GitHub-Mirror/CLF
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upload win32 logwatch filters

Browse source
This commit is contained in:
Fish 2004-10-06 12:37:00 +00:00
parent d57c414a8d
commit 59428fa39b
25 changed files with 2148 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
.gitattributes vendored
View file

@ -258,6 +258,30 @@ log.d/configs/linux/scripts/shared/onlyservice -text
log.d/configs/linux/scripts/shared/remove -text
log.d/configs/linux/scripts/shared/removeheaders -text
log.d/configs/linux/scripts/shared/removeservice -text
log.d/configs/win2k/conf/logfiles/messages.conf -text
log.d/configs/win2k/conf/logwatch.conf -text
log.d/configs/win2k/conf/services/Antivirus.conf -text
log.d/configs/win2k/conf/services/Exchange.conf -text
log.d/configs/win2k/conf/services/NTDS.conf -text
log.d/configs/win2k/conf/services/Security.conf -text
log.d/configs/win2k/scripts/logwatch.pl -text
log.d/configs/win2k/scripts/services/antivirus -text
log.d/configs/win2k/scripts/services/exchange -text
log.d/configs/win2k/scripts/services/ntds -text
log.d/configs/win2k/scripts/services/security -text
log.d/configs/win2k/scripts/shared/applyhttpdate -text
log.d/configs/win2k/scripts/shared/applystddate -text
log.d/configs/win2k/scripts/shared/applyusdate -text
log.d/configs/win2k/scripts/shared/applywindate -text
log.d/configs/win2k/scripts/shared/expandrepeats -text
log.d/configs/win2k/scripts/shared/hostlist -text
log.d/configs/win2k/scripts/shared/multiservice -text
log.d/configs/win2k/scripts/shared/onlycontains -text
log.d/configs/win2k/scripts/shared/onlyhost -text
log.d/configs/win2k/scripts/shared/onlyservice -text
log.d/configs/win2k/scripts/shared/remove -text
log.d/configs/win2k/scripts/shared/removeheaders -text
log.d/configs/win2k/scripts/shared/removeservice -text
log.d/db.conf -text
log.d/lib/Logwatch.pm -text
msyslog-v1.08a+smac/AUTHORS -text

32
log.d/configs/win2k/conf/logfiles/messages.conf Normal file
View file

@ -0,0 +1,32 @@
##########################################################################
# $Id: messages.conf,v 1.18 2003/12/15 18:35:01 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
# What actual file? Defaults to LogPath if not absolute path....
LogFile = messages
# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
# Note: if these are gzipped, you need to end with a .gz even if
# you use wildcards...
Archive = messages.*
Archive = messages.*.gz
Archive = archiv/messages.*
Archive = archiv/messages.*.gz
# Expand the repeats (actually just removes them now)
*ExpandRepeats
# Keep only the lines in the proper date range...
*OnlyHost
*ApplyWinDate

115
log.d/configs/win2k/conf/logwatch.conf Normal file
View file

@ -0,0 +1,115 @@
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
########################################################
# NOTE:
# All these options are the defaults if you run logwatch with no
# command-line arguments. You can override all of these on the
# command-line.
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/tmp/var/log
# You can override the default temp directory (/tmp) here
TmpDir = /tmp
# Default person to mail reports to. Can be a local account or a
# complete email address.
#MailTo = root
# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.
Print = Yes
# Leave this to 'Yes' if you have the mktemp program and it supports
# the '-d' option. Some older version of mktemp on pre-RH7.X did not
# support this option, so set this to no in that case and Logwatch will
# use internal temp directory creation that is (hopefully) just as secure
UseMkTemp = Yes
#
# Some systems have mktemp in a different place
#
MkTemp = /bin/mktemp
# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch
# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# Archives = Yes
# Range = All
# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = all
# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = High
# The 'Service' option expects either the name of a filter
# (in /etc/log.d/scripts/services/*) or 'All'.
# The default service(s) to report on. This should be left as All for
# most people.
Service = All
# You can also disable certain services (when specifying all)
#Service = -zz-fortune
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
#Service = pam # General PAM messages... usually not many
# You can also choose to use the 'LogFile' option. This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages. This will run all the filters that
# process that logfile. This option is probably not too useful to
# most people. Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...
#
# some systems have different locations for mailers
#
mailer = /bin/mail
#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed. The hostname
# can also be overridden on the commandline (with --hostname option). This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes

30
log.d/configs/win2k/conf/services/Antivirus.conf Normal file
View file

@ -0,0 +1,30 @@
###########################################################################
# $Id: cron.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "NAV"
# Which logfile group...
LogFile = messages
*OnlyService = "Norton Antivirus"
*RemoveHeaders
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################

30
log.d/configs/win2k/conf/services/Exchange.conf Normal file
View file

@ -0,0 +1,30 @@
###########################################################################
# $Id: cron.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "Exchange Events"
# Which logfile group...
LogFile = messages
*OnlyService = "(MSExchangeIS)"
*RemoveHeaders
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################

30
log.d/configs/win2k/conf/services/NTDS.conf Normal file
View file

@ -0,0 +1,30 @@
###########################################################################
# $Id: cron.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "Windows Directory Services"
# Which logfile group...
LogFile = messages
*OnlyService = "(NTDS|NTDS Replication)"
*RemoveHeaders
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################

30
log.d/configs/win2k/conf/services/Security.conf Normal file
View file

@ -0,0 +1,30 @@
###########################################################################
# $Id: cron.conf,v 1.4 2002/10/12 02:08:09 kirk Exp $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "Security Events"
# Which logfile group...
LogFile = messages
*OnlyService = "(Security|SceCli)"
*RemoveHeaders
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################

790
log.d/configs/win2k/scripts/logwatch.pl Executable file
View file

@ -0,0 +1,790 @@
#!/usr/bin/perl -w
use strict;
##########################################################################
# $Id: logwatch.pl,v 1.111 2004/06/21 15:00:44 kirk Exp $
##########################################################################
# Most current version can always be found at:
# ftp://ftp.logwatch.org/pub/redhat/RPMS
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to logwatch@logwatch.org.
#
########################################################
my $BaseDir = "/etc/log.d";
#my $BaseDir = "/home/kirk/cvs-work/logwatch";
my $ConfigDir = "$BaseDir/conf";
#Added to create switches for different os options -mgt
#For now working on Linux and SunOS
my $OSname = `uname -s`;
chomp $OSname;
my $Version = '5.2';
my $VDate = '06/21/04';
#############################################################################
use Getopt::Long;
my (%Config, @ServiceList, @LogFileList, %ServiceData, %LogFileData);
my (@AllShared, @AllLogFiles, @FileList);
# These need to not be global variables one day
my (@ReadConfigNames, @ReadConfigValues);
# Default config here...
$Config{'detail'} = 0;
$Config{'mailto'} = "root";
$Config{'save'} = "";
$Config{'print'} = 0;
$Config{'range'} = "yesterday";
$Config{'debug'} = 0;
$Config{'archives'} = 0;
$Config{'tmpdir'} = "/tmp";
$Config{'splithosts'} = 0;
$Config{'multiemail'} = 0;
# Logwatch now does some basic searching for logs
# So if the log file is not in the log path it will check /var/adm
# and then /var/log -mgt
$Config{'logdir'} = "/var/log";
chomp($Config{'hostname'} = `hostname`);
#############################################################################
sub Usage () {
# Show usage for this program
print "\nUsage: $0 [--detail <level>] [--logfile <name>]\n" .
" [--print] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]\n" .
" [--save <filename>] [--help] [--version] [--service <name>]\n" .
" [--splithosts] [--multiemail]\n\n";
print "--detail <level>: Report Detail Level - High, Med, Low or any #.\n";
print "--logfile <name>: *Name of a logfile definition to report on.\n";
print "--service <name>: *Name of a service definition to report on.\n";
print "--print: Display report to stdout.\n";
print "--mailto <addr>: Mail report to <addr>.\n";
print "--archives: Use archived log files too.\n";
print "--save <filename>: Save to <filename>.\n";
print "--range <range>: Date range: Yesterday, Today or All.\n";
print "--debug <level>: Debug Level - High, Med, Low or any #.\n";
print "--splithosts: Create a report for each host in syslog.\n";
print "--multiemail: Send each host report in a separate email. Ignored if \n";
print " not using --splithosts.\n";
print "--version: Displays current version.\n";
print "--help: This message.\n";
print "* = Switch can be specified multiple times...\n\n";
exit (99);
}
my %wordsToInts = (yes => 1, no => 0,
true => 1, false => 0,
on => 1, off => 0,
high => 10,
med => 5, medium => 5,
low => 0);
sub getInt {
my $word = shift;
my $tmpWord = lc $word;
$tmpWord =~ s/\W//g;
return $wordsToInts{$tmpWord} if (defined $wordsToInts{$tmpWord});
unless ($word =~ s/^"(.*)"$/$1/) {
return lc $word;
}
return $word;
}
sub CleanVars {
foreach (keys %Config) {
$Config{$_} = getInt($Config{$_});
}
}
sub PrintStdArray (@) {
my @ThisArray = @_;
my $i;
for ($i=0;$i<=$#ThisArray;$i++) {
print "[" . $i . "] = " . $ThisArray[$i] . "\n";
}
}
sub PrintConfig () {
# for debugging, print out config...
foreach (keys %Config) {
print $_ . ' -> ' . $Config{$_} . "\n";
}
print "Service List:\n";
PrintStdArray @ServiceList;
print "\n";
print "LogFile List:\n";
PrintStdArray @LogFileList;
print "\n\n";
}
# for debugging...
sub PrintServiceData () {
my ($ThisKey1,$ThisKey2,$i);
foreach $ThisKey1 (keys %ServiceData) {
print "\nService Name: " . $ThisKey1 . "\n";
foreach $ThisKey2 (keys %{$ServiceData{$ThisKey1}}) {
next unless ($ThisKey2 =~ /^\d+-/);
print " $ThisKey2 = $ServiceData{$ThisKey1}{$ThisKey2}\n";
}
for ($i=0;$i<=$#{$ServiceData{$ThisKey1}{'logfiles'}};$i++) {
print " Logfile = " . $ServiceData{$ThisKey1}{'logfiles'}[$i] . "\n";
}
}
}
# for debugging...
sub PrintLogFileData () {
my ($ThisKey1,$ThisKey2,$i);
foreach $ThisKey1 (keys %LogFileData) {
print "\nLogfile Name: " . $ThisKey1 . "\n";
foreach $ThisKey2 (keys %{$LogFileData{$ThisKey1}}) {
next unless ($ThisKey2 =~ /^\d+-/);
print " $ThisKey2 = $LogFileData{$ThisKey1}{$ThisKey2}\n";
}
for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'logfiles'}};$i++) {
print " Logfile = " . $LogFileData{$ThisKey1}{'logfiles'}[$i] . "\n";
}
for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'archives'}};$i++) {
print " Archive = " . $LogFileData{$ThisKey1}{'archives'}[$i] . "\n";
}
}
}
sub ReadConfigFile ($) {
my $FileName = $_[0];
@ReadConfigNames = ();
@ReadConfigValues = ();
if ($Config{'debug'} > 5) {
print "ReadConfigFile: Opening " . $FileName . "\n";
}
open (READCONFFILE, $FileName) or die "Cannot open file $FileName: $!\n";
while (my $line = <READCONFFILE>) {
if ($Config{'debug'} > 9) {
print "ReadConfigFile: Read Line: " . $line;
}
$line =~ s/#.*$//;
next if ($line =~ /^\s*$/);
my ($name, $value) = split /=/, $line, 2;
$name =~ s/^\s+//; $name =~ s/\s+$//;
if ($value) { $value =~ s/^\s+//; $value =~ s/\s+$//; }
else { $value = ''; }
push @ReadConfigNames, lc $name;
push @ReadConfigValues, getInt $value;
if ($Config{'debug'} > 7) {
print "ReadConfigFile: Name=" . $name . ", Value=" . $value . "\n";
}
}
close READCONFFILE;
}
#############################################################################
# Add / to BaseDir
unless ($BaseDir =~ m=/$=) {
$BaseDir = $BaseDir . "/";
}
# Load main config file...
if ($Config{'debug'} > 8) {
print "\nDefault Config:\n";
PrintConfig();
}
CleanVars();
my $OldMailTo = $Config{'mailto'};
my $OldPrint = $Config{'print'};
ReadConfigFile ($ConfigDir . "/logwatch.conf");
for (my $i = 0; $i <= $#ReadConfigNames; $i++) {
if ($ReadConfigNames[$i] eq "logfile") {
push @LogFileList, $ReadConfigValues[$i];
} elsif ($ReadConfigNames[$i] eq "service") {
push @ServiceList, $ReadConfigValues[$i];
} else {
$Config{$ReadConfigNames[$i]} = $ReadConfigValues[$i];
}
}
CleanVars();
if ($OldMailTo ne $Config{'mailto'}) {
$Config{'print'} = 0;
} elsif ($OldPrint ne $Config{'print'}) {
$Config{'mailto'} = "";
}
if ($Config{'debug'} > 8) {
print "\nConfig After Config File:\n";
PrintConfig();
}
# Options time...
my @TempLogFileList = ();
my @TempServiceList = ();
my $Help = 0;
my $ShowVersion = 0;
$OldMailTo = $Config{'mailto'};
$OldPrint = $Config{'print'};
GetOptions ( "d|detail=s" => \$Config{'detail'},
"l|logfile=s@" => \@TempLogFileList,
"logdir=s" => \$Config{'logdir'},
"s|service=s@" => \@TempServiceList,
"p|print" => \$Config{'print'},
"m|mailto=s" => \$Config{'mailto'},
"save=s" => \$Config{'save'},
"a|archives" => \$Config{'archives'},
"debug=s" => \$Config{'debug'},
"r|range=s" => \$Config{'range'},
"h|help" => \$Help,
"v|version" => \$ShowVersion,
"hostname=s" => \$Config{'hostname'},
"splithosts" => \$Config{'splithosts'},
"multiemail" => \$Config{'multiemail'},
) or Usage();
$Help and Usage();
if ($ShowVersion) {
print "Logwatch $Version (released $VDate)\n";
exit 0;
}
CleanVars();
if ($OldMailTo ne $Config{'mailto'}) {
$Config{'print'} = 0;
} elsif ($OldPrint ne $Config{'print'}) {
$Config{'mailto'} = "";
}
if ($Config{'debug'} > 8) {
print "\nCommand Line Parameters:\n Log File List:\n";
PrintStdArray @TempLogFileList;
print "\n Service List:\n";
PrintStdArray @TempServiceList;
print "\nConfig After Command Line Parsing:\n";
PrintConfig();
}
if ($#TempLogFileList > -1) {
@LogFileList = @TempLogFileList;
for (my $i = 0; $i <= $#LogFileList; $i++) {
$LogFileList[$i] = lc($LogFileList[$i]);
}
@ServiceList = ();
}
if ($#TempServiceList > -1) {
@ServiceList = @TempServiceList;
for (my $i = 0; $i <= $#ServiceList; $i++) {
$ServiceList[$i] = lc($ServiceList[$i]);
}
}
if ( ($#ServiceList == -1) and ($#LogFileList == -1) ) {
push @ServiceList, 'all';
}
if ($Config{'debug'} > 5) {
print "\nConfig After Everything:\n";
PrintConfig();
}
#############################################################################
# Find out what services are defined...
my (@TempAllServices, $ThisFile, $count);
opendir(SERVICESDIR, $ConfigDir . '/services') or
die $ConfigDir . "/services: $!";
my @services = grep !-d && /\.conf$/, readdir SERVICESDIR;
closedir SERVICESDIR;
foreach my $f (@services) {
my $ThisService = lc $f;
$ThisService =~ s/\.conf$//;
push @TempAllServices, $ThisService;
ReadConfigFile($ConfigDir . "/services/$f");
for (my $i = 0; $i <= $#ReadConfigNames; $i++) {
if ($ReadConfigNames[$i] eq 'logfile') {
push @{$ServiceData{$ThisService}{'logfiles'}}, $ReadConfigValues[$i];
} elsif ($ReadConfigNames[$i] =~ /^\*/) {
$count++;
$ServiceData{$ThisService}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i];
} else {
$ServiceData{$ThisService}{$ReadConfigNames[$i]} = $ReadConfigValues[$i];
}
}
}
my @AllServices = sort @TempAllServices;
# Find out what logfiles are defined...
opendir(LOGFILEDIR, $ConfigDir . "/logfiles") or die $ConfigDir . "/logfiles/, no such directory.\n";
while (defined($ThisFile = readdir(LOGFILEDIR))) {
unless (-d $ConfigDir . "/logfiles/" . $ThisFile) {
my $ThisLogFile = $ThisFile;
if ($ThisLogFile =~ s/\.conf$//i) {
push @AllLogFiles, $ThisLogFile;
ReadConfigFile($ConfigDir . "/logfiles/" . $ThisFile);
for (my $i = 0; $i <= $#ReadConfigNames; $i++) {
if ($ReadConfigNames[$i] eq "logfile") {
#Lets try and find the logs -mgt
if (-e "$Config{'logdir'}/$ReadConfigValues[$i]") {
push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $ReadConfigValues[$i];
} elsif (-e "/var/adm/$ReadConfigValues[$i]") {
push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "adm/$ReadConfigValues[$i]";
} elsif (-e "/var/log/$ReadConfigValues[$i]") {
push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "log/$ReadConfigValues[$i]";
} else {
#Fallback to default even if it doesn't exist -mgt
push @{$LogFileData{$ThisLogFile}{'logfiles'}},
$ReadConfigValues[$i];
}
} elsif ($ReadConfigNames[$i] eq "archive") {
push @{$LogFileData{$ThisLogFile}{'archives'}}, $ReadConfigValues[$i];
} elsif ($ReadConfigNames[$i] =~ /^\*/) {
$count++;
$LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $count, $ReadConfigNames[$i])} = $ReadConfigValues[$i];
} else {
$LogFileData{$ThisLogFile}{$ReadConfigNames[$i]} = $ReadConfigValues[$i];
}
}
}
}
}
closedir(LOGFILEDIR);
# Find out what shared functions are defined...
opendir(SHAREDDIR,$BaseDir . "scripts/shared") or die $BaseDir . "scripts/shared/, no such directory.\n";
while (defined($ThisFile = readdir(SHAREDDIR))) {
unless (-d $BaseDir . "scripts/shared/" . $ThisFile) {
push @AllShared, lc($ThisFile);
}
}
closedir(SHAREDDIR);
if ($Config{'debug'} > 5) {
print "\nAll Services:\n";
PrintStdArray @AllServices;
print "\nAll Log Files:\n";
PrintStdArray @AllLogFiles;
print "\nAll Shared:\n";
PrintStdArray @AllShared;
}
#############################################################################
# Time to expand @ServiceList, using @LogFileList if defined...
if ((scalar @ServiceList > 1) && (grep /^all$/i, @ServiceList)) {
# This means we are doing *all* services ... but excluding some
my %tmphash;
foreach my $item (@AllServices) {
$tmphash{lc $item} = "";
}
foreach my $service (@ServiceList) {
next if $service =~ /^all$/i;
if ($service =~ /^\-(.+)$/) {
my $offservice = $1;
if (! exists $tmphash{lc $offservice}) {
die "Nonexistent service to disable: $offservice\n";
}
delete $tmphash{lc $offservice};
} else {
die "Wrong configuration entry for \"Service\", if \"All\" selected, only \"-\" items are allowed\n";
}
}
@ServiceList = ();
foreach my $keys (keys %tmphash) {
push @ServiceList, $keys;
}
@LogFileList = ();
} elsif ( $ServiceList[0] and ($ServiceList[0] eq 'all') and ($#ServiceList == 0) ) {
# This means we are doing *all* services...
@ServiceList = @AllServices;
@LogFileList = ();
} else {
my $ThisOne;
while (defined($ThisOne = pop @LogFileList)) {
unless ($LogFileData{$ThisOne}) {
die "Logwatch is not configured to use logfile: $ThisOne\n";
}
foreach my $ThisService (keys %ServiceData) {
for (my $i = 0; $i <= $#{$ServiceData{$ThisService}{'logfiles'}}; $i++) {
if ( $ServiceData{$ThisService}{'logfiles'}[$i] eq $ThisOne ) {
push @ServiceList,$ThisService;
}
}
}
}
@TempServiceList = sort @ServiceList;
@ServiceList = ();
my $LastOne = "";
while (defined($ThisOne = pop @TempServiceList)) {
unless ( ($ThisOne eq $LastOne) or ($ThisOne eq 'all') or ($ThisOne =~ /^-/)) {
unless ($ServiceData{$ThisOne}) {
die "Logwatch does not know how to process service: $ThisOne\n";
}
push @ServiceList, $ThisOne;
}
$LastOne = $ThisOne;
}
}
# Now lets fill up @LogFileList again...
foreach my $ServiceName (@ServiceList) {
foreach my $LogName ( @{$ServiceData{$ServiceName}{'logfiles'} } ) {
unless ( grep m/$LogName/, @LogFileList ) {
push @LogFileList, $LogName;
}
}
}
if ($Config{'debug'} > 7) {
print "\n\nAll Service Data:\n";
PrintServiceData;
print "\nServices that will be processed:\n";
PrintStdArray @ServiceList;
print "\n\n";
print "\n\nAll LogFile Data:\n";
PrintLogFileData;
print "\nLogFiles that will be processed:\n";
PrintStdArray @LogFileList;
print "\n\n";
}
#############################################################################
my $TempDir;
my $UseMkTemp = $Config{'usemktemp'};
my $MkTemp = $Config{'MkTemp'};
if ($UseMkTemp and (-x $MkTemp)) {
$TempDir = `$MkTemp -d $Config{'tmpdir'}/logwatch.XXXXXXXX 2>/dev/null`;
chomp($TempDir);
unless (($? == 0) and $TempDir) {
die "Failed to create $Config{'tmpdir'}/logwatch.XXXXXXXX with mktemp!!\nDoes your mktemp support the -d option??\nIf not, modify logwatch.conf accordingly.\n";
}
if ($Config{'debug'}>7) {
print "\nMade Temp Dir: " . $TempDir . " with mktemp\n";
}
} else {
my $uid = $<;
my $gid = (split(' ', $( ))[0];
# Create the temporary directory...
$TempDir = $Config{'tmpdir'} . "/logwatch." . $$;
if ($Config{'debug'}>7) {
print "\nMaking Temp Dir: " . $TempDir . "\n";
}
`rm -rf $TempDir`;
mkdir ($TempDir,0700) or die "Failed to create TempDir: $TempDir (somebody may be attempting a root exploit!)\n";
`chown $uid $TempDir`;
`chgrp $gid $TempDir`;
`chmod 0700 $TempDir`;
unless (-d $TempDir and (not -l $TempDir)) {
die "$TempDir not a directory (somebody is attempting a root exploit!)\n";
}
unless ((stat($TempDir))[4] == $uid) {
die "$TempDir not owned by UID $uid (somebody is attempting a root exploit!)\n";
}
unless ((stat($TempDir))[5] == $gid) {
die "$TempDir not owned by GID $gid (somebody is attempting a root exploit!)\n";
}
unless (((stat($TempDir))[2] & 07777) == 0700) {
die "$TempDir permissions not 0700 (somebody is attempting a root exploit!)\n";
}
# Check to make sure nothing changed after we checked the ownership
unless (-d $TempDir and (not -l $TempDir)) {
die "$TempDir not a directory (somebody is attempting a root exploit!)\n";
}
`rm -rf $TempDir/*`;
unless (`ls $TempDir | wc -l` == 0) {
die "$TempDir not empty (somebody is attempting a root exploit!)\n";
}
}
unless ($TempDir =~ m=/$=) {
$TempDir .= "/";
}
#############################################################################
# Set up the environment...
$ENV{'LOGWATCH_DATE_RANGE'} = $Config{'range'};
$ENV{'LOGWATCH_DETAIL_LEVEL'} = $Config{'detail'};
$ENV{'LOGWATCH_DEBUG'} = $Config{'debug'};
$ENV{'LOGWATCH_TEMP_DIR'} = $TempDir;
if ($Config{'hostlimit'}) {
$ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Config{'hostname'};
$ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//;
}
if ($Config{'debug'}>4) {
foreach ('LOGWATCH_DATE_RANGE', 'LOGWATCH_DETAIL_LEVEL',
'LOGWATCH_TEMP_DIR', 'LOGWATCH_DEBUG', 'LOGWATCH_ONLY_HOSTNAME') {
if ($ENV{$_}) {
print "export $_='$ENV{$_}'\n";
}
}
}
my $LibDir = "$BaseDir/lib";
if ($ENV{PERL5LIB}) {
# User dirs should be able to override this setting
$ENV{PERL5LIB} = "$ENV{PERL5LIB}:$LibDir";
} else {
$ENV{PERL5LIB} = $LibDir;
}
#############################################################################
unless ($Config{'logdir'} =~ m=/$=) {
$Config{'logdir'} .= "/";
}
# Okay, now it is time to do pre-processing on all the logfiles...
my $LogFile;
foreach $LogFile (@LogFileList) {
next if ($LogFile eq 'none');
if (!defined($LogFileData{$LogFile}{'logfiles'})) {
print "*** Error: There is no logfile defined. Do you have a " . $BaseDir . "conf/logfiles/" . $LogFile . ".conf file ?\n";
next;
}
@FileList = @{$LogFileData{$LogFile}{'logfiles'}};
if ($Config{'archives'} == 1) {
push @FileList, $TempDir . $LogFile . "-archive";
my $Archive;
foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
my $DestFile = $TempDir . $LogFile . "-archive";
unless ($Archive =~ m=^/=) {
$Archive = ($Config{'logdir'} . $Archive);
}
if ($Archive =~ m/gz$/) {
`/bin/zcat $Archive 2>/dev/null >> $DestFile`;
} else {
`/bin/cat $Archive 2>/dev/null >> $DestFile`;
}
}
}
my $FileText = "";
foreach $ThisFile (@FileList) {
if ($ThisFile =~ m=^/=) {
$FileText .= ($ThisFile . " ");
} else {
$FileText .= ( $Config{'logdir'} . $ThisFile . " ");
}
}
my $FilterText = " 2>/dev/null ";
foreach (sort keys %{$LogFileData{$LogFile}}) {
my $cmd = $_;
if ($cmd =~ s/^\d+-\*//) {
$FilterText .= ("| $BaseDir" . "scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
} elsif ($cmd =~ s/^\$//) {
$ENV{$cmd} = $LogFileData{$LogFile}{$_};
if ($Config{'debug'}>4) {
print "export $cmd='$LogFileData{$LogFile}{$_}'\n";
}
}
}
if (opendir (LOGDIR,$BaseDir . "scripts/logfiles/" . $LogFile)) {
foreach (sort readdir(LOGDIR)) {
unless ( -d $BaseDir . "scripts/logfiles/$LogFile/$_") {
$FilterText .= ("| $BaseDir" . "scripts/logfiles/$LogFile/$_");
}
}
closedir (LOGDIR);
}
if ($FileText) {
my $Command = $FileText . $FilterText . ">" . $TempDir . $LogFile;
if ($Config{'debug'}>4) {
print "\nPreprocessing LogFile: " . $LogFile . "\n" . $Command . "\n";
}
if ($LogFile !~ /^[-_\w\d]+$/) {
print STDERR "Unexpected filename: [[$LogFile]]. Not used\n"
} else {
`/bin/cat $Command`;
}
}
}
#populate the host lists if we're splitting hosts
my @hosts;
if ($Config{'splithosts'} eq 1) {
my $newlogfile;
my @logarray;
opendir (LOGDIR,$TempDir) || die "Cannot open dir";
@logarray = readdir(LOGDIR);
closedir (LOGDIR);
my $ecpcmd = ("| $BaseDir" . "scripts/shared/hostlist");
foreach $newlogfile (@logarray) {
my $eeefile = ("$TempDir" . "$newlogfile");
if ((!(-d $eeefile)) && (!($eeefile =~ m/-archive/))) {
`/bin/cat $eeefile $ecpcmd`;
}
}
#read in the final host list
open (HOSTFILE,"$TempDir/hostfile") || die $!;
@hosts = <HOSTFILE>;
close (HOSTFILE);
chomp @hosts;
@hosts = sort(@hosts);
}
#############################################################################
my $report_finish = "\n ###################### LogWatch End ######################### \n\n";
my $printing = '';
my $emailopen = '';
sub initprint {
return if $printing;
if ($Config{'print'} eq 1) {
*OUTFILE = *STDOUT;
} elsif ($Config{'save'} ne "") {
open(OUTFILE,">" . $Config{'save'}) or die "Can't open output file: $Config{'save'}\n";
} elsif ($OSname eq "SunOS") {
#Solaris mail doesn't know -s -mgt
if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) {
open(OUTFILE,"|$Config{'mailer'} $Config{'mailto'}") or die "Can't execute /bin/mail\n";
print OUTFILE "From: LogWatcher\n";
print OUTFILE "To: $Config{'mailto'}\n";
print OUTFILE "Subject: LogWatch for $Config{'hostname'}\n\n";
if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) {
print OUTFILE "Reporting on hosts: @hosts\n";
}
$emailopen = 'y';
}
} else {
if (($Config{'multiemail'} eq 1) || ($emailopen eq "")) {
open(OUTFILE,"|$Config{'mailer'} -s \"LogWatch for $Config{'hostname'}\" " . $Config{'mailto'}) or die "Can't execute /bin/mail\n";
if (($Config{'splithosts'} eq 1) && ($Config{'multiemail'} eq 0)) {
print OUTFILE "Reporting on hosts: @hosts\n";
}
$emailopen = 'y';
}
}
$printing = 'y';
print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n";
print OUTFILE " Processing Initiated: " . localtime(time) . "\n";
print OUTFILE " Date Range Processed: $Config{'range'}\n";
print OUTFILE " Detail Level of Output: $Config{'detail'}\n";
print OUTFILE " Logfiles for Host: $Config{'hostname'}\n";
print OUTFILE " ################################################################ \n";
}
sub parselogs {
my $Service;
foreach $Service (sort @ServiceList) {
$ENV{'PRINTING'} = $printing;
@FileList = @{$ServiceData{$Service}{'logfiles'}};
my $FileText = "";
foreach $ThisFile (@FileList) {
if (-s $TempDir . $ThisFile) {
$FileText .= ( $TempDir . $ThisFile . " ");
}
}
my $FilterText = " ";
foreach (sort keys %{$ServiceData{$Service}}) {
my $cmd = $_;
if ($cmd =~ s/^\d+-\*//) {
$FilterText .= ("$BaseDir" . "scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" );
} elsif ($cmd =~ s/^\$//) {
$ENV{$cmd} = $ServiceData{$Service}{$_};
if ($Config{'debug'}>4) {
print "export $cmd='$ServiceData{$Service}{$_}'\n";
}
}
}
# ECP - insert the host stripping now
my $HostStrip = " ";
if ($Config{'splithosts'} eq 1) {
$HostStrip .= ("$BaseDir" . "scripts/shared/onlyhost");
}
if ( -f $BaseDir . "scripts/services/" . $Service ) {
$FilterText .= ("" . $BaseDir . "scripts/services/" . $Service );
}
else {
die "Can't open: " . $BaseDir . "scripts/services/" . $Service;
}
my $Command = '';
if ($FileList[0] eq 'none') {
$Command = " $FilterText 2>&1 ";
} elsif ($FileText) {
if ($HostStrip ne " ") {
$Command = " ( /bin/cat $FileText | $HostStrip | $FilterText) 2>&1 ";
} else {
$Command = " ( /bin/cat $FileText | $FilterText) 2>&1 ";
}
}
if ($Command) {
if ($Config{'debug'}>4) {
print "\nProcessing Service: " . $Service . "\n" . $Command . "\n";
}
open (TESTFILE,$Command . " |");
my $ThisLine;
my $has_output = 0;
while (defined ($ThisLine = <TESTFILE>)) {
next if ((not $printing) and $ThisLine =~ /^\s*$/);
initprint();
if (($has_output == 0) and ($ServiceData{$Service}{'title'})) {
print OUTFILE "\n --------------------- $ServiceData{$Service}{'title'} Begin ------------------------ \n\n";
$has_output = 1;
}
print OUTFILE $ThisLine;
}
close (TESTFILE);
if ($has_output and $ServiceData{$Service}{'title'}) {
print OUTFILE "\n ---------------------- $ServiceData{$Service}{'title'} End ------------------------- \n\n";
}
}
}
print OUTFILE $report_finish if ($printing);
if ($Config{'multiemail'} eq 1) {
close(OUTFILE) unless ($Config{'print'} eq 1);
}
}
if ($Config{'splithosts'} eq 1) {
my $Host;
foreach $Host (@hosts) {
$printing = '';
$ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Host;
$ENV{'LOGWATCH_ONLY_HOSTNAME'} =~ s/\..*//;
$Config{'hostname'} = $Host;
parselogs();
} # ECP
} else {
parselogs();
}
close(OUTFILE) unless ($Config{'print'} eq 1);
#############################################################################
# Get rid of temp directory...
if ($Config{'debug'}<100) {
`rm -rf $TempDir`;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 et

127
log.d/configs/win2k/scripts/services/antivirus Executable file
View file

@ -0,0 +1,127 @@
#!/usr/bin/perl
##########################################################################
# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if ($ThisLine =~ /^\(16\)/ ) {
if ($ThisLine =~ /no new Virus Definitions available/ ) {
$NoUpdate++;
} elsif ($ThisLine =~ /successfully downloaded Virus Definitions/ ) {
$GotUpdate++;
} elsif ($ThisLine =~ /irus definitions are current/ ) {
} else {
push @UpdateList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(7\)/ ) {
if ($ThisLine =~ /New virus definition file loaded. Version:(.*)/ ) {
$Update->{$1}->{'New Dat File Loaded'}++;
} else {
push @UpdateList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(4\)/ ) {
if ($ThisLine =~ /Update to computer (.*) of virus definition file ([^ ]+) failed. Status/ ) {
$WKUpdate->{$1}->{$2}++;
} else {
push @WKUpdateList, "$ThisLine\n";
}
} else {
push @OtherList, "$ThisLine\n";
}
}
#######################################
print "NAV Dat File Updates:\n";
print "---------------------\n";
if ($NoUpdate > 0) {
print " NAV Checked For new updates $NoUpdate Times\n"
}
if ($GotUpdate > 0) {
print " Nav Downloaded New Datfiles $GotUpdate Times\n"
}
if (keys %{$Update} and ($Detail >= 5)) {
print "Dat Files Downloaded:\n";
foreach $i (sort {$a cmp $b} keys %{$Update}) {
print " Dat $i: ";
foreach $j (sort {$a cmp $b} keys %{$Update->{$i}}) {
print " " . $Update->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#UpdateList >= 0) {
print "\n**Unmatched Dat Entries**\n";
print @UpdateList;
}
print "\n\n";
print "Workstation Update Failures:\n";
print "----------------------------\n";
if (keys %{$WKUpdate} and ($Detail >= 5)) {
print "WorkStation Update Failures:\n";
foreach $i (sort {$a cmp $b} keys %{$WKUpdate}) {
print " WorkStation $i:\n";
foreach $j (sort {$a cmp $b} keys %{$WKUpdate->{$i}}) {
print " Dat Version: $j " . $WKUpdate->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#WKUpdateList >= 0) {
print "\n**Unmatched Workstation Entries**\n";
print @WKUpdateList;
}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 et

95
log.d/configs/win2k/scripts/services/exchange Executable file
View file

@ -0,0 +1,95 @@
#!/usr/bin/perl
##########################################################################
# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if ($ThisLine =~ /^\(9543\)/ ) {
$ProxyError++
# } elsif ($ThisLine =~ /^\(562|565|673|674|672|677|676|515|577\)/ ) {
} elsif ($ThisLine =~ /^\(8528\): .*: The mailbox for (.*) has exceeded the maximum mailbox size/ ) {
$FullBox->{$1}++;
} else {
push @OtherList, "$ThisLine\n";
}
}
#######################################
if ($ProxyError > 0) {
print " Unable to create Public Folder proxy object $ProxyError Times\n";
}
printf "\n";
if (keys %{$FullBox} and ($Detail >= 5)) {
print "MailBox Full:\n";
foreach $i (sort {$a cmp $b} keys %{$FullBox}) {
print " Username $i $FullBox->{$i} Time(s)\n";
}
}
#printf "\n";
#if (keys %{$Privs} and ($Detail >= 5)) {
# print "Privledge Changes:\n";
# foreach $i (sort {$a cmp $b} keys %{$Privs}) {
# print " Username $i:\n";
# foreach $j (sort {$a cmp $b} keys %{$Privs->{$i}}) {
# print " Privledges: $j " . $Privs->{$i}->{$j} . " Time(s)\n";
# }
## }
#}
#if ($#PrivsList >= 0) {
# print "\n**Unmatched Privs Entries**\n";
# print @PrivsList;
#}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 et

132
log.d/configs/win2k/scripts/services/ntds Executable file
View file

@ -0,0 +1,132 @@
#!/usr/bin/perl
##########################################################################
# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if ($ThisLine =~ /^\(1507\)/ ) {
$AskRep++
} elsif ($ThisLine =~ /^\(1508\)/ ) {
$RepRep++
} elsif ($ThisLine =~ /^\(1489\)/ ) {
$PrepRep++
} elsif ($ThisLine =~ /^\(1490\)/ ) {
$FinPrepRep++
} elsif ($ThisLine =~ /^\(1487\)/ ) {
$AskInRep++
} elsif ($ThisLine =~ /^\(1124\)/ ) {
$RPCFail++
} elsif ($ThisLine =~ /^\(1585\)/ ) {
$ChkPDC++
} elsif ($ThisLine =~ /^\(1085\)/ ) {
$RepFail++
} elsif ($ThisLine =~ /^\(1363|1515|1516|1366|1488|1060|1068|1073|1364|1070|1072|1061\)/ ) {
# } elsif ($ThisLine =~ /^\(8528\): .*: The mailbox for (.*) has exceeded the maximum mailbox size/ ) {
# $FullBox->{$1}++;
} else {
push @OtherList, "$ThisLine\n";
}
}
#######################################
if ($AskRep > 0) {
print " The Directory Service has been asked for replication state information $AskRep Times\n";
}
if ($RepRep > 0) {
print " The Directory Service processed the replication state information request $RepRep Times\n";
}
if ($PrepRep > 0) {
print " The Directory Service has been asked for outbound changes $PrepRep Times\n";
}
if ($FinPrepRep > 0) {
print " The Directory Service finished gathering outbound changes $FinPrepRep Times\n";
}
if ($AskInRep > 0) {
print " The Directory Service has been asked to begin inbound replication $AskInRep Times\n";
}
if ($RPCFail > 0) {
print " The directory replication agent (DRA) failed to get a remote procedure call (RPC) binding handle $RPCFail Times\n";
}
if ($ChkPDC > 0) {
print " The checkpoint with the PDC was successful. $ChkPDC Times\n";
}
if ($RepFail > 0) {
print " The directory replication agent (DRA) couldn't synchronize partition $RepFail Times\n";
}
printf "\n";
if (keys %{$FullBox} and ($Detail >= 5)) {
print "MailBox Full:\n";
foreach $i (sort {$a cmp $b} keys %{$FullBox}) {
print " Username $i $FullBox->{$i} Time(s)\n";
}
}
#printf "\n";
#if (keys %{$Privs} and ($Detail >= 5)) {
# print "Privledge Changes:\n";
# foreach $i (sort {$a cmp $b} keys %{$Privs}) {
# print " Username $i:\n";
# foreach $j (sort {$a cmp $b} keys %{$Privs->{$i}}) {
# print " Privledges: $j " . $Privs->{$i}->{$j} . " Time(s)\n";
# }
## }
#}
#if ($#PrivsList >= 0) {
# print "\n**Unmatched Privs Entries**\n";
# print @PrivsList;
#}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 et

266
log.d/configs/win2k/scripts/services/security Executable file
View file

@ -0,0 +1,266 @@
#!/usr/bin/perl
##########################################################################
# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if ($ThisLine =~ /^\(1704\)/ ) {
$SecPolicyApplied++
} elsif ($ThisLine =~ /^\(562|565|673|674|672|677|676|515|577\)/ ) {
# } elsif ($ThisLine =~ /^\(537\)/ ) {
# if ($ThisLine =~ /\(537\): (.*): Logon Failure: Reason: (.*) User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: -/ ) {
# $LogonFailure->{$1}->{$2}++;
# } else {
# push @LogonFailureList, "$ThisLine\n";
# }
} elsif ($ThisLine =~ /^\(538\)/ ) {
if ($ThisLine =~ /\(538\): (.*): User Logoff: User Name: .* Domain: .* Logon ID: /) {
$Logoff->{$1}++;
} else {
push @LogoffList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(576\)/ ) {
if ($ThisLine =~ /Assigned: SeChangeNotifyPrivilege$/ ) {
# don't record just this priv, it happens to much
} elsif ($ThisLine =~ /\(576\): (.*): Special privileges assigned to new logon: User Name: .*Domain: .*Logon ID: .*Assigned: (.*)/ ) {
$Privs->{$1}->{$2}++;
} else {
push @PrivsList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(540|528\)/ ) {
if ($ThisLine =~ /\(540\): .*: Successful Network Logon: User Name: (.*) Domain: .* Logon ID: .* Logon Type: .* Logon Process: .* Workstation Name: (.*) /) {
$Logon->{$1}->{$2}++;
} elsif ($ThisLine =~ /\(540\): .*: Successful Network Logon: User Name: (.*) Domain: .* Logon ID: .* Logon Type: .* Logon Process: .* Workstation Name:/) {
$Logon->{$1}->{'Unknown'}++;
} elsif ($ThisLine =~ /\(528\): .*: Successful Logon: User Name: (.*) Domain: .* Logon ID: .* Logon Type: .* Logon Process: .* Authentication Package: .* Workstation Name: (.*)/ ) {
$Logon->{$1}->{$2}++;
} else {
push @LogonList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(680\)/ ) {
if ($ThisLine =~ /\(680\): NT AUTHORITY\\SYSTEM/ ) {
#ignore SYSTEM use, its very common
} elsif ($ThisLine =~ /\(680\): (.*): Account Used for Logon by: .* Account Name: (.*) Workstation: (.*)/ ) {
$Logonused->{$1}->{$2}->{$3}++;
} else {
push @LogonusedList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(675\)/ ) {
if ($ThisLine =~ /\(675\): .*: Pre-authentication failed: User Name: (.*) User ID: .*Service Name: .*Pre-Authentication Type: .*Failure Code: .*Client Address: (.*)/ ) {
$PreAuthFailed->{$1}->{$2}++;
} else {
push @PreAuthFailed, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(578\)/ ) {
if ($ThisLine =~ /\(578\): .*: Privileged object operation: Object Server: (.*)Object Handle: .*Process ID: .*Primary User Name: (.*)Primary Domain: .*Primary Logon ID: .*Client User Name: (.*) Client Domain: .*Client Logon ID: .*Privileges: (.*)/ ) {
$PrivUse->{$1}->{$2}->{$3}->{$4}++;
} else {
push @PrivUseList, "$ThisLine\n";
}
} elsif ($ThisLine =~ /^\(539|529|535|537|681\)/ ) {
if ($ThisLine =~ /: .*: Logon Failure: Reason: (.*) User Name: (.*) Domain: .*Logon Type: .*Logon Process: .*Authentication Package: .*Workstation Name: (.*)/ ) {
$FailedLogin->{$2}->{$3}->{$1}++;
} elsif ($ThisLine =~ /Logon Failure: Reason: An unexpected error occurred during logon User Name: Domain: Logon / ) {
$FailedLogin->{'Unknown'}->{'Unknown'}->{'Unknown'}++;
} elsif ($ThisLine =~ /\(681\): .*: The logon to account: (.*) by: .* from workstation: (.*) failed. The error code was: .*/ ) {
$FailedLogin->{$1}->{$2}->{"Unknown"}++;
} else {
push @FailedLoginList, "$ThisLine\n";
}
} else {
push @OtherList, "$ThisLine\n";
}
}
#######################################
if ($SecPolicyApplied > 0) {
print " Group Security Policy Applied $SecPolicyApplied Times\n";
}
printf "\n";
if (keys %{$LogonFailure} and ($Detail >= 5)) {
print "Logon Failures:\n";
foreach $i (sort {$a cmp $b} keys %{$LogonFailure}) {
print " Username $i: ";
foreach $j (sort {$a cmp $b} keys %{$LogonFailure->{$i}}) {
print " $j: " . $LogonFailure->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#LogonFailureList >= 0) {
print "\n**Unmatched Logon Failure Entries**\n";
print @LogonFailureList;
}
printf "\n";
if (keys %{$Logoff} and ($Detail >= 5)) {
print "Domain LogOff's:\n";
foreach $i (sort {$a cmp $b} keys %{$Logoff}) {
print " Username $i: $Logoff->{$i}\n";
}
}
if ($#LogoffList >= 0) {
print "\n**Unmatched Logoff Entries**\n";
print @LogoffList;
}
printf "\n";
if (keys %{$Logon} and ($Detail >= 5)) {
print "Domain Logon's:\n";
foreach $i (sort {$a cmp $b} keys %{$Logon}) {
print " Username $i:\n";
foreach $j (sort {$a cmp $b} keys %{$Logon->{$i}}) {
print " Host: $j " . $Logon->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#LogonList >= 0) {
print "\n**Unmatched Logon Entries**\n";
print @LogonList;
}
printf "\n";
if (keys %{$Privs} and ($Detail >= 5)) {
print "Privledge Changes:\n";
foreach $i (sort {$a cmp $b} keys %{$Privs}) {
print " Username $i:\n";
foreach $j (sort {$a cmp $b} keys %{$Privs->{$i}}) {
print " Privledges: $j " . $Privs->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#PrivsList >= 0) {
print "\n**Unmatched Privs Entries**\n";
print @PrivsList;
}
printf "\n";
if (keys %{$Logonused} and ($Detail >= 5)) {
print "Logon Impersonations:\n";
foreach $i (sort {$a cmp $b} keys %{$Logonused}) {
print " Account: $i:\n";
foreach $j (sort {$a cmp $b} keys %{$Logonused->{$i}}) {
print " User: $j\n";
foreach $k (sort {$a cmp $b} keys %{$Logonused->{$i}->{$j}}) {
print " Workstation: $k " . $Logonused->{$i}->{$j}->{$k} . " Time(s)\n";
}
}
}
}
if ($#LogonusedList >= 0) {
print "\n**Unmatched Logonused Entries**\n";
print @LogonusedList;
}
printf "\n";
if (keys %{$PreAuthFailed} and ($Detail >= 5)) {
print "Pre-Authentication Failures:\n";
foreach $i (sort {$a cmp $b} keys %{$PreAuthFailed}) {
print " Username $i:\n";
foreach $j (sort {$a cmp $b} keys %{$PreAuthFailed->{$i}}) {
print " Host: $j " . $PreAuthFailed->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($#PreAuthFailedList >= 0) {
print "\n**Unmatched PreAuthFailed Entries**\n";
print @PreAuthFailedList;
}
printf "\n";
if (keys %{$PrivUse} and ($Detail >= 5)) {
print "Privledged Use:\n";
foreach $i (sort {$a cmp $b} keys %{$PrivUse}) {
print " Object: $i:\n";
foreach $j (sort {$a cmp $b} keys %{$PrivUse->{$i}}) {
print " Granting Account: $j\n";
foreach $k (sort {$a cmp $b} keys %{$PrivUse->{$i}->{$j}}) {
print " Target Account: $k\n";
foreach $l (sort {$a cmp $b} keys %{$PrivUse->{$i}->{$j}->{$k}}) {
print " Privledge: $l " . $PrivUse->{$i}->{$j}->{$k}->{$l} . " Time(s)\n";
}
}
}
}
}
if ($#PrivUseList >= 0) {
print "\n**Unmatched PrivUse Entries**\n";
print @PrivUseList;
}
printf "\n";
if (keys %{$FailedLogin} and ($Detail >= 5)) {
print "Failed Login's:\n";
foreach $i (sort {$a cmp $b} keys %{$FailedLogin}) {
print " Account: $i:\n";
foreach $j (sort {$a cmp $b} keys %{$FailedLogin->{$i}}) {
print " Host: $j\n";
foreach $k (sort {$a cmp $b} keys %{$FailedLogin->{$i}->{$j}}) {
print " Reason: $k " . $FailedLogin->{$i}->{$j}->{$k} . " Time(s)\n";
}
}
}
}
if ($#FailedLoginList >= 0) {
print "\n**Unmatched Failed Login Entries**\n";
print @FailedLoginList;
}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 et

39
log.d/configs/win2k/scripts/shared/applyhttpdate Executable file
View file

@ -0,0 +1,39 @@
#!/usr/bin/perl -w
########################################################
# This was stolen from code written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
########################################################
use POSIX qw(strftime);
# This will pick out only the wanted date from a logfile
# in the standard /var/log/messages format.
# I plan to add a *lot* more date flexibility at a later time...
my $time = time;
if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') {
$SearchDate = strftime("%d/%b/%Y", localtime($time-86400));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') {
$SearchDate = strftime("%d/%b/%Y", localtime($time));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') {
$SearchDate = "..\/...\/....";
}
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside ApplyStdDate...\n";
print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n";
print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/\[$SearchDate:..:..:../o) {
print $ThisLine;
}
}

51
log.d/configs/win2k/scripts/shared/applystddate Executable file
View file

@ -0,0 +1,51 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: applystddate,v 1.12 2002/10/14 16:21:57 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
use POSIX qw(strftime);
# This will pick out only the wanted date from a logfile
# in the standard /var/log/messages format.
# I plan to add a *lot* more date flexibility at a later time...
my $time = time;
if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') {
$SearchDate = strftime("%b %d", localtime($time-86400));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') {
$SearchDate = strftime("%b %d", localtime($time));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') {
$SearchDate = "... ..";
}
# The date might be "Dec 09", but it needs to be "Dec 9"...
$SearchDate =~ s/ 0/ /;
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside ApplyStdDate...\n";
print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n";
print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: /o) {
print $ThisLine;
} elsif ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*: /o) {
print $ThisLine;
} elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate ..:..:.. \d{4}/o) {
print $ThisLine;
}
}

28
log.d/configs/win2k/scripts/shared/applyusdate Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/perl -w
use POSIX qw(strftime);
my $time = time;
if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') {
$SearchDate = strftime("%m/%d/%y", localtime($time-86400));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') {
$SearchDate = strftime("%m/%d/%y", localtime($time));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') {
$SearchDate = '..\/..\/..';
}
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside ApplyUSDate...\n";
print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n";
print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/^$SearchDate ..:..:.. /o) {
print $ThisLine;
}
}

49
log.d/configs/win2k/scripts/shared/applywindate Executable file
View file

@ -0,0 +1,49 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: applystddate,v 1.12 2002/10/14 16:21:57 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
use POSIX qw(strftime);
# This will pick out only the wanted date from a logfile
# in the standard /var/log/messages format.
# I plan to add a *lot* more date flexibility at a later time...
my $time = time;
if ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'yesterday') {
$SearchDate = strftime("%b %d", localtime($time-86400));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'today') {
$SearchDate = strftime("%b %d", localtime($time));
}
elsif ( $ENV{'LOGWATCH_DATE_RANGE'} eq 'all') {
$SearchDate = "... ..";
}
# The date might be "Dec 09", but it needs to be "Dec 9"...
$SearchDate =~ s/ 0/ /;
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside ApplyStdDate...\n";
print STDERR "DEBUG: Range: " . $ENV{'LOGWATCH_DATE_RANGE'} . "\n";
print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]* \([0123456789]*\): /o) {
print $ThisLine;
} elsif ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]* [^ ]* \([0123456789]*\): /o) {
print $ThisLine;
}
}

34
log.d/configs/win2k/scripts/shared/expandrepeats Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: expandrepeats,v 1.5 2002/10/13 15:24:27 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
########################################################
# This used to expand "Last Message Repeated n Times" messages in
# standard syslog files. Now, I have decided it is much better to
# just ignore the repeats, as otherwise our temporary logfiles will
# be too huge.
$LastLine = "";
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/last message repeated ([0123456789]+) times$/) {
# Just ignore these lines
#for ($i=0;$i<$1;$i++) {
# print $LastLine;
#}
}
else {
print $ThisLine;
$LastLine = $ThisLine;
}
}

34
log.d/configs/win2k/scripts/shared/hostlist Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/perl -w
use strict;
my $TempDir = $ENV{'LOGWATCH_TEMP_DIR'};
my ($line, $host,$tothost);
my @hostlist;
my $HostFile = ("$TempDir" . "hostfile");
if (-f $HostFile) {
open (TEMPFILE,$HostFile);
@hostlist = <TEMPFILE>;
close (TEMPFILE);
}
while (defined($line = <STDIN>)) {
if ($line =~ m/^... .. ..:..:.. (\S*)/io) {
$host = $1;
if (grep(m/$host/,@hostlist)) {
} else {
push @hostlist,$host;
}
}
}
open (TEMPFILE,">$HostFile") || die $!;
foreach $tothost (@hostlist) {
chomp $tothost;
if (length($tothost) == "0") {
} else {
print TEMPFILE "$tothost\n";
}
}
close TEMPFILE;

40
log.d/configs/win2k/scripts/shared/multiservice Executable file
View file

@ -0,0 +1,40 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: multiservice,v 1.2 2003/12/15 22:15:49 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
# This will pick out only the wanted service from a logfile
# in the standard /var/log/messages format. Case insensitive.
@ServiceName = split(/,/,$ARGV[0]);
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside MultiService for $ServiceName[0]\n";
}
while (defined($ThisLine = <STDIN>)) {
for $ServiceName (@ServiceName) {
if ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]:/i) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: \[ID [0-9]+ $ServiceName/io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*: \[ID [0-9]+ $ServiceName/io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName:/i) {
print $ThisLine;
}
}
}

17
log.d/configs/win2k/scripts/shared/onlycontains Executable file
View file

@ -0,0 +1,17 @@
#!/bin/sh
##########################################################################
# $Id: onlycontains,v 1.8 2004/06/21 13:45:02 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
# Just does a case-insensitive egrep ;)
/bin/egrep -i "$@"

30
log.d/configs/win2k/scripts/shared/onlyhost Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/perl -w
use strict;
##########################################################################
# $Id: onlyhost,v 1.4 2004/06/21 14:18:57 kirk Exp $
##########################################################################
# This feature concieved by mark@winksmith.com
my $hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'};
if (($ENV{'LOGWATCH_DEBUG'} > 5) and $hostname) {
print STDERR "DEBUG: Inside OnlyHostname for $hostname\n";
}
#If called from a service config file it passes the param as an ARG
if ($#ARGV == 0) { #put in or override the host id
$hostname = $ARGV[0];
}
my $line;
while (defined($line = <STDIN>)) {
if ($hostname) {
if ($line =~ m/^... .. ..:..:.. $hostname\b/io) {
print $line;
}
} else {
print $line;
}
}

39
log.d/configs/win2k/scripts/shared/onlyservice Executable file
View file

@ -0,0 +1,39 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: onlyservice,v 1.5 2003/12/15 22:15:49 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
# This will pick out only the wanted service from a logfile
# in the standard /var/log/messages format. Case insensitive.
$ServiceName = $ARGV[0];
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside OnlyService for $ServiceName\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]: /io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: \[ID [0-9]+ $ServiceName/io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* [^ ]*: \[ID [0-9]+ $ServiceName/io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName: /io) {
print $ThisLine;
}
elsif ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName \([0123456789]*\): /io) {
print $ThisLine;
}
}

18
log.d/configs/win2k/scripts/shared/remove Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
##########################################################################
# $Id: remove,v 1.8 2004/06/21 13:45:02 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
########################################################
# Just a case-insensitive, inverse egrep
/bin/egrep -vi "$@"

29
log.d/configs/win2k/scripts/shared/removeheaders Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/perl -w
##########################################################################
# $Id: removeheaders,v 1.9 2004/06/21 14:18:57 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
########################################################
# Removes the beginning of each line of a standard /var/log/messages-style
# logfile.
while (defined($ThisLine = <STDIN>)) {
#First line is Solaris ID tag style -mgt
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: \[ID [0-9]+ [[:alpha:]]+\.[[:alpha:]]+\] //;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*: \[ID [0-9]+ [[:alpha:]]+\.[[:alpha:]]+\] //;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: \[ID [0-9]+\]//;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*\[[0123456789]*\]: //;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]*: //;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]* [^ ]* \(([01234567890]*)\)/\($2\)/;
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) [^ ]* \(([01234567890]*)\)/\($2\)/;
print $ThisLine;
}

39
log.d/configs/win2k/scripts/shared/removeservice Executable file
View file

@ -0,0 +1,39 @@
#!/usr/bin/perl -w
use strict;
##########################################################################
# $Id: removeservice,v 1.4 2002/10/12 02:08:20 kirk Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
my ($ServiceName, $ThisLine);
my ($linesin, $linesout) = (0, 0);
# This will remove the unwanted service from a logfile
# in the standard /var/log/messages format. Case insensitive
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside RemoveService...\n";
}
$ServiceName = $ARGV[0];
while (defined($ThisLine = <STDIN>)) {
$linesin++;
unless ( ($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName\[[0123456789]*\]: /oi) or
($ThisLine =~ m/^... .. ..:..:.. [^ ]* $ServiceName: /oi) ) {
$linesout++;
print $ThisLine;
}
}
if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
print STDERR "DEBUG: Inside RemoveService: $linesin Lines In, $linesout Lines Out\n";
}