Codebase list logwatch / 184d353
Imported Upstream version 7.4.0+svn20111221rev79 Willi Mann 12 years ago
8 changed file(s) with 135 addition(s) and 38 deletion(s). Raw diff Collapse all Expand all
+4
-0
conf/services/kernel.conf less more
2525 # against. Separate multiple executables with |
2626 # $ignore_faults = npviewer.bin
2727
28 # Ignore Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server
29 # messages which often occur when kerberos tickets expire
30 # $ignore_rpcsec_expired = Yes
31
2832 ########################################################
2933 # This was written and is maintained by:
3034 # Kirk Bauer <kirk@kaybee.org>
+5
-0
conf/services/spamassassin.conf less more
77 *OnlyService = spamd
88 *RemoveHeaders
99
10 # Ignore connections from these hosts.
11 # The value is a regular expression that the hostname plus IP address is matched
12 # against. Separate multiple hosts/IPs with |
13 # $ignore_connections = myspamclient.mydomain
14
1015 # vi: shiftwidth=3 tabstop=3 et
+15
-3
scripts/services/audit less more
9494 my $UELimit = 10;
9595 my $ThisLine;
9696 my %Warning = ();
97 my %AuditctlStatus = ();
9798
9899 print STDERR "\n\nDEBUG: Inside audit filter\n\n" if ( $Debug >= 5 );
99100
113114 ( $ThisLine =~ /: enforcing=[0-9]+ old_enforcing=[0-9]+ auid=[0-9]+/) or
114115 ( $ThisLine =~ /: policy loaded auid=[0-9]+/) or
115116 ( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z:.\-]+ msg=/) or
116 ( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or
117 ( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+|ses=[0-9]+| )+$/) or
117118 ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or
118119 ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or
119120 ( $ThisLine =~ /audit\([0-9.]*:[0-9]*\): bool=.* val=.* old_val=.* auid=[0-9]*/) or
120121 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 res=[0-9]*/) or
121122 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 op=.* key=.* list=[0-9]* res=[0-9]*/) or
122123 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): cwd=".*"/) or
124 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): user/) or
123125 ( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
124 ( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/)
126 ( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or
127 ( $ThisLine =~ /^No rules$/ )
125128 ) {
126129 # Ignore these entries
127130 } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
146149 } elsif (( $ThisLine =~ /Audit daemon is low on disk space for logging/) or
147150 ( $ThisLine =~ /Audit daemon is suspending logging due to low disk space./)) {
148151 $Warning{$ThisLine}++;
152 } elsif ( my ($status) = ( $ThisLine =~ /AUDIT_STATUS: (.*)/ ) ) {
153 $AuditctlStatus{$status}++;
149154 } elsif ( $Detail > 9 ) {
150155 if ( $ThisLine =~ /avc:\s*denied\s*{\s*([^}]+).*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) {
151156 $denials{$2.' '.$3.' ('.$1.$4 . ')'}++;
234239 print " starts with pid change: $NumberOfDStartsPid \n"
235240 }
236241
237 if ($Detail and $NumberOfDStops) {
242 if ($Detail and $NumberOfDStops) {
238243 print "\n Number of audit daemon stops: $NumberOfDStops \n";
244 }
245
246 if ($Detail and keys(%AuditctlStatus)) {
247 print "\n Auditctl status:\n";
248 foreach my $key (sort keys %AuditctlStatus) {
249 print " $key: ". $AuditctlStatus{$key} . " times\n";
250 }
239251 }
240252
241253 if ($NumberOfLostMessages) {
+26
-0
scripts/services/evtsystem less more
5959 next if $ExpandedString =~ /Microsoft \(R\) Windows \(R\) \d+\.\d+\. \d+ Service Pack \d/;
6060 next if $ExpandedString =~ /The Event log service was started./;
6161 next if $ExpandedString =~ /The Event log service was stopped./;
62 next if $ExpandedString =~ /The system uptime is \d+ seconds/;
63 }
64
65 if ($System =~ /Microsoft-Windows-Kernel-Power/) {
66 #High Detail
67 next if $ExpandedString =~ /The system is entering sleep/ and $Detail < 10;
68 }
69
70 if ($System =~ /Microsoft-Windows-Power-Troubleshooter/) {
71 #High Detail
72 next if $ExpandedString =~ /The system has resumed from sleep/ and $Detail < 10;
73 }
74
75 if ($System =~ /Microsoft-Windows-Time-Service/) {
76 #High Detail
77 next if $ExpandedString =~ /The time provider NtpClient is currently receiving valid time data from/ and $Detail < 10;
78 }
79
80 if ($System =~ /Microsoft-Windows-Winlogon/) {
81 #High Detail
82 next if $ExpandedString =~ /User \w+ Notification for Customer Experience Improvement Program/ and $Detail < 10;
83 }
84
85 if ($System =~ /Virtual Disk Service/) {
86 #High Detail
87 next if $ExpandedString =~ /Service (started|stopped)/ and $Detail < 10;
6288 }
6389
6490 if ($System =~ /Service Control Manager/) {
+18
-0
scripts/services/kernel less more
5353
5454 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
5555 my $Ignore_faults = $ENV{'ignore_faults'};
56 my $Ignore_rpcsec_expired = $ENV{'ignore_rpcsec_expired'} || 0;
5657 my %SYNflood = ();
5758 my %RAIDErrors = ();
5859 my %SegFaults = ();
5960 my %GPFaults = ();
61 my %TrapInt3s = ();
6062 my %UnalignedErrors = ();
6163 my %FPAssists = ();
6264 my %OOM = ();
8789 $SegFaults{$1}++;
8890 } elsif ($ThisLine =~ /([^(]*)\[\d+\] general protection/) {
8991 $GPFaults{$1}++;
92 } elsif ($ThisLine =~ /([^(]*)\[\d+\] trap int3 /) {
93 $TrapInt3s{$1}++;
9094 } elsif ($ThisLine =~ /([^(]*)\(\d+\): unaligned access to/) {
9195 $UnalignedErrors{$1}++;
9296 } elsif ($ThisLine =~ /([^(]*)\(\d+\): floating-point assist fault at ip/) {
104108 # These are informative, not errors
105109 $SkipError = 1 if $ThisLine =~ /PCIe errors handled by OS/;
106110 $SkipError = 1 if $ThisLine =~ /GHES: Generic hardware error source: \d notified via .* is not supported/;
111 # These happen when kerberos tickets expire, which can be normal
112 $SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
107113 $Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8));
108114 }
109115 # OTHER
161167 }
162168 }
163169
170 if (keys %TrapInt3s) {
171 my $header_printed=0;
172 foreach my $Thisone ( sort {$a cmp $b} keys %TrapInt3s ) {
173 if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
174 if (!$header_printed) {
175 print "\nWARNING: Trap int3 in these executables\n";
176 $header_printed=1;
177 }
178 print " $Thisone : $TrapInt3s{$Thisone} Time(s)\n";
179 }
180 }
181
164182 if (keys %UnalignedErrors) {
165183 print "\nWARNING: Unaligned Errors in these executables\n";
166184 foreach my $Thisone ( sort {$a cmp $b} keys %UnalignedErrors ) {
+49
-34
scripts/services/puppet less more
1818 ## copyright please contact logwatch-devel@logwatch.org.
1919 #########################################################
2020
21 # Detail level is currently not used
21 # Detail level
2222 $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
23
24 # Config
25 my $offline = $ENV{'puppet_offline_ok'};
2326
2427 # Init counters
2528 $FailedRuns = 0;
4144 ($ThisLine =~ /Caught HUP; calling restart/) or
4245 ($ThisLine =~ /Skipping because of failed dependencies/) or
4346 ($ThisLine =~ /Failed to generate additional resources/) or
44 ($ThisLine =~ /Could not retrieve catalog from remote server/) or
47 ($ThisLine =~ /Could not evaluate: getaddrinfo: Name or service not known/) or
4548 ($ThisLine =~ /replacing from source .+ with contents /) or
4649 ($ThisLine =~ /Starting catalog run/) or
4750 ($ThisLine =~ /Applying configuration version/) or
4851 ($ThisLine =~ /Loading facts in/) or
49 ($ThisLine =~ /Retrieving plugin/)
52 ($ThisLine =~ /Retrieving plugin/) or
53 ($ThisLine =~ /FileBucket adding/)
5054 ) {
5155 # Ignore
56 } elsif (($reason) = ($ThisLine =~ /Could not retrieve catalog from remote server: (.*)/)) {
57 if ($reason == "getaddrinfo: Name or service not known" && $offline) {
58 $FailedRuns--;
59 } else {
60 $CatalogFailures{$reason}++;
61 }
5262 } elsif ($ThisLine =~ /Finished catalog run in [0-9]+\.[0-9]+ seconds/) {
5363 $SuccessfulRuns++;
5464 } elsif ($ThisLine =~ /skipping run/) {
5565 $FailedRuns++;
56 } elsif ($ThisLine =~ /File\[.+\].+checksum changed/) {
57 $ThisLine =~ /File\[(.+)\].+checksum changed/;
66 } elsif ($ThisLine =~ /File\[(.+)\].+checksum changed/) {
5867 $ChangedFiles{$1}++;
59 } elsif ($ThisLine =~ /File\[.+\].+content changed/) {
60 $ThisLine =~ /File\[(.+)\].+content changed/;
68 } elsif ($ThisLine =~ /File\[(.+)\].+content changed/) {
6169 $ChangedFiles{$1}++;
62 } elsif ($ThisLine =~ /File\[.+\].+created/) {
63 $ThisLine =~ /File\[(.+)\].+created/;
70 } elsif ($ThisLine =~ /File\[(.+)\].+created/) {
6471 $CreatedFiles{$1}++;
65 } elsif ($ThisLine =~ /File\[.+\].+removed/) {
66 $ThisLine =~ /File\[(.+)\].+removed/;
72 } elsif ($ThisLine =~ /File\[(.+)\].+removed/) {
6773 $RemovedFiles{$1}++;
74 } elsif (($fileinfo) = ($ThisLine =~ /Filebucketed (.*)/)) {
75 $FileBucketed{$1}++;
6876 } elsif (
6977 ($ThisLine =~ /Failed to retrieve current state of resource/) or
7078 ($ThisLine =~ /Package.+ensure.+Could not find package/) or
7280 ($ThisLine =~ /File\[.+\].+ No specified sources exist/)
7381 ) {
7482 $ResourceFailures++;
75 } elsif ($ThisLine =~ /Package\[.+\].+ensure changed/) {
76 $ThisLine =~ /Package\[(.+)\].+ensure changed/;
83 } elsif ($ThisLine =~ /Package\[(.+)\].+ensure changed/) {
7784 $ChangedPackages{$1}++;
78 } elsif ($ThisLine =~ /Package\[.+\].+ensure\) created/) {
79 $ThisLine =~ /Package\[(.+)\].+ensure\) created/;
85 } elsif ($ThisLine =~ /Package\[(.+)\].+ensure\) created/) {
8086 $InstalledPackages{$1}++;
81 } elsif ($ThisLine =~ /Package\[.+\].+ensure\) removed/) {
82 $ThisLine =~ /Package\[(.+)\].+ensure\) removed/;
87 } elsif ($ThisLine =~ /Package\[(.+)\].+ensure\) removed/) {
8388 $RemovedPackages{$1}++;
84 } elsif ($ThisLine =~ /Exec\[.+\].+executed successfully/) {
85 $ThisLine =~ /Exec\[(.+)\].+executed successfully/;
89 } elsif ($ThisLine =~ /Exec\[(.+)\].+executed successfully/) {
8690 $ExecRuns{$1}++;
87 } elsif ($ThisLine =~ /Exec\[.+\].+Triggering 'refresh' from [0-9]+ dependencies/) {
88 $ThisLine =~ /Exec\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/;
91 } elsif ($ThisLine =~ /Exec\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/) {
8992 $ExecRuns{$1}++;
90 } elsif ($ThisLine =~ /Service\[.+\].+ensure changed \'.+\' to \'running\'/) {
91 $ThisLine =~ /Service\[(.+)\].+ensure changed \'.+\' to \'running\'/;
93 } elsif ($ThisLine =~ /Service\[(.+)\].+ensure changed \'.+\' to \'running\'/) {
9294 $ServiceStarts{$1}++;
93 } elsif ($ThisLine =~ /Service\[.+\].+Triggering 'refresh' from [0-9]+ dependencies/) {
94 $ThisLine =~ /Service\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/;
95 } elsif ($ThisLine =~ /Service\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/) {
9596 $ServiceStarts{$1}++;
9697 } elsif ($ThisLine =~ /Dependency .+\[.+\] has [0-9]+ failure/) {
9798 $DependencyFailures++;
111112 print "\nFailed runs: $FailedRuns\n";
112113 }
113114
115 if (keys %CatalogFailures) {
116 print "\nCould not retrieve catalog from remote server:\n";
117 foreach $ThisOne (keys %CatalogFailures) {
118 print " $ThisOne: $CatalogFailures{$ThisOne} Time(s)\n";
119 }
120 }
121
114122 if (keys %CreatedFiles) {
115123 print "\nCreated files:\n";
116124 foreach $ThisOne (keys %CreatedFiles) {
117 print "$ThisOne: $CreatedFiles{$ThisOne} Time(s)\n";
125 print " $ThisOne: $CreatedFiles{$ThisOne} Time(s)\n";
118126 }
119127 }
120128
121129 if (keys %ChangedFiles) {
122130 print "\nChanged files:\n";
123131 foreach $ThisOne (keys %ChangedFiles) {
124 print "$ThisOne: $ChangedFiles{$ThisOne} Time(s)\n";
132 print " $ThisOne: $ChangedFiles{$ThisOne} Time(s)\n";
125133 }
126134 }
127135
128136 if (keys %RemovedFiles) {
129137 print "\nRemoved files:\n";
130138 foreach $ThisOne (keys %RemovedFiles) {
131 print "$ThisOne: $RemovedFiles{$ThisOne} Time(s)\n";
139 print " $ThisOne: $RemovedFiles{$ThisOne} Time(s)\n";
140 }
141 }
142
143 if (keys %FileBucketed and $Detail >= 5) {
144 print "\nFileBucketed files:\n";
145 foreach $ThisOne (keys %FileBucketed) {
146 print " $ThisOne\n";
132147 }
133148 }
134149
135150 if (keys %InstalledPackages) {
136151 print "\nInstalled packages:\n";
137152 foreach $ThisOne (keys %InstalledPackages) {
138 print "$ThisOne: $InstalledPackages{$ThisOne} Time(s)\n";
153 print " $ThisOne: $InstalledPackages{$ThisOne} Time(s)\n";
139154 }
140155 }
141156
142157 if (keys %ChangedPackages) {
143158 print "\nChanged packages:\n";
144159 foreach $ThisOne (keys %ChangedPackages) {
145 print "$ThisOne: $ChangedPackages{$ThisOne} Time(s)\n";
160 print " $ThisOne: $ChangedPackages{$ThisOne} Time(s)\n";
146161 }
147162 }
148163
149164 if (keys %RemovedPackages) {
150165 print "\nRemoved packages:\n";
151166 foreach $ThisOne (keys %RemovedPackages) {
152 print "$ThisOne: $RemovedPackages{$ThisOne} Time(s)\n";
167 print " $ThisOne: $RemovedPackages{$ThisOne} Time(s)\n";
153168 }
154169 }
155170
156171 if (keys %ExecRuns) {
157172 print "\nExec runs:\n";
158173 foreach $ThisOne (keys %ExecRuns) {
159 print "$ThisOne: $ExecRuns{$ThisOne} Time(s)\n";
174 print " $ThisOne: $ExecRuns{$ThisOne} Time(s)\n";
160175 }
161176 }
162177
163178 if (keys %ServiceStarts) {
164179 print "\nService starts:\n";
165180 foreach $ThisOne (keys %ServiceStarts) {
166 print "$ThisOne: $ServiceStarts{$ThisOne} Time(s)\n";
181 print " $ThisOne: $ServiceStarts{$ThisOne} Time(s)\n";
167182 }
168183 }
169184
178193 if (keys %OtherList) {
179194 print "\n**Unmatched Entries**\n";
180195 foreach $ThisOne (keys %OtherList) {
181 print "$ThisOne: $OtherList{$ThisOne} Time(s)\n";
196 print " $ThisOne: $OtherList{$ThisOne} Time(s)\n";
182197 }
183198 }
184199
+1
-1
scripts/services/sendmail less more
17591759 print "\n Total per host: $TotalAbuse" if ($Detail >= 5);
17601760 $TotalError[$ErrorIndex] += $TotalAbuse;
17611761 }
1762 print "\n\tTota: l $TotalError[$ErrorIndex]" if ($Detail >= 3);
1762 print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
17631763 }
17641764 $TotalError[++$ErrorIndex] = 0;
17651765
+17
-0
scripts/services/spamassassin less more
4040
4141 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
4242 my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
43 my $Ignore_connections = $ENV{'ignore_connections'};
4344
4445 $StillRoot = 0;
4546 $CleanTotal = 0;
4950 my %Clean;
5051 my %Spam;
5152 my %Users;
53 my %Connections;
5254
5355 #Todo
5456 # meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' : 2 Time(s)
7375 ( $ThisLine =~ m/^server successfully spawned child process, / ) or
7476 ( $ThisLine =~ m/^removing stderr method/ ) or
7577 ( $ThisLine =~ m/^server pid:/ ) or
78 ( $ThisLine =~ m/^adjust: \d+ idle children (less|more) than \d+ (min|max)imum idle children/ ) or
7679 0 # Always last in the list, so all above can say "or" at the end
7780 ) {
7881 ; # We don't care about these
8487 $Users{ $User}++;
8588 } elsif ( $ThisLine =~ m/still running as root: / ) {
8689 $StillRoot++;
90 } elsif ( $ThisLine =~ m/^connection from (.*) at port / ) {
91 $Connections{$1}++;
8792 } elsif ( $ThisLine =~ m/\bchild\b/ ) {
8893 chomp($ThisLine);
8994 # Many perl errors report pseudo-line-numbers, e.g.
139144 }
140145 }
141146
147 if (keys %Connections) {
148 my $header_printed = 0;
149 foreach my $connection ( sort {$a cmp $b} keys %Connections ) {
150 if ($Ignore_connections && $connection =~ /$Ignore_connections/) { next; }
151 if (!$header_printed) {
152 print "\nConnections from:\n";
153 $header_printed = 1;
154 }
155 print " $connection : $Connections{$connection} Time(s)\n";
156 }
157 }
158
142159 if (keys %OtherList) {
143160 print "\n**Unmatched Entries**\n";
144161 foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {