/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/iplogcheck/iplogcheck
ViewVC logotype

Contents of /trunk/nl.nikhef.ndpf.tools/iplogcheck/iplogcheck

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2665 - (show annotations) (download)
Sat Aug 17 11:07:33 2013 UTC (9 years, 1 month ago) by davidg
File size: 4700 byte(s)
Redesigned version

1 #! /usr/bin/perl -w
2 #
3 # @(#)$Id$
4 #
5 use strict;
6 use Getopt::Long qw(:config no_ignore_case bundling);
7 use POSIX;
8 use Mail::Send;
9 use IO::Zlib;
10 use IO::File;
11 use NetAddr::IP;
12 use Sys::Hostname;
13
14 my $sccsid = '@(#)$Id$';
15
16 my $iplistfile;
17 my $verb;
18 my $quiet;
19 my $help;
20 my $maildest;
21 my $statefile = "/var/run/iplogcheck.run";
22 my $logdir = "/var/log";
23 #my $lognamepattern = '.*';
24 my $lognamepattern = '^(secure|kernel|messages|dpm)$';
25 my $history=90;
26
27 my $statetime;
28 my $iplisttime;
29 my @logfiles;
30 my %ippat;
31 my %ipobjects;
32 my @matches;
33
34 &GetOptions(
35 "f|iplistfile=s" => \$iplistfile,
36 "statefile=s" => \$statefile,
37 "l|lognamepattern=s" => \$lognamepattern,
38 "logdir=s" => \$logdir,
39 "history=i" => \$history,
40 "h|help+" => \$help,
41 "v|verbose+" => \$verb,
42 "q|quiet+" => \$quiet,
43 "m|maildest=s" => \$maildest
44 ) or &help() and exit(1);
45
46 $help and &help and exit(0);
47 $verb ||= 0;
48 $quiet ||= 0;
49 $iplistfile ||= ( -e "/etc/iplist.cnf" and "/etc/iplist.cnf" );
50 $iplistfile or die "Cannot find list of IPs, iplistfile not defined\n";
51 -r $iplistfile or die "Cannot read iplistfile $iplistfile: $!\n";
52
53 $iplisttime = (stat $iplistfile)[9];
54 if ( -e $statefile ) {
55 open STATE,"<$statefile" or die "Cannot open existing state file $statefile: $!\n";
56 $statetime=<STATE>; chomp($statetime);
57 close STATE;
58 if ( $statetime < $iplisttime ) { # has the iplist been updated?
59 $statetime = $iplisttime-($history*24*3600);
60 $verb and print "IP list $iplistfile updated, rescanning $history days\n";
61 push @matches,"--- META INFO: $iplistfile updated on ".strftime("%Y-%m-%d %H:%ML",localtime($iplisttime)).", rescanning $history days ---";
62 } else {
63 $statetime = (stat $statefile)[9]; # run since last time
64 }
65 } else { $statetime=$iplisttime-($history*24*3600); }
66
67 opendir LOGDIR,$logdir or die "Cannot read $logdir: $!\n";
68 @logfiles = grep {
69 (! /^\./) && /$lognamepattern/ && ((stat "$logdir/$_")[9] >= $statetime) }
70 readdir LOGDIR;
71 closedir LOGDIR;
72
73
74 open IPFILE,"<$iplistfile" or die "Cannot read $iplistfile: $!\n";
75 while (<IPFILE>) {
76 chomp;
77 my ($comment,$pat);
78 $comment="(no comment)";
79 /^\s*#.*$/ and next;
80 /#/ and ($comment=$_) =~ s/^[^#]*\#\s*//;
81 /^\s*([^#;\s]+).*/ and $pat=$1;
82 $ippat{$pat} = $comment if defined $pat and $pat;
83 $pat =~ /^[\d:\.\/]+$/ and do {
84 my $ip=NetAddr::IP->new($pat);
85 $ipobjects{$pat}=$ip;
86 };
87 }
88 close IPFILE;
89
90 $verb and do {
91 print "Analyzing logfiles since ".strftime("%Y-%m-%d %H:%ML",localtime($statetime))."\n";
92 print "Looking for the following patterns:\n";
93 foreach my $k ( keys %ippat ) {
94 print " $k: $ippat{$k}\n";
95 }
96 };
97
98 $verb>=2 and print "Files: @logfiles\n";
99 foreach my $f ( @logfiles ) {
100 $verb>=2 and print "Processing $f\n";
101 my $fh;
102 if ($f =~ /\.gz$/) {$fh = IO::Zlib->new();} else {$fh = IO::File->new();}
103 $fh->open("$logdir/$f","r");
104 while (<$fh>) {
105 chomp;
106 # quick static matching first
107 foreach my $k ( keys %ippat ) {
108 if ( index($_,$k) >= 0 ) {
109 push @matches,"$f ($k, $ippat{$k}): $_";
110 }
111 }
112 /\D(\d+[:\.]\d+[:\.]\d+[:\.][\d:]+)\D?/ and do { # ip subnet matching
113 my $thisip = NetAddr::IP->new($1) || next;
114 foreach my $k ( keys %ippat ) {
115 $k =~ /^[\d:\.\/]+$/ or next;
116 if ( $thisip->within($ipobjects{$k}) ) {
117 push @matches,"$f ($k, $ippat{$k}): $_";
118 }
119 }
120 };
121 }
122
123 $fh->close;
124 }
125
126 if ( ! $quiet ) {
127 if ( $#matches>=0 || $verb) {print "There are ".(1+$#matches)." matches:\n";}
128 foreach my $l ( @matches ) {
129 print "$l\n";
130 }
131 }
132
133 if ( defined $maildest and $maildest =~ /\@/ and $quiet < 2) {
134 my $msg = Mail::Send->new( To => $maildest );
135 $msg->set("From","nobody\@".hostname);
136 $msg->subject("IP LogCheck results from ".hostname." (".(1+$#matches).
137 " matches)");
138 my $fh = $msg->open;
139 print $fh "Your IP LogCheck results from ".hostname."\n";
140 print $fh "Log files analysed since ".
141 strftime("%Y-%m-%d %H:%ML",localtime($statetime))."\n";
142 print $fh "\n";
143 print $fh "There are ".(1+$#matches)." matches:\n\n";
144 foreach my $l ( @matches ) {
145 print $fh "$l\n";
146 }
147 $fh->close or die "Cannot send mail to $maildest: $!\n";
148 }
149
150
151 # update state file if we get here, and are thus successful
152 #
153 open STATE,">$statefile" or die "Cannot rewrite state file: $!\n";
154 print STATE $iplisttime."\n";
155 close STATE;
156
157 1;
158
159 sub help() {
160 print <<EOF;
161 The iplogcheck utility checks system log files for the occurance of IP
162 addresses listed in the given file. If the file changes, all available
163 historic logs are re-checks as well (once).
164
165 Usage: $0 [-f iplistfile] [-v] [-h] [-m maildest]
166 [--logdir=logdir] [--lognamepattern=regex] [--statefile=filename]
167
168
169 EOF
170 return 1;
171 }
172

Properties

Name Value
svn:executable *

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28