New upstream version 7.5.4
Willi Mann
3 years ago
163 | 163 | are declared in the files under these directories. You can change the |
164 | 164 | default values to modify how or what is displayed with logwatch. |
165 | 165 | |
166 | One variable available to all services, and which by default is not | |
167 | specified, is the 'Detail' variable (note that it is not preceded by | |
168 | a '$' symbol). Specifying a Detail value will override the global | |
169 | Detail level, for that service only. | |
166 | Two variables are available to all services, and not specified by | |
167 | default. They are the 'Detail' variable and the 'Pre_Ignore' | |
168 | variables. The use of these two variables are described at the | |
169 | end of this section. | |
170 | 170 | |
171 | 171 | There are two mechanisms for customizing the variables: |
172 | 172 | |
262 | 262 | |
263 | 263 | will cause the messages file to be ignored for those same services, |
264 | 264 | and only the syslog file will be used. |
265 | ||
266 | An earlier reference was made to the two variables available to all | |
267 | services: Detail and Pre_Ignore. Note that neither is preceded by | |
268 | a '$' symbol when used in the configuration file. | |
269 | ||
270 | Specifying a Detail value will override the global Detail level, for | |
271 | that service only. As with the corresponding command option, 'Detail' | |
272 | can be an integer of zero or higher, or the values Low, Medium, or | |
273 | High, which correspond to the integers 0, 5, and 10, respectively. | |
274 | ||
275 | Specifying a Pre_Ignore variable with a regular expression value will | |
276 | use that regular expression as the argument to 'egrep' to filter the | |
277 | log statements. The filter is applied before the service script is run. | |
278 | This is in contrast to the regular expressions in the ignore.conf file | |
279 | (described in Section 3.A above), which filter the output after the | |
280 | service script is run. Also, the declarations in the ignore.conf file | |
281 | are applied to all services. | |
265 | 282 | |
266 | 283 | |
267 | 284 | 5. Customizing the Scripts |
295 | 312 | ----------------- |
296 | 313 | |
297 | 314 | There is only one required line in the logfile group config file. This |
298 | command is called 'LogFile'. | |
315 | statement is called 'LogFile'. | |
299 | 316 | |
300 | 317 | # This will be the logfile named 'messages' in the default logfile |
301 | 318 | # directory (probably /var/log). |
302 | 319 | LogFile = messages |
303 | 320 | |
304 | # You can also give this command with an absolute path, like this: | |
321 | # You can also give this value with an absolute path. For example: | |
305 | 322 | LogFile = /var/log/messages |
306 | 323 | |
307 | 324 | You can have as many LogFile entries as you wish. All the files specified |
308 | 325 | will be merged into one input stream for any filters that use this logfile |
309 | group. You can also use standard wildcards when you specify the filename. | |
310 | ||
311 | Another command that is optional is called 'Archive'. You can specify a | |
312 | file to also include in the data stream if the '--archives' option is used. | |
313 | If these files do not exist it is okay. For example: | |
326 | group. | |
327 | ||
328 | The 'Archive' statement is optional. Specifying it will include the | |
329 | corresponding files in the data stream if the '--archives' option is | |
330 | used. For example: | |
314 | 331 | |
315 | 332 | # These 2 'Archive' entries will allow users of most Red Hat Linux |
316 | 333 | # systems to access their archives of the 'messages' logfile: |
320 | 337 | # It is best just to include both of these so that the logfile group |
321 | 338 | # will work for most systems. |
322 | 339 | |
340 | When specifying filenames for either the LogFile or Archive statements, | |
341 | you can use standard regexps (for example, *, ?, or [0-9]). In addition, | |
342 | filenames with spaces are possible by enclosing them in single quotes. | |
343 | ||
344 | For either the LogFile or Archive statements, the corresponding files | |
345 | need not exist. In that case, the statement is ignored. Because of this, | |
346 | many Logfile groups have multiple LogFile or Archive statements for many | |
347 | different OS implementations; only those that exist will be used. | |
348 | ||
323 | 349 | Now, the general theory is that the LogFile Group should apply the date |
324 | 350 | range requested. If the logfile is in the standard syslog format, you can |
325 | 351 | use the shared script 'ApplyStdDate' to filter out only the appropriate log |
350 | 376 | You should probably copy an existing config for another service to create |
351 | 377 | a new one. |
352 | 378 | |
353 | There is only one required line. This is the command 'LogFile'. The | |
354 | LogFile command allows you to specify one or more *LogFile Groups* (as | |
379 | There is only one required line. This is the statement 'LogFile'. The | |
380 | LogFile statement allows you to specify one or more *LogFile Groups* (as | |
355 | 381 | described above) that this filter will process. Remember, any filter can |
356 | 382 | process any number of LogFile Groups, and any LogFile Group may contain the |
357 | 383 | data from any number of logfiles (and archives). |
567 | 593 | ======================= |
568 | 594 | |
569 | 595 | The introduction of this document listed additional sources of information. |
570 | In addition, the website http://www.logwatch.org contains: | |
596 | In addition, the website https://sourceforge.net/projects/logwatch/ contains: | |
571 | 597 | - the current (and some archived) distributions of Logwatch |
572 | - access to mailing lists where comments, suggestions, bug reports, | |
573 | etc., are welcome. | |
574 | - access to the svn repository, for the very latest code. | |
598 | - access to a ticket database for bugs, patches, and requests | |
599 | - access to the git repository, for the very latest code. | |
575 | 600 | |
576 | 601 | If you do create new services or enhancements that you feel would be useful |
577 | to other people, please send them to the mailing list 'logwatch-devel at | |
578 | lists.sourceforge.net'. | |
602 | to other people, please post them under: | |
603 | https://sourceforge.net/p/logwatch/patches/ | |
579 | 604 | |
580 | 605 | If you send patches, please make sure that you have the latest version |
581 | of the file from svn, and send the patch file in unified format | |
582 | (using 'svn diff' or 'diff -u') as an attachment. | |
606 | of the file from git, and send the patch file in unified format. | |
607 | Alternatively, create a git merge request. | |
583 | 608 | |
584 | 609 | Enhancement suggestions are more likely to be implemented if patch files |
585 | 610 | implementing the change are sent. |
21 | 21 | Archive = cron-* |
22 | 22 | Archive = archiv/cron-* |
23 | 23 | |
24 | *RemoveService = anacron | |
24 | *RemoveService = anacron,atd | |
25 | 25 | |
26 | 26 | # vi: shiftwidth=3 tabstop=3 et |
0 | 0 | LogFile = dovecot |
1 | Archive = dovecot* | |
1 | Archive = dovecot?* | |
2 | 2 | *ApplyStdDate = "%b %d %H:%M:%S " |
5 | 5 | # New php service, by Jeremias Reith. |
6 | 6 | # |
7 | 7 | ############################################################################### |
8 | # This was written and is maintained by: | |
8 | # This was written by: | |
9 | 9 | # Jeremias Reith <jr@terragate.net> |
10 | # | |
11 | 10 | # Please send all comments, suggestions, bug reports, |
12 | # etc, to jr@terragate.net and logwatch-devel@logwatch.org | |
13 | # | |
11 | # etc, to logwatch-devel@lists.sourceforge.net. | |
14 | 12 | ############################################################################### |
15 | 13 | |
16 | 14 | # What actual file? Defaults to LogPath if not absolute path.... |
20 | 20 | |
21 | 21 | # Yes = True = On = 1 |
22 | 22 | # No = False = Off = 0 |
23 | ||
24 | # Default Log Directory | |
25 | # All log-files are assumed to be given relative to this directory. | |
26 | LogDir = /var/log | |
27 | 23 | |
28 | 24 | # You can override the default temp directory (/tmp) here |
29 | 25 | TmpDir = /var/cache/logwatch |
135 | 131 | # |
136 | 132 | #HostLimit = myhost |
137 | 133 | |
134 | # Default Log Directory | |
135 | # All log-files are assumed to be given relative to the LogDir directory. | |
136 | # Multiple LogDir statements are possible. Additional configuration variables | |
137 | # to set particular directories follow, so LogDir need not be set. | |
138 | #LogDir = /var/log | |
138 | 139 | # |
139 | 140 | # By default /var/adm is searched after LogDir. |
140 | 141 | #AppendVarAdmToLogDirs = 1 |
141 | ||
142 | 142 | # |
143 | 143 | # By default /var/log is to be searched after LogDir and /var/adm/ . |
144 | 144 | #AppendVarLogToLogDirs = 1 |
145 | ||
146 | 145 | # |
147 | # By default the current working directory is searched last after LogDir, /var/adm/, and /var/log/ . | |
148 | #AppendCWDToLogDirs = 1 | |
146 | # The current working directory can be searched after the above. Not set by | |
147 | # default. | |
148 | #AppendCWDToLogDirs = 0 | |
149 | 149 | |
150 | 150 | # vi: shiftwidth=3 tabstop=3 et |
45 | 45 | # Which logfile group... |
46 | 46 | LogFile = clam-update |
47 | 47 | |
48 | # Set to true to ignore messages about outdated clamav versions | |
49 | # Ignore_Outdated = 1 | |
50 | ||
48 | 51 | # vi: shiftwidth=3 tabstop=3 et |
26 | 26 | *EventLogOnlyService = Application |
27 | 27 | *RemoveHeaders |
28 | 28 | |
29 | # Ignore messages matching the given regex | |
30 | # $ignore_messages = Security policies were propagated with warning. 0x57 | |
31 | ||
32 | # Ignore messages about certain programs holding profile registry | |
33 | # entries open. This is a regular expression. | |
34 | # $ignore_profile_program = ^lsass\.exe$ | |
35 | ||
36 | # Ignore messages for these machines that can happen when they are off the | |
37 | # company netowrk (e.g. laptops). This is a regular expression. | |
38 | # $laptopsa = | |
39 | ||
29 | 40 | # vi: shiftwidth=3 tabstop=3 et |
26 | 26 | *EventLogOnlyService = security |
27 | 27 | *RemoveHeaders |
28 | 28 | |
29 | # Ignore messages matching the given regex | |
30 | # $ignore_messages = | |
31 | ||
29 | 32 | # vi: shiftwidth=3 tabstop=3 et |
26 | 26 | *EventLogOnlyService = system |
27 | 27 | *RemoveHeaders |
28 | 28 | |
29 | # Ignore messages matching the given regex | |
30 | # $ignore_messages = | |
31 | ||
29 | 32 | # vi: shiftwidth=3 tabstop=3 et |
16 | 16 | *OnlyService = Server_Administrator |
17 | 17 | *RemoveHeaders |
18 | 18 | |
19 | # Set this if you do not care about using non-certified drives | |
20 | # $omsa_ignore_non_certified_drives = 1 | |
21 | ||
19 | 22 | # vi: shiftwidth=3 tabstop=3 et |
10 | 10 | # If you want to ignore messagges about certain actions or modules, list |
11 | 11 | # them here, separated by ;'s. |
12 | 12 | # For example, machines with intermittent network connectivity might |
13 | # want to ignroe issues with forwarded messages. | |
13 | # want to ignore issues with forwarded messages. | |
14 | 14 | # rsyslogd_ignore_action = action 0 |
15 | 15 | # rsyslogd_ignore_modules = buildtin:omfwd |
16 | 16 |
37 | 37 | # This has no effect if the $Detail variable is greater than 5. |
38 | 38 | #$refused_connections_threshold = 10 |
39 | 39 | |
40 | # Setting the $illegal_users_threshold variable limits the listing of | |
41 | # "Illegal Users" from those IP addresses that have more than the | |
42 | # specified threshold | |
43 | #$illegal_users_threshold = 4 | |
44 | ||
45 | ||
40 | 46 | ######################################################## |
41 | 47 | # This was written and is maintained by: |
42 | 48 | # Kirk Bauer <kirk@kaybee.org> |
24 | 24 | |
25 | 25 | ######################################################## |
26 | 26 | # Please send all comments, suggestions, bug reports, |
27 | # etc, to logwatch-devel@logwatch.org | |
27 | # etc, to logwatch-devel@lists.sourceforge.net. | |
28 | 28 | ######################################################## |
29 | 29 | |
30 | 30 | # vi: shiftwidth=3 tabstop=3 et |
23 | 23 | |
24 | 24 | ######################################################## |
25 | 25 | # Please send all comments, suggestions, bug reports, |
26 | # etc, to logwatch-devel@logwatch.org | |
26 | # etc, to logwatch-devel@lists.sourceforge.net. | |
27 | 27 | ######################################################## |
28 | 28 | |
29 | 29 | # vi: shiftwidth=3 tabstop=3 et |
332 | 332 | if [ $systemd -eq 1 ]; then |
333 | 333 | install -m 0644 scheduler/logwatch.service /lib/systemd/system/logwatch.service |
334 | 334 | install -m 0644 scheduler/logwatch.timer /lib/systemd/system/logwatch.timer |
335 | install -m 0644 scheduler/systemd.conf $BASEDIR/default.conf/systemd.conf | |
335 | 336 | if [ ! -e /lib/systemd/system/multi-user.target.wants ]; then |
336 | 337 | install -m 0755 -d /lib/systemd/system/multi-user.target.wants |
337 | 338 | fi |
0 | 0 | Summary: Analyzes and Reports on system logs |
1 | 1 | Name: logwatch |
2 | Version: 7.5.2 | |
2 | Version: 7.5.4 | |
3 | 3 | Release: 1 |
4 | 4 | License: MIT |
5 | 5 | Group: Applications/System |
111 | 111 | |
112 | 112 | |
113 | 113 | %changelog |
114 | * Wed Jul 22 2020 Bjorn <bjorn1@users.sourceforge.net> 7.5.4-1 | |
115 | ||
116 | * Wed Jan 22 2020 Bjorn <bjorn1@users.sourceforge.net> 7.5.3-1 | |
117 | ||
114 | 118 | * Mon Jul 22 2019 Bjorn <bjorn1@users.sourceforge.net> 7.5.2-1 |
115 | 119 | - Copying LICENSE to doc dir again |
116 | 120 |
4 | 4 | |
5 | 5 | [Service] |
6 | 6 | Type=oneshot |
7 | ExecStart=/usr/sbin/logwatch | |
7 | # This first EnvironmentFile has the Logwatch default variables | |
8 | EnvironmentFile=-/usr/share/logwatch/default.conf/systemd.conf | |
9 | # This second EnvironmentFile is meant for system-specific | |
10 | # customization of variables, including overriding the defaults | |
11 | EnvironmentFile=-/etc/logwatch/conf/systemd.conf | |
12 | ExecStart=/usr/sbin/logwatch $LOGWATCH_OPTIONS |
0 | # This file contains the environment variables file for systemd. | |
1 | # They show the default values. | |
2 | ||
3 | # You can override them by declaring the same variable in the | |
4 | # systemd.conf file in the local configuration directory. By | |
5 | # default, this local configuration file is: | |
6 | # /etc/logwatch/conf/systemd.conf | |
7 | ||
8 | # Currently, the only defined variable is $LOGWATCH_OPTIONS, | |
9 | # which specifies the default options passed to the logwatch | |
10 | # executable when invoked with systemd. | |
11 | ||
12 | LOGWATCH_OPTIONS="--output mail" |
9 | 9 | |
10 | 10 | ######################################################## |
11 | 11 | # Specify version and build-date: |
12 | my $Version = '7.5.2'; | |
13 | my $VDate = '07/22/19'; | |
12 | my $Version = '7.5.4'; | |
13 | my $VDate = '07/22/20'; | |
14 | 14 | |
15 | 15 | ####################################################### |
16 | 16 | # Logwatch was originally written by: |
61 | 61 | use Getopt::Long; |
62 | 62 | use POSIX qw(uname); |
63 | 63 | use File::Temp qw/ tempdir /; |
64 | use Cwd; | |
64 | 65 | |
65 | 66 | eval "use lib \"$BaseDir/lib\";"; |
66 | 67 | eval "use Logwatch \':dates\'"; |
67 | 68 | |
68 | 69 | my (%Config, @ServiceList, @LogFileList, %ServiceData, %LogFileData); |
70 | my (@TempLogDirs, @LogDirs); | |
69 | 71 | my (@AllShared, @AllLogFiles, @FileList); |
70 | 72 | # These need to not be global variables one day |
71 | 73 | my (@ReadConfigNames, @ReadConfigValues); |
100 | 102 | $Config{'hostlimit'} = ""; |
101 | 103 | $Config{'appendvaradmtologdirs'} = 1; |
102 | 104 | $Config{'appendvarlogtologdirs'} = 1; |
103 | $Config{'appendcwdtologdirs'} = 1; | |
105 | $Config{'appendcwdtologdirs'} = 0; | |
104 | 106 | |
105 | 107 | if (-e "$ConfigDir/conf/html/header.html") { |
106 | 108 | $Config{'html_header'} = "$ConfigDir/conf/html/header.html"; |
118 | 120 | $Config{'html_footer'} = "$BaseDir/default.conf/html/footer.html"; |
119 | 121 | } |
120 | 122 | |
121 | # Logwatch now does some basic searching for logs | |
122 | # So if the log file is not in the log path it will check /var/adm | |
123 | # and then /var/log -mgt | |
124 | $Config{'logdir'} = "/var/log"; | |
125 | ||
126 | 123 | #Added to create switches for different os options -mgt |
127 | 124 | #Changed to POSIX to remove calls to uname and hostname |
128 | 125 | my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname(); |
177 | 174 | } elsif (! grep(/^$ReadConfigValues[$i]$/, @ServiceList)) { |
178 | 175 | push @ServiceList, $ReadConfigValues[$i]; |
179 | 176 | } |
177 | } elsif ($ReadConfigNames[$i] eq "logdir") { | |
178 | push @TempLogDirs, $ReadConfigValues[$i]; | |
180 | 179 | } else { |
181 | 180 | $Config{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; |
182 | 181 | } |
183 | 182 | } |
184 | ||
185 | my @LogDirs=("$Config{'logdir'}/"); | |
186 | push @LogDirs, "/var/adm/" if $Config{'appendvaradmtologdirs'}; | |
187 | push @LogDirs, "/var/log/" if $Config{'appendvarlogtologdirs'}; | |
188 | push @LogDirs, "" if $Config{'appendcwdtologdirs'}; | |
189 | 183 | |
190 | 184 | &CleanVars(); |
191 | 185 | |
204 | 198 | |
205 | 199 | &GetOptions ("d|detail=s" => \$Config{'detail'}, |
206 | 200 | "l|logfile=s@" => \@TempLogFileList, |
207 | "logdir=s" => \$Config{'logdir'}, | |
201 | "logdir=s@" => \@TempLogDirs, | |
208 | 202 | "s|service=s@" => \@TempServiceList, |
209 | 203 | "m|mailto=s" => \$tmp_mailto, |
210 | 204 | "filename=s" => \$tmp_savefile, |
227 | 221 | |
228 | 222 | $Help and &Usage(); |
229 | 223 | |
224 | push @TempLogDirs, "/var/adm/" if $Config{'appendvaradmtologdirs'}; | |
225 | push @TempLogDirs, "/var/log/" if $Config{'appendvarlogtologdirs'}; | |
226 | # Empty string for LogDirs entry interpreted as `cwd`, but set | |
227 | # explicitly here for more readable debug output | |
228 | push @TempLogDirs, getcwd() if $Config{'appendcwdtologdirs'}; | |
229 | ||
230 | my %logdirs_seen; | |
231 | for my $logdir (@TempLogDirs) { | |
232 | # add trainling slash to directory if not there | |
233 | unless ($logdir =~ m=/$=) { | |
234 | $logdir .= "/"; | |
235 | } | |
236 | # remove duplicates | |
237 | if (! $logdirs_seen{$logdir}++) { | |
238 | push (@LogDirs, $logdir); | |
239 | } else { | |
240 | if ($Config{'debug'} > 2) { | |
241 | print "Removing duplicate LogDir declaration $logdir\n"; | |
242 | } | |
243 | } | |
244 | } | |
245 | ||
230 | 246 | #Catch option exceptions and extra logic here -mgt |
231 | 247 | |
232 | 248 | if ($Config{'range'} =~ /help/i) { |
435 | 451 | |
436 | 452 | @{$LogFileData{$ThisLogFile}{'logfiles'}} = (); |
437 | 453 | @{$LogFileData{$ThisLogFile}{'archives'}} = (); |
454 | # We use hashes to keep track of duplicates | |
455 | my (%logfile_seen, %archive_seen); | |
438 | 456 | for (my $i = 0; $i <= $#ReadConfigNames; $i++) { |
439 | 457 | if (grep(/^$i$/, @Separators)) { |
440 | 458 | $count = 0; |
441 | 459 | } |
442 | my @TempLogFileList; | |
443 | 460 | if ($ReadConfigNames[$i] eq "logfile") { |
461 | my @TempLogFileList =(); | |
444 | 462 | #Lets try and find the logs -mgt |
445 | 463 | if ($ReadConfigValues[$i] eq "") { |
446 | 464 | @{$LogFileData{$ThisLogFile}{'logfiles'}} = (); |
465 | %logfile_seen = (); | |
447 | 466 | } else { |
448 | 467 | if ($ReadConfigValues[$i] !~ m=^/=) { |
449 | 468 | foreach my $dir (@LogDirs) { |
450 | # We glob to obtain filenames. We reverse in case | |
451 | # we use the decimal suffix (.0, .1, etc.) in filenames | |
452 | #@TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i])); | |
453 | @TempLogFileList = sort{ | |
469 | # We glob to obtain filenames, and check existence | |
470 | push(@TempLogFileList, sort{ | |
454 | 471 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) |
455 | }(glob($dir . $ReadConfigValues[$i])); | |
456 | # And we check for existence once again, since glob | |
457 | # may return the search pattern if no files found. | |
458 | last if (@TempLogFileList && (-e $TempLogFileList[0])); | |
472 | }(grep {-e} glob($dir . $ReadConfigValues[$i]))); | |
459 | 473 | } |
460 | 474 | } else { |
461 | #@TempLogFileList = reverse(glob($ReadConfigValues[$i])); | |
462 | @TempLogFileList = sort{ | |
475 | push(@TempLogFileList, sort{ | |
463 | 476 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) |
464 | }(glob($ReadConfigValues[$i])); | |
477 | }(grep {-e} glob($ReadConfigValues[$i]))); | |
465 | 478 | } |
466 | ||
467 | # We attempt to remove duplicates. | |
468 | # Same applies to archives, in the next block. | |
469 | foreach my $TempLogFileName (@TempLogFileList) { | |
470 | if (grep(/^\Q$TempLogFileName\E$/, | |
471 | @{$LogFileData{$ThisLogFile}{'logfiles'}})) { | |
472 | if ($Config{'debug'} > 2) { | |
473 | print "Removing duplicate LogFile file $TempLogFileName from $ThisFile configuration.\n"; | |
474 | } | |
475 | } else { | |
476 | if (-e $TempLogFileName) { | |
477 | push @{$LogFileData{$ThisLogFile}{'logfiles'}}, | |
478 | $TempLogFileName; | |
479 | } | |
479 | } | |
480 | # We remove duplicates. | |
481 | # Same applies to archives, in the next block, so we keep | |
482 | # %logfile_seen hash for later use. | |
483 | if ($Config{'debug'} > 2) { | |
484 | for my $logfile (grep {$logfile_seen{$_}} @TempLogFileList) { | |
485 | print "Removing duplicate LogFile file $logfile from"; | |
486 | print " $ThisFile configuration.\n"; | |
487 | } | |
488 | } | |
489 | push(@{$LogFileData{$ThisLogFile}{'logfiles'}}, | |
490 | grep { ! $logfile_seen{$_}++ } @TempLogFileList); | |
491 | } elsif (($ReadConfigNames[$i] eq "archive") && ( $Config{'archives'} == 1)) { | |
492 | my @TempLogFileList =(); | |
493 | if ($ReadConfigValues[$i] eq "") { | |
494 | @{$LogFileData{$ThisLogFile}{'archives'}} = (); | |
495 | %archive_seen = (); | |
496 | } else { | |
497 | # Test if absolute path | |
498 | if ($ReadConfigValues[$i] !~ m=^/=) { | |
499 | foreach my $dir (@LogDirs) { | |
500 | # We glob to obtain filenames, and check existence | |
501 | push(@TempLogFileList, sort{ | |
502 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) | |
503 | }(grep {-e} glob($dir . $ReadConfigValues[$i]))); | |
504 | } | |
505 | } else { | |
506 | foreach my $dir (@LogDirs) { | |
507 | push(@TempLogFileList, sort{ | |
508 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) | |
509 | }(grep {-e} glob($ReadConfigValues[$i]))); | |
480 | 510 | } |
481 | 511 | } |
482 | 512 | } |
483 | } elsif (($ReadConfigNames[$i] eq "archive") && ( $Config{'archives'} == 1)) { | |
484 | if ($ReadConfigValues[$i] eq "") { | |
485 | @{$LogFileData{$ThisLogFile}{'archives'}} = (); | |
486 | } else { | |
487 | if ($ReadConfigValues[$i] !~ m=^/=) { | |
488 | foreach my $dir (@LogDirs) { | |
489 | # We glob to obtain filenames. We reverse in case | |
490 | # we use the decimal suffix (.0, .1, etc.) in filenames | |
491 | #@TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i])); | |
492 | @TempLogFileList = sort{ | |
493 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) | |
494 | }(glob($dir . $ReadConfigValues[$i])); | |
495 | # And we check for existence once again, since glob | |
496 | # may return the search pattern if no files found. | |
497 | last if (@TempLogFileList && (-e $TempLogFileList[0])); | |
498 | } | |
499 | } else { | |
500 | #@TempLogFileList = reverse(glob($ReadConfigValues[$i])); | |
501 | @TempLogFileList = sort{ | |
502 | ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) | |
503 | }(glob($ReadConfigValues[$i])); | |
513 | ||
514 | # We remove duplicates. This time we also check | |
515 | # against the previous LogFile declarations. | |
516 | if ($Config{'debug'} > 2) { | |
517 | for my $logfile (grep {$archive_seen{$_}} @TempLogFileList) { | |
518 | print "Removing duplicate Archive file $logfile from"; | |
519 | print " $ThisFile configuration.\n"; | |
504 | 520 | } |
505 | ||
506 | # We attempt to remove duplicates. This time we also check | |
507 | # against the LogFile declarations. | |
508 | foreach my $TempLogFileName (@TempLogFileList) { | |
509 | if (grep(/^\Q$TempLogFileName\E$/, | |
510 | @{$LogFileData{$ThisLogFile}{'archives'}}) || | |
511 | grep(/^\Q$TempLogFileName\E$/, | |
512 | @{$LogFileData{$ThisLogFile}{'logfiles'}}) ) { | |
513 | if ($Config{'debug'} > 2) { | |
514 | print "Removing duplicate Archive file $TempLogFileName from $ThisFile configuration.\n"; | |
515 | } | |
516 | } else { | |
517 | if (-e $TempLogFileName) { | |
518 | push @{$LogFileData{$ThisLogFile}{'archives'}}, | |
519 | $TempLogFileName; | |
520 | } | |
521 | } | |
521 | for my $logfile (grep {$logfile_seen{$_}} @TempLogFileList) { | |
522 | print "Archive file $logfile in both LogFile and Archive"; | |
523 | print " declarations in $ThisFile configuration.\n"; | |
522 | 524 | } |
523 | 525 | } |
524 | ||
526 | push(@{$LogFileData{$ThisLogFile}{'archives'}}, | |
527 | grep {! $archive_seen{$_}++ } | |
528 | grep { ! $logfile_seen{$_}++ } @TempLogFileList); | |
525 | 529 | } elsif ($ReadConfigNames[$i] =~ /^\*/) { |
526 | 530 | if ($count == 0) { |
527 | 531 | @CmdList = (); |
697 | 701 | $ENV{'HOSTNAME'} = $Config{'hostname'}; |
698 | 702 | $ENV{'OSname'} = $OSname; |
699 | 703 | |
704 | my $no_egrep = system("egrep -V > /dev/null 2>&1"); | |
705 | ||
700 | 706 | #split and splitmail also play with LOGWATCH_ONLY_HOSTNAME which is not shown by debug |
701 | 707 | if ($Config{'hostlimit'}) { |
702 | 708 | #Pass the list to ENV with out touching it |
721 | 727 | } |
722 | 728 | |
723 | 729 | ############################################################################# |
724 | ||
725 | unless ($Config{'logdir'} =~ m=/$=) { | |
726 | $Config{'logdir'} .= "/"; | |
727 | } | |
728 | 730 | |
729 | 731 | # Okay, now it is time to do pre-processing on all the logfiles... |
730 | 732 | |
889 | 891 | if ($FileText) { |
890 | 892 | my $Command = $FileText . $FilterText . ">" . $TempDir . $LogFile; |
891 | 893 | if ($Config{'debug'}>4) { |
892 | print "\nPreprocessing LogFile: " . $LogFile . "\n" . $Command . "\n"; | |
894 | print "\nPreprocessing LogFile: " . $LogFile . "\n " . | |
895 | $Config{'pathtocat'} . " " . $Command . "\n"; | |
893 | 896 | } |
894 | 897 | if ($LogFile !~ /^[-_\w\d]+$/) { |
895 | 898 | print STDERR "Unexpected filename: [[$LogFile]]. Not used\n" |
983 | 986 | sub CleanVars { |
984 | 987 | foreach (keys %Config) { |
985 | 988 | unless (defined $Config{$_} and |
986 | ($_ =~ /^(hostname|filename|mailto|logdir|hostlimit)$/ )) { | |
989 | # For the following config keys, do not make any changes to value | |
990 | ($_ =~ /^(hostname|filename|mailto|logdir|hostlimit|mailer)$/ )) { | |
987 | 991 | $Config{$_} = getInt($Config{$_}); |
988 | 992 | } |
989 | 993 | } |
1010 | 1014 | foreach (keys %Config) { |
1011 | 1015 | print $_ . ' -> ' . $Config{$_} . "\n"; |
1012 | 1016 | } |
1017 | print "Logdirs List:\n"; | |
1018 | &PrintStdArray(@LogDirs); | |
1013 | 1019 | print "Service List:\n"; |
1014 | 1020 | &PrintStdArray(@ServiceList); |
1015 | 1021 | print "\n"; |
1301 | 1307 | my $FileText = ""; |
1302 | 1308 | foreach $ThisFile (@FileList) { |
1303 | 1309 | if (-s $TempDir . $ThisFile) { |
1304 | $FileText .= ( $TempDir . $ThisFile . " "); | |
1310 | $FileText .= ( $TempDir . $ThisFile . " " ); | |
1305 | 1311 | } |
1306 | 1312 | } |
1307 | 1313 | |
1311 | 1317 | } |
1312 | 1318 | @EnvList = (); |
1313 | 1319 | |
1314 | my $FilterText = " "; | |
1320 | my $FilterText = ""; | |
1315 | 1321 | foreach (sort keys %{$ServiceData{$Service}}) { |
1316 | 1322 | my $cmd = $_; |
1317 | 1323 | if ($cmd =~ s/^\d+-\*//) { |
1318 | 1324 | if (-f "$ConfigDir/scripts/shared/$cmd") { |
1319 | $FilterText .= ("$PerlVersion $ConfigDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); | |
1325 | $FilterText .= ("$PerlVersion $ConfigDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' | " ); | |
1320 | 1326 | } elsif (-f "$BaseDir/scripts/shared/$cmd") { |
1321 | $FilterText .= ("$PerlVersion $BaseDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); | |
1327 | $FilterText .= ("$PerlVersion $BaseDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' | " ); | |
1322 | 1328 | } else { |
1323 | 1329 | die "Cannot find shared script $cmd\n"; |
1324 | 1330 | } |
1389 | 1395 | if ($FileList[0] eq 'none') { |
1390 | 1396 | $Command = " $FilterText 2>&1 "; |
1391 | 1397 | } elsif ($FileText) { |
1398 | $Command = " ( $Config{'pathtocat'} $FileText| " ; | |
1399 | if ($ServiceData{$Service}{pre_ignore}) { | |
1400 | if ($no_egrep) { | |
1401 | die "No egrep executable found, which is required when\n" . | |
1402 | "using the Pre_Ignore variable in configuration \n" . | |
1403 | "file ${Service}.conf\n"; | |
1404 | } else { | |
1405 | $Command .= "egrep -v \"$ServiceData{$Service}{pre_ignore}\" | "; | |
1406 | } | |
1407 | } | |
1392 | 1408 | if ($HostStrip ne " ") { |
1393 | $Command = " ( $Config{'pathtocat'} $FileText | $HostStrip | $FilterText) 2>&1 "; | |
1394 | } else { | |
1395 | $Command = " ( $Config{'pathtocat'} $FileText | $FilterText) 2>&1 "; | |
1409 | $Command .= "$HostStrip | "; | |
1396 | 1410 | } |
1411 | $Command .= "$FilterText) 2>&1 "; | |
1397 | 1412 | } |
1398 | 1413 | } |
1399 | 1414 |
50 | 50 | ( $ThisLine =~ /^afp_zzz: (entering|waking up from) (normal|extended) sleep/ ) or |
51 | 51 | ( $ThisLine =~ /^afp_disconnect: trying primary reconnect/ ) or |
52 | 52 | ( $ThisLine =~ /^afp_disconnect: primary reconnect succeeded/ ) or |
53 | ( $ThisLine =~ /^Netatalk AFP\/TCP listening on /) or | |
53 | 54 | ( $ThisLine =~ /^Reconnect: transfering session to child/ ) or |
54 | 55 | ( $ThisLine =~ /^Reconnect: killing new session child.* after transfer/ ) or |
55 | 56 | ( $ThisLine =~ /^afp_dsi_transfer_session: successfull primary reconnect/ ) or |
54 | 54 | # will be output. |
55 | 55 | ######################################################################### |
56 | 56 | |
57 | use strict; | |
58 | use warnings; | |
57 | 59 | use Logwatch ':dates'; |
58 | 60 | |
59 | 61 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'}; |
62 | my $Ignore_Outdated = $ENV{'ignore_outdated'} || 0; | |
60 | 63 | |
61 | 64 | my $time = time; |
62 | 65 | my $Date; |
68 | 71 | |
69 | 72 | my %Starts; |
70 | 73 | my %Errors; |
74 | my %Outdated; | |
71 | 75 | my %Warnings; |
72 | 76 | |
73 | 77 | |
110 | 114 | } |
111 | 115 | } else { |
112 | 116 | $InRange = 0; |
117 | %Warnings = (); | |
113 | 118 | } |
114 | 119 | # $Version was already logged if necessary, so now we clear it |
115 | 120 | $Version = ""; |
119 | 124 | if ((my $Text) = ($ThisLine =~ /^ERROR: (.*)/)) { |
120 | 125 | $Errors{$Text}++; |
121 | 126 | } elsif (($Text) = ($ThisLine =~ /^WARNING: (.*)/)) { |
122 | $Warnings{$Text}++; | |
127 | if ($Text =~ /OUTDATED|Local version/) { | |
128 | next if $Ignore_Outdated; | |
129 | $Outdated{$Text}++; | |
130 | } else { | |
131 | $Warnings{$Text}++; | |
132 | } | |
123 | 133 | } |
124 | 134 | } |
125 | 135 | } |
157 | 167 | print "\n" . $Status; |
158 | 168 | }; |
159 | 169 | |
170 | ||
171 | if (keys %Outdated) { | |
172 | print "\n"; | |
173 | foreach my $Text (keys %Outdated) { | |
174 | print "$Text\n"; | |
175 | } | |
176 | } | |
177 | ||
160 | 178 | if ($Detail >= 10) { |
161 | 179 | if ((keys %Errors) or (keys %Warnings)) { |
162 | 180 | print "\nThe following ERRORS and/or WARNINGS were detected when\n"; |
205 | 205 | } |
206 | 206 | } |
207 | 207 | |
208 | if (%CRONDErr) { | |
209 | printf "\n crond daemon errors \n"; | |
210 | for $key (keys %CRONDErr) { | |
211 | print " " . $key . ": " . $CRONDErr{$key} . " time(s)\n"; | |
212 | } | |
213 | } | |
214 | ||
215 | if (%INCRONDErr) { | |
216 | printf "\n incrond daemon errors \n"; | |
217 | for $key (keys %INCRONDErr) { | |
218 | print " " . $key . ": " . $INCRONDErr{$key} . " time(s)\n"; | |
219 | } | |
220 | } | |
221 | ||
222 | if (%SELCONTErr) { | |
223 | printf "\n SELinux context error \n"; | |
224 | for $key (keys %SELCONTErr) { | |
225 | print " " . $key . ": " . $SELCONTErr{$key} . " time(s)\n"; | |
226 | } | |
227 | } | |
228 | ||
229 | if ($PAMAUTHErr) { | |
230 | printf "\nPAM authentication error: " . $PAMAUTHErr . " time(s)\n"; | |
231 | } | |
232 | ||
233 | if (%CHDIRErr) { | |
234 | printf "\nchdir command failed\n"; | |
235 | foreach (keys %CHDIRErr) { | |
236 | my ($File,$Cause) = split ","; | |
237 | print " for directory " . $File . " (" . $Cause . ")". ": " . $CHDIRErr{"$File,$Cause"} . " time(s)\n"; | |
238 | } | |
239 | } | |
240 | ||
241 | if ($CHUSERHErr) { | |
242 | printf "\nUser change error: " . $CHUSERHErr . " time(s)\n"; | |
243 | } | |
244 | ||
208 | 245 | if (keys %{$Runs} and ($Detail >= 5)) { |
209 | 246 | print "\n\nCommands Run:\n"; |
210 | 247 | foreach $i (sort {$a cmp $b} keys %{$Runs}) { |
230 | 267 | } |
231 | 268 | } |
232 | 269 | |
270 | if (keys %WFO) { | |
271 | foreach $i (keys %WFO) { | |
272 | printf "\n Wrong file owner (". $i ."): " . $WFO{$i}. " Time(s)\n"; | |
273 | } | |
274 | } | |
275 | ||
276 | if ($Ntpdate) { | |
277 | print "\nNtpdate: adjusted $Ntpdate times\n"; | |
278 | print "\tMinimum offset $ntpdateminoffset\n"; | |
279 | print "\tMaximum offset $ntpdatemaxoffset\n"; | |
280 | } | |
281 | ||
282 | if($ntpdatenosync) { | |
283 | print "\nNtpDate could not sync: $ntpdatenosync times\n"; | |
284 | } | |
285 | ||
233 | 286 | if ($Detail >= 10) { |
234 | 287 | if (keys %UserReloads) { |
235 | 288 | print " User crontabs reloaded:\n"; |
249 | 302 | if ($Reloads > 0) { |
250 | 303 | print "\nCRON Reloaded system crontab $Reloads Time(s)\n"; |
251 | 304 | } |
252 | } | |
253 | ||
254 | if (keys %WFO) { | |
255 | foreach $i (keys %WFO) { | |
256 | printf "\n Wrong file owner (". $i ."): " . $WFO{$i}. " Time(s)\n"; | |
257 | } | |
258 | } | |
259 | ||
260 | if ($Ntpdate) { | |
261 | print "\nNtpdate: adjusted $Ntpdate times\n"; | |
262 | print "\tMinimum offset $ntpdateminoffset\n"; | |
263 | print "\tMaximum offset $ntpdatemaxoffset\n"; | |
264 | } | |
265 | ||
266 | if($ntpdatenosync) { | |
267 | print "\nNtpDate could not sync: $ntpdatenosync times\n"; | |
268 | } | |
269 | ||
270 | if ($INCRONDSS) { | |
271 | printf "\n service incrond started " . $INCRONDSS . ": time(s)\n"; | |
272 | } | |
273 | ||
274 | if ($INCRONDStS) { | |
275 | printf "\n service incrond stoped " . $INCRONDStS . ": time(s)\n"; | |
276 | } | |
277 | ||
278 | if ((%INCRONDSTCr) || (%INCRONDUTCr)) { | |
279 | printf "\n created tables \n"; | |
280 | for $key (keys %INCRONDSTCr) { | |
281 | print " system table " . $key . " created " . $INCRONDSTCr{$key} . ": time(s)\n"; | |
282 | } | |
283 | for $key (keys %INCRONDUTCr) { | |
284 | print " table for user " . $key . " created " . $INCRONDUTCr{$key}. ": time(s)\n"; | |
285 | } | |
286 | } | |
287 | ||
288 | if ((%INCRONDSTCh) || (%INCRONDUTCh)) { | |
289 | printf "\n changes of tables \n"; | |
290 | for $key (keys %INCRONDSTCh) { | |
291 | print " system table " . $key . " changed " . $INCRONDSTCh{$key} . ": time(s)\n"; | |
292 | } | |
293 | for $key (keys %INCRONDUTCh) { | |
294 | print " table for user " . $key . "changed " . $INCRONDUTCh{$key} . ": time(s)\n"; | |
295 | } | |
296 | } | |
297 | ||
298 | if ((%INCRONDSTDe) || (%INCRONDUTDe)) { | |
299 | printf "\n destroyed tables \n"; | |
300 | for $key (keys %INCRONDSTDe) { | |
301 | print " system table " . $key . " destroyed " . $INCRONDSTDe{$key} . ": time(s)\n"; | |
302 | } | |
303 | for $key (keys %INCRONDUTDe) { | |
304 | print " table for user ". $key ." destroyed " .$INCRONDUTDe{$key} . ": time(s)\n"; | |
305 | } | |
306 | } | |
307 | ||
308 | if (%CRONDErr) { | |
309 | printf "\n crond daemon errors \n"; | |
310 | for $key (keys %CRONDErr) { | |
311 | print " " . $key . ": " . $CRONDErr{$key} . " time(s)\n"; | |
312 | } | |
313 | } | |
314 | ||
315 | if (%INCRONDErr) { | |
316 | printf "\n incrond daemon errors \n"; | |
317 | for $key (keys %INCRONDErr) { | |
318 | print " " . $key . ": " . $INCRONDErr{$key} . " time(s)\n"; | |
319 | } | |
320 | } | |
321 | ||
322 | if (%SELCONTErr) { | |
323 | printf "\n SELinux context error \n"; | |
324 | for $key (keys %SELCONTErr) { | |
325 | print " " . $key . ": " . $SELCONTErr{$key} . " time(s)\n"; | |
326 | } | |
327 | } | |
328 | ||
329 | if ($PAMAUTHErr) { | |
330 | printf "\nPAM authentication error: " . $PAMAUTHErr . " time(s)\n"; | |
331 | } | |
332 | ||
333 | if (%CHDIRErr) { | |
334 | printf "\nchdir command failed\n"; | |
335 | foreach (keys %CHDIRErr) { | |
336 | my ($File,$Cause) = split ","; | |
337 | print " for directory " . $File . " (" . $Cause . ")". ": " . $CHDIRErr{"$File,$Cause"} . " time(s)\n"; | |
338 | } | |
339 | } | |
340 | ||
341 | if ($CHUSERHErr) { | |
342 | printf "\nUser change error: " . $CHUSERHErr . " time(s)\n"; | |
305 | ||
306 | if ($INCRONDSS) { | |
307 | printf "\n service incrond started " . $INCRONDSS . ": time(s)\n"; | |
308 | } | |
309 | ||
310 | if ($INCRONDStS) { | |
311 | printf "\n service incrond stoped " . $INCRONDStS . ": time(s)\n"; | |
312 | } | |
313 | ||
314 | if ((%INCRONDSTCr) || (%INCRONDUTCr)) { | |
315 | printf "\n created tables \n"; | |
316 | for $key (keys %INCRONDSTCr) { | |
317 | print " system table " . $key . " created " . $INCRONDSTCr{$key} . ": time(s)\n"; | |
318 | } | |
319 | for $key (keys %INCRONDUTCr) { | |
320 | print " table for user " . $key . " created " . $INCRONDUTCr{$key}. ": time(s)\n"; | |
321 | } | |
322 | } | |
323 | ||
324 | if ((%INCRONDSTCh) || (%INCRONDUTCh)) { | |
325 | printf "\n changes of tables \n"; | |
326 | for $key (keys %INCRONDSTCh) { | |
327 | print " system table " . $key . " changed " . $INCRONDSTCh{$key} . ": time(s)\n"; | |
328 | } | |
329 | for $key (keys %INCRONDUTCh) { | |
330 | print " table for user " . $key . "changed " . $INCRONDUTCh{$key} . ": time(s)\n"; | |
331 | } | |
332 | } | |
333 | ||
334 | if ((%INCRONDSTDe) || (%INCRONDUTDe)) { | |
335 | printf "\n destroyed tables \n"; | |
336 | for $key (keys %INCRONDSTDe) { | |
337 | print " system table " . $key . " destroyed " . $INCRONDSTDe{$key} . ": time(s)\n"; | |
338 | } | |
339 | for $key (keys %INCRONDUTDe) { | |
340 | print " table for user ". $key ." destroyed " .$INCRONDUTDe{$key} . ": time(s)\n"; | |
341 | } | |
342 | } | |
343 | 343 | } |
344 | 344 | |
345 | 345 | if ($#OtherList >= 0) { |
187 | 187 | if ($Detail >= 7) { |
188 | 188 | $data{'DNS Mappings'}{$line}++; |
189 | 189 | } |
190 | } elsif ($line =~ s/^[Aa]dded reverse map from ([0-9a-fA-F.]+\.ip6\.arpa\.?) to ([a-zA-Z\d\._-]+)\s*$/Add reverse $1 -> $2/) { | |
191 | if ($Detail >= 7) { | |
192 | $data{'DNS Mappings'}{$line}++; | |
193 | } | |
190 | 194 | } elsif ($line =~ s/^[Rr]emoved reverse map on (\d+)\.(\d+)\.(\d+)\.(\d+)\.in-addr\.arpa\.?\s*$/Remove reverse $4.$3.$2.$1/) { |
191 | 195 | if ($Detail >= 7) { |
192 | 196 | $data{'DNS Mappings'}{$line}++; |
193 | 197 | } |
198 | } elsif ($line =~ s/^[Rr]emoved reverse map on ([0-9a-fA-F.]+\.ip6\.arpa\.?)/Remove reverse $1/) { | |
199 | if ($Detail >= 7) { | |
200 | $data{'DNS Mappings'}{$line}++; | |
201 | } | |
194 | 202 | } elsif ($line =~ s/^Added new forward map from ([a-zA-Z\d\._-]+) to ([\d\.]+)\s*$/Add forward $1 -> $2/) { |
195 | 203 | if ($Detail >= 7) { |
196 | 204 | $data{'DNS Mappings'}{$line}++; |
197 | 205 | } |
206 | } elsif ($line =~ s/^Added new forward map from ([a-zA-Z\d\._-]+) to ([0-9a-fA-F:]+)\s*$/Add forward $1 -> $2/) { | |
207 | if ($Detail >= 7) { | |
208 | $data{'DNS Mappings'}{$line}++; | |
209 | } | |
198 | 210 | } elsif ($line =~ s/^Removed forward map from ([a-zA-Z\d\._-]+) to ([\d\.]+)\s*$/Remove forward $1 -> $2/) { |
211 | if ($Detail >= 7) { | |
212 | $data{'DNS Mappings'}{$line}++; | |
213 | } | |
214 | } elsif ($line =~ s/^Removed forward map from ([a-zA-Z\d\._-]+) to ([0-9a-fA-F:]+)\s*$/Remove forward $1 -> $2/) { | |
199 | 215 | if ($Detail >= 7) { |
200 | 216 | $data{'DNS Mappings'}{$line}++; |
201 | 217 | } |
7 | 7 | ######################################################## |
8 | 8 | |
9 | 9 | ######################################################## |
10 | ## Copyright (c) 2014 Orion Poplawski | |
10 | ## Copyright (c) 2014-2019 Orion Poplawski | |
11 | 11 | ## Covered under the included MIT/X-Consortium License: |
12 | 12 | ## http://www.opensource.org/licenses/mit-license.php |
13 | 13 | ## All modifications and contributions by other persons to |
59 | 59 | or $ThisLine =~ /^ldbm_back_.* - conn=/ |
60 | 60 | or $ThisLine =~ /^ldbm_usn_init - backend: / |
61 | 61 | # https://pagure.io/389-ds-base/issue/48973 |
62 | or $ThisLine =~ /^default_mr_indexer_create: warning - plugin \[caseIgnoreIA5Match\] does not handle caseExactIA5Match/ | |
62 | or $ThisLine =~ /default_mr_indexer_create.*- [Pp]lugin \[caseIgnoreIA5Match\] does not handle caseExactIA5Match/ | |
63 | or $ThisLine =~ /^WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password/ | |
64 | or $ThisLine =~ /^ERR - NSACLPlugin - acl_parse - The ACL target .* does not exist/ | |
65 | or $ThisLine =~ /^ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition .*no CoS Templates found, which should be added before the CoS Definition/ | |
63 | 66 | ) { |
64 | 67 | #Ignore |
65 | 68 | } elsif ($ThisLine =~ /^ERR - / |
106 | 109 | } |
107 | 110 | |
108 | 111 | if (keys %Errors and keys %ErrorThreshold) { |
109 | LINE: foreach my $line (sort {$a cmp $b} keys %Errors) { | |
112 | LINE: foreach my $line (keys %Errors) { | |
110 | 113 | foreach my $regex (keys %ErrorThreshold) { |
111 | 114 | if ($line =~ /$regex/i and $Errors{$line} <= $ErrorThreshold{$regex}) { |
112 | 115 | delete $Errors{$line}; |
116 | 119 | } |
117 | 120 | } |
118 | 121 | |
122 | if (keys %Warnings and keys %ErrorThreshold) { | |
123 | LINE: foreach my $line (keys %Warnings) { | |
124 | foreach my $regex (keys %ErrorThreshold) { | |
125 | if ($line =~ /$regex/i and $Warnings{$line} <= $ErrorThreshold{$regex}) { | |
126 | delete $Warnings{$line}; | |
127 | next LINE; | |
128 | } | |
129 | } | |
130 | } | |
131 | } | |
132 | ||
119 | 133 | if (keys %Errors) { |
120 | 134 | print "\n** ERRORS **\n"; |
121 | 135 | foreach my $line (sort {$a cmp $b} keys %Errors) { |
76 | 76 | print " ". $ThisOne; |
77 | 77 | } |
78 | 78 | } |
79 | if (keys %PackageUpdate) { | |
80 | print "\nPackages Updated:\n"; | |
81 | chomp(my @Updated = sort {lc($a) cmp lc($b)} keys %PackageUpdated); | |
82 | foreach $ThisOne (sort {lc($a) cmp lc($b)} keys %PackageUpdate) { | |
83 | print " ". shift(@Updated) ." -> ". $ThisOne; | |
79 | if (keys %PackageUpdate == keys %PackageUpdated) { | |
80 | if (keys %PackageUpdate) { | |
81 | print "\nPackages Updated:\n"; | |
82 | chomp(my @Updated = sort {lc($a) cmp lc($b)} keys %PackageUpdated); | |
83 | foreach $ThisOne (sort {lc($a) cmp lc($b)} keys %PackageUpdate) { | |
84 | print " ". shift(@Updated) ." -> ". $ThisOne; | |
85 | } | |
86 | } | |
87 | } else { | |
88 | print "\nPackages Updated (Count Mismatch)"; | |
89 | if (keys %PackageUpdate) { | |
90 | print "\nPackages To Be Updated:\n"; | |
91 | foreach $ThisOne (sort {lc($a) cmp lc($b)} keys %PackageUpdate) { | |
92 | print " ". $ThisOne; | |
93 | } | |
94 | } | |
95 | if (keys %PackageUpdated) { | |
96 | print "\nPackages Updated To:\n"; | |
97 | foreach $ThisOne (sort {lc($a) cmp lc($b)} keys %PackageUpdated) { | |
98 | print " ". $ThisOne; | |
99 | } | |
84 | 100 | } |
85 | 101 | } |
86 | 102 | if (keys %PackageDowngrade) { |
64 | 64 | my %LoginIMAP; |
65 | 65 | my %LoginPOP3; |
66 | 66 | my %MUAList; |
67 | my %MUASessionList; | |
67 | 68 | my %OtherList; |
68 | 69 | my %ProxyConnection; |
69 | 70 | my %ProxyConnectionIMAP; |
113 | 114 | my $dovecottag = qr/dovecot(?:\[\d+\])?:(?:\s*\[[^]]+\])?/; |
114 | 115 | |
115 | 116 | while (defined(my $ThisLine = <STDIN>)) { |
116 | # remove timestamp. We can't use *RemoveHeaders because we need the | |
117 | # service name | |
117 | # The *RemoveHeaders script is now invoked in the service configuration file | |
118 | # so this next line is no longer needed | |
118 | 119 | #$ThisLine =~ s/^\w{3} .\d \d\d:\d\d:\d\d (?:[^\s:]* |)//; |
119 | 120 | if ( ($ThisLine =~ /(?:ssl-build-param|ssl-params): SSL parameters regeneration completed/) or |
120 | 121 | ($ThisLine =~ /ssl-params: Generating SSL parameters/) or |
150 | 151 | $Connection{$Host}++; |
151 | 152 | } |
152 | 153 | } elsif ( (my ($User, $Host) = ( $ThisLine =~ /^(?:$dovecottag )?imap-login: Login: (.*?) \[(.*)\]/ ) ) or |
153 | (my ($User, $Host) = ( $ThisLine =~ /^(?:$dovecottag )?imap-login: (?:Info: )?Login: user=\<(.*?)\>.*rip=(.*), lip=/ ) ) ) { | |
154 | (my ($User, $Host, $Session) = ( $ThisLine =~ /^(?:$dovecottag )?imap-login: (?:Info: )?Login: user=\<(.*?)\>.*rip=(.*), lip=.*, session=<([^>]+)>/ ) ) ) { | |
154 | 155 | if ($Host !~ /$IgnoreHost/) { |
155 | 156 | $Host = hostName($Host); |
156 | 157 | $Login{$User}{$Host}++; |
157 | 158 | $LoginIMAP{$User}++; |
158 | 159 | $ConnectionIMAP{$Host}++; |
159 | 160 | $Connection{$Host}++; |
161 | if (defined($MUASessionList{$Session})) { | |
162 | $MUAList{$MUASessionList{$Session}}{$User}++; | |
163 | delete $MUASessionList{$Session}; | |
164 | } | |
160 | 165 | } |
161 | 166 | } elsif (my ($User, $Host) = ( $ThisLine =~ /managesieve-login: Login: user=\<(.*?)\>.*rip=(.*), lip=/ ) ) { |
162 | 167 | if ($Host !~ /$IgnoreHost/) { |
192 | 197 | $Deliver{$User}{$Mailbox}++; |
193 | 198 | |
194 | 199 | # LMTP-based Sieve delivery Dovecot 2.3 |
195 | } elsif (my ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\((.*)\)(?:<[^>]+><[^>]+>)?: sieve: msgid=.*: stored mail into mailbox '?(.*)'?/ ) ) { | |
200 | } elsif (my ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\((.*)\)(?:<[^>]+><[^>]+>)?: sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) { | |
196 | 201 | $Deliver{$User}{$Mailbox}++; |
197 | 202 | |
198 | 203 | # sieve forward |
200 | 205 | $Forwarded{$User}{$Recip}++; |
201 | 206 | |
202 | 207 | # sieve pipe |
203 | } elsif (my ($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:imap|lmtp)\((.*?)\): sieve: (?:msgid=.*: )?pipe action: piped message to program `.*'/) or | |
204 | my ($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:imap|lmtp)\((.*?)\): sieve: (?:msgid=.*: )?left message in mailbox '.*'/) ) { | |
208 | } elsif (my ($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:imap|lmtp)\((.*?)\)(?:<[^>]+><[^>]+>)?: sieve: (?:msgid=.*: )?pipe action: piped message to program `.*'/) or | |
209 | my ($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:imap|lmtp)\((.*?)\)(?:<[^>]+><[^>]+>)?: sieve: (?:msgid=.*: )?left message in mailbox '.*'/) ) { | |
205 | 210 | # dovecot: imap(user@domain.com): sieve: pipe action: piped message to program `sa-learn-sieve.sh' |
206 | 211 | # dovecot: imap(user@domain.com): sieve: left message in mailbox 'INBOX.Spam' |
207 | 212 | # dovecot: lmtp(spam@domain.com): sieve: msgid=<6e3eb3f436fdca54@host.domain.com>: pipe action: piped message to program `sa-learn-sieve.sh' |
214 | 219 | } elsif (my ($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:lda|deliver|lmtp)\((?:\d+, )?(.*)\)(?:<[^>]+><[^>]+>)?:(?: .*:)? sieve: msgid=.* discarded duplicate vacation response to \<(.*)\>/ )) { |
215 | 220 | $VacationDup{$User}{$Recip}++; |
216 | 221 | |
217 | } elsif ( $ThisLine =~ /^$dovecottag (?:lda|deliver|lmtp)\(.*\): .*sieve: msgid=.* marked message to be discarded if not explicitly delivered/ ) { | |
218 | # dovecot: lda(joe): sieve: msgid=<m$01$@com>: marked message to be discarded if not explicitly delivered (discard action) | |
222 | } elsif ( $ThisLine =~ /^$dovecottag (?:lda|deliver|lmtp)\((?:\d+, )?(.*)\)(?:<[^>]+><[^>]+>)?:(?: .*:)? sieve: msgid=.* [Mm]arked message to be discarded if not explicitly delivered/ ) { | |
223 | # dovecot: lda(joe)<3424><4kj83kjfhskjfh>: sieve: msgid=<m$01$@com>: discard action: marked message to be discarded if not explicitly delivered (discard action) | |
219 | 224 | # IGNORE |
220 | 225 | } elsif ( $ThisLine =~ /^$dovecottag lmtp\(.*\): Connect from/ ) { |
221 | 226 | # dovecot: [ID 583609 mail.info] lmtp(12782): Connect from local: 1 Time(s) |
223 | 228 | |
224 | 229 | } elsif ( $ThisLine =~ /^$dovecottag lmtp\(.*\): Disconnect from/ ) { |
225 | 230 | # dovecot: [ID 583609 mail.info] lmtp(12782): Disconnect from local: Client quit: 1 Time(s) |
231 | # IGNORE | |
232 | ||
233 | } elsif ($ThisLine =~ /^$dovecottag doveadm\(.*\)\: Executing command '.*' as '.*'/ or | |
234 | $ThisLine =~ /^$dovecottag doveadm\(.*\)(?:<[^>]+><[^>]+>)?: doveadm: .*/ ) { | |
235 | # dovecot: doveadm(::1): Executing command 'quota get' as 'user@domain.com' | |
236 | # dovecot: doveadm(user@domain.com)<11075><P/qmJj0ktF1DKwAAsNnMGQ>: doveadm: ::1 - - "POST /doveadm/v1 HTTP/1.1" 200 249 "http://localhost:8080/doveadm/v1" "" | |
226 | 237 | # IGNORE |
227 | 238 | |
228 | 239 | # Dovecot 2.0 proxy |
311 | 322 | # This is with imap_id_log = * enabled |
312 | 323 | } elsif (my ($User,$MUA) = ($ThisLine =~ /imap\((.*)\): ID sent: name=(.*)/)) { |
313 | 324 | $MUAList{$MUA}{$User}++; |
325 | # Need to match these later | |
326 | } elsif (my ($MUA, $Session) = ($ThisLine =~ /imap-login: ID sent: name=(.*): user=.*, session=<([^>]+)>/)) { | |
327 | $MUASessionList{$Session} = $MUA; | |
314 | 328 | # These are failed connections with imap_id_log = * enabled |
315 | 329 | } elsif ($ThisLine =~ /imap-login: ID sent: (?:name|vendor)=/) { |
316 | 330 | # Ignore |
22 | 22 | ## copyright please contact logwatch-devel@lists.sourceforge.net. |
23 | 23 | ######################################################### |
24 | 24 | |
25 | use strict; | |
26 | use warnings; | |
25 | 27 | use URI::URL; |
26 | 28 | |
27 | 29 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
30 | my $Ignore_messages = $ENV{'ignore_messages'} || '^$'; | |
31 | my $Ignore_profile_program = $ENV{'ignore_profile_program'} || '^$'; | |
32 | my $Laptops = $ENV{'laptops'} || '^$'; | |
33 | my %Applications; | |
28 | 34 | |
29 | while (defined($ThisLine = <STDIN>)) { | |
35 | while (defined(my $ThisLine = <STDIN>)) { | |
36 | # User specified ignore messages, lower cased | |
37 | next if $ThisLine =~ /$Ignore_messages/i; | |
38 | ||
30 | 39 | my ($Criticality,$SourceName,$DateTime,$EventID,$Application,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra); |
31 | 40 | #Determine format |
32 | 41 | if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4 |
43 | 52 | next; |
44 | 53 | } |
45 | 54 | next if $EventLogType eq "Information" and $ExpandedString !~ "BlueScreen"; |
55 | next if $ExpandedString eq "N/A"; | |
56 | ||
57 | # Remove some items that prevent de-duplication | |
58 | $ExpandedString =~ s/(NextScheduled\S+|PID) \d+/$1 XXX/; | |
59 | $ExpandedString =~ s,\d{4}/\d\d/\d\d \d\d:\d\d:\d\d(?:\.\d+)?,TIMESTAMP,; | |
46 | 60 | |
47 | 61 | #print STDERR "ExpandedString = $ExpandedString\n"; |
48 | 62 | if ($Application =~ /Userenv/) { |
49 | 63 | $ExpandedString = "$UserName $ExpandedString"; |
50 | 64 | } |
51 | if ($Application =~ /AutoEnrollment/) { | |
65 | ||
66 | if ($Application eq "Application Error") { | |
67 | if (my ($exe, $exever, $module, $modulever) = | |
68 | ($ExpandedString =~ /Faulting application name: (.*), version: (\S+), time stamp: .*Faulting module name: (.*), version: (\S+)/)) { | |
69 | $Applications{$Application}->{"$Hostname: Faulting application name: $exe, version: $exever, module name: $module, version $modulever"}++; | |
70 | next; | |
71 | } | |
72 | } elsif ($Application eq "Application Hang") { | |
73 | if (my ($exe, $exever, $msg) = | |
74 | ($ExpandedString =~ /The program (.*) version (\S+) (.*) Process ID:/)) { | |
75 | $Applications{$Application}->{"$Hostname: The program $exe version $exever $msg"}++; | |
76 | next; | |
77 | } else { | |
78 | print "Application Hang: Cannot parse $ExpandedString\n"; | |
79 | } | |
80 | } elsif ($Application eq "AutoEnrollment") { | |
52 | 81 | #Ignore these - we don't run active directory |
53 | 82 | next if $ExpandedString =~ /Automatic certificate enrollment for local system failed to contact the active directory/; |
54 | } | |
55 | if ($Application =~ /Intel Alert/) { | |
83 | } elsif ($Application =~ /^Group Policy/) { | |
84 | next if $ExpandedString =~ /This error was suppressed/; | |
85 | next if $ExpandedString =~ /could not apply .* The network path was not found/ and $Hostname =~ /$Laptops/i; | |
86 | } elsif ($Application =~ /Intel Alert/) { | |
56 | 87 | #Ignore these |
57 | 88 | next if $ExpandedString =~ /Intel Alert Originator Manager loaded without security/; |
58 | 89 | next if $ExpandedString =~ /Service Initialized Successfully/; |
59 | } | |
60 | if ($Application =~ /LoadPerf/) { | |
90 | } elsif ($Application =~ /LoadPerf/) { | |
61 | 91 | #Ignore these |
62 | 92 | next if $ExpandedString =~ /Performance counters for the .* service were loaded successfully/; |
63 | 93 | next if $ExpandedString =~ /Performance counters for the .* service were removed successfully/; |
64 | } | |
65 | if ($Application =~ /NSCTOP/) { | |
94 | } elsif ($Application =~ /NSCTOP/) { | |
66 | 95 | #Ignore these |
67 | 96 | next if $ExpandedString =~ /Service started/; |
68 | } | |
69 | if ($Application =~ /Norton Ghost/) { | |
97 | } elsif ($Application eq "Microsoft-Windows-CertificationAuthority") { | |
98 | next if $ExpandedString =~ /The Active Directory connection to .* has been reestablished to/; | |
99 | } elsif ($Application eq "Microsoft-Windows-Search") { | |
100 | next if $ExpandedString =~ /The content source .* cannot be accessed. Context: Application, SystemIndex Catalog Details: The object was not found/; | |
101 | } elsif ($Application eq "Microsoft-Windows-User Profiles Service") { | |
102 | if ( my ($program) = ($ExpandedString =~ /^Windows detected your registry file is still in use by other applications or services. The file will be unloaded now\..* Process \d+ \(\\Device\\.*\\(.*)\) has opened key .*/)) { | |
103 | next if $program =~ /$Ignore_profile_program/; | |
104 | } | |
105 | } elsif ($Application =~ /Norton Ghost/) { | |
70 | 106 | #Ignore these |
71 | 107 | next if $ExpandedString =~ /Norton Ghost service started successfully/; |
72 | 108 | next if $ExpandedString =~ /A scheduled baseline backup of .* completed successfully/; |
73 | 109 | next if $ExpandedString =~ /A scheduled incremental backup of .* completed successfully/; |
74 | } | |
75 | if ($Application =~ /SNARE/) { | |
110 | } elsif ($Application =~ /SecurityCenter/) { | |
111 | #Ignore these - appears to be normal http://www.eventid.net/display.asp?eventid=1807&eventno=4468&source=SecurityCenter&phase=1 | |
112 | next if $ExpandedString =~ /The Security Center service has been stopped. It was prevented from running by a software group policy/; | |
113 | } elsif ($Application eq "SceCli") { | |
114 | next if $ExpandedString =~ /^Security policy cannot be propagated\. Cannot access the template\. Error code = 3\./ and $Hostname =~ /$Laptops/i; | |
115 | } elsif ($Application eq "ShadowProtectSPX") { | |
116 | next if $ExpandedString =~ /^Backup Finished/; | |
117 | next if $ExpandedString =~ /^Backup Failed .*\(\\\\.*The backup destination is not accessible/ and $Hostname =~ /$Laptops/i; | |
118 | } elsif ($Application =~ /SNARE/) { | |
76 | 119 | #Ignore these |
77 | 120 | next if $ExpandedString =~ /The service was started/; |
78 | 121 | next if $ExpandedString =~ /The service was stopped/; |
79 | } | |
80 | if ($Application =~ /SecurityCenter/) { | |
81 | #Ignore these - appears to be normal http://www.eventid.net/display.asp?eventid=1807&eventno=4468&source=SecurityCenter&phase=1 | |
82 | next if $ExpandedString =~ /The Security Center service has been stopped. It was prevented from running by a software group policy/; | |
83 | } | |
84 | ||
85 | if ($Application =~ /Symantec AntiVirus/) { | |
122 | } elsif ($Application eq "SpeechRuntime") { | |
123 | next if $ExpandedString =~ /^Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled/; | |
124 | } elsif ($Application =~ /Symantec AntiVirus/) { | |
86 | 125 | #Ignore these |
87 | 126 | next if $ExpandedString =~ /Symantec AntiVirus services startup was successful/; |
88 | 127 | next if $ExpandedString =~ /Scan Complete: Risks: 0/; |
91 | 130 | next if $ExpandedString =~ /Download of virus definition file from LiveUpdate server succeeded/; |
92 | 131 | next if $ExpandedString =~ /Virus definitions are current/; |
93 | 132 | next if $ExpandedString =~ /Could not scan \d+ files inside .* due to extraction errors encountered by the Decomposer Engines/; |
94 | } | |
95 | if ($Application =~ /cc.*Mgr/) { | |
133 | } elsif ($Application =~ /cc.*Mgr/) { | |
96 | 134 | #Ignore these |
97 | 135 | next if $ExpandedString =~ /service is starting/; |
98 | 136 | next if $ExpandedString =~ /service has started/; |
100 | 138 | |
101 | 139 | my $url = URI::URL->new("http://www.eventid.net/display.asp?eventid=$EventID&source=$Application"); |
102 | 140 | my $urlstr = $url->abs; |
103 | $Applications{$Application}->{"$Hostname $ExpandedString\n$url"}++; | |
141 | $Applications{$Application}->{"$Hostname: $ExpandedString\n$url"}++; | |
104 | 142 | } |
105 | 143 | |
106 | 144 | if (keys %Applications) { |
107 | foreach $Application (sort(keys %Applications)) { | |
145 | foreach my $Application (sort(keys %Applications)) { | |
108 | 146 | print "\n$Application\n"; |
109 | foreach $Error (sort(keys %{$Applications{$Application}})) { | |
147 | foreach my $Error (sort(keys %{$Applications{$Application}})) { | |
110 | 148 | print " $Error : $Applications{$Application}->{$Error} Times\n"; |
111 | 149 | } |
112 | 150 | } |
20 | 20 | use URI::URL; |
21 | 21 | |
22 | 22 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
23 | my $Ignore_messages = $ENV{'ignore_messages'} || '^$'; | |
23 | 24 | |
24 | 25 | my $SuccessAudits = 0; |
25 | 26 | my %SuccessAuditUsers; |
26 | 27 | my %FailureAudits; |
27 | 28 | my %SuccessAudits; |
28 | 29 | my %ClockSkew; |
30 | my %Errors; | |
31 | my %Information; | |
29 | 32 | my %UnknownUser; |
30 | 33 | my %UnknownClient; |
31 | 34 | my %BadPasswords; |
32 | 35 | my %TicketExpired; |
36 | my %AccessDenied; | |
33 | 37 | my %AccountChanged; |
34 | 38 | my %AccountCreated; |
35 | 39 | my %AccountDeleted; |
47 | 51 | my %OtherList; |
48 | 52 | |
49 | 53 | while (defined(my $ThisLine = <STDIN>)) { |
54 | # User specified ignore messages, lower cased | |
55 | next if $ThisLine =~ /$Ignore_messages/i; | |
56 | ||
50 | 57 | my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra); |
51 | 58 | #Determine format |
52 | 59 | if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4 |
107 | 114 | } |
108 | 115 | } |
109 | 116 | elsif ($EventLogType eq "Failure Audit") { |
110 | if (my ($account,$domain,$reason) = ($ExpandedString =~ /^An account failed to log on\..*Account For Which Logon Failed:.*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Failure Reason:\s+(.+)\s+Status:.*Sub Status:/)) { | |
111 | $FailureAudits{"$Hostname Log On Failure for $domain\\$account: $reason"}++; | |
117 | if ($EventID == 4625) { | |
118 | # An account failed to log on | |
119 | if (my ($account,$domain,$reason) = ($ExpandedString =~ /Account For Which Logon Failed:.*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Failure Reason:\s+(.+)\s+Status:.*Sub Status:/)) { | |
120 | $FailureAudits{"$Hostname Log On Failure for $domain\\$account: $reason"}++; | |
121 | } elsif (my ($account,$domain,$reason,$process) = ($ExpandedString =~ /Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Failure Reason:\s+(.+)\s+Status:.*Sub Status:.*Caller Process Name:\s+(.*)\s+Network Informaion:/)) { | |
122 | $FailureAudits{"$Hostname Log On Failure for $domain\\$account by $process: $reason"}++; | |
123 | } | |
112 | 124 | } elsif (my ($account,$domain,$process) = ($ExpandedString =~ /^A privileged service was called\..*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Process Name:\s+(.+)\sService/)) { |
113 | 125 | $FailureAudits{"$Hostname Privileged service called for $domain\\$account: $process"}++ if $Detail; |
114 | 126 | } elsif ($EventID == 4768) { |
117 | 129 | if ($FailureCode eq "0x6") { |
118 | 130 | # Client not found in Kerberos database |
119 | 131 | $UnknownClient{"$Account\\$Realm $Client"}++; |
132 | } elsif ($FailureCode eq "0x12") { | |
133 | $AccountDisabled{"$Account\@$Realm $Client"}++; | |
120 | 134 | } elsif ($FailureCode eq "0x17") { |
121 | 135 | # Password has expired |
122 | 136 | $ExpiredPassword{"$UserName"}++; |
126 | 140 | } elsif ($EventID == 4769) { |
127 | 141 | # A Kerberos service ticket was requested |
128 | 142 | my ($Client,$FailureCode) = $ExpandedString =~ /Client Address:\s+(\S+)\s.*Failure Code:\s+(\w+)/; |
129 | #print STDERR "EventID=$EventID Client=$Client FailureCode=$FailureCode ExpandedString=$ExpandedString\n"; | |
130 | if ($FailureCode eq "0x1B") { | |
143 | #print STDER "EventID=$EventID Client=$Client FailureCode=$FailureCode ExpandedString=$ExpandedString\n"; | |
144 | if ($FailureCode eq "0x12") { | |
145 | $AccountDisabled{"$Client"}++; | |
146 | } elsif ($FailureCode eq "0x1B") { | |
131 | 147 | # KDC_ERR_MUST_USE_USER2USER Server principal valid for user-to-user only |
132 | 148 | # This is an informational response and not an issue |
133 | 149 | } elsif ($FailureCode eq "0x20") { |
172 | 188 | } else { |
173 | 189 | $FailureAudits{"$Hostname $ExpandedString\n$url"}++; |
174 | 190 | } |
191 | } elsif ($EventID == 4957 and $ExpandedString =~ /resolved to an empty set/) { | |
192 | # Windows Firewall did not apply the following rule - because it was not applicable | |
193 | } elsif ($EventID == 6273) { | |
194 | my ($account,$domain,$client) = ($ExpandedString =~ /Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Client Friendly Name:\s+(\S+)/); | |
195 | $AccessDenied{"$account\\$domain $client"}++; | |
175 | 196 | } else { |
176 | 197 | $FailureAudits{"$Hostname $ExpandedString\n$url"}++; |
177 | 198 | } |
178 | 199 | } |
200 | elsif ($EventLogType eq "Error") { | |
201 | $ExpandedString =~ s/\s+\d+\s+\d+//; | |
202 | $Errors{"$Hostname $ExpandedString\n$url"}++; | |
203 | } | |
204 | elsif ($EventLogType eq "Information") { | |
205 | next if $ExpandedString =~ /The event logging service has shut down/; | |
206 | next if $Detail < 5; | |
207 | $Information{"$Hostname $ExpandedString\n$url"}++; | |
208 | } | |
179 | 209 | else { |
180 | 210 | # Report any unmatched entries... |
181 | 211 | chomp($ThisLine); |
182 | $OtherList{$ThisLine}++; | |
212 | $OtherList{"Type=$EventLogType $ThisLine"}++; | |
213 | } | |
214 | } | |
215 | ||
216 | if (keys %Errors) { | |
217 | print "\nERRORS:\n"; | |
218 | foreach my $Error (sort keys %Errors) { | |
219 | print " $Error : $Errors{$Error} Times\n"; | |
183 | 220 | } |
184 | 221 | } |
185 | 222 | |
243 | 280 | print "\nPassword Expired\n"; |
244 | 281 | foreach my $Account (sort keys %ExpiredPassword) { |
245 | 282 | print " $Account : $ExpiredPassword{$Account} Times\n"; |
283 | } | |
284 | } | |
285 | ||
286 | if (keys %AccessDenied) { | |
287 | print "\nAccess Denied\n"; | |
288 | foreach my $Item (sort keys %AccessDenied) { | |
289 | print " $Item : $AccessDenied{$Item} Times\n"; | |
246 | 290 | } |
247 | 291 | } |
248 | 292 | |
339 | 383 | foreach my $Error (sort keys %SuccessAudits) { |
340 | 384 | print " $Error : $SuccessAudits{$Error} Times\n"; |
341 | 385 | } |
386 | } | |
387 | } | |
388 | ||
389 | if (keys %Information) { | |
390 | print "\nInformational Messages:\n"; | |
391 | foreach my $Item (sort keys %Information) { | |
392 | print " $Item : $Information{$Item} Times\n"; | |
342 | 393 | } |
343 | 394 | } |
344 | 395 |
25 | 25 | use strict; |
26 | 26 | |
27 | 27 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
28 | my $Ignore_messages = $ENV{'ignore_messages'} || '^$'; | |
29 | ||
28 | 30 | my %Errors; |
29 | 31 | my %RestartRequired; |
30 | 32 | my %Systems; |
33 | 35 | my %UpdatesReadyForInstall; |
34 | 36 | |
35 | 37 | while (defined(my $ThisLine = <STDIN>)) { |
38 | # User specified ignore messages, lower cased | |
39 | next if $ThisLine =~ /$Ignore_messages/i; | |
40 | ||
36 | 41 | my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra); |
37 | 42 | #Determine format |
38 | 43 | if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4 |
50 | 55 | } |
51 | 56 | #print STDERR "ExpandedString = $ExpandedString\n"; |
52 | 57 | |
58 | next if ($EventLogType eq "Verbose"); | |
53 | 59 | next if ($EventLogType eq "Information" and $Detail < 10); |
60 | ||
61 | # Remove some items that prevent de-duplication | |
62 | if ($Detail < 10) { | |
63 | $ExpandedString =~ s/\d+ time\(s\)/XX times(s)/; | |
64 | $ExpandedString =~ s/requested by PID\s+\S+\s+//; | |
65 | $ExpandedString =~ s/processor \d+/processor X/; | |
66 | $ExpandedString =~ s/for \d+ seconds/for XX seconds/; | |
67 | $ExpandedString =~ s/(APPID|CLSID)\s+\{[0-9A-F\-]+\}/$1 {XXX}/g; | |
68 | } | |
54 | 69 | |
55 | 70 | if ($System eq "Application Popup") { |
56 | 71 | #Ignore these |
86 | 101 | #Ignore these |
87 | 102 | next if $ExpandedString =~ /^DFS has finished building all namespaces\.$/; |
88 | 103 | next if $ExpandedString =~ /^DFS server has finished initializing\.$/; |
104 | } | |
105 | ||
106 | if ($System eq "Microsoft-Windows-DNS-Client") { | |
107 | next if $ExpandedString =~ /^Name resolution for the name .* timed out/; | |
108 | next if $ExpandedString =~ /^The system failed to (?:register|update and remove) host .* resource records/; | |
109 | next if $ExpandedString =~ /^The system could not remove these host .* RRs/; | |
89 | 110 | } |
90 | 111 | |
91 | 112 | if ($System eq "Microsoft-Windows-FilterManager") { |
45 | 45 | ($ThisLine =~ /^Disconnected, ip=\[.*\]/) or |
46 | 46 | # uw-imapd |
47 | 47 | ($ThisLine =~ /^Moved \d+ bytes of new mail to.*$/) or |
48 | ($ThisLine =~ /^Unexpected client disconnect, while reading line.*$/) | |
48 | ($ThisLine =~ /^Unexpected client disconnect, while reading line.*$/) or | |
49 | ($ThisLine =~ /^ip=\[.*\], An unexpected TLS packet was received.*$/) or | |
50 | ($ThisLine =~ /^ip=\[.*\], Unexpected SSL connection shutdown.*$/) | |
49 | 51 | ) { |
50 | 52 | # Don't care about these... |
51 | 53 | } elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.*\[.*\])$/ ) ) { |
64 | 66 | $Connection{$Host}++; |
65 | 67 | } elsif ( ($Host) = ( $ThisLine =~ /^Connection, ip=\[(.*)\]$/o ) ) { |
66 | 68 | $Connection{$Host}++; |
69 | } elsif ( ($Num, $Host) = ( $ThisLine =~ /^message repeated (.*) times: \[ Connection, ip=\[(.*)\]$/o ) ) { | |
70 | $Connection{$Host} += $Num; | |
67 | 71 | # } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) { |
68 | 72 | # $DownloadedMessages{$User} += $Downloaded; |
69 | 73 | # $DownloadedMessagesSize{$User} += $DownloadSize; |
105 | 109 | $Logout{$User}{$Host}++; |
106 | 110 | $Logout2{$User}++; |
107 | 111 | $SocketErrors{$Host}++; |
112 | } elsif ( | |
113 | (( $ThisLine =~ /^.*error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.*$/)) or | |
114 | (( $ThisLine =~ /^.*error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher.*$/)) | |
115 | ) { | |
116 | $SocketErrors{'unknown'}++; | |
108 | 117 | } else { |
109 | 118 | # Report any unmatched entries... |
110 | 119 | # remove PID from named messages |
126 | 126 | } |
127 | 127 | # IPTABLES |
128 | 128 | elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine =~ /^(.*?)\s*IN=([\w\.\-]*).*?OUT=([\w\.\-]*).*?SRC=([\w\.:]+).*?DST=([\w\.:]+).*?PROTO=(\w+)(.*)/ )) { |
129 | ||
130 | # STATE_INVALID_DROP is generally uninteresting | |
131 | next if ($chain eq "STATE_INVALID_DROP:" and $Detail < 10); | |
129 | 132 | |
130 | 133 | # get a destination port number (or icmp type) if there is one |
131 | 134 | if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) { |
7 | 7 | ######################################################## |
8 | 8 | |
9 | 9 | ######################################################## |
10 | ## Copyright (c) 2014 Orion Poplawski | |
10 | ## Copyright (c) 2014-2019 Orion Poplawski | |
11 | 11 | ## Covered under the included MIT/X-Consortium License: |
12 | 12 | ## http://www.opensource.org/licenses/mit-license.php |
13 | 13 | ## All modifications and contributions by other persons to |
23 | 23 | ######################################################### |
24 | 24 | |
25 | 25 | use strict; |
26 | use warnings; | |
26 | 27 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
27 | 28 | my $PoolThreshold = $ENV{'pool_threshold'} || 0; |
28 | 29 | my $PoolMetadataThreshold = $ENV{'pool_metadata_threshold'} || 0; |
41 | 42 | chomp($ThisLine); |
42 | 43 | # Seeing leading space on Fedora 26 |
43 | 44 | $ThisLine =~ s/^ *//; |
44 | if ($ThisLine =~ /^Thin (\S+) is now (\d+)% full/) { | |
45 | if ($ThisLine =~ /^pvscan\[\d+\] PV .* online(?:|, VG .* is complete)\.$/ | |
46 | or $ThisLine =~ /pvscan\[\d+\] VG .* run autoactivation/ | |
47 | # This happens often at startup | |
48 | or $ThisLine =~ /^WARNING: lvmetad is being updated, retrying/ | |
49 | ) { | |
50 | # Ignore | |
51 | } elsif ($ThisLine =~ /^(?:WARNING: )?Thin (\S+) is now (\d+(\.\d+)?)% full/) { | |
45 | 52 | $PoolUsed{$1} = $2 if $2 >= $PoolThreshold; |
46 | } elsif ($ThisLine =~ /^Thin metadata (\S+) is now (\d+)% full/) { | |
53 | } elsif ($ThisLine =~ /^(?:WARNING: )?Thin metadata (\S+) is now (\d+(\.\d+)?)% full/) { | |
47 | 54 | $PoolMetadataUsed{$1} = $2 if $2 >= $PoolMetadataThreshold; |
48 | 55 | } elsif ($ThisLine =~ /^Monitoring thin pool (\S+)\./) { |
49 | 56 | $MonitoringOn{$1}++; |
53 | 60 | $MonitoringOff{$1}++; |
54 | 61 | } elsif ($ThisLine =~ /^No longer monitoring snapshot (\S+)\./) { |
55 | 62 | $MonitoringSnapshotOff{$1}++; |
56 | } elsif ($ThisLine =~ /^Snapshot (\S+) is now (\d+)% full/) { | |
63 | } elsif ($ThisLine =~ /^(?:WARNING: )?Snapshot (\S+) is now (\d+(\.\d+)?)% full/) { | |
57 | 64 | $SnapshotUsed{$1} = $2 if $2 >= $SnapshotThreshold; |
58 | 65 | } elsif ($ThisLine =~ /^(\d+) logical volume\(s\) in volume group "(\S+)" monitored/) { |
59 | 66 | $MonitoringOn{$2}++; |
27 | 27 | # Logwatch project reserves the right to not accept such |
28 | 28 | # contributions. If you have made significant |
29 | 29 | # contributions to this script and want to claim |
30 | # copyright please contact logwatch-devel@logwatch.org. | |
30 | # copyright please contact logwatch-devel@lists.sourceforge.net. | |
31 | 31 | ########################################################################### |
32 | 32 | |
33 | 33 | use strict; |
59 | 59 | ($ThisLine =~ /running/) or |
60 | 60 | ($ThisLine =~ /NSTATS /) or |
61 | 61 | ($ThisLine =~ /Cleaned cache of \d+ RRs/) or |
62 | ($ThisLine =~ /max-cache-size .* setting to /) or | |
62 | 63 | ($ThisLine =~ /USAGE \d+ \d+ CPU=\d+.*/) or |
63 | 64 | ($ThisLine =~ /XSTATS /) or |
64 | 65 | ($ThisLine =~ /Ready to answer queries/) or |
85 | 86 | ($ThisLine =~ /configuring command channel from/) or |
86 | 87 | ($ThisLine =~ /interface ignored/) or |
87 | 88 | ($ThisLine =~ /no IPv6 interfaces found/) or |
88 | ($ThisLine =~ /using \d+ UDP listeners per interface/) or | |
89 | ($ThisLine =~ /using \d+ UDP listeners? per interface/) or | |
89 | 90 | ($ThisLine =~ /^running/) or |
90 | 91 | ($ThisLine =~ /^exiting/) or |
91 | 92 | ($ThisLine =~ /no longer listening/) or |
156 | 157 | ($ThisLine =~ /reading built-in trusted keys from file/) or |
157 | 158 | ($ThisLine =~ /reading built-in trust anchors from file/) or |
158 | 159 | ($ThisLine =~ /using built-in trusted-keys/) or |
160 | ($ThisLine =~ /using built-in keys instead/) or | |
159 | 161 | ($ThisLine =~ /set up managed keys zone/) or |
160 | 162 | ($ThisLine =~ /managed-keys-zone.*key now trusted/) or |
161 | 163 | ($ThisLine =~ /dhcpupdate: forwarding update for zone/) or |
163 | 165 | ($ThisLine =~ /using .* as GeoIP directory/) or |
164 | 166 | ($ThisLine =~ /GEO-.* Build/) or |
165 | 167 | ($ThisLine =~ /initializing GeoIP /) or |
168 | ($ThisLine =~ /looking for GeoIP2? databases in /) or | |
169 | ($ThisLine =~ /opened GeoIP2? database /) or | |
166 | 170 | # the following seems okay since it says "success" |
167 | 171 | ($ThisLine =~ /managed-keys-zone.*: No DNSKEY RRSIGs found for '.*': success/) or |
168 | 172 | ($ThisLine =~ /managed-keys-zone.*: Unable to fetch DNSKEY set '.*': timed out/) or |
175 | 179 | ($ThisLine =~ /next key event: /) or |
176 | 180 | ($ThisLine =~ /reconfiguring zone keys/) or |
177 | 181 | ($ThisLine =~ /using built-in DLV key/) or |
182 | ($ThisLine =~ /trust-anchor-telemetry/) or | |
178 | 183 | # ($ThisLine =~ /reading built-in trusted keys from file/) or |
179 | 184 | ($ThisLine =~ /all zones loaded/) or |
180 | 185 | ($ThisLine =~ /resolver priming query complete/) or |
181 | 186 | ($ThisLine =~ /client .* signer .* approved/) or |
182 | 187 | ($ThisLine =~ /stop limiting/) or |
188 | # Previous line appears to contain the error | |
189 | ($ThisLine =~ /client .*: query failed .* for .* at /) or | |
183 | 190 | # ignore this line because the following line describes the error |
184 | 191 | ($ThisLine =~ /unexpected error/) |
185 | 192 | ) { |
23 | 23 | ######################################################### |
24 | 24 | |
25 | 25 | use strict; |
26 | use warnings; | |
26 | 27 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
28 | my $IgnoreNonCertifiedDrives = $ENV{'omsa_ignore_non_certified_drives'} || 0; | |
27 | 29 | my %ServiceError; |
28 | 30 | my %ServiceMessage; |
29 | 31 | my %OtherList; |
35 | 37 | chomp($ThisLine); |
36 | 38 | my ($Service,$Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service (.*)$/); |
37 | 39 | if ($Message =~ /fail|disable|replace/i) { |
40 | # Service erroneously detects failure on service startup | |
41 | next if (($Service eq "Instrumentation") and $Message =~ /^Power supply detected a failure.*Previous state was: Unknown/); | |
38 | 42 | $ServiceError{$Service}->{$Message}++; |
39 | 43 | } elsif (defined($Service)) { |
40 | 44 | # Skip informational messages if needed |
41 | next if (($Service == "Storage Service") and ($Message =~ /^The Patrol Read has (started|stopped)/) and ($Detail < 5)); | |
42 | next if (($Service == "Storage Service") and ($Message =~ /^The controller battery Learn cycle will start in (?:\d+) days\./) and ($Detail < 5)); | |
45 | if ($Service eq "Instrumentation") { | |
46 | # Service erroneously detects absence on service startup | |
47 | next if ($Message =~ /^Battery sensor detected absence value/); | |
48 | next if (($Message =~ /^IPMI status.*Interface:/) and ($Detail < 10)); | |
49 | next if (($Message =~ /^Server Administrator start.*/) and ($Detail < 10)); | |
50 | next if (($Message =~ /^Systems Management Data Manager (?:Started|Stopped)/) and ($Detail < 10)); | |
51 | } elsif ($Service eq "Storage") { | |
52 | next if (($Message =~ /^Controller event log: Battery (?:Present|charge complete|started charging|temperature is normal)/) and ($Detail < 5)); | |
53 | next if (($Message =~ /^Controller event log: (Board Revision|Controller hardware revision ID)/) and ($Detail < 10)); | |
54 | next if (($Message =~ /^Controller event log: Current capacity of the battery is above threshold/) and ($Detail < 5)); | |
55 | next if (($Message =~ /^Controller event log: Enclosure .* (:?communication restored|discovered)/) and ($Detail < 10)); | |
56 | next if (($Message =~ /^Controller event log: Firmware initialization started/) and ($Detail < 10)); | |
57 | next if (($Message =~ /^Controller event log: Inserted:/) and ($Detail < 5)); | |
58 | next if (($Message =~ /^Controller event log: PD .* is not a certified drive/) and ($IgnoreNonCertifiedDrives)); | |
59 | next if (($Message =~ /^Controller event log: Package version/) and ($Detail < 10)); | |
60 | next if (($Message =~ /^Controller event log: Patrol Read (started|stopped|resumed)/) and ($Detail < 5)); | |
61 | next if (($Message =~ /^Controller event log: Shutdown command received from host/) and ($Detail < 1)); | |
62 | next if (($Message =~ /^Controller event log: Time established as/) and ($Detail < 10)); | |
63 | next if (($Message =~ /^Controller event log: Unexpected sense: Encl PD .* CDB: 12 00 00 00 (:?04|20) 00, Sense: 5\/24\/00/) and ($IgnoreNonCertifiedDrives)); | |
64 | next if (($Message =~ /^Controller event log: Unexpected sense: PD .* CDB: 12 01 dc 01 1d 00, Sense: (4\/cf|5\/24)\/00/) and ($IgnoreNonCertifiedDrives)); | |
65 | next if (($Message =~ /^Disk found is not supplied by an authorized hardware provider/) and ($IgnoreNonCertifiedDrives)); | |
66 | next if (($Message =~ /^The battery charge cycle is complete\./) and ($Detail < 5)); | |
67 | next if (($Message =~ /^The controller battery Learn cycle will start in (?:\d+) days\./) and ($Detail < 5)); | |
68 | next if (($Message =~ /^The Patrol Read has (started|stopped|resumed)/) and ($Detail < 5)); | |
69 | } | |
43 | 70 | $ServiceMessage{$Service}->{$Message}++; |
44 | 71 | } else { |
45 | 72 | $OtherList{$ThisLine}++; |
21 | 21 | # and ensure full compatibility with the newer Openswan. |
22 | 22 | ########################################################################## |
23 | 23 | |
24 | # This is a scanner for logwatch (see www.logwatch.org) that processes | |
25 | # FreeSWAN's <http://www.freeswan.org/> Pluto log files and attempts to | |
24 | # This is a scanner for logwatch that processes FreeSWAN's | |
25 | # <http://www.freeswan.org/> Pluto log files and attempts to | |
26 | 26 | # make some sense out of them. |
27 | 27 | # |
28 | 28 | # Please CC suggestions to mcr@freeswan.org and/or design@lists.freeswan.org |
19 | 19 | ## Logwatch project reserves the right to not accept such |
20 | 20 | ## contributions. If you have made significant |
21 | 21 | ## contributions to this script and want to claim |
22 | ## copyright please contact logwatch-devel@logwatch.org. | |
22 | ## copyright please contact logwatch-devel@lists.sourceforge.net. | |
23 | 23 | ######################################################### |
24 | 24 | |
25 | 25 | # Detail level |
8 | 8 | |
9 | 9 | ####################################################### |
10 | 10 | ## Copyright (c) 2013 Teemu Ikonen |
11 | ## Copyright (c) 2019 Orion Poplawski | |
11 | 12 | ## Covered under the included MIT/X-Consortium License: |
12 | 13 | ## http://www.opensource.org/licenses/mit-license.php |
13 | 14 | ## All modifications and contributions by other persons to |
46 | 47 | my %ActionResumed; |
47 | 48 | my %ActionSuspended; |
48 | 49 | my %DaemonActions; |
50 | my %InvalidCerts; | |
49 | 51 | |
50 | 52 | LINE: |
51 | 53 | while (defined($ThisLine = <STDIN>)) { |
52 | 54 | chomp($ThisLine); |
53 | foreach $Message (%IgnoreMessages) { | |
55 | foreach $Message (keys %IgnoreMessages) { | |
54 | 56 | next LINE if $ThisLine =~ /$Message/i; |
55 | 57 | } |
56 | 58 | if (($Reason) = ($ThisLine =~ /^ ?\[origin software=\"rsyslogd\" .*\] (.*)/)) { |
66 | 68 | elsif (my ($Action, $Module) = $ThisLine =~ /action '(.*)' resumed \(module '(.*)'\)/) { |
67 | 69 | $ActionResumed{"$Action ($Module)"}++ unless defined $IgnoreActions{$Action} or defined $IgnoreModules{$Module}; |
68 | 70 | } |
71 | elsif (my ($Certificate) = $ThisLine =~ /invalid cert info: peer provided \d+ certificate\(s\)\. Certificate \d+ info: (.*); \[/) { | |
72 | $InvalidCertificate{$Certificate}++; | |
73 | } | |
69 | 74 | elsif ( |
75 | # More detail for this in the invalid cert info line above | |
76 | $ThisLine =~ /^not permitted to talk to peer, certificate invalid:/ or | |
70 | 77 | $ThisLine =~ /^rsyslogd\'s (groupid|userid) changed to/ or |
78 | $ThisLine =~ /^imjournal: journal files changed, reloading/ or | |
71 | 79 | $ThisLine =~ /^imjournal: journal reloaded/ or |
72 | 80 | $ThisLine =~ /^imuxsock: Acquired UNIX socket .* from systemd/ or |
73 | 81 | $ThisLine =~ /^message repeated \d+ times:/ or |
98 | 106 | print "\n"; |
99 | 107 | } |
100 | 108 | |
109 | if (keys %InvalidCertificate) { | |
110 | print "Invalid certificates:\n"; | |
111 | foreach my $Certificate (sort keys %InvalidCertificate) { | |
112 | print " $Certificate: $InvalidCertificate{$Certificate} Times\n"; | |
113 | } | |
114 | print "\n"; | |
115 | } | |
116 | ||
101 | 117 | if (($Detail >=10) and (keys %DaemonActions) ) { |
102 | 118 | print "Rsyslogd Actions:\n"; |
103 | 119 | foreach $Reason (sort keys %DaemonActions) { |
421 | 421 | } elsif (my ($mins, $secs) = ($ThisLine =~ /Scanning took ([0-9]*) minutes? and ([0-9]*) seconds?/)) { |
422 | 422 | $RootkitHunter{'time'}+= $mins*60 + $secs; |
423 | 423 | } |
424 | } elsif ($ThisLine =~ /systemd-logind(?:\[\d+\])?: New session \d+ of user (\w+)\./){ | |
424 | } elsif ($ThisLine =~ /systemd-logind(?:\[\d+\])?: New session \d+ of user (.*)\.$/){ | |
425 | 425 | $UserLogin{$1}++; |
426 | 426 | } elsif ($ThisLine =~ /sshguard\[\d+\]: Blocking (.*) for (.*)/) { |
427 | 427 | my ($attacker, $details) = ($1, $2); |
120 | 120 | my $OutdatedAliasdb = |
121 | 121 | my $OverSize = my $OverSizeBytes = my $RelayLocalhost = |
122 | 122 | my $RemoteProtocolError =my $SendmailStarts = |
123 | my $SendmailStopped = my $TLSAcceptFailed = my $TLSConnectFailed = | |
124 | my $TooManyRcpts = my $XS4ALL = | |
123 | my $SendmailStopped = my $TooManyRcpts = my $XS4ALL = | |
125 | 124 | 0; |
126 | 125 | |
127 | 126 | |
150 | 149 | $StatError, $StatFile, $Temp, |
151 | 150 | $Temp1, $ThisLine, $ThisOne, |
152 | 151 | $TimeoutSend, $TimeoutSendWarning, $TLSFile, |
152 | $TLSFrom, | |
153 | 153 | $TLSReason, $TotalBytes, $TotalNum, |
154 | 154 | $ToUser, $User, $Usr, |
155 | 155 | $Warning, $Directory, $Cause |
182 | 182 | %SPFResults, %Starttls, %StarttlsCert, |
183 | 183 | %StarttlsCipher, %StatDeferred, %StatFileError, |
184 | 184 | %StatRejected, %StatRejectedLog, |
185 | %SysErr, %Timeouts, | |
186 | %TLSFailed, %TLSFileMissing, %ToList, | |
185 | %SysErr, %Timeouts, %TLSAcceptFailed, | |
186 | %TLSConnectFailed, %TLSFileMissing, %ToList, | |
187 | 187 | %TooManyHops, %UnknownUsers, %UnknownUsersCheckRcpt, |
188 | 188 | %WUnsafe |
189 | 189 | ); |
359 | 359 | ( $ThisLine =~ /^STARTTLS=(server|client), init=1/ ) or |
360 | 360 | # file=deliver.c, LogLevel>13, LOG_INFO |
361 | 361 | ( $ThisLine =~ /^STARTTLS=client, start=ok$/ ) or |
362 | ||
362 | # file=readcf.c, LogLevel>9, LOG_NOTICE, starting in 8.16.1 | |
363 | # because the features string can be many things, we ignore those | |
364 | # strings that are not known errors. (Other error strings are | |
365 | # possible, but they don't match because they have more arguments.) | |
366 | ( $ThisLine =~ m/^tls_(srv|clt)_features= | |
367 | (?!too_short|only_one_of_CertFile\/KeyFile_specified)[^,]*, | |
368 | \ relay=([^\ ])*\ \[.*\]$/x ) or | |
369 | # file=tls.c, LogLevel>13, LOG_DEBUG, starting in 8.16.1 | |
370 | ( $ThisLine =~ /engine=.*, path=.*, ispre=\d+, pre=\d+, initialized=\d+$/ ) or | |
363 | 371 | # the following is described in tls.c as a bug in OpenSSL, and |
364 | 372 | # recommends that the error message be ignored (last checked on 8.15.2) |
365 | 373 | # file=tls.c, LogLevel>15, LOG_WARNING |
377 | 385 | # and yet another symptom of a connection shut down (EPIPE refers to "Broken pipe") |
378 | 386 | # file=srvsmtp.c, LogLevel>5, LOG_WARNING |
379 | 387 | ( $ThisLine =~ /^STARTTLS=server, error: accept failed=-1, reason=unknown, SSL_error=5, errno=${\Errno::EPIPE}, retry=/ ) or |
388 | # the following is a detailed SSL error log (from tlslogerr) | |
389 | # always preceded by a more user-friendly error message | |
390 | # file=srvrsmtp.c, LogLevel>8, LOG_WARNING | |
391 | ( $ThisLine =~ /STARTTLS=(?:\w*): \d*:error:\w{8}:[^:]*:[^:]*:([^:]*):/ ) or | |
380 | 392 | # the following is a log message introduced in 8.13.6 |
381 | 393 | # file=sfsasl.c, LogLevel>14, LOG_INFO |
382 | 394 | # tls_retry errors are either transient, or additional log info is issued and parsed |
806 | 818 | # file=tls.c, LogLevel>7, LOG_WARNING |
807 | 819 | } elsif ( ($TLSFile) = ($ThisLine=~ /STARTTLS=((server|client): file .* unsafe: .*)/) ) { |
808 | 820 | $TLSFileMissing{$TLSFile}++; |
809 | # file=srvrsmtp.c, LogLevel>8, LOG_WARNING | |
810 | } elsif ( ($TLSReason) = ($ThisLine=~ /STARTTLS=(?:\w*): \d*:error:\w{8}:[^:]*:[^:]*:([^:]*):/) ) { | |
811 | $TLSFailed{$TLSReason}++; | |
812 | # file=srvrsmtp.c, LogLevel>5, LOG_WARNING | |
813 | } elsif ($ThisLine=~ /STARTTLS=server, error: accept failed=/) { | |
814 | $TLSAcceptFailed++; | |
815 | # file=deliver.c, LogLevel>5, LOG_WARNING | |
816 | } elsif ($ThisLine=~ /STARTTLS=client, error: connect failed=/) { | |
817 | $TLSConnectFailed++; | |
821 | # file=srvrsmtp.c, LogLevel>5, LOG_WARNING; reason given as of 8.14.6 | |
822 | } elsif ( ($TLSReason, $TLSFrom) = ($ThisLine=~ /STARTTLS=server, error: accept failed=-?\d+, reason=([^,]*), (?:[^,]*,){3} relay=(.*)/) ) { | |
823 | $TLSAcceptFailed{$TLSReason}{$TLSFrom}++; | |
824 | # handle pre-8.14.6 | |
825 | } elsif ( ($TLSFrom) = ($ThisLine=~ /STARTTLS=server, error: accept failed=-?\d+, SSL_error=(?:[^,]*,){3} relay=(.*)/) ) { | |
826 | $TLSAcceptFailed{"no reason given"}{$TLSFrom}++; | |
827 | # file=deliver.c, LogLevel>5, LOG_WARNING; reason given as of 8.14.6 | |
828 | } elsif ( ($TLSReason) = ($ThisLine=~ /STARTTLS=client, error: connect failed=-?\d+. reason=([^,]*),/) ) { | |
829 | $TLSConnectFailed{$TLSReason}++; | |
830 | # handle pre-8.14.6 | |
831 | } elsif ($ThisLine=~ /STARTTLS=client, error: connect failed=-?\d+. SSL_error=/) { | |
832 | $TLSConnectFailed{"no reason given"}++; | |
818 | 833 | # file=tls.c, LogLevel>-1, LOG_INFO |
819 | 834 | } elsif (($CommonName,$StarttlsReason) = ($ThisLine =~ /^STARTTLS: (?:x509|TLS) cert verify: depth=[0-9]+ .*\/CN=([^\/,]*).* state=[0-9]+, reason=(.*)$/ )) { |
820 | 835 | $StarttlsCert{$StarttlsReason}{$CommonName}++; |
1421 | 1436 | |
1422 | 1437 | # SMTP Errors |
1423 | 1438 | |
1424 | if($TLSAcceptFailed > 0) { | |
1425 | eval "$PrintCond" if ($Detail >= 3); | |
1426 | print "\n\n$TLSAcceptFailed STARTTLS Accept Fail(s)" if ($Detail >= 3); | |
1427 | $TotalError[$ErrorIndex] += $TLSAcceptFailed; | |
1428 | } | |
1429 | ||
1430 | $TotalError[++$ErrorIndex] = 0; | |
1431 | ||
1432 | if($TLSConnectFailed > 0) { | |
1433 | eval "$PrintCond" if ($Detail >= 3); | |
1434 | print "\n\n$TLSConnectFailed STARTTLS Connect Fail(s)" if ($Detail >= 3); | |
1435 | $TotalError[$ErrorIndex] += $TLSConnectFailed; | |
1436 | } | |
1437 | ||
1438 | $TotalError[++$ErrorIndex] = 0; | |
1439 | ||
1440 | if (keys %TLSFailed && ($Detail >= 5)) { | |
1441 | eval "$PrintCond"; | |
1442 | print "\n and they failed because of:"; | |
1443 | foreach $TLSReason (keys %TLSFailed) { | |
1444 | print "\n $TLSReason"; | |
1445 | } | |
1446 | } | |
1439 | if (keys %TLSConnectFailed) { | |
1440 | eval "$PrintCond" if ($Detail >= 3); | |
1441 | print "\n\nTLS Connect Failed" if ($Detail >=3); | |
1442 | foreach $TLSReason (sort keys %TLSConnectFailed) { | |
1443 | PrettyTimes(" " . $TLSConnectFailed{$TLSReason}) | |
1444 | if ($Detail >= 5); | |
1445 | $TotalError[$ErrorIndex] += $TLSConnectFailed{$TLSReason}; | |
1446 | } | |
1447 | print "\n\tTotal: $TotalError[$ErrorIndex]" if( $Detail >=3 ); | |
1448 | } | |
1449 | $TotalError[++$ErrorIndex] = 0; | |
1450 | ||
1451 | if (keys %TLSAcceptFailed) { | |
1452 | eval "$PrintCond" if ($Detail >= 3); | |
1453 | print "\n\nTLS Failed Access" if ($Detail >=3); | |
1454 | foreach $TLSReason (sort keys %TLSAcceptFailed) { | |
1455 | print "\n $TLSReason" if ($Detail >= 5); | |
1456 | foreach $TLSFrom (sort keys %{$TLSAcceptFailed{$TLSReason}}) { | |
1457 | PrettyTimes(" " . PrettyHost($TLSFrom, 59), | |
1458 | $TLSAcceptFailed{$TLSReason}{$TLSFrom}) if ($Detail >= 5); | |
1459 | $TotalError[$ErrorIndex] += | |
1460 | $TLSAcceptFailed{$TLSReason}{$TLSFrom}; | |
1461 | } | |
1462 | } | |
1463 | print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3); | |
1464 | } | |
1465 | $TotalError[++$ErrorIndex] = 0; | |
1447 | 1466 | |
1448 | 1467 | if (keys %BadAuth) { |
1449 | 1468 | eval "$PrintCond" if ($Detail >= 3); |
95 | 95 | # ignore |
96 | 96 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), previous self-test completed without error/ )) { |
97 | 97 | # ignore |
98 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), type changed from \'\w+\' to \'\w+\'/ )) { | |
98 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), type changed from \'[\w,+]+\' to \'[\w,+]+\'/ )) { | |
99 | 99 | # ignore |
100 | 100 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), state (?:read from|written to)/ )) { |
101 | 101 | # ignore |
121 | 121 | || ($ThisLine =~ /smartd has fork/) |
122 | 122 | || ($ThisLine =~ /smartd (startup|shutdown) succeeded/) |
123 | 123 | || ($ThisLine =~ /Unable to register device (.*) \(no Directive -d removable\). Exiting/) |
124 | || ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./) | |
125 | || ($ThisLine =~ /Device: (.*), IE \(SMART\) not enabled, skip device/) | |
124 | || ($ThisLine =~ /Device .*, SATA disks accessed via libata are not currently supported by smartmontools./) | |
125 | || ($ThisLine =~ /Device: .*, IE \(SMART\) not enabled, skip device/) | |
126 | || ($ThisLine =~ /Device: .*, not ATA, no IDENTIFY DEVICE Structure/) | |
126 | 127 | || ($ThisLine =~ /^Try '.*' to turn on SMART features/) |
127 | 128 | || ($ThisLine =~ /Device: (.*), Bad IEC (SMART) mode page, err=-5, skip device/) |
128 | 129 | || ($ThisLine =~ /Drive: DEVICESCAN, implied '-a' Directive on line [\d]+ of file/) |
63 | 63 | ( $ThisLine =~ m/^spamd: server pid:/ ) or |
64 | 64 | ( $ThisLine =~ m/^prefork: adjust: \d+ idle children (less|more) than \d+ (min|max)imum idle children/ ) or |
65 | 65 | # Sendmail messages to ignore |
66 | ( $ThisLine =~ m/^alias database / ) or | |
67 | ( $ThisLine =~ m/^started as: / ) or | |
68 | ( $ThisLine =~ m/[0-9]* aliases, longest [0-9]* bytes, [0-9]* bytes total/ ) or | |
66 | 69 | ( $ThisLine =~ m/^AUTH=/ ) or |
67 | 70 | ( $ThisLine =~ m/^STARTTLS/ ) or |
68 | 71 | ( $ThisLine =~ m/^starting daemon \(/ ) or |
69 | 72 | ( $ThisLine =~ m/^ruleset=trust_auth/ ) or |
70 | 73 | ( $ThisLine =~ m/^ruleset=check_relay/ ) or |
74 | ( $ThisLine =~ m/^tls_srv_features=/ ) or | |
75 | ( $ThisLine =~ m/^tls_clt_features=/ ) or | |
76 | ( $ThisLine =~ m/^engine=/ ) or | |
71 | 77 | 0 # Always last in the list, so all above can say "or" at the end |
72 | 78 | ) { |
73 | 79 | ; # We don't care about these |
29 | 29 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
30 | 30 | my $IgnoreHost = $ENV{'sshd_ignore_host'} || ""; |
31 | 31 | my $RefusedConnectionsThreshold = $ENV{'refused_connections_threshold'} || 0; |
32 | my $IllegalUsersThreshold = $ENV{'illegal_users_threshold'} || 0; | |
32 | 33 | my $DebugCounter = 0; |
33 | 34 | |
34 | 35 | # No sense in running if 'sshd' doesn't even exist on this system... |
95 | 96 | my $StatusNoSuchFile = 0; |
96 | 97 | my $BytesSent = 0; |
97 | 98 | my $BytesReceived = 0; |
99 | my $NoCipher = 0; | |
98 | 100 | |
99 | 101 | if ( $Debug >= 5 ) { |
100 | 102 | print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n"; |
109 | 111 | chomp($ThisLine); |
110 | 112 | if ( |
111 | 113 | ($ThisLine =~ /^pam_succeed_if: requirement "uid < 100" (not|was) met by user /) or |
114 | ($ThisLine =~ /^pam_succeed_if\(.*?\): requirement "uid >= 1000" (not|was) met by user /) or | |
112 | 115 | ($ThisLine =~ m/^(log: )?$/ ) or |
113 | 116 | ($ThisLine =~ m/^(log: )?\^\[\[60G/ ) or |
114 | 117 | ($ThisLine =~ m/^(log: )? succeeded$/ ) or |
367 | 370 | $ClientVers{$ClientVer}++; |
368 | 371 | } elsif (my ($Host,$Port) = ($ThisLine =~ /^error: connect_to (\S+) port (\d+): failed\.$/)) { |
369 | 372 | $ConnectFailed{"$Host port $Port"}++; |
373 | } elsif ($ThisLine =~ /^fatal: no matching cipher found: /) { | |
374 | $NoCipher++; | |
370 | 375 | } else { |
371 | 376 | # Report any unmatched entries... |
372 | 377 | unless ($ThisLine =~ /fwd X11 connect/) { |
495 | 500 | } |
496 | 501 | } |
497 | 502 | |
503 | if ($NoCipher && $Detail > 0) { | |
504 | print "\nNo matching cipher offered: " . timesplural($NoCipher); | |
505 | } | |
506 | ||
498 | 507 | if (keys %TooManyFailures) { |
499 | 508 | print "\nDisconnecting after too many authentication failures for user:\n"; |
500 | 509 | foreach my $User (sort {$a cmp $b} keys %TooManyFailures) { |
522 | 531 | } |
523 | 532 | |
524 | 533 | if (keys %IllegalUsers) { |
525 | print "\nIllegal users from:\n"; | |
534 | print "\nIllegal users from"; | |
535 | if ($IllegalUsersThreshold) { | |
536 | print " (with threshold >= $IllegalUsersThreshold)"; | |
537 | } | |
538 | print ":\n"; | |
526 | 539 | foreach my $ip (sort SortIP keys %IllegalUsers) { |
527 | 540 | my $name = LookupIP($ip); |
528 | 541 | my $totcount = 0; |
529 | 542 | foreach my $user (keys %{$IllegalUsers{$ip}}) { |
530 | 543 | $totcount += $IllegalUsers{$ip}{$user}; |
531 | } | |
532 | print " $name: " . timesplural($totcount); | |
533 | if ($Detail >= 5) { | |
534 | my $sort = CountOrder(%{$IllegalUsers{$ip}}); | |
535 | foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) { | |
536 | my $val = $IllegalUsers{$ip}{$user}; | |
537 | print " $user: " . timesplural($val); | |
544 | } | |
545 | if ($IllegalUsersThreshold == 0 || | |
546 | $totcount >= $IllegalUsersThreshold) { | |
547 | print " $name: " . timesplural($totcount); | |
548 | if ($Detail >= 5) { | |
549 | my $sort = CountOrder(%{$IllegalUsers{$ip}}); | |
550 | foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) { | |
551 | my $val = $IllegalUsers{$ip}{$user}; | |
552 | print " $user: " . timesplural($val); | |
553 | } | |
538 | 554 | } |
539 | 555 | } |
540 | 556 | } |
850 | 866 | } |
851 | 867 | } |
852 | 868 | |
853 | if ( ($Detail == 7 && keys %Krb_realm > 1) || ($Detail > 8 && keys %Krb_realm) ){ | |
869 | if ( ($Detail == 7 && keys %Krb_realm > 1) || ($Detail > 7 && keys %Krb_realm) ){ | |
854 | 870 | print "\nSuccessful Kerberos Authentication from ",(scalar keys %Krb_realm)," realm:\n"; |
855 | 871 | foreach my $realm (sort keys %Krb_realm) { |
856 | 872 | if($Detail > 9){ |
78 | 78 | $BackendOffline++ if $BackendStatus eq "offline"; |
79 | 79 | } elsif ($ThisLine =~ /^Enumeration requested but not enabled/) { |
80 | 80 | $EnumerationRequested++ unless $IgnoreEnumerationRequested; |
81 | } elsif ($Service eq "Daemon" && $ThisLine =~ /Keytab successfully retrieved and stored in:/) { | |
82 | # Ignore | |
81 | 83 | } elsif ($Service eq "p11_child" && $ThisLine =~ /Certificate .* not valid .*Certificate key usage inadequate for attempted operation/) { |
82 | 84 | # sssd ssh does not ignore certificates of different types - ignore the errors generated by it |
83 | 85 | $ignore_p11_child_error = 1; |
58 | 58 | |
59 | 59 | my $ThisLine; |
60 | 60 | while (defined($ThisLine = <STDIN>)) { |
61 | $ThisLine =~ s/LOG\d\[\d{1,5}:\d{15}\]: (.*)/$1/; | |
61 | $ThisLine =~ s/LOG\d\[(?:\d{1,5}:\d{15}|\w+)\]: (.*)/$1/; | |
62 | 62 | if ( $Debug >= 5 ) { |
63 | 63 | print STDERR "DEBUG($DebugCounter): $ThisLine"; |
64 | 64 | $DebugCounter++; |
83 | 83 | # ignore |
84 | 84 | } elsif ($ThisLine =~ m/^connect_blocking: getsockopt ([0-9a-fA-F.:]+: Connection refused) \(\d+\)$/) { |
85 | 85 | $errors{"connect_blocking: $1"}++; |
86 | } elsif ($ThisLine =~ m/^DH parameters updated/) { | |
87 | # ignore | |
86 | 88 | } elsif ($ThisLine =~ m/^(?:remote socket|local socket|accept): (Too many open files) \(\d+\)$/) { |
87 | 89 | $errors{"$1: increase the maximum number of open file descriptors"}++; |
88 | 90 | } elsif ($ThisLine =~ m/^Log file reopened$/) { |
105 | 107 | $stops++; |
106 | 108 | } elsif ($ThisLine =~ m/^transfer: s_poll_wait: TIMEOUTclose exceeded: closing$/) { |
107 | 109 | $notices{"TIMEOUTclose exceeded: closing connection"}++; |
110 | } elsif ($ThisLine =~ m/^Updating DH parameters/) { | |
111 | # ignore | |
108 | 112 | } elsif ($ThisLine =~ m/^(SSL_(?:accept|read|shutdown): .*|getpeerbyname: .*)(?: \(\d+\))?$/) { |
109 | 113 | $notices{$1}++; |
110 | 114 | } else { |
52 | 52 | while (defined(my $ThisLine = <STDIN>)) { |
53 | 53 | chomp($ThisLine); |
54 | 54 | if ($ThisLine =~ /^(Activat|Deactivat|Mount|Unmount|Reload|Start|Stopp)ing / or |
55 | $ThisLine =~ /^Finished / or | |
55 | 56 | # These events will be caught with the Unit X entered failed state message |
56 | 57 | $ThisLine =~ /^Failed to start / or |
57 | 58 | $ThisLine =~ /: Failed with result / or |
64 | 65 | $ThisLine =~ /^Closed .* [Ww]atch\.$/ or |
65 | 66 | $ThisLine =~ /^Closed (?:Multimedia|Sound) System\.$/ or |
66 | 67 | $ThisLine =~ /^Closed udev / or |
68 | $ThisLine =~ /: Consumed .* CPU time\.$/ or | |
67 | 69 | # crond will never restart process when it is restarted |
68 | 70 | $ThisLine =~ /^crond\.service: Found left-over process \d+ \(.*\) in control group while starting unit\. Ignoring\.$/ or |
69 | 71 | $ThisLine =~ /^Received SIGINT\./ or |
78 | 80 | $ThisLine =~ /^Reloading\.$/ or # Happens on each boot at switch root |
79 | 81 | $ThisLine =~ /^RTC configured in / or |
80 | 82 | $ThisLine =~ /^Running in initial RAM disk\.$/ or |
83 | $ThisLine =~ /^selinux: avc: *received policyload notice/ or | |
81 | 84 | $ThisLine =~ /^Set hostname to / or |
82 | 85 | $ThisLine =~ /^(?:Set up|Unset) automount Arbitrary Executable File Formats File System Automount Point\.$/ or |
83 | 86 | $ThisLine =~ /^Shutting down\.$/ or |
100 | 103 | $ThisLine =~ /Unit (.* is )?not needed anymore\. Stopping\./ or |
101 | 104 | $ThisLine =~ /State '(stop-sigterm|stop-final-sigterm)' timed out\. Killing\./ or |
102 | 105 | $ThisLine =~ /: Start(-pre)? operation timed out\. Terminating\./ or |
103 | $ThisLine =~ /Service hold-off time over, scheduling restart\./ or | |
104 | $ThisLine =~ /Service has no hold-off time, scheduling restart\./ or | |
106 | $ThisLine =~ /hold-?off time over, scheduling restart\./ or | |
107 | $ThisLine =~ /Service has no hold-off time.*, scheduling restart\./ or | |
105 | 108 | $ThisLine =~ /Scheduled restart job, restart counter is at .*\./ or |
106 | 109 | $ThisLine =~ /Stopping timed out\. Killing\./ or |
107 | 110 | $ThisLine =~ /^Timed out waiting for/ or |
148 | 151 | $ConfigError{$reason}{$service}++; |
149 | 152 | } elsif (my ($service) = ($ThisLine =~ /^Unit (.*) entered failed state\.$/)) { |
150 | 153 | $Failed{$service}++; |
154 | } elsif (my ($service) = ($ThisLine =~ /^(.*): Failed to execute command/)) { | |
155 | $Failed{$service}++; | |
151 | 156 | } elsif (my ($service) = ($ThisLine =~ /^(.*): Unit entered failed state\.$/)) { |
152 | 157 | $Failed{$service}++; |
153 | 158 | } elsif (my ($service) = ($ThisLine =~ /^(.*) failed with error code \d+\.$/)) { |
145 | 145 | ($source !~ /\/dev\/scd/ ) && |
146 | 146 | ($source !~ /\/dev\/sr/ ) && |
147 | 147 | ($source !~ /\/dev\/loop./) && |
148 | ($target !~ /^$diskfull_exclude_dirs/)) { | |
148 | ($target !~ /^$diskfull_exclude_dirs/i)) { | |
149 | 149 | print "$target ($source) => $used% Used. Warning: Disk Filling up.\n"; |
150 | 150 | } |
151 | 151 | } |
155 | 155 | #Main |
156 | 156 | |
157 | 157 | if ($OSname eq "Linux") { |
158 | $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660"; | |
158 | $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660 -x squashfs"; | |
159 | 159 | if ($local_disks_only) { $df_options .= " -l"; } |
160 | 160 | } elsif ($OSname eq "Darwin") { |
161 | $df_options = "-h"; | |
161 | $df_options = "-h -T nodevfs,autofs"; | |
162 | 162 | if ($local_disks_only) { $df_options .= " -l"; } |
163 | 163 | } elsif ($OSname eq "SunOS") { |
164 | 164 | if ( ($release eq "5.10") || ($release eq "5.9") || ($release eq "5.11") ) { |
166 | 166 | } |
167 | 167 | if ($local_disks_only) { $df_options .= " -l"; } |
168 | 168 | } elsif ($OSname eq "AIX") { |
169 | $df_options = ""; | |
170 | if ($local_disks_only) { $df_options .= " -P"; } | |
169 | $df_options = "-P"; | |
170 | if ($local_disks_only) { $df_options .= " -T local"; } | |
171 | 171 | } elsif ($OSname eq "GNU/kFreeBSD") { |
172 | 172 | $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660 -x devfs -x linprocfs -x sysfs -x fdescfs"; |
173 | 173 | if ($local_disks_only) { $df_options .= " -l"; } |
30 | 30 | ########################################################################### |
31 | 31 | #Main |
32 | 32 | |
33 | #Exit early if the report is not for the current host. | |
34 | use POSIX qw(uname); | |
35 | my $logwatch_hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'}; | |
36 | my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname(); | |
37 | $hostname =~ s/\..*//; | |
38 | exit (0) if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} and ($logwatch_hostname ne $hostname)); | |
39 | ||
33 | 40 | #Output sensors stats |
34 | 41 | |
35 | 42 | my $pathto_sensors = $ENV{'pathto_sensors'} || '/usr/bin/sensors'; |
51 | 51 | exit 0; |
52 | 52 | } |
53 | 53 | |
54 | my $pathto_zpool = $ENV{'pathto_zpool'} || '/usr/sbin/zpool'; | |
55 | my $pathto_zfs = $ENV{'pathto_zfs'} || '/usr/sbin/zfs'; | |
54 | my $pathto_zpool = $ENV{'pathto_zpool'} || 'zpool'; | |
55 | my $pathto_zfs = $ENV{'pathto_zfs'} || 'zfs'; | |
56 | 56 | my $summary_only = $ENV{'summary_only'} || ($detail < 5); |
57 | 57 | my $detail_only = $ENV{'detail_only'} || 0; |
58 | 58 |