Imported Upstream version 7.4.0+svn20140718rev203
Willi Mann
9 years ago
0 | # What actual file? Defaults to LogPath if not absolute path.... | |
1 | LogFile = dirsrv/*/errors | |
2 | Archive = dirsrv/*/errors.[1-9]* | |
3 | ||
4 | *ApplyStdDate = "\[%d/%b/%Y:%H:%M:%S" | |
5 | *RemoveHeaders = "\[[^]]+\] (- )?" | |
6 | ||
7 | # vi: shiftwidth=3 tabstop=3 et |
10 | 10 | LogFile = apache2/*access_log |
11 | 11 | LogFile = apache-ssl/*access.log.1 |
12 | 12 | LogFile = apache-ssl/*access.log |
13 | LogFile = nginx/*access.log | |
14 | LogFile = nginx/*access.log.1 | |
13 | 15 | |
14 | 16 | |
15 | 17 | # If the archives are searched, here is one or more line |
27 | 29 | Archive = apache2/*access.log-*.gz |
28 | 30 | Archive = apache2/*access_log-*.gz |
29 | 31 | Archive = apache-ssl/*access.log-*.gz |
32 | Archive = nginx/*access.log.*.gz | |
30 | 33 | |
31 | 34 | # Expand the repeats (actually just removes them now) |
32 | 35 | *ExpandRepeats |
0 | # You can put comments anywhere you want to. They are effective for the | |
1 | # rest of the line. | |
2 | ||
3 | # this is in the format of <name> = <value>. Whitespace at the beginning | |
4 | # and end of the lines is removed. Whitespace before and after the = sign | |
5 | # is removed. Everything is case *insensitive*. | |
6 | ||
7 | # Yes = True = On = 1 | |
8 | # No = False = Off = 0 | |
9 | ||
10 | Title = "Directory Server" | |
11 | ||
12 | # Which logfile group... | |
13 | LogFile = dirsrv | |
14 | ||
15 | #*OnlyService = Server_Administrator | |
16 | #*RemoveHeaders | |
17 | ||
18 | # vi: shiftwidth=3 tabstop=3 et |
0 | # You can put comments anywhere you want to. They are effective for the | |
1 | # rest of the line. | |
2 | ||
3 | # this is in the format of <name> = <value>. Whitespace at the beginning | |
4 | # and end of the lines is removed. Whitespace before and after the = sign | |
5 | # is removed. Everything is case *insensitive*. | |
6 | ||
7 | # Yes = True = On = 1 | |
8 | # No = False = Off = 0 | |
9 | ||
10 | Title = "LVM" | |
11 | ||
12 | # Which logfile group... | |
13 | LogFile = messages | |
14 | ||
15 | # Only give lines pertaining to the OMSA service... | |
16 | *OnlyService = lvm | |
17 | *RemoveHeaders | |
18 | ||
19 | ######################################################### | |
20 | ## LVM Threshold values. | |
21 | ## These allow you to configure the output and restrict verbose reports | |
22 | ## by limiting what is printed to occurances >= the value you enter. | |
23 | ## | |
24 | ## Note that case is insensitive. | |
25 | # | |
26 | ##LVM Config Values | |
27 | #$pool_threshold = 0 # % full values to report | |
28 | #$snapshot_threshold = 0 # % full values to report | |
29 | ||
30 | # vi: shiftwidth=3 tabstop=3 et |
0 | # You can put comments anywhere you want to. They are effective for the | |
1 | # rest of the line. | |
2 | ||
3 | # this is in the format of <name> = <value>. Whitespace at the beginning | |
4 | # and end of the lines is removed. Whitespace before and after the = sign | |
5 | # is removed. Everything is case *insensitive*. | |
6 | ||
7 | # Yes = True = On = 1 | |
8 | # No = False = Off = 0 | |
9 | ||
10 | Title = "Dell OMSA" | |
11 | ||
12 | # Which logfile group... | |
13 | LogFile = messages | |
14 | ||
15 | # Only give lines pertaining to the OMSA service... | |
16 | *OnlyService = Server_Administrator | |
17 | *RemoveHeaders | |
18 | ||
19 | # vi: shiftwidth=3 tabstop=3 et |
96 | 96 | .IP "\fB--logdir\fR directory" |
97 | 97 | Look in |
98 | 98 | .I directory |
99 | for log subdirectories or log files instead of the default directory. | |
99 | for log subdirectories or log files first before looking in the default directories. | |
100 | 100 | .IP "\fB--hostlimit\fR host1,host2" |
101 | 101 | Limit report to hostname - host1, host2. |
102 | 102 | .IP "\fB--hostname\fR hostname" |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: audit 150 2013-06-18 22:19:38Z mtremaine $ | |
2 | # $Id: audit 199 2014-07-14 15:48:15Z opoplawski $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: audit,v $ |
5 | 5 | # Revision 1.15 2009/02/20 17:59:47 mike |
102 | 102 | chomp($ThisLine); |
103 | 103 | # Remove timestamp if present |
104 | 104 | $ThisLine =~ s/^\[\s*\d+\.\d+\]\s*//; |
105 | if (( $ThisLine =~ /initializing netlink socket \(disabled\)/) or | |
105 | if (( $ThisLine =~ /initializing netlink (socket|subsys) \(disabled\)/) or | |
106 | 106 | ( $ThisLine =~ /audit_pid=[0-9]* old=[0-9]*(?: by auid=[0-9]*)?/) or |
107 | 107 | ( $ThisLine =~ /(arch=[0-9]+ )?syscall=[0-9]+ (success=(no|yes) )?exit=[0-9-]+( a[0-3]=[0-9a-f]+)* items=[0-9]+ (ppid=[0-9]+ )?pid=[0-9]+ (loginuid=[0-9-]+ )?(auid=[0-9]+ )?uid=[0-9]+ gid=[0-9]+ euid=[0-9]+ suid=[0-9]+ fsuid=[0-9]+ egid=[0-9]+ sgid=[0-9]+ fsgid=[0-9]+/) or |
108 | 108 | ( $ThisLine =~ /Audit daemon rotating log files/) or |
118 | 118 | ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or |
119 | 119 | ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or |
120 | 120 | ( $ThisLine =~ /audit\([0-9.]*:[0-9]*\): bool=.* val=.* old_val=.* auid=[0-9]*/) or |
121 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 res=[0-9]*/) or | |
121 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]*/) or | |
122 | 122 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 op=.* key=.* list=[0-9]* res=[0-9]*/) or |
123 | 123 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=0 uid=0 auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 .* res=success/) or |
124 | 124 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=1 uid=0 auid=[0-9]* ses=[0-9]* subj=system_u:system_r:init_t:s0 .* res=success/) or |
125 | 125 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 auid=[0-9]* ses=[0-9]*$/) or |
126 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 auid=[0-9]* ses=[0-9]* subj=.*res=success/) or | |
127 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 old auid=[0-9]* new auid=[0-9]+ old ses=[0-9]* new ses=[0-9]+ res=1$/) or | |
126 | 128 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): cwd=".*"/) or |
127 | 129 | ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): user/) or |
128 | 130 | ( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or |
0 | ######################################################## | |
1 | ## Copyright (c) 2014 Orion Poplawski | |
2 | ## Covered under the included MIT/X-Consortium License: | |
3 | ## http://www.opensource.org/licenses/mit-license.php | |
4 | ## All modifications and contributions by other persons to | |
5 | ## this script are assumed to have been donated to the | |
6 | ## Logwatch project and thus assume the above copyright | |
7 | ## and licensing terms. If you want to make contributions | |
8 | ## under your own copyright or a different license this | |
9 | ## must be explicitly stated in the contribution an the | |
10 | ## Logwatch project reserves the right to not accept such | |
11 | ## contributions. If you have made significant | |
12 | ## contributions to this script and want to claim | |
13 | ## copyright please contact logwatch-devel@lists.sourceforge.net. | |
14 | ######################################################### | |
15 | ||
16 | use strict; | |
17 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; | |
18 | my %Errors; | |
19 | my %Warnings; | |
20 | my %Startup; | |
21 | my $Stop; | |
22 | my %BackupStarted; | |
23 | my $BackupCompleted; | |
24 | my %BackupFile; | |
25 | my %Export; | |
26 | my %OtherList; | |
27 | my $PreviousLine = ''; | |
28 | ||
29 | while (defined(my $ThisLine = <STDIN>)) { | |
30 | chomp($ThisLine); | |
31 | ||
32 | if ($ThisLine =~ /^Listening for new connections again$/ | |
33 | or $ThisLine =~ /Listening on .* port/ | |
34 | or $ThisLine =~ /^Waiting for \d+ database threads to stop/ | |
35 | or $ThisLine =~ /^slapd shutting down - / | |
36 | ) { | |
37 | #Ignore | |
38 | } elsif ($ThisLine =~ /error/i | |
39 | or $ThisLine =~ /^Detected Disorderly Shutdown/) { | |
40 | $Errors{$ThisLine}++; | |
41 | } elsif ($ThisLine =~ /^Not listening for new connections/) { | |
42 | $Warnings{$ThisLine}++; | |
43 | } elsif ($ThisLine =~ /^(.*) starting up$/) { | |
44 | $Startup{$1}++; | |
45 | } elsif ($ThisLine =~ /^slapd stopped\.$/) { | |
46 | $Stop++; | |
47 | } elsif ($ThisLine =~ /^Beginning backup of '(.*)'$/) { | |
48 | $BackupStarted{$1}++; | |
49 | } elsif ($ThisLine =~ /^Backup finished\.$/) { | |
50 | $BackupCompleted++; | |
51 | } elsif ($ThisLine =~ /^Backing up file \d+ \((.*)\)$/) { | |
52 | $BackupFile{$1}++; | |
53 | } elsif ($ThisLine =~ /^export (\w+: Processed \d+ entries \(\d+%\)\.)$/) { | |
54 | $Export{$1}++; | |
55 | } elsif ($ThisLine =~ /^All database threads now stopped$/) { | |
56 | #This line follows the previous normally in backups | |
57 | $OtherList{$ThisLine}++ unless $PreviousLine =~ /^(export \w+: Processed \d+ entries|Waiting for \d+ database threads to stop|Backing up file)/; | |
58 | } else { | |
59 | $OtherList{$ThisLine}++; | |
60 | } | |
61 | $PreviousLine = $ThisLine; | |
62 | } | |
63 | ||
64 | if (keys %Errors) { | |
65 | print "\n** ERRORS **\n"; | |
66 | foreach my $line (sort {$a cmp $b} keys %Errors) { | |
67 | print " $line: $Errors{$line} Time(s)\n"; | |
68 | } | |
69 | } | |
70 | ||
71 | if (keys %Warnings) { | |
72 | print "\n** Warnings:\n"; | |
73 | foreach my $line (sort {$a cmp $b} keys %Warnings) { | |
74 | print " $line: $Warnings{$line} Time(s)\n"; | |
75 | } | |
76 | } | |
77 | ||
78 | if (keys %Startup and $Detail >= 5) { | |
79 | foreach my $Version (keys %Startup) { | |
80 | print "\nStart up version $Version: $Startup{$Version} Time(s)\n"; | |
81 | } | |
82 | } | |
83 | ||
84 | if ($Stop and $Detail) { | |
85 | print "\nStopped: $Stop Time(s)\n"; | |
86 | } | |
87 | ||
88 | if (keys %BackupStarted and $Detail) { | |
89 | foreach my $Database (keys %BackupStarted) { | |
90 | print "\nBackup started for $Database: $BackupStarted{$Database} Time(s)\n"; | |
91 | } | |
92 | } | |
93 | ||
94 | if (keys %BackupFile and $Detail >= 7) { | |
95 | print "\nBacked up files:\n"; | |
96 | foreach my $File (sort {$a cmp $b} keys %BackupFile) { | |
97 | print " $File: $BackupFile{$File} Time(s)\n"; | |
98 | } | |
99 | } | |
100 | ||
101 | if ($BackupCompleted and $Detail) { | |
102 | print "\nBackup completed: $BackupCompleted Time(s)\n"; | |
103 | } | |
104 | ||
105 | if (keys %Export and $Detail) { | |
106 | print "\nExports:\n"; | |
107 | foreach my $Line (keys %Export) { | |
108 | print " $Line $Export{$Line} Time(s)\n"; | |
109 | } | |
110 | } | |
111 | ||
112 | if (keys %OtherList) { | |
113 | print "\n**Unmatched Entries**\n"; | |
114 | foreach my $line (sort {$a cmp $b} keys %OtherList) { | |
115 | print " $line: $OtherList{$line} Time(s)\n"; | |
116 | } | |
117 | } | |
118 |
0 | 0 | ######################################################## |
1 | # $Id: dovecot 159 2013-08-19 09:35:30Z stefjakobs $ | |
1 | # $Id: dovecot 197 2014-05-30 17:31:32Z opoplawski $ | |
2 | 2 | ######################################################## |
3 | 3 | # $Log: dovecot,v $ |
4 | 4 | # Revision 1.18 2010/09/18 17:41:00 stefan |
0 | 0 | ########################################################################## |
1 | # $Id: evtsecurity 150 2013-06-18 22:19:38Z mtremaine $ | |
1 | # $Id: evtsecurity 202 2014-07-18 17:52:11Z opoplawski $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: evtsecurity,v $ |
4 | 4 | # Revision 1.3 2008/06/30 23:07:51 kirk |
51 | 51 | $SuccessAuditUsers{$UserName}++; |
52 | 52 | } |
53 | 53 | elsif ($EventLogType eq "Failure Audit") { |
54 | $FailureAudits{"$Hostname $ExpandedString"}++; | |
54 | if (($account,$domain,$reason) = ($ExpandedString =~ /^An account failed to log on\..*Account For Which Logon Failed:.*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Failure Reason:\s+(.+)\s+Status:.*Sub Status:/)) { | |
55 | $FailureAudits{"$Hostname Log On Failure for $domain\\$account: $reason"}++; | |
56 | } elsif (($account,$domain,$process) = ($ExpandedString =~ /^A privileged service was called\..*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Process Name:\s+(.+)\sService/)) { | |
57 | $FailureAudits{"$Hostname Privileged service called for $domain\\$account: $process"}++ if $Detail; | |
58 | } else { | |
59 | $FailureAudits{"$Hostname $ExpandedString"}++; | |
60 | } | |
55 | 61 | } |
56 | 62 | else { |
57 | 63 | # Report any unmatched entries... |
69 | 75 | |
70 | 76 | if (keys %FailureAudits) { |
71 | 77 | print "\nFailure Audits\n"; |
72 | foreach $Error (keys %FailureAudits) { | |
78 | foreach $Error (sort keys %FailureAudits) { | |
73 | 79 | print " $Error : $FailureAudits{$Error} Times\n"; |
74 | 80 | } |
75 | 81 | } |
0 | 0 | ########################################################################## |
1 | # $Id: evtsystem 171 2013-10-25 15:36:42Z opoplawski $ | |
1 | # $Id: evtsystem 203 2014-07-18 18:04:48Z opoplawski $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: evtsystem,v $ |
4 | 4 | # Revision 1.3 2008/06/30 23:07:51 kirk |
108 | 108 | |
109 | 109 | if ($System eq "Microsoft-Windows-GroupPolicy") { |
110 | 110 | #Ignore these |
111 | next if $ExpandedString =~ /^Group Policy settings for the computer were processed successfully\. There were no changes detected since the last successful processing of Group Policy\.$/; | |
111 | next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. There were no changes detected since the last successful processing of Group Policy\.$/; | |
112 | next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. New settings from \d+ Group Policy objects were detected and applied\.$/ and $Detail == 0; | |
112 | 113 | } |
113 | 114 | |
114 | 115 | if ($System eq "Microsoft-Windows-Power-Troubleshooter") { |
184 | 185 | next if $ExpandedString =~ /Driver initialized successfully\.$/ and $Detail < 10; |
185 | 186 | next if $ExpandedString =~ /Network controller configured for .* link\.$/ and $Detail < 10; |
186 | 187 | next if $ExpandedString =~ /^The driver package installation has succeeded\.$/ and $Detail < 10; |
188 | next if $ExpandedString =~ /^UVD Information$/; | |
189 | next if $ExpandedString =~ /Link has been established:/; | |
187 | 190 | |
188 | 191 | # Add to the list |
189 | 192 | $Systems{$System}->{"$Hostname $ExpandedString"}++; |
30 | 30 | my %wrongUser = (); |
31 | 31 | my %wrong_ip = (); |
32 | 32 | my %invalidUser = (); |
33 | my %discardRequest = (); | |
33 | my %discards = (); | |
34 | 34 | my %warnings = (); |
35 | my %givingUps = (); | |
35 | 36 | my $killedChilds = 0; |
36 | 37 | |
37 | 38 | my $ThisLine; |
48 | 49 | ( $ThisLine =~ /^(?:SSL|TLS|rlm_(?:unix|eap|sql|radutmp)| TLS_accept| \[ldap\])/ ) || |
49 | 50 | ( $ThisLine =~ /^Ready to process requests\.$/ ) || |
50 | 51 | ( $ThisLine =~ /^Exiting normally\.$/ ) || |
51 | ( $ThisLine =~ /^Loaded virtual server/ ) | |
52 | ( $ThisLine =~ /^Loaded virtual server/ ) || | |
53 | ( $ThisLine =~ /^HUP - / ) || | |
54 | ( $ThisLine =~ /^Received HUP signal\.$/ ) || | |
55 | ( $ThisLine =~ /^ ?Module: Reloaded module/ ) | |
52 | 56 | ) { |
53 | 57 | # ignore |
54 | 58 | } |
64 | 68 | # TD: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [user@example.com] (from client radius port 13 cli aa-bb-cc-11-22-33 via TLS tunnel) |
65 | 69 | # TD: Login incorrect (TLS Alert write:fatal:handshake failure): [user@example.com] (from client radius port 13 cli aa-bb-cc-11-22-33) |
66 | 70 | # TD: |
67 | elsif ( my ($user, $ip) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect \(.+\): \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) { | |
68 | if (! $ip) { $ip = "not named"; } | |
71 | elsif ( my ($user, $ip) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect(?: \(.+\))?: \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+)(?:;\w+)?)?(?: via TLS tunnel)?\)/) ) { | |
72 | if (! $ip) { $ip = "*not named*"; } | |
69 | 73 | $wrongUser{$ip}{$user}++; |
70 | 74 | $wrong_ip{$ip}++; |
71 | 75 | |
74 | 78 | # TD: Login incorrect: [user@example.com] (from client radius port 175143 cli cc08.e051.a240) |
75 | 79 | # TD: Login incorrect: [user@example.com] (from client radius1 port 0) |
76 | 80 | elsif ( my ($user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Login incorrect: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) { |
77 | if (! $ip) { $ip = "not named"; } | |
81 | if (! $ip) { $ip = "*not named*"; } | |
78 | 82 | $wrongPassword{$ip}{$user}++; |
79 | 83 | $wrong_ip{$ip}++; |
80 | 84 | } |
81 | 85 | |
82 | 86 | # TD: Invalid user ( [ldap] Access Attribute denies access): [user@example.com] (from client radius port 13 cli aa-bb-cc-dd-ee-11 via TLS tunnel) |
83 | elsif ( my ($reason, $user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Invalid user \(\s*(.+)\): \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) { | |
84 | if (! $ip) { $ip = "not named"; } | |
87 | # TD: Invalid user: [user@example.com] (from client <host> port 13 cli aa-bb-cc-dd-ee-11) | |
88 | elsif ( my ($reason, $user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Invalid user(?: \(\s*(.+)\))?: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) { | |
89 | if (! $ip) { $ip = "*not named*"; } | |
90 | if (! $reason) { $reason = "*no reason*"; } | |
85 | 91 | $invalidUser{$reason}{$user}++; |
86 | 92 | } |
87 | 93 | |
88 | 94 | # TD: Discarding duplicate request from client <host> port 47609 - ID: 182 due to unfinished request 12713766 |
89 | elsif ( my ($client) = ($ThisLine =~ /Discarding duplicate request from client (\S+) port \d+ - ID: \d+ due to unfinished request/) ) { | |
90 | $discardRequest{$client}++; | |
95 | # TD: Discarding conflicting packet from client <host> port 42221 - ID: 85 due to recent request 9008535. | |
96 | elsif ( my ($reason, $client) = ($ThisLine =~ /Discarding (duplicate request|conflicting packet) from client (\S+) port \d+ - ID: \d+ due to (unfinished|recent) request/) ) { | |
97 | $discards{$reason}{$client}++; | |
98 | } | |
99 | ||
100 | # TD: Received conflicting packet from client radius2 port 60612 - ID: 30 due to unfinished request 1136681. Giving up on old request. | |
101 | elsif ( my ($client) = ($ThisLine =~ /Received conflicting packet from client ([^ ]+) port \d{1,10} - ID: \d+ due to unfinished request \d+/) ) { | |
102 | $givingUps{$client}++; | |
91 | 103 | } |
92 | 104 | |
93 | 105 | # TD: Child PID 57436 is taking too much time: forcing failure and killing child. |
98 | 110 | # TD: WARNING: Unresponsive child for request 4737598, in component accounting module unix |
99 | 111 | # TD: WARNING: Child is hung for request 4737598 in component accounting module unix. |
100 | 112 | elsif ( $ThisLine =~ m/^WARNING: (Unresponsive child|Child is hung) for request \d+,? in component (\w+) module ?(\w*)/ ) { |
101 | $warnings{$1}{"$2 [module: $3]"}++; | |
113 | $warnings{"$1 in component:"}{"$2 [module: $3]"}++; | |
114 | } | |
115 | ||
116 | # TD: WARNING: Allowing fast client radius2 port 60612 - ID: 102 for recent request 9035637. | |
117 | elsif ( $ThisLine =~ m/^WARNING: (Allowing fast client) ([^ ]+) port \d{1,10} - ID: \d+/ ) { | |
118 | $warnings{"${1}s:"}{$2}++; | |
102 | 119 | } |
103 | 120 | |
104 | 121 | else { |
207 | 224 | } |
208 | 225 | } |
209 | 226 | |
210 | if (keys %discardRequest) { | |
211 | print "\nDuplicate requests discarded from client:\n"; | |
212 | foreach my $client (keys %discardRequest) { | |
213 | printf " %-40s : %5d time(s)\n", $client, $discardRequest{$client}; | |
214 | } | |
227 | if (keys %discards) { | |
228 | print "\nDiscards:\n"; | |
229 | foreach my $reason (keys %discards) { | |
230 | my $clients = $discards{$reason}; | |
231 | printf " %-40s\n", $reason; | |
232 | foreach my $client (keys %$clients) { | |
233 | printf " %-38s : %5d time(s)\n", $client, $clients->{$client}; | |
234 | } | |
235 | } | |
236 | } | |
237 | ||
238 | if (keys %givingUps) { | |
239 | print "\nGiving up on old requests:\n"; | |
240 | foreach my $client (keys %givingUps) { | |
241 | printf " %-40s : %5d time(s)\n", $client, $givingUps{$client}; | |
242 | } | |
215 | 243 | } |
216 | 244 | |
217 | 245 | if ($killedChilds) { |
222 | 250 | print "\nWarnings:\n"; |
223 | 251 | foreach my $warning (keys %warnings) { |
224 | 252 | my $components = $warnings{$warning}; |
225 | printf " %-40s\n", "$warning in component:"; | |
253 | printf " %-40s\n", $warning; | |
226 | 254 | foreach my $component (keys %$components) { |
227 | 255 | printf " %-38s : %5d time(s)\n", $component, $components->{$component}; |
228 | 256 | } |
0 | 0 | ########################################################################## |
1 | # $Id: http 170 2013-08-20 07:39:31Z stefjakobs $ | |
1 | # $Id: http 179 2014-01-09 16:29:00Z opoplawski $ | |
2 | 2 | ########################################################################## |
3 | 3 | |
4 | 4 | ##################################################### |
410 | 410 | $hacks{$field{client_ip}}{$exploits[$i]}++; |
411 | 411 | $total_hack_count += 1; |
412 | 412 | $ban_ip{$field{client_ip}} = " "; |
413 | if ($field{http_rc} < 400) { | |
413 | if ($field{http_rc} < 300) { | |
414 | 414 | $hack_success{$field{url}} = $field{http_rc}; |
415 | 415 | } |
416 | 416 | } |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: kernel 160 2013-08-19 09:37:46Z stefjakobs $ | |
2 | # $Id: kernel 183 2014-01-26 13:32:28Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: kernel,v $ |
5 | 5 | # Revision 1.35 2008/03/24 23:31:26 kirk |
120 | 120 | $SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/; |
121 | 121 | # These happen when kerberos tickets expire, which can be normal |
122 | 122 | $SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired; |
123 | # filter out mount options | |
124 | $SkipError = 1 if $ThisLine =~ /errors=(?:continue|remount-ro|panic)/; | |
123 | 125 | $Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8)); |
124 | 126 | } elsif ( ( my $errormsg ) = ( $ThisLine =~ /((BUG|WARNING|INFO):.{0,40})/ ) ) { |
125 | 127 | $Errors{$errormsg}++; |
0 | ######################################################## | |
1 | ## Copyright (c) 2014 Orion Poplawski | |
2 | ## Covered under the included MIT/X-Consortium License: | |
3 | ## http://www.opensource.org/licenses/mit-license.php | |
4 | ## All modifications and contributions by other persons to | |
5 | ## this script are assumed to have been donated to the | |
6 | ## Logwatch project and thus assume the above copyright | |
7 | ## and licensing terms. If you want to make contributions | |
8 | ## under your own copyright or a different license this | |
9 | ## must be explicitly stated in the contribution an the | |
10 | ## Logwatch project reserves the right to not accept such | |
11 | ## contributions. If you have made significant | |
12 | ## contributions to this script and want to claim | |
13 | ## copyright please contact logwatch-devel@lists.sourceforge.net. | |
14 | ######################################################### | |
15 | ||
16 | use strict; | |
17 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; | |
18 | my $PoolThreshold = $ENV{'pool_threshold'} || 0; | |
19 | my %PoolUsed; | |
20 | my $SnapshotThreshold = $ENV{'snapshot_threshold'} || 0; | |
21 | my %SnapshotUsed; | |
22 | my %MonitoringOn; | |
23 | my %MonitoringOff; | |
24 | my %OtherList; | |
25 | ||
26 | while (defined(my $ThisLine = <STDIN>)) { | |
27 | chomp($ThisLine); | |
28 | if ($ThisLine =~ /^Thin (\S+) is now (\d+)% full/) { | |
29 | $PoolUsed{$1} = $2 if $2 >= $PoolThreshold; | |
30 | } elsif ($ThisLine =~ /^Monitoring thin (\S+)\./) { | |
31 | $MonitoringOn{$1}++; | |
32 | } elsif ($ThisLine =~ /^No longer monitoring thin (\S+)\./) { | |
33 | $MonitoringOff{$1}++; | |
34 | } elsif ($ThisLine =~ /^Snapshot (\S+) is now (\d+)% full/) { | |
35 | $SnapshotUsed{$1} = $2 if $2 >= $SnapshotThreshold; | |
36 | } else { | |
37 | $OtherList{$ThisLine}++; | |
38 | } | |
39 | } | |
40 | ||
41 | if (keys %PoolUsed) { | |
42 | print "Thin Pool Usage:\n"; | |
43 | foreach my $Pool (sort {$a cmp $b} keys %PoolUsed) { | |
44 | print " $Pool: $PoolUsed{$Pool}% full\n"; | |
45 | } | |
46 | print "\n"; | |
47 | } | |
48 | ||
49 | if (keys %SnapshotUsed) { | |
50 | print "Snapshot Usage:\n"; | |
51 | foreach my $Snapshot (sort {$a cmp $b} keys %SnapshotUsed) { | |
52 | print " $Snapshot: $SnapshotUsed{$Snapshot}% full\n"; | |
53 | } | |
54 | print "\n"; | |
55 | } | |
56 | ||
57 | if (keys %MonitoringOn and $Detail) { | |
58 | print "Monitoring started for:\n"; | |
59 | foreach my $Pool (sort {$a cmp $b} keys %MonitoringOn) { | |
60 | print " $Pool: $MonitoringOn{$Pool} Time(s)\n"; | |
61 | } | |
62 | print "\n"; | |
63 | } | |
64 | ||
65 | if (keys %MonitoringOff and $Detail) { | |
66 | print "Monitoring stopped for:\n"; | |
67 | foreach my $Pool (sort {$a cmp $b} keys %MonitoringOff) { | |
68 | print " $Pool: $MonitoringOff{$Pool} Time(s)\n"; | |
69 | } | |
70 | print "\n"; | |
71 | } | |
72 | ||
73 | if (keys %OtherList) { | |
74 | print "\n**Unmatched Entries**\n"; | |
75 | foreach my $line (sort {$a cmp $b} keys %OtherList) { | |
76 | print " $line: $OtherList{$line} Time(s)\n"; | |
77 | } | |
78 | } | |
79 | ||
80 | exit(0); | |
81 | ||
82 | # vi: shiftwidth=3 tabstop=3 syntax=perl et | |
83 | # Local Variables: | |
84 | # mode: perl | |
85 | # perl-indent-level: 3 | |
86 | # indent-tabs-mode: nil | |
87 | # End: |
26 | 26 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
27 | 27 | |
28 | 28 | my @devices = (); |
29 | # Sometimes mdadm --examine --scan reports device with different names than | |
30 | # what is in use. Use /etc/mdadm.conf instead if it exists. | |
31 | 29 | if ( -f "/etc/mdadm.conf" ) { |
32 | 30 | open(MDADM,"< /etc/mdadm.conf"); |
33 | 31 | } elsif ( -f "/etc/mdadm/mdadm.conf" ) { |
34 | 32 | open(MDADM,"< /etc/mdadm/mdadm.conf"); |
35 | 33 | } else { |
36 | open(MDADM,"mdadm --examine --scan 2>/dev/null|"); | |
34 | open(MDADM,"mdadm --detail --scan 2>/dev/null|"); | |
37 | 35 | } |
38 | 36 | while (<MDADM>) { |
39 | 37 | if (/^ARRAY/) { |
0 | 0 | #!/usr/bin/perl -w |
1 | 1 | # |
2 | # $Id: mysql 150 2013-06-18 22:19:38Z mtremaine $ | |
2 | # $Id: mysql 184 2014-01-26 13:46:58Z stefjakobs $ | |
3 | 3 | # |
4 | 4 | # Logwatch service for mysqld error log |
5 | 5 | # To be placed in |
60 | 60 | local $SIG{'__WARN__'} = sub {}; |
61 | 61 | $time = timelocal($6, $5, $4, $3, $2-1, $1); |
62 | 62 | } |
63 | ||
64 | # Count lines with increasing number as one: | |
65 | # [Warning] Aborted connection 107194 to db: ... | |
66 | $line =~ s/(Aborted connection) \d+ (to db)/$1 $2/; | |
63 | 67 | |
64 | 68 | foreach my $cur_cat (@message_categories) { |
65 | 69 | if($line =~ /$cur_cat->[1]/) { |
0 | 0 | ########################################################################## |
1 | # $Id: named 163 2013-08-19 10:17:44Z stefjakobs $ | |
1 | # $Id: named 198 2014-06-24 21:27:49Z opoplawski $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: named,v $ |
4 | 4 | # Revision 1.62 2011/01/06 22:53:00 stefan |
195 | 195 | ($ThisLine =~ /Malformed response from/) or |
196 | 196 | ($ThisLine =~ /client .* response from Internet for .*/) or |
197 | 197 | ($ThisLine =~ /client .+ query \(cache\) '.*' denied/) or |
198 | ($ThisLine =~ /client .+#\d+: query:/) or | |
198 | ($ThisLine =~ /client .+(?: \([^)]+\))?: query:/) or | |
199 | 199 | # Do we really want to ignore these? |
200 | 200 | #($ThisLine =~ /unknown logging category/) or |
201 | 201 | ($ThisLine =~ /could not open entropy source/) or |
250 | 250 | ($ThisLine =~ /update with no effect/) or |
251 | 251 | ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or |
252 | 252 | ($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or |
253 | ($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or | |
254 | ($ThisLine =~ /a non-profit 501/) or | |
255 | ($ThisLine =~ /corporation. Support and training for BIND \d+ are/) or | |
256 | ($ThisLine =~ /available at https:\/\/www.isc.org\/support/) or | |
257 | ($ThisLine =~ /----------------------------------------------------/) or | |
253 | 258 | # ignore this line because the following line describes the error |
254 | 259 | ($ThisLine =~ /unexpected error/) |
255 | 260 | ) { |
0 | ######################################################## | |
1 | ## Copyright (c) 2014 Orion Poplawski | |
2 | ## Covered under the included MIT/X-Consortium License: | |
3 | ## http://www.opensource.org/licenses/mit-license.php | |
4 | ## All modifications and contributions by other persons to | |
5 | ## this script are assumed to have been donated to the | |
6 | ## Logwatch project and thus assume the above copyright | |
7 | ## and licensing terms. If you want to make contributions | |
8 | ## under your own copyright or a different license this | |
9 | ## must be explicitly stated in the contribution an the | |
10 | ## Logwatch project reserves the right to not accept such | |
11 | ## contributions. If you have made significant | |
12 | ## contributions to this script and want to claim | |
13 | ## copyright please contact logwatch-devel@lists.sourceforge.net. | |
14 | ######################################################### | |
15 | ||
16 | use strict; | |
17 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; | |
18 | my %ServiceError; | |
19 | my %ServiceMessage; | |
20 | my %OtherList; | |
21 | ||
22 | # Lines are of the form: | |
23 | # 3017 2048 - Storage Service Device failed: Battery 0 Controller 0 | |
24 | # \d+ \d+ - (\w+) Service (.*) | |
25 | while (defined(my $ThisLine = <STDIN>)) { | |
26 | chomp($ThisLine); | |
27 | my ($Service,$Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service (.*)$/); | |
28 | if ($Message =~ /fail|disable|replace/i) { | |
29 | $ServiceError{$Service}->{$Message}++; | |
30 | } elsif (defined($Service)) { | |
31 | # Skip informational messages if needed | |
32 | next if (($Service == "Storage Service") and ($Message =~ /^The Patrol Read has (started|stopped)/) and ($Detail < 5)); | |
33 | $ServiceMessage{$Service}->{$Message}++; | |
34 | } else { | |
35 | $OtherList{$ThisLine}++; | |
36 | } | |
37 | } | |
38 | ||
39 | if (keys %ServiceError) { | |
40 | print "ERRORS:\n"; | |
41 | foreach my $Service (sort {$a cmp $b} keys %ServiceError) { | |
42 | print " $Service Service:\n"; | |
43 | foreach my $Error (sort {$a cmp $b} keys %{$ServiceError{$Service}}) { | |
44 | print " $Error $ServiceError{$Service}->{$Error} Time(s)\n"; | |
45 | } | |
46 | print "\n"; | |
47 | } | |
48 | } | |
49 | ||
50 | if (keys %ServiceMessage) { | |
51 | print "Informational:\n"; | |
52 | foreach my $Service (sort {$a cmp $b} keys %ServiceMessage) { | |
53 | print " $Service Service:\n"; | |
54 | foreach my $Message (sort {$a cmp $b} keys %{$ServiceMessage{$Service}}) { | |
55 | print " $Message $ServiceMessage{$Service}->{$Message} Time(s)\n"; | |
56 | } | |
57 | print "\n"; | |
58 | } | |
59 | } | |
60 | ||
61 | if (keys %OtherList) { | |
62 | print "\n\n**Unmatched Entries**\n"; | |
63 | foreach my $line (sort {$a cmp $b} keys %OtherList) { | |
64 | print " $line: $OtherList{$line} Time(s)\n"; | |
65 | } | |
66 | } | |
67 | ||
68 | exit(0); | |
69 | ||
70 | # vi: shiftwidth=3 tabstop=3 syntax=perl et | |
71 | # Local Variables: | |
72 | # mode: perl | |
73 | # perl-indent-level: 3 | |
74 | # indent-tabs-mode: nil | |
75 | # End: |
0 | 0 | ########################################################################## |
1 | # $Id: openvpn 150 2013-06-18 22:19:38Z mtremaine $ | |
1 | # $Id: openvpn 201 2014-07-18 17:05:39Z opoplawski $ | |
2 | 2 | ########################################################################## |
3 | 3 | |
4 | 4 | ######################################################## |
38 | 38 | $ThisLine =~ s/^([\S]+)\/([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //; |
39 | 39 | |
40 | 40 | if ( |
41 | ($ThisLine =~ /^\[[\w.-]+\] Inactivity timeout \(--ping-restart\), restarting/) or | |
41 | ($ThisLine =~ /Inactivity timeout \(--ping-restart\), restarting/) or | |
42 | 42 | ($ThisLine =~ /^\/sbin\//) or |
43 | 43 | ($ThisLine =~ /^Attempting to establish TCP connection with [\d.]+:\d+/) or |
44 | 44 | ($ThisLine =~ /^Closing TUN\/TAP interface/) or |
47 | 47 | ($ThisLine =~ /^Control Channel MTU parms/) or |
48 | 48 | ($ThisLine =~ /CRL CHECK OK: \/.*\//) or |
49 | 49 | ($ThisLine =~ /^Data Channel MTU parms/) or |
50 | ($ThisLine =~ /^Delayed exit in \d+ seconds/) or | |
50 | 51 | ($ThisLine =~ /^Diffie-Hellman initialized/) or |
51 | 52 | ($ThisLine =~ /^event_wait : Interrupted system call \(code=\d+\)/) or |
52 | 53 | ($ThisLine =~ /^Exiting/) or |
64 | 65 | ($ThisLine =~ /^MULTI: primary virtual IP for/) or |
65 | 66 | ($ThisLine =~ /^MULTI: TCP INIT maxclients=\d+ maxevents=\d+/) or |
66 | 67 | ($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or |
68 | ($ThisLine =~ /^MULTI_sva: pool returned IPv4=/) or | |
67 | 69 | ($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or |
68 | 70 | ($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or |
69 | 71 | ($ThisLine =~ /OpenVPN .* built on [A-Z][a-z]{2} [ 12]?[0-9] [0-9]{4}/) or |
70 | 72 | ($ThisLine =~ /^OPTIONS IMPORT/) or |
73 | ($ThisLine =~ /^PLUGIN_CALL: plugin function /) or | |
74 | ($ThisLine =~ /^PLUGIN_INIT: POST .* intercepted=/) or | |
71 | 75 | ($ThisLine =~ /^Preserving previous TUN\/TAP instance: \w+/) or |
72 | 76 | ($ThisLine =~ /^PUSH: Received control message/) or |
77 | ($ThisLine =~ /^Re-using pre-shared static key/) or | |
73 | 78 | ($ThisLine =~ /^Re-using SSL\/TLS context/) or |
74 | 79 | ($ThisLine =~ /read UDPv4 \[.*\]: No route to host \(code=[0-9]*\)/) or |
75 | 80 | ($ThisLine =~ /^Restart pause, \d+ second\(s\)/) or |
81 | ($ThisLine =~ /^ROUTE_GATEWAY/) or | |
82 | ($ThisLine =~ /^send_push_reply/) or | |
76 | 83 | ($ThisLine =~ /^SENT CONTROL/) or |
77 | 84 | ($ThisLine =~ /^SIGTERM\[hard,[^\]]*\] received, process exiting/) or |
78 | 85 | ($ThisLine =~ /^SIGUSR1\[soft,(connection-reset|ping-restart)\] received, (process|client-instance) restarting/) or |
102 | 109 | # Don't care about these... |
103 | 110 | } elsif (($status, $depth, $dn) = ( $ThisLine =~ /^VERIFY (.*): depth=(.*), (.*)/ )) { |
104 | 111 | |
105 | #TLS: tls_process: killed expiring key: | |
106 | 112 | #VERIFY OK: depth=0, /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s) |
107 | 113 | $VerifyList{"status: $status depth: $depth DN: $dn"}++; |
108 | 114 | } elsif (($status, $dn) = ( $ThisLine =~ /^VERIFY X509NAME (.*): (.*)/ )) { |
109 | 115 | #VERIFY X509NAME OK: /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s) |
110 | 116 | $VerifyList{"status: $status X509Name DN: $dn"}++; |
117 | } elsif (($status, $dn) = ( $ThisLine =~ /^CRL CHECK (.*): (.*)/ )) { | |
118 | ||
119 | #CRL CHECK OK: C=US, ST=CO, L=Boulder, O=NWRA, OU=Boulder, CN=user, name=root, emailAddress=xxxx@xxxx.xxx | |
120 | $VerifyList{"CRL check status: $status DN: $dn"}++; | |
111 | 121 | } elsif ($ThisLine =~ /^TLS: Username\/Password authentication/) { |
112 | 122 | $VerifyList{$ThisLine}++; |
113 | 123 | } elsif ($ThisLine =~ m/^MULTI: new incoming connection would exceed maximum number of clients/) { |
114 | 124 | $MaxClients++; |
115 | 125 | } elsif ($ThisLine =~ m/^OpenVPN [\d.]+ [\w-]+ [\[\]\w ]+ built on [\w]+ +[\d]+ [\d]+$/) { |
116 | 126 | $VersionInfo{$ThisLine} = 1; |
117 | } elsif (($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with ([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) { | |
127 | } elsif (($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) { | |
118 | 128 | push (@{$Connections{$config}{$peer}}, $port); |
129 | } elsif (($peer, $port) = ($ThisLine =~ m/^Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) { | |
130 | push (@{$Connections{"client"}{$peer}}, $port); | |
119 | 131 | } elsif (($dir, $channel, $bits, $algo) = ($ThisLine =~ /^(Incoming|Outgoing) (Control Channel) Authentication: Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) { |
120 | 132 | $Auth{$channel}{$dir}{"$bits $algo"}++; |
121 | 133 | } elsif (($channel, $dir, $bits, $algo) = ($ThisLine =~ /^(Data Channel) (Encrypt|Decrypt): Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) { |
0 | 0 | ############################################################################### |
1 | # $Id: php 150 2013-06-18 22:19:38Z mtremaine $ | |
1 | # $Id: php 182 2014-01-26 12:46:02Z stefjakobs $ | |
2 | 2 | ############################################################################### |
3 | 3 | # $Log: php,v $ |
4 | 4 | # Revision 1.2 2008/03/24 23:31:26 kirk |
61 | 61 | while(<>) { |
62 | 62 | my $line = $_; |
63 | 63 | # skipping messages that are not within the requested range |
64 | next unless $line =~ /^\[($filter)\]/o; | |
64 | # the last part of the regex matches optionally occurring specification | |
65 | # of timezones, either in Continent/City or abbrevations like UTC | |
66 | next unless $line =~ /^\[($filter)(?: \w+(?:\/\w+)?)?\]/o; | |
65 | 67 | $1 =~ /(\d+)-(\w+)-(\d+) (\d+):(\d+):(\d+)/; |
66 | 68 | my $time; |
67 | 69 |
0 | 0 | #!/usr/bin/perl |
1 | 1 | ########################################################################## |
2 | # $Id: puppet 150 2013-06-18 22:19:38Z mtremaine $ | |
2 | # $Id: puppet 188 2014-02-07 13:55:43Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log$ |
5 | 5 | ######################################################## |
53 | 53 | ($ThisLine =~ /FileBucket adding/) or |
54 | 54 | ($ThisLine =~ /^Caching certificate/) or |
55 | 55 | ($ThisLine =~ /^Certificate Request fingerprint/) or |
56 | ($ThisLine =~ /^Creating state file/) | |
56 | ($ThisLine =~ /^Creating state file/) or | |
57 | ($ThisLine =~ /Provider useradd does not support features manages/) | |
57 | 58 | ) { |
58 | 59 | # Ignore |
59 | 60 | } elsif (($junk, $failure, $reason) = ($ThisLine =~ /^(\(.*\) |)Could not ([^:]*): (.*)/)) { |
103 | 104 | $ServiceStops{$1}++; |
104 | 105 | } elsif ($ThisLine =~ /User\[(.+)\].+changed password/) { |
105 | 106 | $PasswordChanged{$1}++; |
107 | } elsif ($ThisLine =~ /User\[(.+)\].+defined \'expiry\' as \'([0-9-]{10})\'/) { | |
108 | $ExpiryChanged{$1}{$2}++; | |
106 | 109 | |
107 | 110 | # Generic rules need to be last |
108 | 111 | } elsif (($type, $name, $attr) = $ThisLine =~ /([^\/]+)\[([^\]]+)\]\/([^\/]+)\) (created|defined content)/) { |
225 | 228 | print "\nPassword changed:\n"; |
226 | 229 | foreach $ThisOne (keys %PasswordChanged) { |
227 | 230 | print " $ThisOne: $PasswordChanged{$ThisOne} Time(s)\n"; |
231 | } | |
232 | } | |
233 | ||
234 | if (keys %ExpiryChanged) { | |
235 | print "\nExpiry changed:\n"; | |
236 | foreach $ThisOne (keys %ExpiryChanged) { | |
237 | print " $ThisOne:\n"; | |
238 | foreach $date (keys %{${ExpiryChanged}{$ThisOne}}) { | |
239 | print " $date: $ExpiryChanged{$ThisOne}{$date} Time(s)\n"; | |
240 | } | |
228 | 241 | } |
229 | 242 | } |
230 | 243 |
0 | 0 | ######################################################################### |
1 | # $Id: secure 172 2013-10-25 19:23:31Z opoplawski $ | |
1 | # $Id: secure 189 2014-02-07 13:56:36Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: secure,v $ |
4 | 4 | # Revision 1.86 2009/11/14 16:26:41 kirk |
230 | 230 | ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or |
231 | 231 | ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix |
232 | 232 | ( $ThisLine =~ /^login\[\d+\]: ROOT LOGIN on '\S+'/) or #debian: done in pam_unix (Similar message on other system is reported) |
233 | ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix | |
233 | ( $ThisLine =~ /^login(?:\[\d+\])?: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix | |
234 | 234 | ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or |
235 | 235 | ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or |
236 | 236 | ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or |
388 | 388 | $UserLogin{$User}++; |
389 | 389 | } elsif ( ($User,undef) = ($ThisLine =~ /^com.apple.SecurityServer: authinternal authenticated user ([^ ]+) .*/ )) { |
390 | 390 | $UserLogin{$User}++; |
391 | } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user ['`](.+)'/$1/ ) { | |
391 | } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: delete user [`'](.+)'/$1/ ) { | |
392 | 392 | $DeletedUsers .= " $ThisLine\n"; |
393 | } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) { | |
393 | } elsif ( $ThisLine =~ s/^(?:useradd|adduser)(?:\[\d+\])?: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) { | |
394 | 394 | $NewUsers .= " $ThisLine\n"; |
395 | 395 | } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: remove(?:d)? group [`'](\S+)'( owned by \S+)?/$1/ ) { |
396 | 396 | $DeletedGroups .= " $ThisLine\n"; |
397 | } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) { | |
397 | } elsif ( $ThisLine =~ s/^groupdel(?:\[\d+\])?: remove group `(.+)'/$1/ ) { | |
398 | 398 | $DeletedGroups .= " $ThisLine\n"; |
399 | } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) { | |
399 | } elsif ( $ThisLine =~ s/^(?:useradd|adduser)(?:\[\d+\])?: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) { | |
400 | 400 | $NewGroups .= " $ThisLine\n"; |
401 | } elsif ( (undef,$User,,undef,$Group) = ($ThisLine =~ /(usermod|useradd)\[\d+\]: add [`']([^ ]+)' to (shadow|)group [`']([^ ]+)'/ )) { | |
401 | } elsif ( (undef,$User,,undef,$Group) = ($ThisLine =~ /(usermod|useradd)(?:\[\d+\])?: add [`']([^ ]+)' to (shadow ?|)group [`']([^ ]+)'/ )) { | |
402 | 402 | $AddToGroup{$Group}{$User}++; |
403 | } elsif ( $ThisLine =~ s/^groupadd\[\d+\]: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) { | |
403 | } elsif ( $ThisLine =~ s/^groupadd(?:\[\d+\])?: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) { | |
404 | 404 | $NewGroups .= " $ThisLine\n"; |
405 | } elsif ( $ThisLine =~ s/^gpasswd\[\d+\]: set members of // ) { | |
405 | } elsif ( $ThisLine =~ s/^gpasswd(?:\[\d+\])?: set members of // ) { | |
406 | 406 | $SetGroupMembers .= " $ThisLine\n"; |
407 | } elsif ( $ThisLine =~ /^(?:userdel|usermod)\[\d+\]: delete [`'](.*)' from (shadow |)group [`'](.*)'\s*$/ ) { | |
407 | } elsif ( $ThisLine =~ /^(?:userdel|usermod)(?:\[\d+\])?: delete [`'](.*)' from (shadow |)group [`'](.*)'\s*$/ ) { | |
408 | 408 | push @RemoveFromGroup, " user $1 from group $3\n"; |
409 | 409 | # This is an inetd lookup... $1 is the service (i.e. ftp), $2 is the response |
410 | 410 | # I don't think these are important to log at this time |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: smartd 165 2013-08-19 10:24:25Z stefjakobs $ | |
2 | # $Id: smartd 182 2014-01-26 12:46:02Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: smartd,v $ |
5 | 5 | # Revision 1.26 2009/06/02 15:01:34 mike |
53 | 53 | my %NotInDatabase = (); |
54 | 54 | my %CantMonitor = (); |
55 | 55 | my $UnableToMonitor = 0; |
56 | my %SelfTest = (); | |
56 | my %DriveTest = (); | |
57 | 57 | my %Failed = (); |
58 | 58 | my %OtherList = (); |
59 | 59 | my $DLine = 0; |
161 | 161 | } elsif ( my ($Device, $Num) = ($ThisLine =~ /^Device: ([^,]+), (\d+) Offline uncorrectable sectors/) ) { |
162 | 162 | $Offsectors{$Device}++; |
163 | 163 | $NumOffsectors{$Device} = $Num; |
164 | } elsif ( my ($Device,$TestType) = ($ThisLine =~ /^Device: ([^,]+), starting scheduled (Short|Long) Self-Test/) ) { | |
165 | $SelfTest{$Device}{$TestType}++; | |
164 | } elsif ( my ($Device,$TestType) = ($ThisLine =~ /^Device: ([^,]+), starting scheduled ((?:Short|Long|Conveyance|Selective) Self-|Offline Immediate )Test/) ) { | |
165 | $DriveTest{$Device}{$TestType}++; | |
166 | 166 | } elsif ( my ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) { |
167 | 167 | $Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++; |
168 | 168 | } elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), failed (.*)$/) ) { |
312 | 312 | } |
313 | 313 | } |
314 | 314 | |
315 | if (keys %SelfTest) { | |
316 | foreach my $Device (sort keys %SelfTest) { | |
315 | if (keys %DriveTest) { | |
316 | foreach my $Device (sort keys %DriveTest) { | |
317 | 317 | print "\n$Device :\n"; |
318 | foreach my $Type (sort keys %{$SelfTest{$Device}}) { | |
319 | print " started scheduled $Type self-test " . $SelfTest{$Device}{$Type} . " Time(s)\n"; | |
318 | foreach my $Type (sort keys %{$DriveTest{$Device}}) { | |
319 | print " started scheduled ${Type}Test " . $DriveTest{$Device}{$Type} . " Time(s)\n"; | |
320 | 320 | } |
321 | 321 | } |
322 | 322 | } |
0 | 0 | ########################################################################### |
1 | # $Id: syslog-ng 156 2013-08-01 08:53:28Z stefjakobs $ | |
1 | # $Id: syslog-ng 190 2014-02-07 13:57:18Z stefjakobs $ | |
2 | 2 | ########################################################################### |
3 | 3 | |
4 | 4 | ########################################################################### |
115 | 115 | |
116 | 116 | #TD syslog-ng[4833]: Syslog connection closed; fd='45', client='AF_INET(192.168.1.1:40280)', local='AF_INET(192.168.1.10:625)' |
117 | 117 | #TD syslog-ng[4833]: Syslog connection accepted; fd='52', client='AF_INET(192.168.1.1:40280)', local='AF_INET(192.168.1.10:625)' |
118 | elsif ($ThisLine =~ /^Syslog connection (\S+); fd='\d+', client='AF_INET\(([.\d]+):\d+\)', local='AF_INET\(([.\d]+:\d+)\)'$/) { | |
119 | $Connections{$1}{$3}{$2}++; | |
118 | # syslog-ng v3.X | |
119 | #TD Syslog connection broken; fd='63', server='AF_INET(192.169.1.1:514)', time_reopen='60' : 44 Time(s) | |
120 | #TD Syslog connection established; fd='48', server='AF_INET(192.168.1.1:514)', local='AF_INET(0.0.0.0:0)' | |
121 | elsif ($ThisLine =~ /^Syslog connection (\S+); fd='\d+', (server|client)='AF_INET\(([.\d]+):\d+\)', (?:local='AF_INET\(([.\d]+:\d+)\)'|time_reopen='\d+')?$/) { | |
122 | my $loc = defined($4) ? $4 : '0.0.0.0'; | |
123 | $Connections{"$1 ($2)"}{$loc}{$3}++; | |
120 | 124 | } |
121 | 125 | |
122 | 126 | #TD syslog-ng[4833]: Connection broken to AF_INET(XXX.YYY.ZZZ.AAA:BBB), reopening in 60 seconds |
70 | 70 | $ObjectName{"$3"}{"$2"}++; |
71 | 71 | } elsif ($ThisLine =~ /(\w+) Object '([^']+)' (.+)/) { |
72 | 72 | $Object{"$3"}{"$2"}++; |
73 | } elsif ($ThisLine =~ /cuGetBackQryResp: (.*):0,(.*)$/) { | |
74 | $Object{$1}{$2}++; | |
73 | 75 | } elsif ($ThisLine =~ /(\w+) An interrupt has occurred/) { |
74 | 76 | $Interrupted++; |
75 | 77 | } elsif ($ThisLine =~ /(\w+) (.+)\.\s+The TSM return code is ([-0-9]+)/) { |
80 | 82 | $Error{"$2"}{$4}++; |
81 | 83 | } elsif ($ThisLine =~ /(\w+) Could not establish a TCP\/IP connection with address '([^']+)'\. The TCP\/IP error is '([^']+)'/) { |
82 | 84 | $NoConnection{"$2"}{$3}++; |
85 | } elsif ($ThisLine =~ /(\w+) (An invalid TCP\/IP address was specified)/) { | |
86 | $Error{"$2"}{$1}++; | |
83 | 87 | } elsif ($ThisLine =~ /File '(?:[^']+)' (.*)/) { |
84 | 88 | $File{"$1"}++; |
85 | 89 | } |
26 | 26 | #Output sensors stats |
27 | 27 | |
28 | 28 | my $pathto_sensors = $ENV{'pathto_sensors'} || '/usr/bin/sensors'; |
29 | my $query_hddtemp = $ENV{'query_hddtemp'} || '/usr/bin/nc 127.0.0.1 7634'; | |
30 | my $get_kvm_status = $ENV{'get_kvm_status'} || 'cat /proc/cpuinfo | grep -c "QEMU Virtual CPU"'; | |
29 | my $get_kvm_status = $ENV{'get_kvm_status'} || 'grep -c "QEMU Virtual CPU" /proc/cpuinfo'; | |
31 | 30 | |
32 | my $sensors = qx($pathto_sensors); | |
33 | my $hdd = qx($query_hddtemp); | |
34 | 31 | my $kvm = qx($get_kvm_status); |
35 | 32 | |
36 | if ($kvm == 0) { | |
33 | if ($kvm == 0 and (($ENV{PRINTING} eq 'y') or $Detail)) { | |
34 | my $sensors = qx($pathto_sensors); | |
37 | 35 | if ($sensors) { |
38 | 36 | print $sensors; |
39 | } | |
40 | if ($hdd) { | |
41 | print $hdd; | |
42 | print "\n"; | |
43 | 37 | } |
44 | 38 | } |
45 | 39 |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: zz-sys 150 2013-06-18 22:19:38Z mtremaine $ | |
2 | # $Id: zz-sys 185 2014-02-02 12:27:49Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: zz-sys,v $ |
5 | 5 | # Revision 1.3 2008/06/30 23:07:51 kirk |
59 | 59 | print STDERR "No Sys::MemInfo module installed. To install, execute the command:\n"; |
60 | 60 | print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n"; |
61 | 61 | } else { |
62 | import Sys::MemInfo qw(totalmem freemem); | |
62 | import Sys::MemInfo qw(totalmem freemem totalswap freeswap); | |
63 | my $swapused = &totalswap - &freeswap; | |
63 | 64 | printf " Total Memory: %6d MB\n", ((&totalmem - (&totalmem % (1024*1024))) / (1024*1024)); |
64 | printf " Free Memory: %6d MB\n", ((&freemem - (&freemem % (1024*1024))) / (1024*1024)); | |
65 | printf " Free Memory: %6d MB\n", ((&freemem - (&freemem % (1024*1024))) / (1024*1024)); | |
66 | printf " Swap Used: %6d MB\n", (($swapused - ($swapused % (1024*1024))) / (1024*1024)); | |
65 | 67 | } |
66 | 68 | |
67 | 69 | # vi: shiftwidth=3 tabstop=3 syntax=perl et |