"", + device); + return (errbuf); + } +#endif + + /* + * open will fail on slip lines or exclusive-use lines + * if not running as root; not an error. + */ + if ((fd = open(device, O_WRONLY|O_NONBLOCK, 0)) < 0) { + if (errno == EBUSY || errno == EACCES) + return (NULL); + (void) snprintf(errbuf, sizeof(errbuf), + "%s: %s", device, strerror(errno)); + return (errbuf); + } + + for (cnt = left = 0; cnt < iovcnt; ++cnt) + left += iov[cnt].iov_len; + + for (;;) { + wret = writev(fd, iov, iovcnt); + if (wret >= left) + break; + if (wret >= 0) { + left -= wret; + if (iov != localiov) { + bcopy(iov, localiov, + iovcnt * sizeof(struct iovec)); + iov = localiov; + } + for (cnt = 0; wret >= iov->iov_len; ++cnt) { + wret -= iov->iov_len; + ++iov; + --iovcnt; + } + /* we assume writev() writes whole chunks. posix? */ + continue; + } + if (errno == EWOULDBLOCK) { + int cpid, off = 0; + + if (forked) { + (void) close(fd); + _exit(1); + } + cpid = fork(); + if (cpid < 0) { + (void) snprintf(errbuf, sizeof(errbuf), + "fork: %s", strerror(errno)); + (void) close(fd); + return (errbuf); + } + if (cpid) { /* parent */ + (void) close(fd); + return (NULL); + } + forked++; + /* wait at most tmout seconds */ + (void) signal(SIGALRM, SIG_DFL); + (void) signal(SIGTERM, SIG_DFL); /* XXX */ + sigsetmask(0); + (void) alarm((u_int)tmout); + (void) fcntl(fd, O_NONBLOCK, &off); + continue; + } + /* + * We get ENODEV on a slip line if we're running as root, + * and EIO if the line just went away. + */ + if (errno == ENODEV || errno == EIO) + break; + (void) close(fd); + if (forked) + _exit(1); + (void) snprintf(errbuf, sizeof(errbuf), + "%s: %s", device, strerror(errno)); + return (errbuf); + } + + (void) close(fd); + if (forked) + _exit(0); + return (NULL); +} diff --git a/msyslog-v1.08a+smac/src/peo/Makefile b/msyslog-v1.08a+smac/src/peo/Makefile new file mode 100644 index 0000000..a8dc571 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/Makefile @@ -0,0 +1,62 @@ +# $CoreSDI: Makefile.in,v 1.3.2.1.4.8 2001/11/20 09:56:24 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= gcc +CFLAGS= -g -O2 -Wall +CPPFLAGS= -I.. + +INSTALL= /usr/bin/ginstall -c +INSTALL_DIR= /usr/msyslog/sbin + +PROG= peochk +SRCS= peochk.c hash.c md5c.c sha1.c rmd160.c +OBJS= $(SRCS:.c=.o) + +all: $(PROG) $(OBJS) + +$(OBJS): $(SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) -c $(SRCS) + +$(PROG): $(OBJS) + $(CC) $(CFLAGS) $(OBJS) -o $@ + +.PHONY: clean distclean +clean: + -rm -f $(OBJS) core *.core $(PROG) + +distclean: clean + -rm -f Makefile + +install: + @if [ ! -d $(INSTALL_DIR) ]; then \ + mkdir -p $(INSTALL_DIR); \ + fi + -$(INSTALL) ${PROG} $(INSTALL_DIR) + diff --git a/msyslog-v1.08a+smac/src/peo/Makefile.in b/msyslog-v1.08a+smac/src/peo/Makefile.in new file mode 100644 index 0000000..044c6ec --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/Makefile.in @@ -0,0 +1,62 @@ +# $CoreSDI: Makefile.in,v 1.3.2.1.4.8 2001/11/20 09:56:24 alejo Exp $ +# +# Copyright (c) 2001, Core SDI S.A., Argentina +# All rights reserved +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither name of the Core SDI S.A. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +CC= @CC@ +CFLAGS= @CFLAGS@ +CPPFLAGS= -I.. @CPPFLAGS@ + +INSTALL= @INSTALL@ +INSTALL_DIR= @prefix@/sbin + +PROG= peochk +SRCS= peochk.c @HASH_SRCS@ +OBJS= $(SRCS:.c=.o) + +all: $(PROG) $(OBJS) + +$(OBJS): $(SRCS) + $(CC) $(CFLAGS) $(CPPFLAGS) -c $(SRCS) + +$(PROG): $(OBJS) + $(CC) $(CFLAGS) $(OBJS) -o $@ + +.PHONY: clean distclean +clean: + -rm -f $(OBJS) core *.core $(PROG) + +distclean: clean + -rm -f Makefile + +install: + @if [ ! -d $(INSTALL_DIR) ]; then \ + mkdir -p $(INSTALL_DIR); \ + fi + -$(INSTALL) ${PROG} $(INSTALL_DIR) + diff --git a/msyslog-v1.08a+smac/src/peo/TODO b/msyslog-v1.08a+smac/src/peo/TODO new file mode 100644 index 0000000..d59c93c --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/TODO @@ -0,0 +1,5 @@ +/* $CoreSDI: TODO,v 1.4.2.6 2001/05/24 01:57:50 alejo Exp $ */ +Things to do: + +- Peochek utility and commutication with audit (raw and xml) +- Add vcr protocol (new module?) diff --git a/msyslog-v1.08a+smac/src/peo/hash.c b/msyslog-v1.08a+smac/src/peo/hash.c new file mode 100644 index 0000000..5557208 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/hash.c @@ -0,0 +1,361 @@ +/* $CoreSDI: hash.c,v 1.23.2.3.2.1.4.7 2001/05/24 00:19:14 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * hash -- few things used by both peo output module and peochk + * + * Author: Claudio Castiglia + * + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include /* some OSs have strcasecmp here */ +#include +#include + +#ifdef HAVE_MD5_H +#include +#else +#include "md5.h" +#endif +#ifdef HAVE_RMD160_H +#include +#else +#include "rmd160.h" +#endif +#ifdef HAVE_SHA1_H +#include +#else +#include "sha1.h" +#endif + +#include "hash.h" + +#ifdef HAVE_SRANDOM + #define RANDOM_DEVICE "/dev/srandom" +#else + #define RANDOM_DEVICE "/dev/random" +#endif + + +char *default_keyfile = "/var/ssyslog/.var.log.messages.key"; +char *hmstr[] = { /* enum order */ + "md5", + "rmd160", + "sha1" +}; + +typedef union { + MD5_CTX md5; + RMD160_CTX rmd160; + SHA1_CTX sha1; +} HASH_CTX; + + +/* + * mac: + * method: hash method to use (see enum, gethash(..) output) + * data1: buffer 1 (commonly a key[i]) + * data1len: data1 lenght + * data2: buffer 2 (commonly a message) + * data2len: data2 lenght + * dest: destination buffer + * + * Fills dest with a key and returns dest lenght + * dest should have enough space. + * On error returns -1 + */ +int +mac(int method, const unsigned char *data1, unsigned int data1len, + const unsigned char *data2, unsigned int data2len, unsigned char *dest) +{ + HASH_CTX ctx; + int i, destlen, tmplen; + unsigned char *tmp; + + /* Calculate tmp buffer lenght */ + tmplen = 0; + if (data1len && data2len) { + if (data1len > data2len) { + tmplen = data1len / data2len * data2len; + tmplen += (tmplen < data1len) ? data2len : 0; + } else if (data1len < data2len) { + tmplen = data2len / data1len * data1len; + tmplen += (tmplen < data2len) ? data1len : 0; + } else tmplen = data1len; + } else { + tmplen = (data1len) ? data1len : data2len; + if (!tmplen) + tmplen = 1; + } + + /* Allocate needed memory and clear tmp buffer */ + if ( (tmp = (unsigned char *) calloc(1, tmplen)) == NULL) + return (-1); + + /* tmp = data1 xor data2 */ + if (data1len && data2len) + for (i = 0; i < tmplen; i++) + tmp[i] = data1[i % data1len] ^ data2[i % data2len]; + else if (data1len) + memcpy(tmp, data1, tmplen); + else + memcpy(tmp, data2, tmplen); + + /* dest = hash(tmp) */ + switch(method) { + case MD5: + MD5Init(&ctx.md5); + MD5Update(&ctx.md5, tmp, tmplen); + MD5Final(dest, &ctx.md5); + destlen = 16; + break; + case RMD160: + RMD160Init(&ctx.rmd160); + RMD160Update(&ctx.rmd160, tmp, tmplen); + RMD160Final(dest, &ctx.rmd160); + destlen = 20; + break; + case SHA1: + default: + SHA1Init(&ctx.sha1); + SHA1Update(&ctx.sha1, tmp, tmplen); + SHA1Final(dest, &ctx.sha1); + destlen = 20; + break; + } + + free(tmp); + return (destlen); +} + + +/* + * mac2: + * data1: buffer 1 (commonly key[i]) + * data1len: data1 lenght + * data2: buffer 2 (commonly message) + * data2len: data2 lenght + * dest: destination buffer (commonly key[i+1]) + * + * Fills dest with a digest and returns dest lenght + * dest should have enough space. + * On error returns -1 + */ +int +mac2(const unsigned char *data1, int data1len, const unsigned char *data2, + int data2len, unsigned char *dest) +{ + int destlen; + + destlen = mac(SHA1, data1, data1len, data2, data2len, dest); + if (destlen != -1) + destlen = mac(RMD160, dest, destlen, data2, data2len, dest); + return (destlen); +} + + +/* + * gethash: + * Converts method string to method number. + * The string should be one of those specified in hmstr declaration, + * otherwise -1 is returned. + * Case is ignored. + */ +int +gethash(const char *str) +{ + int i; + + for (i = 0; i < LAST_HASH; i++) + if (!strcasecmp(str, hmstr[i])) + return (i); + return (-1); +} + + +/* + * strdot: + * Receives something like this: /a/b/c/d/e + * and chages it to something like this: .a.b.c.d.e + */ +char * +strdot(char *s) +{ + char *b; + + if ( (b = s) != NULL) + while ( (b = strchr(b, '/')) != NULL) + *b = '.'; + return (s); +} + + +/* + * strallocat: + * Concatenates two strings and returns a pointer to the new string + * The new buffer should be freed using free(3) + */ +char * +strallocat(const char *s1, const char *s2) +{ + char *dest; + int size; + + size = strlen(s1) + strlen(s2) + 1; + if ( (dest = (char *) calloc(1, size)) != NULL) + snprintf(dest, size, "%s%s", (s1 != NULL) ? s1 : "", + (s2 != NULL) ? s2 : ""); + return (dest); +} + + +/* + * strmac + */ +char * +strmac(const char *s) +{ + return (strallocat(s, ".mac")); +} + + +/* + * strkey0 + */ +char * +strkey0(const char *s) +{ + return (strallocat(s, "0")); +} + + +/* + * strrealpath + */ +char * +strrealpath(const char *path) +{ + char *resolved; + + if ( (resolved = (char *) calloc(1, PATH_MAX)) != NULL) + return (realpath(path, resolved)); + return (NULL); +} + + +/* + * asc2bin: + * Translates an hex string to binary. + * Buffer lenght = string lenght / 2 + * (Ex.: 2 byte string "ab" is translated to byte 0xab) + */ +#define ASC2BIN(x) ((x <= '9') ? x - '0' : x - 'a' + 10) +unsigned char * +asc2bin(unsigned char *dst, const unsigned char *src) +{ + int i; + int j; + unsigned char *tmp; + + if (src == NULL || dst == NULL || (strlen((char *) src) & 1)) + return (NULL); + + if (dst == src) { + if ( (tmp = (unsigned char *) strdup((char *) src)) == NULL) + return (NULL); + } else + tmp = (unsigned char *) src; + + for (j = i = 0; tmp[i] != '\0'; i += 2, j++) + dst[j] = (ASC2BIN(tmp[i]) << 4) | ASC2BIN(tmp[i + 1]); + + if (dst == src) + free(tmp); + + return (dst); +} + + +/* + * bin2asc: + * Translates a binary buffer to string + * Based on XXXEnd function + * (2 byte buffer 0x3, 0x9a is translated to 4 byte string "039a") + */ +char hex[] = { "0123456789abcdef" }; +unsigned char * +bin2asc(unsigned char *dst, const unsigned char *src, int srclen) +{ + int i; + + if (dst == NULL || src == NULL) + return (NULL); + + for (i = 0; i < srclen; i++) { + dst[i + i] = hex[src[i] >> 4]; + dst[i + i + 1] = hex[src[i] & 0x0f]; + } + dst[i + i] = '\0'; + + return (dst); +} + + +/* + * getrandom: + * Open RANDOM_DEVICE and reads len bytes random values. + * Returns 0 on success and -1 on error + */ +int +getrandom(unsigned char *buffer, int bytes) +{ + int fd; + + if ( (fd = open(RANDOM_DEVICE, O_RDONLY, 0)) >= 0) { + if (read(fd, buffer, bytes) == bytes) + bytes = 0; + else + bytes = -1; + close(fd); + return (bytes); + } + return (-1); +} + + diff --git a/msyslog-v1.08a+smac/src/peo/hash.h b/msyslog-v1.08a+smac/src/peo/hash.h new file mode 100644 index 0000000..cbdb396 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/hash.h @@ -0,0 +1,67 @@ +/* $CoreSDI: hash.h,v 1.12.2.1.4.7 2001/05/24 00:19:14 alejo Exp $ + */ +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * hash -- Some things used by both peo output module and peochk + * + * Author: Claudio Castiglia + * + */ + +#ifndef HASH_H +#define HASH_H + +enum { + MD5, + RMD160, + SHA1, + LAST_HASH +}; + +extern char *default_keyfile; + +extern int mac (int, const unsigned char *, unsigned int, + const unsigned char *, unsigned int, + unsigned char *); +extern int mac2 (const unsigned char *, int, + const unsigned char *, int, unsigned char *); +extern int gethash (const char *); +extern char *strdot (char *); +extern char *strallocat (const char*, const char *); +extern char *strmac (const char *); +extern char *strkey0 (const char *); +extern char *strrealpath (const char *); +extern unsigned char *asc2bin (unsigned char *, const unsigned char *); +extern unsigned char *bin2asc (unsigned char *, const unsigned char *, int); +extern int getrandom (unsigned char *, int); + +#endif + diff --git a/msyslog-v1.08a+smac/src/peo/md5.h b/msyslog-v1.08a+smac/src/peo/md5.h new file mode 100644 index 0000000..aa722ea --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/md5.h @@ -0,0 +1,47 @@ +/* MD5.H - header file for MD5C.C + * $OpenBSD: md5.h,v 1.5 2000/03/28 17:35:08 millert Exp $ + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +#ifndef _MD5_H_ +#define _MD5_H_ + +#include "typedefs.h" + +/* MD5 context. */ +typedef struct MD5Context { + u_int32_t state[4]; /* state (ABCD) */ + u_int64_t count; /* number of bits, modulo 2^64 */ + unsigned char buffer[64]; /* input buffer */ +} MD5_CTX; + +void MD5Init __P((MD5_CTX *)); +void MD5Update __P((MD5_CTX *, const unsigned char *, size_t)); +void MD5Final __P((unsigned char [16], MD5_CTX *)); +void MD5Transform __P ((u_int32_t [4], const unsigned char [64])); +char * MD5End __P((MD5_CTX *, char *)); +char * MD5File __P((char *, char *)); +char * MD5Data __P((const unsigned char *, size_t, char *)); + +#endif /* _MD5_H_ */ diff --git a/msyslog-v1.08a+smac/src/peo/md5c.c b/msyslog-v1.08a+smac/src/peo/md5c.c new file mode 100644 index 0000000..43ffdc5 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/md5c.c @@ -0,0 +1,322 @@ +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +/* static char rcsid[] = "$OpenBSD: md5c.c,v 1.12 2000/03/28 17:35:09 millert Exp $"; */ +#endif /* LIBC_SCCS and not lint */ + +#include +#include + +#include "config.h" + +/* changed */ +/*#include */ +#include "md5.h" + +/* POINTER defines a generic pointer type */ +typedef unsigned char *POINTER; + +/* Constants for MD5Transform routine. + */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + +#if BYTE_ORDER == LITTLE_ENDIAN +#define Encode memcpy +#define Decode memcpy +#else /* BIG_ENDIAN */ +static void Encode (void *, const void *, size_t); +static void Decode (void *, const void *, size_t); +#endif /* LITTLE_ENDIAN */ + +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic MD5 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +#if BYTE_ORDER != LITTLE_ENDIAN +/* Encodes input (u_int32_t) into output (unsigned char). Assumes len is + a multiple of 4. + */ +static void Encode (out, in, len) +void *out; +const void *in; +size_t len; +{ + unsigned char *output = out; + size_t i, j; + const u_int32_t *input = in; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char)(input[i] & 0xff); + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); + } +} + +/* Decodes input (unsigned char) into output (u_int32_t). Assumes len is + a multiple of 4. + */ +static void Decode (out, in, len) +void *out; +const void *in; +size_t len; +{ + u_int32_t *output = out; + const unsigned char *input = in; + size_t i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | + (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); +} +#endif /* !LITTLE_ENDIAN */ + +/* MD5 initialization. Begins an MD5 operation, writing a new context. + */ +void MD5Init (context) +MD5_CTX *context; /* context */ +{ + context->count = 0; + /* Load magic initialization constants. */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD5 block update operation. Continues an MD5 message-digest + operation, processing another message block, and updating the + context. + */ +void MD5Update (context, input, inputLen) +MD5_CTX *context; /* context */ +const unsigned char *input; /* input block */ +size_t inputLen; /* length of input block */ +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int)((context->count >> 3) & 0x3F); + + /* Update number of bits */ + context->count += ((u_int64_t)inputLen << 3); + + partLen = 64 - index; + + /* Transform as many times as possible. */ + if (inputLen >= partLen) { + memcpy ((POINTER)&context->buffer[index], (POINTER)input, partLen); + MD5Transform (context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD5Transform (context->state, &input[i]); + + index = 0; + } + else + i = 0; + + /* Buffer remaining input */ + memcpy ((POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i); +} + +/* MD5 finalization. Ends an MD5 message-digest operation, writing the + the message digest and zeroizing the context. + */ +void MD5Final (digest, context) +unsigned char digest[16]; /* message digest */ +MD5_CTX *context; /* context */ +{ + unsigned char bits[8]; + unsigned int index; + size_t padLen; + u_int32_t hi, lo; + + /* Save number of bits */ + hi = context->count >> 32; + lo = (u_int32_t)context->count & 0xffffffff; + Encode (bits, &lo, 4); + Encode (bits + 4, &hi, 4); + + /* Pad out to 56 mod 64. */ + index = (unsigned int)((context->count >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD5Update (context, PADDING, padLen); + + /* Append length (before padding) */ + MD5Update (context, bits, 8); + + if (digest != NULL) { + /* Store state in digest */ + Encode (digest, context->state, 16); + + /* Zeroize sensitive information. */ + memset ((POINTER)context, 0, sizeof (*context)); + } +} + +/* MD5 basic transformation. Transforms state based on block. + */ +void MD5Transform (state, block) +u_int32_t state[4]; +const unsigned char block[64]; +{ + u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode (x, block, 64); + + /* Round 1 */ + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. */ + memset ((POINTER)x, 0, sizeof (x)); +} + diff --git a/msyslog-v1.08a+smac/src/peo/peochk.c b/msyslog-v1.08a+smac/src/peo/peochk.c new file mode 100644 index 0000000..d24e0b9 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/peochk.c @@ -0,0 +1,518 @@ +/* $CoreSDI: peochk.c,v 1.35.2.2.4.9 2001/11/20 09:56:24 alejo Exp $ */ + +/* + * Copyright (c) 2001, Core SDI S.A., Argentina + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither name of the Core SDI S.A. nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * peochk - syslog -- Initial key generator and integrity log file checker + * + * Author: Claudio Castiglia, Core-SDI SA + * + * + * peochk [-f logfile] [-g] [-i key0file] [-k keyfile] [-l] + * [-m hash_method] [-q] [logfile] + * + * supported hash_method values: + * md5 + * rmd160 + * sha1 + * + * defaults: + * logfile: /var/log/messages + * keyfile: /var/ssyslog/.var.log.messages.key + * hash_method: sha1 + * + * NOTES: + * 1) When logfile is specified without the -f switch, the data is + * read from the standard input + * 2) If logfile is specified using both -f switch and without it, + * the -f argument is used and data is read from that file + * 3) If logfile is specified but not the keyfile, this will be + * /var/ssyslog/xxx.key where xxx is the logfile with all '/' + * replaced by '.' + * 4) If -l switch is specified, peochk detects the line number + * corrupted on logfile + * 5) -q means quiet mode + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#if TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +#include +#include + +#include "hash.h" +#include "../modules.h" +#include "../syslogd.h" + +#define CHECK 0x01 +#define QUIET 0x02 +#define ST_IN 0x04 + +int actionf; +char *corrupted = "corrupted"; +char *default_logfile = "/var/log/messages"; +char *keyfile; +char *key0file; +char *logfile; +char *macfile; +int method; + +extern char *optarg; + + +/* + * release allocated memory + */ +void +release(void) +{ + if (keyfile != default_keyfile) + free(keyfile); + if (key0file) + free(key0file); + if (logfile != default_logfile) + free(logfile); + if (macfile) + free(macfile); +} + + +/* + * usage + */ +void +usage(void) +{ + fprintf (stderr, + "Usage:\n" + "Check mode:\n" + " peochk [-h] [-l] [-f logfile] [-i key0file] [-k keyfile]\n" + " [-m hash_method] [-q] [logfile]\n\n" + "Initial key generator mode:\n" + " peochk -g [-h] [-k keyfile] [-m hash_method] [logfile]" + "\n\n"); + exit(-1); +} + + +/* + * readline() + */ +int +readline(int fd, char *buf, size_t len, FILE **f) +{ + char *st; + size_t i; + + if (*f == NULL) { + *f = fdopen(fd, "r"); + if (*f == NULL) + return (-1); + } + st = fgets(buf, len, *f); + if (st != NULL) { + i = strlen(buf) - 1; + if (*(buf + i) == '\n') + *(buf + i ) = '\0'; + return (i); + } + *buf = '\0'; + return (0); +} + + +/* + * eexit() + * Prints a message on stdout and exits with a status + */ +void +eexit(int status, char *fmt, ...) +{ + va_list ap; + if (fmt) { + va_start(ap, fmt); +#ifdef HAVE_VPRINTF + vfprintf(stdout, fmt, ap); +#elif defined(HAVE_DOPRNT) + _doprnt(stdout, fmt, ap); +#else +#error No vfprintf and no doprnt +#endif + va_end(ap); + } + exit(status); +} + + +/* + * check: read logfile and check it + */ +void +check(void) +{ + FILE *finput; + int i; + int input; + int mfd; + unsigned char key[41]; + int keylen; + unsigned char lastkey[21]; + int lastkeylen; + int line; + unsigned char mkey1[21]; + int mkey1len; + unsigned char mkey2[21]; + int mkey2len; + char msg[MAXLINE]; + int msglen; + + /* open logfile */ + if (actionf & ST_IN) + input = STDIN_FILENO; + else if ( (input = open(logfile, O_RDONLY, 0)) == -1) { + perror(logfile); + exit(-1); + } + + mfd = 0; /* shutup gcc */ + + /* open macfile */ + if (macfile) + if ( (mfd = open(macfile, O_RDONLY, 0)) == -1) { + perror(macfile); + exit(-1); + } + + /* read initial key (as ascii string) and tranlate it to binary */ + if ( (i = open(key0file, O_RDONLY, 0)) == -1) { + perror(key0file); + exit(-1); + } + if ( (keylen = read(i, key, 40)) == -1) { + perror(key0file); + exit(-1); + } + if (!keylen) { + if (actionf & QUIET) + eexit(1, "1\n"); + else + eexit(1, "(1) %s: %s\n", key0file, corrupted); + } + key[keylen] = 0; + asc2bin(key, key); + keylen >>= 1; + close(i); + + /* read last key */ + if ( (i = open(keyfile, O_RDONLY, 0)) == -1) { + perror(keyfile); + exit(-1); + } + if ( (lastkeylen = read(i, lastkey, 20)) == -1) { + perror(keyfile); + exit(-1); + } + if (!lastkeylen) { + if (actionf & QUIET) + eexit(1, "1\n"); + else + eexit(1, "(1) %s: %s\n", keyfile, corrupted); + } + close(i); + + /* test both key lenghts */ + if (lastkeylen != keylen) { + if (actionf & QUIET) + eexit(1, "1\n"); + else + eexit(1, "(1) %s and/or %s %s\n", key0file, keyfile, + corrupted); + } + + /* check it */ + line = 1; + finput = NULL; + while ( (msglen = readline(input, msg, MAXLINE, &finput)) > 0) { + if (macfile) { + if ( ((mkey1len = mac2(key, keylen, + (unsigned char *) msg, msglen, mkey1)) < 0) || + ((mkey2len = read(mfd, mkey2, + mkey1len)) < 0) ) { + perror(macfile); + exit(-1); + } + if ((mkey2len != mkey1len) || memcmp(mkey2, mkey1, + mkey1len)) { + if (actionf & QUIET) + eexit(1, "%i\n", line); + else + eexit(1, "(%i) %s %s on line %i\n", + line, logfile, corrupted, line); + } + line++; + } + if ( (keylen = mac(method, key, keylen, + (unsigned char *) msg, msglen, key)) == -1) { + perror("fatal"); + exit(-1); + } + } + + if (finput != NULL) + fclose(finput); + + if (macfile != NULL) + close(mfd); + + if (i < 0) { + fprintf(stderr, "error reading logs form %s : %s\n", + (actionf & ST_IN) ? "standard input" : logfile, + strerror(errno)); + exit(-1); + } + + if (memcmp(lastkey, key, keylen)) { + if (actionf & QUIET) + eexit(1, "1\n"); + else + eexit(1, "(1) %s %s\n", logfile, corrupted); + } + if (actionf & QUIET) + eexit(0, "0\n"); + else + eexit(0, "(0) %s file is ok\n", logfile); +} + + +/* + * generate: + * generate initial key and write it on keyfile and key0file + * in the last file data is written as ascii string + */ +void +generate(void) +{ + int kfd; + int k0fd; + unsigned char key[20]; + unsigned char keyasc[41]; + int keylen; + unsigned char randvalue[20]; + + if (getrandom(randvalue, 20) < 0) { + release(); + perror("getrandom"); + exit(-1); + } + if ( (keylen = mac(method, NULL, 0, randvalue, 20, key)) == -1) { + release(); + perror("fatal"); + exit(-1); + } + if ( (kfd = open(keyfile, O_WRONLY|O_CREAT|O_EXCL, + S_IRUSR|S_IWUSR)) == -1) { + release(); + perror(keyfile); + exit(-1); + } + if ( (k0fd = open(key0file, O_WRONLY|O_CREAT|O_EXCL, + S_IRUSR|S_IWUSR)) == -1) { + unlink(keyfile); + close(kfd); + release(); + perror(key0file); + exit(-1); + } + + /* write key 0 */ + write(kfd, key, keylen); + write(k0fd, bin2asc(keyasc, key, keylen), keylen << 1); + close(kfd); + close(k0fd); +} + + +/* + * main + */ +int +main(int argc, char **argv) +{ + int ch; + int mac; + + /* integrity check mode, stdin */ + actionf = CHECK | ST_IN; + + /* default values */ + logfile = default_logfile; + keyfile = default_keyfile; + key0file = NULL; + mac = 0; + macfile = NULL; + method = SHA1; + + /* parse command line */ + while ( (ch = getopt(argc, argv, "f:ghi:k:lm:q")) != -1) { + switch (ch) { + case 'f': + /* log file (intrusion detection mode) */ + if (logfile != default_logfile) + free(logfile); + if ( (logfile = strrealpath(optarg)) == NULL) { + release(); + perror(optarg); + exit(-1); + } + actionf &= ~ST_IN; + break; + case 'g': + /* generate new keyfile and initial key */ + actionf &= ~CHECK; + break; + case 'i': + /* key 0 file */ + if (key0file) + free(key0file); + if ( (key0file = strdup(optarg)) == NULL) { + release(); + perror(optarg); + exit(-1); + } + break; + case 'k': + /* keyfile */ + if (keyfile != default_keyfile) + free(keyfile); + if ( (keyfile = strdup(optarg)) == NULL) { + release(); + perror(optarg); + exit(-1); + } + break; + case 'l': + mac = 1; + break; + case 'm': + /* hash method */ + if ( (method = gethash(optarg)) < 0) { + release(); + usage(); + } + break; + case 'q': + /* quiet mode */ + actionf |= QUIET; + break; + case 'h': + default: + release(); + usage(); + } + + } + + /* check logfile specified without -f switch */ + argc -= optind; + argv += optind; + if (argc && (actionf & ST_IN)) + if ( (logfile = strrealpath(argv[argc-1])) == NULL) { + release(); + perror(argv[argc-1]); + exit(-1); + } + + /* if keyfile was not specified converted logfile is used instead */ + if (keyfile == default_keyfile && logfile != default_logfile) { + char *tmp; + + if ( (tmp = strallocat("/var/ssyslog/", logfile)) == NULL) { + release(); + perror("buffer for keyfile"); + exit(-1); + } + strdot(tmp+13); + if ( (keyfile = strallocat(tmp, ".key")) == NULL) { + free(tmp); + release(); + perror("buffer for keyfile"); + exit(-1); + } + free(tmp); + } + + /* if key0file was not specified create one */ + if (key0file == NULL) + if ( (key0file = strkey0(keyfile)) == NULL) { + release(); + perror("creating key0 file"); + exit(-1); + } + + /* create macfile */ + if (mac) + if ( (macfile = strmac(keyfile)) == NULL) { + release(); + perror("creating mac file"); + exit(-1); + } + + /* execute action */ + if (actionf & CHECK) + check(); + else + generate(); + + release(); + return (0); +} + diff --git a/msyslog-v1.08a+smac/src/peo/rmd160.c b/msyslog-v1.08a+smac/src/peo/rmd160.c new file mode 100644 index 0000000..13ce5c5 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/rmd160.c @@ -0,0 +1,430 @@ +/********************************************************************\ + * + * FILE: rmd160.c + * + * CONTENTS: A sample C-implementation of the RIPEMD-160 + * hash-function. + * TARGET: any computer with an ANSI C compiler + * + * AUTHOR: Antoon Bosselaers, ESAT-COSIC + * (Arranged for libc by Todd C. Miller) + * DATE: 1 March 1996 + * VERSION: 1.0 + * + * Copyright (c) Katholieke Universiteit Leuven + * 1996, All Rights Reserved + * +\********************************************************************/ + +/* header files */ +#include +#include +#include +#include + +/* changed */ +/* #include */ +#include "config.h" +#include "rmd160.h" + + +/********************************************************************/ + +/* macro definitions */ + +/* collect four bytes into one word: */ +#define BYTES_TO_DWORD(strptr) \ + (((u_int32_t) *((strptr)+3) << 24) | \ + ((u_int32_t) *((strptr)+2) << 16) | \ + ((u_int32_t) *((strptr)+1) << 8) | \ + ((u_int32_t) *(strptr))) + +/* ROL(x, n) cyclically rotates x over n bits to the left */ +/* x must be of an unsigned 32 bits type and 0 <= n < 32. */ +#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* the three basic functions F(), G() and H() */ +#define F(x, y, z) ((x) ^ (y) ^ (z)) +#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define H(x, y, z) (((x) | ~(y)) ^ (z)) +#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define J(x, y, z) ((x) ^ ((y) | ~(z))) + +/* the eight basic operations FF() through III() */ +#define FF(a, b, c, d, e, x, s) { \ + (a) += F((b), (c), (d)) + (x); \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define GG(a, b, c, d, e, x, s) { \ + (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define HH(a, b, c, d, e, x, s) { \ + (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define II(a, b, c, d, e, x, s) { \ + (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define JJ(a, b, c, d, e, x, s) { \ + (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define FFF(a, b, c, d, e, x, s) { \ + (a) += F((b), (c), (d)) + (x); \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define GGG(a, b, c, d, e, x, s) { \ + (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define HHH(a, b, c, d, e, x, s) { \ + (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define III(a, b, c, d, e, x, s) { \ + (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} +#define JJJ(a, b, c, d, e, x, s) { \ + (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \ + (a) = ROL((a), (s)) + (e); \ + (c) = ROL((c), 10); \ +} + +/********************************************************************/ + +void +RMD160Init(context) + RMD160_CTX *context; +{ + + /* ripemd-160 initialization constants */ + context->state[0] = 0x67452301U; + context->state[1] = 0xefcdab89U; + context->state[2] = 0x98badcfeU; + context->state[3] = 0x10325476U; + context->state[4] = 0xc3d2e1f0U; + context->length[0] = context->length[1] = 0; + context->buflen = 0; +} + +/********************************************************************/ + +void +RMD160Transform(state, block) + u_int32_t state[5]; + const u_int32_t block[16]; +{ + u_int32_t aa = state[0], bb = state[1], cc = state[2], + dd = state[3], ee = state[4]; + u_int32_t aaa = state[0], bbb = state[1], ccc = state[2], + ddd = state[3], eee = state[4]; + + /* round 1 */ + FF(aa, bb, cc, dd, ee, block[ 0], 11); + FF(ee, aa, bb, cc, dd, block[ 1], 14); + FF(dd, ee, aa, bb, cc, block[ 2], 15); + FF(cc, dd, ee, aa, bb, block[ 3], 12); + FF(bb, cc, dd, ee, aa, block[ 4], 5); + FF(aa, bb, cc, dd, ee, block[ 5], 8); + FF(ee, aa, bb, cc, dd, block[ 6], 7); + FF(dd, ee, aa, bb, cc, block[ 7], 9); + FF(cc, dd, ee, aa, bb, block[ 8], 11); + FF(bb, cc, dd, ee, aa, block[ 9], 13); + FF(aa, bb, cc, dd, ee, block[10], 14); + FF(ee, aa, bb, cc, dd, block[11], 15); + FF(dd, ee, aa, bb, cc, block[12], 6); + FF(cc, dd, ee, aa, bb, block[13], 7); + FF(bb, cc, dd, ee, aa, block[14], 9); + FF(aa, bb, cc, dd, ee, block[15], 8); + + /* round 2 */ + GG(ee, aa, bb, cc, dd, block[ 7], 7); + GG(dd, ee, aa, bb, cc, block[ 4], 6); + GG(cc, dd, ee, aa, bb, block[13], 8); + GG(bb, cc, dd, ee, aa, block[ 1], 13); + GG(aa, bb, cc, dd, ee, block[10], 11); + GG(ee, aa, bb, cc, dd, block[ 6], 9); + GG(dd, ee, aa, bb, cc, block[15], 7); + GG(cc, dd, ee, aa, bb, block[ 3], 15); + GG(bb, cc, dd, ee, aa, block[12], 7); + GG(aa, bb, cc, dd, ee, block[ 0], 12); + GG(ee, aa, bb, cc, dd, block[ 9], 15); + GG(dd, ee, aa, bb, cc, block[ 5], 9); + GG(cc, dd, ee, aa, bb, block[ 2], 11); + GG(bb, cc, dd, ee, aa, block[14], 7); + GG(aa, bb, cc, dd, ee, block[11], 13); + GG(ee, aa, bb, cc, dd, block[ 8], 12); + + /* round 3 */ + HH(dd, ee, aa, bb, cc, block[ 3], 11); + HH(cc, dd, ee, aa, bb, block[10], 13); + HH(bb, cc, dd, ee, aa, block[14], 6); + HH(aa, bb, cc, dd, ee, block[ 4], 7); + HH(ee, aa, bb, cc, dd, block[ 9], 14); + HH(dd, ee, aa, bb, cc, block[15], 9); + HH(cc, dd, ee, aa, bb, block[ 8], 13); + HH(bb, cc, dd, ee, aa, block[ 1], 15); + HH(aa, bb, cc, dd, ee, block[ 2], 14); + HH(ee, aa, bb, cc, dd, block[ 7], 8); + HH(dd, ee, aa, bb, cc, block[ 0], 13); + HH(cc, dd, ee, aa, bb, block[ 6], 6); + HH(bb, cc, dd, ee, aa, block[13], 5); + HH(aa, bb, cc, dd, ee, block[11], 12); + HH(ee, aa, bb, cc, dd, block[ 5], 7); + HH(dd, ee, aa, bb, cc, block[12], 5); + + /* round 4 */ + II(cc, dd, ee, aa, bb, block[ 1], 11); + II(bb, cc, dd, ee, aa, block[ 9], 12); + II(aa, bb, cc, dd, ee, block[11], 14); + II(ee, aa, bb, cc, dd, block[10], 15); + II(dd, ee, aa, bb, cc, block[ 0], 14); + II(cc, dd, ee, aa, bb, block[ 8], 15); + II(bb, cc, dd, ee, aa, block[12], 9); + II(aa, bb, cc, dd, ee, block[ 4], 8); + II(ee, aa, bb, cc, dd, block[13], 9); + II(dd, ee, aa, bb, cc, block[ 3], 14); + II(cc, dd, ee, aa, bb, block[ 7], 5); + II(bb, cc, dd, ee, aa, block[15], 6); + II(aa, bb, cc, dd, ee, block[14], 8); + II(ee, aa, bb, cc, dd, block[ 5], 6); + II(dd, ee, aa, bb, cc, block[ 6], 5); + II(cc, dd, ee, aa, bb, block[ 2], 12); + + /* round 5 */ + JJ(bb, cc, dd, ee, aa, block[ 4], 9); + JJ(aa, bb, cc, dd, ee, block[ 0], 15); + JJ(ee, aa, bb, cc, dd, block[ 5], 5); + JJ(dd, ee, aa, bb, cc, block[ 9], 11); + JJ(cc, dd, ee, aa, bb, block[ 7], 6); + JJ(bb, cc, dd, ee, aa, block[12], 8); + JJ(aa, bb, cc, dd, ee, block[ 2], 13); + JJ(ee, aa, bb, cc, dd, block[10], 12); + JJ(dd, ee, aa, bb, cc, block[14], 5); + JJ(cc, dd, ee, aa, bb, block[ 1], 12); + JJ(bb, cc, dd, ee, aa, block[ 3], 13); + JJ(aa, bb, cc, dd, ee, block[ 8], 14); + JJ(ee, aa, bb, cc, dd, block[11], 11); + JJ(dd, ee, aa, bb, cc, block[ 6], 8); + JJ(cc, dd, ee, aa, bb, block[15], 5); + JJ(bb, cc, dd, ee, aa, block[13], 6); + + /* parallel round 1 */ + JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8); + JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9); + JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9); + JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11); + JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13); + JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15); + JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15); + JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5); + JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7); + JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7); + JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8); + JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11); + JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14); + JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14); + JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12); + JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6); + + /* parallel round 2 */ + III(eee, aaa, bbb, ccc, ddd, block[ 6], 9); + III(ddd, eee, aaa, bbb, ccc, block[11], 13); + III(ccc, ddd, eee, aaa, bbb, block[ 3], 15); + III(bbb, ccc, ddd, eee, aaa, block[ 7], 7); + III(aaa, bbb, ccc, ddd, eee, block[ 0], 12); + III(eee, aaa, bbb, ccc, ddd, block[13], 8); + III(ddd, eee, aaa, bbb, ccc, block[ 5], 9); + III(ccc, ddd, eee, aaa, bbb, block[10], 11); + III(bbb, ccc, ddd, eee, aaa, block[14], 7); + III(aaa, bbb, ccc, ddd, eee, block[15], 7); + III(eee, aaa, bbb, ccc, ddd, block[ 8], 12); + III(ddd, eee, aaa, bbb, ccc, block[12], 7); + III(ccc, ddd, eee, aaa, bbb, block[ 4], 6); + III(bbb, ccc, ddd, eee, aaa, block[ 9], 15); + III(aaa, bbb, ccc, ddd, eee, block[ 1], 13); + III(eee, aaa, bbb, ccc, ddd, block[ 2], 11); + + /* parallel round 3 */ + HHH(ddd, eee, aaa, bbb, ccc, block[15], 9); + HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7); + HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15); + HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11); + HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8); + HHH(ddd, eee, aaa, bbb, ccc, block[14], 6); + HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6); + HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14); + HHH(aaa, bbb, ccc, ddd, eee, block[11], 12); + HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13); + HHH(ddd, eee, aaa, bbb, ccc, block[12], 5); + HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14); + HHH(bbb, ccc, ddd, eee, aaa, block[10], 13); + HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13); + HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7); + HHH(ddd, eee, aaa, bbb, ccc, block[13], 5); + + /* parallel round 4 */ + GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15); + GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5); + GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8); + GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11); + GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14); + GGG(ccc, ddd, eee, aaa, bbb, block[11], 14); + GGG(bbb, ccc, ddd, eee, aaa, block[15], 6); + GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14); + GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6); + GGG(ddd, eee, aaa, bbb, ccc, block[12], 9); + GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12); + GGG(bbb, ccc, ddd, eee, aaa, block[13], 9); + GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12); + GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5); + GGG(ddd, eee, aaa, bbb, ccc, block[10], 15); + GGG(ccc, ddd, eee, aaa, bbb, block[14], 8); + + /* parallel round 5 */ + FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8); + FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5); + FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12); + FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9); + FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12); + FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5); + FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14); + FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6); + FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8); + FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13); + FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6); + FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5); + FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15); + FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13); + FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11); + FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11); + + /* combine results */ + ddd += cc + state[1]; /* final result for state[0] */ + state[1] = state[2] + dd + eee; + state[2] = state[3] + ee + aaa; + state[3] = state[4] + aa + bbb; + state[4] = state[0] + bb + ccc; + state[0] = ddd; +} + +/********************************************************************/ + +void +RMD160Update(context, data, nbytes) + RMD160_CTX *context; + const u_char *data; + u_int32_t nbytes; +{ + u_int32_t X[16]; + u_int32_t ofs = 0; + u_int32_t i; +#if BYTE_ORDER != LITTLE_ENDIAN + u_int32_t j; +#endif + + /* update length[] */ + if (context->length[0] + nbytes < context->length[0]) + context->length[1]++; /* overflow to msb of length */ + context->length[0] += nbytes; + + (void)memset(X, 0, sizeof(X)); + + if ( context->buflen + nbytes < 64 ) + { + (void)memcpy(context->bbuffer + context->buflen, data, nbytes); + context->buflen += nbytes; + } + else + { + /* process first block */ + ofs = 64 - context->buflen; + (void)memcpy(context->bbuffer + context->buflen, data, ofs); +#if BYTE_ORDER == LITTLE_ENDIAN + (void)memcpy(X, context->bbuffer, sizeof(X)); +#else + for (j=0; j < 16; j++) + X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); +#endif + RMD160Transform(context->state, X); + nbytes -= ofs; + + /* process remaining complete blocks */ + for (i = 0; i < (nbytes >> 6); i++) { +#if BYTE_ORDER == LITTLE_ENDIAN + (void)memcpy(X, data + (64 * i) + ofs, sizeof(X)); +#else + for (j=0; j < 16; j++) + X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs); +#endif + RMD160Transform(context->state, X); + } + + /* + * Put last bytes from data into context's buffer + */ + context->buflen = nbytes & 63; + memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen); + } +} + +/********************************************************************/ + +void +RMD160Final(digest, context) + u_char digest[20]; + RMD160_CTX *context; +{ + u_int32_t i; + u_int32_t X[16]; +#if BYTE_ORDER != LITTLE_ENDIAN + u_int32_t j; +#endif + + /* append the bit m_n == 1 */ + context->bbuffer[context->buflen] = '\200'; + + (void)memset(context->bbuffer + context->buflen + 1, 0, + 63 - context->buflen); +#if BYTE_ORDER == LITTLE_ENDIAN + (void)memcpy(X, context->bbuffer, sizeof(X)); +#else + for (j=0; j < 16; j++) + X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); +#endif + if ((context->buflen) > 55) { + /* length goes to next block */ + RMD160Transform(context->state, X); + (void)memset(X, 0, sizeof(X)); + } + + /* append length in bits */ + X[14] = context->length[0] << 3; + X[15] = (context->length[0] >> 29) | + (context->length[1] << 3); + RMD160Transform(context->state, X); + + if (digest != NULL) { + for (i = 0; i < 20; i += 4) { + /* extracts the 8 least significant bits. */ + digest[i] = context->state[i>>2]; + digest[i + 1] = (context->state[i>>2] >> 8); + digest[i + 2] = (context->state[i>>2] >> 16); + digest[i + 3] = (context->state[i>>2] >> 24); + } + } +} + +/************************ end of file rmd160.c **********************/ diff --git a/msyslog-v1.08a+smac/src/peo/rmd160.h b/msyslog-v1.08a+smac/src/peo/rmd160.h new file mode 100644 index 0000000..71c224b --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/rmd160.h @@ -0,0 +1,50 @@ +/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */ + +/********************************************************************\ + * + * FILE: rmd160.h + * + * CONTENTS: Header file for a sample C-implementation of the + * RIPEMD-160 hash-function. + * TARGET: any computer with an ANSI C compiler + * + * AUTHOR: Antoon Bosselaers, ESAT-COSIC + * DATE: 1 March 1996 + * VERSION: 1.0 + * + * Copyright (c) Katholieke Universiteit Leuven + * 1996, All Rights Reserved + * +\********************************************************************/ + +#ifndef _RMD160_H /* make sure this file is read only once */ +#define _RMD160_H + +#include "typedefs.h" + +/********************************************************************/ + +/* structure definitions */ + +typedef struct { + u_int32_t state[5]; /* state (ABCDE) */ + u_int32_t length[2]; /* number of bits */ + u_char bbuffer[64]; /* overflow buffer */ + u_int32_t buflen; /* number of chars in bbuffer */ +} RMD160_CTX; + +/********************************************************************/ + +/* function prototypes */ + +void RMD160Init __P((RMD160_CTX *context)); +void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16])); +void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes)); +void RMD160Final __P((u_char digest[20], RMD160_CTX *context)); +char *RMD160End __P((RMD160_CTX *, char *)); +char *RMD160File __P((char *, char *)); +char *RMD160Data __P((const u_char *, size_t, char *)); + +#endif /* _RMD160_H */ + +/*********************** end of file rmd160.h ***********************/ diff --git a/msyslog-v1.08a+smac/src/peo/sha1.c b/msyslog-v1.08a+smac/src/peo/sha1.c new file mode 100644 index 0000000..adc895c --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/sha1.c @@ -0,0 +1,184 @@ +/* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */ + +/* + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + * + * Test Vectors (from FIPS PUB 180-1) + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F + */ + +#define SHA1HANDSOFF /* Copies data before messing with it. */ + +#include +#include + +/* changed */ +/*#include */ +#include "config.h" +#include "sha1.h" + + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* + * blk0() and blk() perform the initial expand. + * I got the idea of expanding during the round function from SSLeay + */ +#if BYTE_ORDER == LITTLE_ENDIAN +# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +# define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* + * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 + */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* + * Hash a single 512-bit block. This is the core of the algorithm. + */ +void SHA1Transform(state, buffer) + u_int32_t state[5]; + const u_char buffer[64]; +{ + u_int32_t a, b, c, d, e; + typedef union { + u_char c[64]; + u_int l[16]; + } CHAR64LONG16; + CHAR64LONG16 *block; + +#ifdef SHA1HANDSOFF + static u_char workspace[64]; + block = (CHAR64LONG16 *)workspace; + (void)memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16 *)buffer; +#endif + + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* + * SHA1Init - Initialize new context + */ +void SHA1Init(context) + SHA1_CTX *context; +{ + + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* + * Run your data through this. + */ +void SHA1Update(context, data, len) + SHA1_CTX *context; + const u_char *data; + u_int len; +{ + u_int i, j; + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) + context->count[1] += (len>>29)+1; + j = (j >> 3) & 63; + if ((j + len) > 63) { + (void)memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) + SHA1Transform(context->state, &data[i]); + j = 0; + } else { + i = 0; + } + (void)memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* + * Add padding and return the message digest. + */ +void SHA1Final(digest, context) + u_char digest[20]; + SHA1_CTX* context; +{ + u_int i; + u_char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (u_char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (u_char *)"\200", 1); + while ((context->count[0] & 504) != 448) + SHA1Update(context, (u_char *)"\0", 1); + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + + if (digest) { + for (i = 0; i < 20; i++) + digest[i] = (u_char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } +} diff --git a/msyslog-v1.08a+smac/src/peo/sha1.h b/msyslog-v1.08a+smac/src/peo/sha1.h new file mode 100644 index 0000000..d5c8b87 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/sha1.h @@ -0,0 +1,44 @@ +/* $OpenBSD: sha1.h,v 1.9 1999/02/03 03:13:18 angelos Exp $ */ + +/* + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + */ + +#ifndef _SHA1_H +#define _SHA1_H + +#include "typedefs.h" + +typedef struct { + u_int32_t state[5]; + u_int32_t count[2]; + u_char buffer[64]; +} SHA1_CTX; + +void SHA1Transform __P((u_int32_t state[5], const u_char buffer[64])); +void SHA1Init __P((SHA1_CTX *context)); +void SHA1Update __P((SHA1_CTX *context, const u_char *data, u_int len)); +void SHA1Final __P((u_char digest[20], SHA1_CTX *context)); +char *SHA1End __P((SHA1_CTX *, char *)); +char *SHA1File __P((char *, char *)); +char *SHA1Data __P((const u_char *, size_t, char *)); + +#define SHA1_DIGESTSIZE 20 +#define SHA1_BLOCKSIZE 64 +#define HTONDIGEST(x) { \ + x[0] = htonl(x[0]); \ + x[1] = htonl(x[1]); \ + x[2] = htonl(x[2]); \ + x[3] = htonl(x[3]); \ + x[4] = htonl(x[4]); } + +#define NTOHDIGEST(x) { \ + x[0] = ntohl(x[0]); \ + x[1] = ntohl(x[1]); \ + x[2] = ntohl(x[2]); \ + x[3] = ntohl(x[3]); \ + x[4] = ntohl(x[4]); } + +#endif /* _SHA1_H */ diff --git a/msyslog-v1.08a+smac/src/peo/typedefs.h b/msyslog-v1.08a+smac/src/peo/typedefs.h new file mode 100644 index 0000000..07a72e0 --- /dev/null +++ b/msyslog-v1.08a+smac/src/peo/typedefs.h @@ -0,0 +1,38 @@ +/* $CoreSDI: typedefs.h,v 1.5.2.1 2001/05/04 22:09:17 alejo Exp $ + */ + +#ifndef PEO_TYPEEFS_H +#define PEO_TYPEEFS_H 1 + +#ifndef HAVE_U_INT32_T +# ifdef HAVE_UINT32_T + typedef uint32_t u_int32_t; +# elif defined(HAVE___UINT32_T) + typedef uint32_t __uint32_t; +# else +# error Could not determine unsigned int 32 typedef +# endif +#endif + +#ifndef HAVE_U_INT64_T +# ifdef HAVE_UINT64_T + typedef uint64_t u_int64_t; +# elif defined(HAVE___UINT64_T) + typedef __uint64_t __uint64_t; +# else +# error Could not determine unsigned int 64 typedef +# endif +#endif + +/* if __P isn't already defined... */ +#ifdef __STDC__ +# ifndef __P +# define __P(p) p +# endif +#else +# ifndef __P +# define __P(p) () +# endif +#endif /* __STDC__ */ + +#endif /* ifdef PEO_TYPEEFS_H */ diff --git a/msyslog-v1.08a+smac/src/syslogd.c b/msyslog-v1.08a+smac/src/syslogd.c new file mode 100644 index 0000000..efe1b78 --- /dev/null +++ b/msyslog-v1.08a+smac/src/syslogd.c @@ -0,0 +1,1637 @@ +/* $CoreSDI: syslogd.c,v 1.90.2.9.2.4.4.35 2001/11/30 23:13:43 alejo Exp $ */ + +/* + * Copyright (c) 1983, 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1983, 1988, 1993, 1994\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +/*static char sccsid[] = "@(#)syslogd.c 8.3 (Berkeley) 4/4/94";*/ +static char rcsid[] = "$CoreSDI: syslogd.c,v 1.90.2.9.2.4.4.35 2001/11/30 23:13:43 alejo Exp $"; +#endif /* not lint */ + +/* + * syslogd -- log system messages + * + * This program implements a system log. It takes a series of lines. + * Each line may have a priority, signified as "" as + * the first characters of the line. If this is + * not present, a default priority is used. + * + * To kill syslogd, send a signal 15 (terminate). A signal 1 (hup) will + * cause it to reread its configuration file. + * + * Defined Constants: + * + * MAXLINE -- the maximimum line length that can be handled. + * DEFUPRI -- the default priority for user messages + * DEFSPRI -- the default priority for kernel messages + * + * Author: Eric Allman + * extensive changes by Ralph Campbell + * more extensive changes by Eric Allman (again) + * extensive changes by Alejo Sanchez for Core-SDI + * + */ + +#include "config.h" + +#include +#include +#include +#include +#if HAVE_SYS_WAIT_H +# include +#endif +#ifndef WEXITSTATUS +# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +#endif +#ifndef WIFEXITED +# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) +#endif +#include +#include + +#ifdef TIME_WITH_SYS_TIME +# include +# include +#else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif + +#include +#ifdef HAVE_SYSCTL_H +# include +#endif +#include +#if defined(SIGALTSTACK_WITH_STACK_T) && defined(HAVE_SYS_CONTEXT_H) +# include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SYSLOG_NAMES +#include +#include "modules.h" +#include "syslogd.h" + +#ifndef _PATH_CONSOLE +#define _PATH_CONSOLE "/dev/console" +/* #warning Using "/dev/console" for _PATH_CONSOLE */ +#endif /* _PATH_CONSOLE */ + +/* if _PATH_DEVNULL isn't defined, define it here... */ +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#ifndef NAME_MAX +#ifdef MAXNAMLEN +#define NAME_MAX MAXNAMLEN +/* #warning using MAXNAMLEN for NAME_MAX */ +#else +#define NAME_MAX 255 +/* #warning using 255 for NAME_MAX */ +#endif /* MAXNAMLEN */ +#endif /* NAME_MAX */ + +#ifndef HAVE_SOCKLEN_T +# define socklen_t int +#endif + +/* + * Intervals at which we flush out "message repeated" messages, + * in seconds after previous message is logged. After each flush, + * we move to the next interval until we reach the largest. + */ +int repeatinterval[] = { 30, 120, 600 }; /* # of secs before flush */ + + +struct filed *Files; +struct filed consfile; + +int Initialized = 0; /* set when we have initialized ourselves */ +int MarkInterval = 20 * 60; /* interval between marks in seconds */ +int MarkSeq = 0; /* mark sequence number */ +int WantDie = 0; +char *ConfFile = _PATH_LOGCONF; /* configuration file */ + +#ifdef _PATH_LOGPID +char *pidfile = _PATH_LOGPID; +#else +char *pidfile = PID_DIR "/" PID_FILE; +#endif + +FILE *pidf; + +#define MAX_PIDFILE_LOCK_TRIES 5 + +char *ctty; /* console path */ +int UseConsole = 1; +char LocalHostName[MAXHOSTNAMELEN]; /* our hostname */ +int Debug = 0; /* debug flag */ +int DaemonFlags = 0; /* running daemon flags */ +#define SYSLOGD_LOCKED_PIDFILE 0x01 /* pidfile is locked */ +#define SYSLOGD_MARK 0x02 /* call domark() */ +#define SYSLOGD_DIE 0x04 /* call die() */ +#define USE_LOCALDOMAIN 0x08 /* use hostname with local domain */ + +char *libdir = NULL; + +RETSIGTYPE domark(int); +RETSIGTYPE reapchild(int); +RETSIGTYPE init(int); +RETSIGTYPE signal_handler (int); +RETSIGTYPE dodie(int); +void die(int); +int cfline(char *, struct filed *, char *); +int decode(const char *, CODE *); +void markit(void); +void doLog(struct filed *, int, char *, int, int); +void printline(char *, char *, size_t, int); +void usage(void); +int imodule_create(struct i_module *, char *); +int omodule_create(char *, struct filed *, char *); +int omodules_destroy(struct omodule *); +int imodules_destroy(struct imodule *); +void logerror(char *); +void logmsg(int, char *, char *, int); +int getmsgbufsize(void); +void *main_lib = NULL; + +extern struct omodule *omodules; +extern struct imodule *imodules; +struct i_module Inputs; + +struct pollfd *fd_inputs = NULL; +int fd_in_count = 0; +struct i_module **fd_inputs_mod = NULL; + +int +main(int argc, char **argv) +{ + int ch; + struct im_msg log; +#ifndef SIGALTSTACK_WITH_STACK_T + struct sigaltstack alt_stack; +#else + stack_t alt_stack; +#endif + struct sigaction sa; + int default_inputs = 1; /* start default modules? */ + int (*resolv_domain)(char *, int, char *); + + Inputs.im_next = NULL; + Inputs.im_fd = -1; + + /* init module list */ + imodules = NULL; + omodules = NULL; + + setlinebuf(stdout); + +#ifdef NEEDS_DLOPEN_NULL + if ( dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL) == NULL) + printf("syslogd: error exporting%s\n", dlerror()); +#endif + + if ( (main_lib = dlopen(INSTALL_LIBDIR "/" MLIBNAME_STR, DLOPEN_FLAGS)) + == NULL && Debug) + main_lib = dlopen("./" MLIBNAME_STR, DLOPEN_FLAGS); + + if (main_lib == NULL) { + printf("Error opening main library, [%s] file [%s]\n", + dlerror(), INSTALL_LIBDIR "/" MLIBNAME_STR); + return(-1); + } + + /* console config line */ + ctty = (char *) malloc(sizeof(_PATH_CONSOLE) + 19); + strcpy(ctty, "%classic -t CONSOLE " _PATH_CONSOLE); + + /* use ':' at start to allow -d to be used without argument */ + opterr = 0; + + while ( (ch = getopt(argc, argv, ":d:f:m:ui:p:a:P:hcnA")) != -1) { + char buf[512]; + + switch (ch) { + case ':': /* missing arg, bsd */ + case '?': /* missing arg, sysv */ + break; + case 'd': /* debug */ + if (optarg == NULL) { + Debug = 20; + } else if (isdigit((int) *optarg)) { + Debug = atoi(optarg); + } else { + Debug++; + optind--; + } + break; + case 'f': /* configuration file */ + ConfFile = optarg; + break; + case 'm': /* mark interval */ + MarkInterval = atoi(optarg) * 60; + break; + case 'u': /* allow udp input port */ + if (imodule_create(&Inputs, "udp") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "udp input module\n"); + } + break; + case 'i': /* inputs */ + if (imodule_create(&Inputs, optarg) < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "input module, ignoring %s\n", optarg); + } + break; + case 'p': /* path */ + case 'a': /* additional im_unix socket */ + snprintf(buf, sizeof(buf), "unix %s", optarg); + if (imodule_create(&Inputs, buf) < 0) { + fprintf(stderr, "syslogd: WARNING out of " + "descriptors, ignoring %s\n", optarg); + } + break; + case 'c': /* don't use console */ + UseConsole = 0; + break; + case 'n': /* don't start default modules */ + default_inputs = 0; + break; + case 'P': /* alternate pidfile */ + pidfile = optarg; + break; + case 'A': /* use local domain name too */ + DaemonFlags |= USE_LOCALDOMAIN; + break; + case 'h': + default: + usage(); + } + } + + if ( default_inputs && Inputs.im_fd < 0 && Inputs.im_next == NULL ) { +#ifdef HAVE_LINUX_IMODULE + if (imodule_create(&Inputs, "linux") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "linux input module\n"); + } +#elif HAVE_BSD_IMODULE + if (imodule_create(&Inputs, "bsd") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "bsd input module\n"); + } +#elif HAVE_STREAMS_IMODULE + if (imodule_create(&Inputs, "streams") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "streams input module\n"); + } + if (imodule_create(&Inputs, "doors") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "doors input module\n"); + } +#endif + +#ifndef HAVE_STREAMS_IMODULE +# ifdef HAVE_UNIX_IMODULE + if (imodule_create(&Inputs, "unix") < 0) { + fprintf(stderr, "syslogd: WARNING error on " + "unix input module\n"); + } +#endif /* ifdef HAVE_UNIX_IMODULE */ +#endif /* ifndef HAVE_STREAMS_IMODULE */ + } + + if ( Inputs.im_fd < 0 && Inputs.im_next == NULL ) { + dprintf(MSYSLOG_SERIOUS, "syslogd: no inputs active\n"); + usage(); + } + + if ( (argc -= optind) != 0 ) + dprintf(MSYSLOG_SERIOUS, "syslogd: remaining command" + " line not parsed!\n"); + + if (!Debug) { + struct rlimit r; + + /* no core dumping */ + r.rlim_cur = 0; + r.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &r)) { + logerror("ERROR setting limits for coredump"); + } + + } + + if (!Debug) { + int fd; + + /* go daemon and mimic daemon() */ + switch (fork()) { + case -1: + perror("fork"); + exit(-1); + break; + case 0: + break; + default: + exit(0); + } + + /* child */ + if (setsid() == -1) + return (-1); + + chdir("/"); + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + dup2(fd, STDERR_FILENO); + if (fd > 2) + close(fd); + } + } + + gethostname(LocalHostName, sizeof(LocalHostName)); + if ((DaemonFlags & USE_LOCALDOMAIN) && + (resolv_domain = dlsym(main_lib, SYMBOL_PREFIX "resolv_domain")) + != NULL && resolv_domain(LocalHostName, sizeof(LocalHostName) - 1, + LocalHostName) == -1) + gethostname(LocalHostName, sizeof(LocalHostName)); /* again */ + + /* Set signal handlers */ + /* XXX: use one signal handler for all signals other than HUP */ + /* use sigaction and sigaltstack */ + place_signal(SIGTERM, dodie); + place_signal(SIGINT, Debug ? dodie : SIG_IGN); + place_signal(SIGQUIT, Debug ? dodie : SIG_IGN); + place_signal(SIGCHLD, reapchild); + place_signal(SIGALRM, domark); + place_signal(SIGPIPE, SIG_IGN); + + if ( (alt_stack.ss_sp = malloc(SIGSTKSZ)) == NULL) { + dprintf(MSYSLOG_CRITICAL, "malloc altstack struct"); + exit(-1); + } +#if 0 /* should we do this on some OSs (ie. Aix)? */ + /* adjust ss_sp to point to base of stack */ + sigstk.ss_sp += SIGSTKSZ - 1; +#endif + alt_stack.ss_size = SIGSTKSZ; + alt_stack.ss_flags = 0; + if (alt_stack.ss_sp == NULL) { + perror(strerror(errno)); + exit(-1); + } + sigemptyset(&sa.sa_mask); + sigaddset(&sa.sa_mask, SIGTSTP); + sigaddset(&sa.sa_mask, SIGALRM); + sigaddset(&sa.sa_mask, SIGHUP); + sa.sa_handler = signal_handler; + sa.sa_flags = SA_NOCLDSTOP | SA_RESTART | SA_ONSTACK; + if (sigaltstack(&alt_stack, NULL) < 0 || + sigaction(SIGTSTP, &sa, NULL) < 0 ) { + free(alt_stack.ss_sp); + perror(strerror(errno)); + exit(-1); + } + alarm(TIMERINTVL); + + /* took my process id away */ + if (!Debug) { + struct flock fl; + int lfd, tries, status; + char buf[1024]; + + fl.l_type = F_WRLCK; + fl.l_whence = SEEK_SET; /* relative to bof */ + fl.l_start = 0L; /* from offset zero */ + fl.l_len = 0L; /* lock to eof */ + + /* no truncating before lock checking */ + pidf = fopen(pidfile, "a+"); + if (pidf != NULL) { + lfd = fileno(pidf); + for (tries = 0; tries < MAX_PIDFILE_LOCK_TRIES; + tries++) { + errno = 0; + status = fcntl(lfd, F_SETLK, &fl); + if (status == -1) { + if (errno == EACCES || + errno == EAGAIN) { + sleep(1); + continue; + } else { + snprintf(buf, sizeof(buf), + "fcntl lock error status %d" + " on %s %d %s", status, + pidfile, lfd, + strerror(errno)); + logerror(buf); + die(0); + } + } + /* successful lock */ + break; + } + + if (status == -1) { + snprintf(buf, sizeof(buf), "Cannot lock %s fd " + "%d in %d tries %s", pidfile, lfd, + tries + 1, strerror(errno)); + logerror(buf); + + /* who is hogging this lock */ + fl.l_type = F_WRLCK; + fl.l_whence = SEEK_SET; /* relative to bof */ + fl.l_start = 0L; /* from offset zero */ + fl.l_len = 0L; /* lock to eof */ +#ifdef HAS_FLOCK_SYSID + fl.l_sysid = 0L; +#endif + fl.l_pid = 0; + + status = fcntl(lfd, F_GETLK, &fl); + if ((status == -1) || (fl.l_type == F_UNLCK)) { + snprintf(buf, sizeof(buf), "Cannot " + "determine %s lockholder status = " + "%d type=%d", pidfile, status, + fl.l_type); + logerror(buf); + return (0); + } + + snprintf(buf, sizeof(buf), "Lock on %s is " + "being held by sys = %u pid = %d", pidfile, +#ifdef HAS_FLOCK_SYSID + fl.l_sysid, +#else + -1, +#endif + fl.l_pid); + logerror(buf); + die(0); + } + + DaemonFlags |= SYSLOGD_LOCKED_PIDFILE; + if ( ftruncate( lfd, (off_t) 0) < 0) { + snprintf(buf, sizeof(buf), "Error truncating pidfile, %s", + strerror(errno)); + logerror(buf); + die(0); + } + + fprintf(pidf, "%d\n", (int) getpid()); + (void) fflush(pidf); + } + } + + dprintf(MSYSLOG_INFORMATIVE, "off & running....\n"); + + init(0); + place_signal(SIGHUP, init); + + for (;;) { + int count, i, done; + + if (DaemonFlags & SYSLOGD_MARK) + markit(); + if (WantDie) + die(WantDie); + + if (fd_inputs == NULL) { + dprintf(MSYSLOG_CRITICAL, "no input struct"); + exit(-1); + } + + /* count will always be less than fd_in_count */ + switch (count = poll(fd_inputs, fd_in_count, -1)) { + case 0: + dprintf(MSYSLOG_INFORMATIVE, "main: poll returned 0\n"); + continue; + case -1: + dprintf(MSYSLOG_INFORMATIVE, "main: poll returned " + "-1\n"); + if (errno != EINTR) + logerror("poll"); + continue; + } + + for (i = 0, done = 0; done < count; i++) { + if (fd_inputs[i].revents & POLLIN) { + char *mname; + int fd; + int val = -1; + + log.im_pid = 0; + log.im_pri = 0; + log.im_flags = 0; + + mname = fd_inputs_mod[i]->im_func->im_name; + fd = fd_inputs[i].fd; + + if (!fd_inputs_mod[i] || + !fd_inputs_mod[i]->im_func || + !fd_inputs_mod[i]->im_func->im_read || + (val = (*fd_inputs_mod[i]->im_func->im_read) + (fd_inputs_mod[i], fd_inputs[i].fd, + &log)) < 0) { + dprintf(MSYSLOG_SERIOUS, "syslogd: " + "Error calling input module %s, " + "for fd %i\n", mname, fd); + + } else if (val == 1) /* log it */ + printline(log.im_host, log.im_msg, + log.im_len, + fd_inputs_mod[i]->im_flags); + /* return of 0 skips it */ + + done++; /* one less */ + } + + } + } + + /* NOT REACHED */ + return(1); + +} + +void +usage(void) +{ + fprintf(stderr, + "Modular Syslog vesion " MSYSLOG_VERSION_STR "\n\n" + "usage: syslogd [-d ] [-u] [-f conffile] " + "[-P pidfile] [-n] [-m markinterval] \\\n [-p logpath] " + "[-a logpath] -i input1 [-i input2] [-i inputn]\n %s\n" + "%s\n\n", copyright, rcsid); + exit(1); +} + +/* + * Take a raw input line, decode the message, and print the message + * on the appropriate log files. + */ +void +printline(char *hname, char *msg, size_t len, int flags) +{ + register char *p, *q; + register unsigned char c; + char line[MAXLINE + 2]; + int pri; + + /* test for special codes */ + pri = DEFUPRI; + p = msg; + + if (*p == '<') { + pri = 0; + while (isdigit((int)*++p)) + pri = 10 * pri + (*p - '0'); + if (*p == '>') + ++p; + } + + if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) + pri = DEFUPRI; + +#ifndef INSECURE_KERNEL_INPUT + /* don't allow users to log kernel messages */ + if (LOG_FAC(pri) == LOG_KERN && !(flags & IMODULE_FLAG_KERN)) + pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri)); +#endif + + q = line; + + while ( (c = *p++) && q < &line[sizeof(line) - 1]) { + if (c == '\n') + *q++ = ' '; + else if (c < 040 && q < &line[sizeof(line) - 2]) { + *q++ = '^'; + *q++ = c ^ 0100; + } else if ((c == 0177 || (c & 0177) < 040) && + q < &line[sizeof(line) - 4]) { + *q++ = '\\'; + *q++ = '0' + ((c & 0300) >> 6); + *q++ = '0' + ((c & 0070) >> 3); + *q++ = '0' + (c & 0007); + } else + *q++ = c; + } + + *q = '\0'; + + logmsg(pri, line, hname, 0); +} + +/* + * Log a message to the appropriate log files, users, etc. based on + * the priority. + */ +void +logmsg(int pri, char *msg, char *from, int flags) +{ + register struct filed *f; + int fac, msglen, prilev, i; + sigset_t mask, omask; + char prog[NAME_MAX+1]; + time_t now; + struct tm timestamp; + + if (from == NULL || *from == '\0') + from = LocalHostName; + + dprintf(MSYSLOG_INFORMATIVE2, "logmsg: pri 0%o, flags 0x%x, from %s," + " msg %s\n", pri, flags, from, msg); + + sigemptyset(&mask); + sigaddset(&mask, SIGALRM); + sigaddset(&mask, SIGHUP); + sigaddset(&mask, SIGTSTP); + sigprocmask(SIG_BLOCK, &mask, &omask); + + /* + * Process date and time as needed + * + * ctime gives "Thu Nov 24 18:22:48 1986\n" + * msg may give "Nov 24 18:22:48" + * 0123456789012345678901234 + */ + + msglen = strlen(msg); + if (!(flags & ADDDATE) && (msglen < 16 || msg[3] != ' ' || + msg[6] != ' ' || msg[9] != ':' || msg[12] != ':' || + msg[15] != ' ')) + flags |= ADDDATE; + + time(&now); + localtime_r(&now, ×tamp); + + if (!(flags & ADDDATE)) { + int mon, year, mday; + + /* save our current year, month and day */ + year = timestamp.tm_year; + mon = timestamp.tm_mon; + mday = timestamp.tm_mday; + + /* now get message time (wich has no year!) */ + strptime(msg, "%b %d %H:%M:%S", ×tamp); + + /* + * Is message date december 31 and are we on jan 1 + * beware: tm_mon [0-11] + * tm_mday [1-31] + * tm_year is years since 1900 + * all this is really braindead/ugly IMNSHO + */ + if (timestamp.tm_mon == 11 && mon == 0 && + timestamp.tm_mday == 31 && mday == 1) + --year; /* our year is wrong */ + + /* XXX we are still not contemplating if the message + has completely different dates than ours, and just + giving them our current year */ + + timestamp.tm_year = year; + + msg += 16; + msglen -= 16; + } + + /* extract facility and priority level */ + if (flags & MARK) + fac = LOG_NFACILITIES; + else + fac = LOG_FAC(pri); + prilev = LOG_PRI(pri); + + /* extract program name */ + for (i = 0; i < NAME_MAX; i++) { + if (!isalnum((int)msg[i])) + break; + prog[i] = msg[i]; + } + prog[i] = 0; + + /* log the message to the particular outputs */ + if (!Initialized) { + if (UseConsole && ctty && omodule_create(ctty, &consfile, + NULL) != -1) { + doLog(&consfile, flags, msg, prilev, fac); + if (consfile.f_omod && consfile.f_omod->om_func + && consfile.f_omod->om_func->om_close != NULL) + (*consfile.f_omod->om_func->om_close) + (&consfile, consfile.f_omod->ctx); + if (consfile.f_omod) { + if (consfile.f_omod->ctx) + free(consfile.f_omod->ctx); + if (consfile.f_omod->status) + free(consfile.f_omod->status); + free(consfile.f_omod); + consfile.f_omod = NULL; + } + } + sigprocmask(SIG_SETMASK, &omask, NULL); + return; + } + + for (f = Files; f; f = f->f_next) { + /* skip messages that are incorrect priority */ + /* XXX */ + if (f->f_pmask[fac] == TABLE_NOPRI || + (f->f_pmask[fac] & (1<f_pmask[fac] == INTERNAL_NOPRI ) + continue; + + if (f->f_program) + if (strcmp(prog, f->f_program) != 0) + continue; + + if (UseConsole && (flags & IGN_CONS)) + continue; + + /* don't output marks to recently written files */ + time(&now); + if ((flags & MARK) && (now - f->f_time) < MarkInterval / 2) + continue; + + /* + * suppress duplicate lines to this file + */ + if ((flags & MARK) == 0 && msglen == f->f_prevlen && + !strcmp(msg, f->f_prevline) && + !strcmp(from, f->f_prevhost)) { + memcpy(&f->f_tm, ×tamp, sizeof(f->f_tm)); + f->f_prevcount++; + dprintf(MSYSLOG_INFORMATIVE, "msg repeated %d times," + " %ld sec of %d\n", f->f_prevcount, + (long)(now - f->f_time), + repeatinterval[f->f_repeatcount]); + /* + * If domark would have logged this by now, + * flush it now (so we don't hold isolated messages), + * but back off so we'll flush less often + * in the future. + */ + if (now > REPEATTIME(f)) { + doLog(f, flags, NULL, prilev, fac); + BACKOFF(f); + } + } else { + /* new line, save it */ + + /* flush previous line */ + if (f->f_prevcount) + doLog(f, 0, NULL, prilev, fac); + + /* + * Start counting again, save host data etc. + */ + f->f_prevcount = 0; + f->f_repeatcount = 0; + f->f_prevpri = pri; + memcpy(&f->f_tm, ×tamp, sizeof(f->f_tm)); + strncpy(f->f_prevhost, from, + sizeof(f->f_prevhost) - 1); + f->f_prevhost[sizeof(f->f_prevhost) - 1] = '\0'; + if (msglen < MAXSVLINE) { + f->f_prevlen = msglen; + strncpy(f->f_prevline, msg, + sizeof(f->f_prevline) - 1); + f->f_prevline[sizeof(f->f_prevline) - 1] = '\0'; + doLog(f, flags, NULL, prilev, fac); + } else { + f->f_prevlen = 0; + f->f_prevline[0] = 0; + doLog(f, flags, msg, prilev, fac); + } + } + } + (void)sigprocmask(SIG_SETMASK, &omask, NULL); +} + +void +doLog(struct filed *f, int flags, char *message, int prilev, int fac) +{ + struct o_module *om; + char repbuf[80]; + struct m_msg m; + int ret; + + m.pri = prilev; + m.fac = fac; + if (message) { + m.msg = message; + } else if (f->f_prevcount > 1) { + m.msg = repbuf; + snprintf(repbuf, sizeof(repbuf), "last message repeated %d" + " times", f->f_prevcount); + } else { + m.msg = f->f_prevline; + } + + time(&f->f_time); + for (om = f->f_omod; om; om = om->om_next) { + if (!om->om_func || !om->om_func->om_write) { + dprintf(MSYSLOG_SERIOUS, "doLog: error, no write " + "function in output module [%s], message [%s]\n", + om->om_func->om_name, m.msg); + continue; + } + + /* call this module write */ + ret = (*(om->om_func->om_write))(f, flags, &m, om->ctx); + if (ret < 0) { + dprintf(MSYSLOG_SERIOUS, "doLog: error with output " + "module [%s] for message [%s]\n", + om->om_func->om_name, m.msg); + } else if (ret == 0) + /* stop going on */ + break; + } +} + + +RETSIGTYPE +reapchild(int signo) +{ + int status; + int save_errno = errno; + + while (waitpid(-1, &status, WNOHANG) > 0) + ; + errno = save_errno; +} + +RETSIGTYPE +domark(int signo) +{ + DaemonFlags |= SYSLOGD_MARK; +} + +RETSIGTYPE +dodie(int signo) +{ + WantDie = 1; +} + +void +markit(void) +{ + struct filed *f; + time_t now; + + now = time((time_t *) NULL); + + MarkSeq += TIMERINTVL; + + if (MarkSeq >= MarkInterval || DaemonFlags & SYSLOGD_MARK) { + logmsg(LOG_INFO, "-- MARK --", LocalHostName, ADDDATE|MARK); + MarkSeq = 0; + } + + for (f = Files; f; f = f->f_next) { + if (f->f_prevcount && now >= REPEATTIME(f)) { + /* we should report this based on module */ + dprintf(MSYSLOG_INFORMATIVE, "flush: repeated %d " + "times, %d sec.\n", f->f_prevcount, + repeatinterval[f->f_repeatcount]); + doLog(f, 0, NULL, 0, 0); + BACKOFF(f); + } + } + + DaemonFlags &= ~SYSLOGD_MARK; + + place_signal(SIGALRM, domark); + + alarm(TIMERINTVL); +} + +/* + * Print syslogd errors some place. + */ +void +logerror(char *type) { + char buf[100]; + + if (errno) + (void)snprintf(buf, sizeof(buf), "syslogd: %s: %s", + type, strerror(errno)); + else + (void)snprintf(buf, sizeof(buf), "syslogd: %s", type); + errno = 0; + dprintf(MSYSLOG_INFORMATIVE, "%s\n", buf); + logmsg(LOG_SYSLOG|LOG_ERR, buf, LocalHostName, ADDDATE); +} + +void +die(int signo) { + struct filed *f; + int was_initialized = Initialized; + char buf[100]; + struct i_module *im; + + Initialized = 0; /* Don't log SIGCHLDs */ + + alarm(0); + + for (f = Files; f != NULL; f = f->f_next) { + /* flush any pending output */ + if (f->f_prevcount) + doLog(f, 0, NULL, 0, 0); + } + + Initialized = was_initialized; + + if (signo) { + dprintf(MSYSLOG_SERIOUS, "syslogd: exiting on signal %d\n", + signo); + (void)sprintf(buf, "exiting on signal %d", signo); + errno = 0; + logerror(buf); + } + + for (im = &Inputs; im; im = im->im_next) + if (im->im_func && im->im_func->im_close) + (*im->im_func->im_close)(im); + else if (im->im_fd) + close(im->im_fd); + + if (!Debug && (DaemonFlags == SYSLOGD_LOCKED_PIDFILE)) { + struct flock fl; + int lfd; + + lfd = fileno(pidf); + fl.l_type = F_UNLCK; + fl.l_whence = SEEK_SET; /* relative to bof */ + fl.l_start = 0L; /* from offset zero */ + fl.l_len = 0L; /* lock to eof */ + + fcntl(lfd, F_SETLK, &fl); + + (void) fclose(pidf); + if (unlink(pidfile) < 0) + logerror("error deleting pidfile"); + } + + exit(0); +} + +/* + * INIT -- Initialize syslogd from configuration table + */ +RETSIGTYPE +init(int signo) +{ + int i; + FILE *cf; + struct filed *f, *next, **nextp; + char *p; + char cline[LINE_MAX]; + char prog[NAME_MAX+1]; + struct o_module *om, *om_next; + + dprintf(MSYSLOG_INFORMATIVE, "init\n"); + + /* + * Close all open log files. + */ + + Initialized = 0; + + alarm(0); + + for (f = Files; f != NULL; f = next) { + + /* flush any pending output */ + if (f->f_prevcount) + doLog(f, 0, NULL, 0, 0); + + for (om = f->f_omod; om; om = om_next) { + /* flush any pending output */ + if (f->f_prevcount && om->om_func && + om->om_func->om_flush != NULL) { + (*om->om_func->om_flush) (f,om->ctx); + } + + if (om->om_func && om->om_func->om_close != NULL) { + (*om->om_func->om_close) (f,om->ctx); + } + + /* free om_ctx om_func and stuff */ + om_next = om->om_next; + + if (om->ctx) + free(om->ctx); + if (om->status) + free(om->status); + free(om); + } + + next = f->f_next; + + if (f->f_program) + free(f->f_program); + + free(f); + } + +#ifdef REOPEN_MAIN_LIBRARY_ON_HUP + if (main_lib) { + dlclose(main_lib); + main_lib = NULL; + } + + /* Load main modules library */ + if ( (main_lib = dlopen(INSTALL_LIBDIR "/" MLIBNAME_STR, DLOPEN_FLAGS)) + == NULL && (Debug && (main_lib = dlopen("./" MLIBNAME_STR, + DLOPEN_FLAGS)) == NULL) ) { + dprintf(MSYSLOG_CRITICAL, "init: Error opening main library, [%s] " + "file [%s]\n", dlerror(), INSTALL_LIBDIR "/" MLIBNAME_STR); + exit(-1); + } +#endif + + /* list of filed is now empty */ + Files = NULL; + nextp = &Files; + + /* free all modules and their dynamic libs */ + if (signo == SIGHUP) { + if (omodules_destroy(omodules) == 0) + omodules = NULL; +#if DESTROY_INPUTS_ON_HUP + if (imodules_destroy(imodules) == 0) + imodules = NULL; +#endif + } + + /* open the configuration file */ + if ((cf = fopen(ConfFile, "r")) == NULL) { + dprintf(MSYSLOG_SERIOUS, "cannot open %s\n", ConfFile); + if ( (*nextp = (struct filed *) calloc(1, sizeof(*f))) + == NULL) { + dprintf(MSYSLOG_CRITICAL, "calloc struct filed"); + exit(-1); + } + if (cfline("*.ERR\t/dev/console", *nextp, "*") == -1) { + dprintf(MSYSLOG_CRITICAL, "can't write to console"); + exit(-1); + } + if ( ((*nextp)->f_next = (struct filed *) calloc(1, sizeof(*f))) + == NULL) { + dprintf(MSYSLOG_CRITICAL, "calloc struct filed"); + exit(-1); + } + if (cfline("*.PANIC\t*", (*nextp)->f_next, "*") == -1) { + dprintf(MSYSLOG_CRITICAL, "can't write to console"); + exit(-1); + } + Initialized = 1; + return; + } + + /* + * Foreach line in the conf table, open that file. + */ + f = NULL; + strncpy(prog, "*", 2); + while (fgets(cline, sizeof(cline), cf) != NULL) { + int clen; + + /* + * check for end-of-section, comments, strip off trailing + * spaces and newline character. #!prog and !prog are treated + * specially: the following lines apply only to that program. + */ + for (p = cline; isspace((int)*p); ++p) + continue; + if (*p == '\0') + continue; + /* line is splitted, merge with the next */ + clen = strlen(cline); + if (cline[clen - 1] == '\n' && cline[clen - 2] == '\\') { + if (fgets(&cline[clen - 2], sizeof(cline) - clen, cf) + == NULL) { + cline[clen - 2] = '\0'; + dprintf(MSYSLOG_INFORMATIVE, "syslogd: error " + "merging line [%s]\n", cline); + break; + } + } + if (*p == '#') { + p++; + if (*p != '!') + continue; + } + if (*p == '!') { + p++; + while (isspace((int)*p)) + p++; + if (!*p) { + strncpy(prog, "*", 2); + continue; + } + for (i = 0; i < NAME_MAX; i++) { + if (!isalnum((int)p[i])) + break; + prog[i] = p[i]; + } + prog[i] = 0; + continue; + } + p = cline + strlen(cline); + while (p > cline) + if (!isspace((int)*--p)) { + p++; + break; + } + *p = '\0'; + if ( (f = (struct filed *)calloc(1, sizeof(*f))) == NULL) { + dprintf(MSYSLOG_CRITICAL, "calloc struct filed"); + exit(-1); + } + if (cfline(cline, f, prog) == 1) { + *nextp = f; + nextp = &f->f_next; + } else { + free(f); + f = NULL; + } + } + + /* close the configuration file */ + fclose(cf); + + if (Files == NULL) { + dprintf(MSYSLOG_CRITICAL, "syslogd: WARNING NO OUTPUT MODULES" + " ACTIVE, GIVING UP!\n"); + exit(-1); + } + + Initialized = 1; + + if (Debug >= MSYSLOG_SERIOUS) { + for (f = Files; f; f = f->f_next) { + for (i = 0; i <= LOG_NFACILITIES; i++) + if (f->f_pmask[i] == INTERNAL_NOPRI) + printf("X "); + else + printf("%d ", f->f_pmask[i]); + printf("\n"); + for (om = f->f_omod; om; om = om->om_next) { + if (om->status) { + printf("%s\n", om->status); + } else { + if (om->om_func && + om->om_func->om_name) + printf("** No status info for " + "module %s! **\n", + om->om_func->om_name); + } + } + } + } + + logmsg(LOG_SYSLOG|LOG_INFO, "syslogd: restart", LocalHostName, ADDDATE); + dprintf(MSYSLOG_INFORMATIVE, "syslogd: restarted\n"); +} + +/* + * Crack a configuration file line + */ +int +cfline(char *line, struct filed *f, char *prog) { + register int i, j; + int pri, singlpri, ignorepri; + register char *p, *q; + char *bp; + char buf[MAXLINE], ebuf[240]; + + dprintf(MSYSLOG_INFORMATIVE, "cfline(\"%s\", f, \"%s\")\n", line, + prog); + + errno = 0; /* keep strerror() stuff out of logerror messages */ + ignorepri = 0; + singlpri = 0; + + /* clear out file entry */ + memset(f->f_pmask, TABLE_NOPRI, sizeof(f->f_pmask)); + + /* save program name if any */ + if (!strcmp(prog, "*")) + prog = NULL; + else + f->f_program = strdup(prog); + + /* scan through the list of selectors */ + for (p = line; *p && *p != '\t' && *p != ' ';) { + + /* find the end of this facility name list */ + for (q = p; *q && *q != '\t' && *q++ != '.'; ) + continue; + + if (*p == '/' || *p == '%' || *p == '|' || *p == '-') + break; + + pri = -1; + + /* collect priority name */ + for (bp = buf; *q && !strchr("\t, ;", *q); ) + *bp++ = *q++; + *bp = '\0'; + + /* skip cruft */ + while (strchr(", ;", *q)) + q++; + + if (*buf == '!') { + ignorepri++; + for (bp = buf; *(bp + 1); bp++) + *bp = *(bp + 1); /* move back one */ + *bp = '\0'; + } else + ignorepri = 0; + + if (*buf == '=') { + singlpri++; + pri = decode(&buf[1], prioritynames); + for (bp = buf; *(bp + 1); bp++) + *bp = *(bp + 1); /* move back one */ + *bp = '\0'; + } else { + singlpri = 0; + pri = decode(buf, prioritynames); + } + + if (pri < 0) { + snprintf(ebuf, sizeof ebuf, "unknown priority" + " name \"%s\" on line [%s]", buf, line); + logerror(ebuf); + return (-1); + } + + /* + * Heavily modified to fit sysklogd + * This should be done with lex/yacc + */ + /* scan facilities */ + while (*p && !strchr("\t .;", *p)) { + for (bp = buf; *p && !strchr("\t ,;.", *p); ) + *bp++ = *p++; + + *bp = '\0'; + + if (*buf == '*') { + for (i = 0; i <= LOG_NFACILITIES; i++) { + if (pri == INTERNAL_NOPRI) { + if (ignorepri) + f->f_pmask[i] = + TABLE_ALLPRI; + else + f->f_pmask[i] = + TABLE_NOPRI; + } else if (singlpri) { + if (ignorepri) + f->f_pmask[i] &= + ~(1<f_pmask[i] |= + (1<f_pmask[i] = + TABLE_NOPRI; + else + f->f_pmask[i] = + TABLE_ALLPRI; + } else { + if (ignorepri) + for (j = 0; j <= pri; ++j) + f->f_pmask[i] &= ~(1<f_pmask[i] |= (1<f_pmask[i >> 3] = + TABLE_ALLPRI; + else + f->f_pmask[i >> 3] = + TABLE_NOPRI; + } else if (singlpri) { + if (ignorepri) + f->f_pmask[i >> 3] &= + ~(1<f_pmask[i >> 3] |= + (1<f_pmask[i >> 3] = + TABLE_NOPRI; + else + f->f_pmask[i >> 3] = + TABLE_ALLPRI; + } else { + if (ignorepri) + for (j = 0; j <= pri; + ++j) + f->f_pmask[i>>3] + &= ~(1<f_pmask[i>>3] + |= (1<c_name; c++) + if (!strcmp(buf, c->c_name)) + return (c->c_val); + + return (-1); +} + +/* + * decode_name a numeric value to a symbolic name + */ +char * +decode_val(int val, CODE *codetab) { + CODE *c; + + for (c = codetab; c->c_name; c++) + if (val == c->c_val) + return (c->c_name); + + return (NULL); +} + +/* + * add this fd to array + * + * grow by 50 + * + * params: fd file descriptor to watch + * im module functions and more + * + */ + +int +add_fd_input(int fd, struct i_module *im) +{ + + if (fd < 0 || im == NULL) { + dprintf(MSYSLOG_INFORMATIVE, "add_fd_input: error on params" + " %d%s\n", fd, im ? "" : " null im"); + return (-1); + } + + dprintf(MSYSLOG_INFORMATIVE, "add_fd_input: adding fd %d " + "for module %s\n", fd, im->im_func->im_name ? + im->im_func->im_name : "unknown"); + + /* do we need bigger arrays? */ + if (!fd_inputs || fd_in_count % 50 == 0) { + + if ( (fd_inputs = (struct pollfd *) realloc(fd_inputs, + (size_t) (fd_in_count + 50) * sizeof(struct pollfd))) + == NULL) { + dprintf(MSYSLOG_CRITICAL, "realloc inputs"); + exit(-1); + } + + if ( (fd_inputs_mod = (struct i_module **) + realloc(fd_inputs_mod, (size_t) (fd_in_count + 50) + * sizeof(struct i_module *))) + == NULL) { + dprintf(MSYSLOG_CRITICAL, "realloc inputs"); + exit(-1); + } + + } + + fd_inputs[fd_in_count].fd = fd; + fd_inputs[fd_in_count].events = POLLIN; + fd_inputs_mod[fd_in_count] = im; + fd_in_count++; + + return(1); +} + +void +remove_fd_input(int fd) +{ + int i; + + dprintf(MSYSLOG_INFORMATIVE, "remove_fd_input: remove fd %d\n", + fd); + + for (i = 0; i < fd_in_count && fd_inputs[i].fd != fd; i++); + + if (i == fd_in_count || fd != fd_inputs[i].fd) + return; /* not found */ + + for (;i < fd_in_count; i++) { + fd_inputs[i].fd = fd_inputs[i + 1].fd; + fd_inputs[i].events = fd_inputs[i + 1].events; + fd_inputs_mod[i] = fd_inputs_mod[i + 1]; + } + + fd_in_count--; +} + + +RETSIGTYPE +signal_handler(int signo) +{ + switch (signo) { + case SIGTSTP: + raise(SIGSTOP); + break; + default:; + } +} + + +RETSIGTYPE (* +place_signal(int signo, RETSIGTYPE (*func)(int))) (int) +{ + struct sigaction act, oldact; + + act.sa_handler = func; + sigemptyset(&act.sa_mask); + act.sa_flags = 0; + if (signo == SIGALRM) { +#ifdef SA_INTERRUPT + act.sa_flags |= SA_INTERRUPT; +#endif + } else { +#ifdef SA_RESTART + act.sa_flags |= SA_RESTART; +#endif + } + if (sigaction(signo, &act, &oldact) < 0) + return(SIG_ERR); + + return(oldact.sa_handler); +} + +/* + * Report errors on debug active + */ + +int +dprintf(const int level, char const *fmt, ...) +{ + int ret; + va_list var; + + if (level >= Debug) + return (1); + + va_start(var, fmt); + ret = vfprintf(stderr, fmt, var); + va_end(var); + return(ret); +} diff --git a/msyslog-v1.08a+smac/src/syslogd.h b/msyslog-v1.08a+smac/src/syslogd.h new file mode 100644 index 0000000..f1929d9 --- /dev/null +++ b/msyslog-v1.08a+smac/src/syslogd.h @@ -0,0 +1,280 @@ +/* $CoreSDI: syslogd.h,v 1.52.2.6.2.1.4.16 2001/11/21 06:31:02 alejo Exp $ */ + +/* + * Copyright (c) 1983, 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef SYSLOGD_H +#define SYSLOGD_H + +#ifndef MAXHOSTNAMELEN +# include +# ifndef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 254 +# endif +#endif + +#define MAXLINE 2048 /* maximum line length */ +#define MAXSVLINE 120 /* maximum saved line length */ +#define DEFUPRI (LOG_USER|LOG_NOTICE) +#define DEFSPRI (LOG_KERN|LOG_CRIT) +#define TIMERINTVL 30 /* interval for checking flush, mark */ +#define MAX_N_OMODULES 20 /* maximum types of out modules */ +#define MAX_N_IMODULES 10 /* maximum types of in modules */ + +#ifdef HAVE_PATHS_H +#include +#endif /* HAVE_PATHS_H */ + +#include +#include +#include + +#ifndef _PATH_KLOG +#define _PATH_KLOG "/dev/klog" +/* #warning using _PATH_KLOG "/dev/klog" */ +#endif + +#define _PATH_LOGCONF "/etc/syslog.conf" + +/* + * Debug reporting levels + * + * critical and below are cause of daemon exit + * noncritical and up are not cause of exit + * warning and up are not necesary an error, user must check + * informative and up are just for debugging purposes + * + */ + +#ifdef dprintf +#undef dprintf +#endif + +int dprintf(int, char const *, ...); /* level, format, ... */ + +#define MSYSLOG_CRITICAL 10 +#define MSYSLOG_SERIOUS 20 +#define MSYSLOG_NONCRITICAL 30 +#define MSYSLOG_WARNING 100 +#define MSYSLOG_INFORMATIVE 200 /* calling/returning from a func */ +#define MSYSLOG_INFORMATIVE2 250 /* each message, structure contents */ + +#define MAXUNAMES 20 /* maximum number of user names */ + +/* + * Flags to logmsg(). + */ + +#define IGN_CONS 0x001 /* don't print on console */ +#define SYNC_FILE 0x002 /* do fsync on file after printing */ +#define ADDDATE 0x004 /* add a date to the message */ +#define MARK 0x008 /* this message is a mark */ + + +/* + * maximum number of unix sockets + */ +#define MAXFUNIX 21 + +/* if UT_NAMESIZE doesn't exist, define it as 32 */ +#ifndef UT_NAMESIZE +#define UT_NAMESIZE 32 +#endif + +/* + * This structure has the message and facility + * of it. It is the struct to pass to om_write + */ + +struct m_msg { + int fac; /* facility */ + int pri; /* priority level */ + int mlen; /* length of message */ + int flags; /* flags of message */ + char *msg; /* message */ +}; + +/* + * This structure represents the files that will have log + * copies printed. + */ + +struct filed { + struct filed *f_next; /* next in linked list */ + time_t f_time; /* time this was last written */ + u_char f_pmask[LOG_NFACILITIES+1]; /* priority mask */ + char *f_program; /* program this applies to */ + struct tm f_tm; /* date of message */ + char f_prevline[MAXSVLINE]; /* last message logged */ + char f_prevhost[MAXHOSTNAMELEN]; /* host from which recd. */ + int f_prevpri; /* pri of f_prevline */ + int f_prevlen; /* length of f_prevline */ + int f_prevcount; /* repetition cnt of prevline */ + int f_repeatcount; /* number of "repeated" msgs */ + struct o_module *f_omod; /* module details */ +}; + + +void logerror(char *); +void logmsg(int, char *, char *, int); +void die(int); +RETSIGTYPE (*place_signal(int signo, RETSIGTYPE (*)(int))) (int); + + +#define MLIB_MAX 10 /* max external libs per module */ + +struct omodule { + struct omodule *om_next; + char *om_name; + int (*om_init) (int, char **, struct filed *, char *, void **, + char **); + int (*om_write) (struct filed *, int, struct m_msg *, void *); + int (*om_flush) (struct filed *, void *); + int (*om_close) (struct filed *, void *); + void *h; /* handle to open dynamic library */ + void *oh[MLIB_MAX]; /* handle to other dynamic libraries */ +}; + +struct imodule { + struct imodule *im_next; + char *im_name; + int (*im_init) (struct i_module *, char **, int); + int (*im_read) (struct i_module *, int, struct im_msg *); + int (*im_close) (struct i_module *); /* close input, optional */ + void *h; /* handle to open dynamic library */ +}; + + +#define MAXREPEAT ((sizeof(repeatinterval) / sizeof(repeatinterval[0])) - 1) +#define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount]) +#define BACKOFF(f) { if (++(f)->f_repeatcount > MAXREPEAT) \ + (f)->f_repeatcount = MAXREPEAT; \ + } + +/* values for integrity facilities */ +#define I_NONE 0 +#define I_PEO 1 +#define I_VCR 2 +#define I_OTS 3 +#define I_SHA 4 +#define DEFAULT_INTEG_FACILITY I_NONE + + +#ifndef TABLE_NOPRI +# define TABLE_NOPRI 0 /* Value to indicate no priority in f_pmask */ +#endif +#ifndef TABLE_ALLPRI +# define TABLE_ALLPRI 0xFF /* Value to indicate all priorities in f_pmask */ +#endif + +/* + * syslog types usualy in /usr/include/syslog.h but + * some systems lack those, so we define them here + */ + +#ifndef HAVE_CODE +# ifdef SYSLOG_NAMES + +# ifndef LOG_MAKEPRI +# define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri)) +# endif + +# ifndef LOG_PRIMASK +# define LOG_PRIMASK 0x07 /* mask to extract priority part (internal) */ +# endif + +# ifndef LOG_PRI +# define LOG_PRI(p) ((p) & LOG_PRIMASK) +# endif + +# ifndef LOG_FAC +# define LOG_FAC(p) (((p) & LOG_FACMASK) >> 3) +# endif + +# define INTERNAL_NOPRI 0x10 +# define INTERNAL_MARK LOG_MAKEPRI(LOG_NFACILITIES, 0) + + +typedef struct _code { + char *c_name; + int c_val; +} CODE; + +CODE prioritynames[] = + { + { "alert", LOG_ALERT }, + { "crit", LOG_CRIT }, + { "debug", LOG_DEBUG }, + { "emerg", LOG_EMERG }, + { "err", LOG_ERR }, + { "error", LOG_ERR }, /* DEPRECATED */ + { "info", LOG_INFO }, + { "none", INTERNAL_NOPRI }, /* INTERNAL */ + { "notice", LOG_NOTICE }, + { "panic", LOG_EMERG }, /* DEPRECATED */ + { "warn", LOG_WARNING }, /* DEPRECATED */ + { "warning", LOG_WARNING }, + { NULL, -1 } + }; + +CODE facilitynames[] = + { + { "auth", LOG_AUTH }, + { "cron", LOG_CRON }, + { "daemon", LOG_DAEMON }, + { "kern", LOG_KERN }, + { "lpr", LOG_LPR }, + { "mail", LOG_MAIL }, + { "mark", INTERNAL_MARK }, /* INTERNAL */ + { "news", LOG_NEWS }, + { "security", LOG_AUTH }, /* DEPRECATED */ + { "syslog", LOG_SYSLOG }, + { "user", LOG_USER }, + { "uucp", LOG_UUCP }, + { "local0", LOG_LOCAL0 }, + { "local1", LOG_LOCAL1 }, + { "local2", LOG_LOCAL2 }, + { "local3", LOG_LOCAL3 }, + { "local4", LOG_LOCAL4 }, + { "local5", LOG_LOCAL5 }, + { "local6", LOG_LOCAL6 }, + { "local7", LOG_LOCAL7 }, + { NULL, -1 } + }; + +# endif /* SYSLOG_NAMES */ +#endif /* typedef of /usr/include/syslog.h */ + + + +#endif