system log scan script written by perl

I forgot where the original script from, seems it’s from sun a perl script to check if messeges or syslog (mail log in solaris) has specified keyword. It needs to run hourly, the script only check last hours logs.

A new function was added, if there no new lines need to inform the script will skip mail action.

這是從sun網站上抓來的log scan script, 大概是從sun網站抓的吧, 我已經忘記了, 改寫部分功能讓它檢查log時如果沒有新發現就不要寄信出來. 這script要排程每各小時讓它跑, 因為它只會檢查上一各小時的log.

#########################################################


#!/bin/perl -w
# msg_log - A sysadmin tool...
# Scans indicated files for indicated things...

# NOTE:  You NEED to READ The Code and SET Some Variables BEFORE Installing!
#        Those areas which need setting are INDICATED by the word 'Set ...'.
# Version v0.05s -

# 071004 modified by parus, not mail if no new entry
# scan specified log file a hour ago, if anything new mail to user's mailbox

use strict;
use diagnostics;

# Set your path to sendmail. Oops! That means "Here there be Unix..."
my $SENDMAIL = '/usr/lib/sendmail';

# Set (pick) a reporting style...
my $report = 1; # Note: 0 = Complete, 1 = Summary reporting...

# WARNING: Selecting 0 (Complete reporting) can generate A LOT of data!!!
# Set your locahost, default host; and localdomain, default domain:
my $defaulthost   = "localhost";
my $defaultdomain = "localdomain";

# I'll get your host and userID (who will get these reports?)
# Or Set a recipient at the end of the first command here:
chomp(my $userid = `/usr/ucb/whoami` || `/usr/bin/whoami` || 'root');# Set as appropriate for your system.
chomp(my $host   = `/bin/hostname` || `/bin/uname -n` || $defaulthost);
chomp(my $domain = `/bin/domainname` || $defaultdomain);

# NOTE:  Some of these logs may require root access to view...
# Use with appropriate caution!  You've been warned!

# Where are your system logs?  The defaults are for Solaris (the OpSys I use...)
# Note:  You can add other logs to scan here as needed...
my $msgpath = '/var/adm/messages';
#my $supath  = '/var/adm/sulog';    # Requires root access to view...
my $syspath = '/var/log/syslog';

# What do you wish to scan the 'messages' log for?
my $msglog = '(fail|snif|unkn|denied|root|inetd|warn|fatal|full|error|NOTICE|WARN|Failed)';

# What do you wish to scan the 'sulog' log for (requires r00t axces) ?
#my $sulog = '(su)';

# What do you wish to scan the 'syslog' log for?
my $syslog = '(denied|unix)';

# Example of DATE: Tue Feb  2 19:34:24 EST 1999
my @months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
my   @days = qw(Sun Mon Tue Wed Thu Fri Sat);
my ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime;
#  (  00   20    20    16   10    63    06 197 01); # Last two not used...
# Ex: $days[$wday] $months[$mon] $mday $hour:$min:$sec $year
my $thour = 0;
if ( $hour == 00 ) {
$thour = 23;
}
else {
$thour = $hour -1;
}
my $today = $months[$mon] . " " . sprintf("%2d", $mday) . " " . sprintf("%02d", $thour); # Get just today's Date...

my $ntday = sprintf("%02d", ++$mon) . '/' . sprintf("%02d", $mday); # Get just today's Numbers...

# ..... Start Main Logic .....
# Add each path_to_log, Log_date_format, and search_data here as
# previsouly defined above...
#print MAIL "$supath -\n";
#&process_log($supath, $ntday, $sulog);

my @messege = process_log($msgpath, $today, $msglog);
my @system = process_log($syspath, $today, $syslog);

if ( scalar @messege > 0 || scalar @system > 0 ) {
&write_mail();
}

# ..... End Main Logic .....

exit; # End of program...

##############################
##### Subroutine Area... #####
##############################
sub process_log {
my $target_log  = shift;
my $search_date = shift;
my $search_data = shift;
open (MY_LOGS, "$target_log") or die "Can't find $target_log: $!";
while (<MY_LOGS>) {
chomp;              # no newline...
s/#.*//; # no comments...
s/^\s+//; # no leading whitespace...
s/\s+$//; # no trailing whitespace...
next unless length; # anything to process?
next unless /$search_date/;
if ($report) {
next unless /$search_data/i;
}
push(@_,$_);
}
return @_;
}

sub write_mail {
open (MAIL, "| $SENDMAIL $userid") || die ("$0: Can't open $SENDMAIL: $!\n");
print MAIL "Reply-to: root\@$domain\n";
print MAIL "From: \"$host.Message.Log\" \<root\@$host.$domain\>\n";
print MAIL "To: $userid\n";
print MAIL "Subject: $host MsgLog Report at ", scalar localtime, "\n";
print MAIL "\n\n";
print MAIL "\n\n";
($report) ? print MAIL "Summary" : print MAIL "Complete";
print MAIL " report from " . $host . $domain . ":\n";

print MAIL "\n$msgpath -\n";
foreach (@messege) {print MAIL "$_\n"};

print MAIL "\n$syspath -\n";
foreach (@system) {print MAIL "$_\n"};

print MAIL "\n\nEnd of Report...\n";
close (MAIL);
}
廣告

system log scan script written by perl” 有 1 則迴響

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

w

連結到 %s