Codebase list logwatch / 3d98585
Imported Upstream version 7.4.0+svn20140718rev203 Willi Mann 9 years ago
28 changed file(s) with 519 addition(s) and 76 deletion(s). Raw diff Collapse all Expand all
+8
-0
conf/logfiles/dirsrv.conf less more
0 # What actual file? Defaults to LogPath if not absolute path....
1 LogFile = dirsrv/*/errors
2 Archive = dirsrv/*/errors.[1-9]*
3
4 *ApplyStdDate = "\[%d/%b/%Y:%H:%M:%S"
5 *RemoveHeaders = "\[[^]]+\] (- )?"
6
7 # vi: shiftwidth=3 tabstop=3 et
+3
-0
conf/logfiles/http.conf less more
1010 LogFile = apache2/*access_log
1111 LogFile = apache-ssl/*access.log.1
1212 LogFile = apache-ssl/*access.log
13 LogFile = nginx/*access.log
14 LogFile = nginx/*access.log.1
1315
1416
1517 # If the archives are searched, here is one or more line
2729 Archive = apache2/*access.log-*.gz
2830 Archive = apache2/*access_log-*.gz
2931 Archive = apache-ssl/*access.log-*.gz
32 Archive = nginx/*access.log.*.gz
3033
3134 # Expand the repeats (actually just removes them now)
3235 *ExpandRepeats
+19
-0
conf/services/dirsrv.conf less more
0 # You can put comments anywhere you want to. They are effective for the
1 # rest of the line.
2
3 # this is in the format of <name> = <value>. Whitespace at the beginning
4 # and end of the lines is removed. Whitespace before and after the = sign
5 # is removed. Everything is case *insensitive*.
6
7 # Yes = True = On = 1
8 # No = False = Off = 0
9
10 Title = "Directory Server"
11
12 # Which logfile group...
13 LogFile = dirsrv
14
15 #*OnlyService = Server_Administrator
16 #*RemoveHeaders
17
18 # vi: shiftwidth=3 tabstop=3 et
+31
-0
conf/services/lvm.conf less more
0 # You can put comments anywhere you want to. They are effective for the
1 # rest of the line.
2
3 # this is in the format of <name> = <value>. Whitespace at the beginning
4 # and end of the lines is removed. Whitespace before and after the = sign
5 # is removed. Everything is case *insensitive*.
6
7 # Yes = True = On = 1
8 # No = False = Off = 0
9
10 Title = "LVM"
11
12 # Which logfile group...
13 LogFile = messages
14
15 # Only give lines pertaining to the OMSA service...
16 *OnlyService = lvm
17 *RemoveHeaders
18
19 #########################################################
20 ## LVM Threshold values.
21 ## These allow you to configure the output and restrict verbose reports
22 ## by limiting what is printed to occurances >= the value you enter.
23 ##
24 ## Note that case is insensitive.
25 #
26 ##LVM Config Values
27 #$pool_threshold = 0 # % full values to report
28 #$snapshot_threshold = 0 # % full values to report
29
30 # vi: shiftwidth=3 tabstop=3 et
+20
-0
conf/services/omsa.conf less more
0 # You can put comments anywhere you want to. They are effective for the
1 # rest of the line.
2
3 # this is in the format of <name> = <value>. Whitespace at the beginning
4 # and end of the lines is removed. Whitespace before and after the = sign
5 # is removed. Everything is case *insensitive*.
6
7 # Yes = True = On = 1
8 # No = False = Off = 0
9
10 Title = "Dell OMSA"
11
12 # Which logfile group...
13 LogFile = messages
14
15 # Only give lines pertaining to the OMSA service...
16 *OnlyService = Server_Administrator
17 *RemoveHeaders
18
19 # vi: shiftwidth=3 tabstop=3 et
+1
-1
logwatch.8 less more
9696 .IP "\fB--logdir\fR directory"
9797 Look in
9898 .I directory
99 for log subdirectories or log files instead of the default directory.
99 for log subdirectories or log files first before looking in the default directories.
100100 .IP "\fB--hostlimit\fR host1,host2"
101101 Limit report to hostname - host1, host2.
102102 .IP "\fB--hostname\fR hostname"
+5
-3
scripts/services/audit less more
00
11 ##########################################################################
2 # $Id: audit 150 2013-06-18 22:19:38Z mtremaine $
2 # $Id: audit 199 2014-07-14 15:48:15Z opoplawski $
33 ##########################################################################
44 # $Log: audit,v $
55 # Revision 1.15 2009/02/20 17:59:47 mike
102102 chomp($ThisLine);
103103 # Remove timestamp if present
104104 $ThisLine =~ s/^\[\s*\d+\.\d+\]\s*//;
105 if (( $ThisLine =~ /initializing netlink socket \(disabled\)/) or
105 if (( $ThisLine =~ /initializing netlink (socket|subsys) \(disabled\)/) or
106106 ( $ThisLine =~ /audit_pid=[0-9]* old=[0-9]*(?: by auid=[0-9]*)?/) or
107107 ( $ThisLine =~ /(arch=[0-9]+ )?syscall=[0-9]+ (success=(no|yes) )?exit=[0-9-]+( a[0-3]=[0-9a-f]+)* items=[0-9]+ (ppid=[0-9]+ )?pid=[0-9]+ (loginuid=[0-9-]+ )?(auid=[0-9]+ )?uid=[0-9]+ gid=[0-9]+ euid=[0-9]+ suid=[0-9]+ fsuid=[0-9]+ egid=[0-9]+ sgid=[0-9]+ fsgid=[0-9]+/) or
108108 ( $ThisLine =~ /Audit daemon rotating log files/) or
118118 ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or
119119 ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or
120120 ( $ThisLine =~ /audit\([0-9.]*:[0-9]*\): bool=.* val=.* old_val=.* auid=[0-9]*/) or
121 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 res=[0-9]*/) or
121 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]*/) or
122122 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 op=.* key=.* list=[0-9]* res=[0-9]*/) or
123123 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=0 uid=0 auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.*:s0 .* res=success/) or
124124 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=1 uid=0 auid=[0-9]* ses=[0-9]* subj=system_u:system_r:init_t:s0 .* res=success/) or
125125 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 auid=[0-9]* ses=[0-9]*$/) or
126 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 auid=[0-9]* ses=[0-9]* subj=.*res=success/) or
127 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): pid=[0-9]* uid=0 old auid=[0-9]* new auid=[0-9]+ old ses=[0-9]* new ses=[0-9]+ res=1$/) or
126128 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): cwd=".*"/) or
127129 ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): user/) or
128130 ( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
+119
-0
scripts/services/dirsrv less more
0 ########################################################
1 ## Copyright (c) 2014 Orion Poplawski
2 ## Covered under the included MIT/X-Consortium License:
3 ## http://www.opensource.org/licenses/mit-license.php
4 ## All modifications and contributions by other persons to
5 ## this script are assumed to have been donated to the
6 ## Logwatch project and thus assume the above copyright
7 ## and licensing terms. If you want to make contributions
8 ## under your own copyright or a different license this
9 ## must be explicitly stated in the contribution an the
10 ## Logwatch project reserves the right to not accept such
11 ## contributions. If you have made significant
12 ## contributions to this script and want to claim
13 ## copyright please contact logwatch-devel@lists.sourceforge.net.
14 #########################################################
15
16 use strict;
17 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
18 my %Errors;
19 my %Warnings;
20 my %Startup;
21 my $Stop;
22 my %BackupStarted;
23 my $BackupCompleted;
24 my %BackupFile;
25 my %Export;
26 my %OtherList;
27 my $PreviousLine = '';
28
29 while (defined(my $ThisLine = <STDIN>)) {
30 chomp($ThisLine);
31
32 if ($ThisLine =~ /^Listening for new connections again$/
33 or $ThisLine =~ /Listening on .* port/
34 or $ThisLine =~ /^Waiting for \d+ database threads to stop/
35 or $ThisLine =~ /^slapd shutting down - /
36 ) {
37 #Ignore
38 } elsif ($ThisLine =~ /error/i
39 or $ThisLine =~ /^Detected Disorderly Shutdown/) {
40 $Errors{$ThisLine}++;
41 } elsif ($ThisLine =~ /^Not listening for new connections/) {
42 $Warnings{$ThisLine}++;
43 } elsif ($ThisLine =~ /^(.*) starting up$/) {
44 $Startup{$1}++;
45 } elsif ($ThisLine =~ /^slapd stopped\.$/) {
46 $Stop++;
47 } elsif ($ThisLine =~ /^Beginning backup of '(.*)'$/) {
48 $BackupStarted{$1}++;
49 } elsif ($ThisLine =~ /^Backup finished\.$/) {
50 $BackupCompleted++;
51 } elsif ($ThisLine =~ /^Backing up file \d+ \((.*)\)$/) {
52 $BackupFile{$1}++;
53 } elsif ($ThisLine =~ /^export (\w+: Processed \d+ entries \(\d+%\)\.)$/) {
54 $Export{$1}++;
55 } elsif ($ThisLine =~ /^All database threads now stopped$/) {
56 #This line follows the previous normally in backups
57 $OtherList{$ThisLine}++ unless $PreviousLine =~ /^(export \w+: Processed \d+ entries|Waiting for \d+ database threads to stop|Backing up file)/;
58 } else {
59 $OtherList{$ThisLine}++;
60 }
61 $PreviousLine = $ThisLine;
62 }
63
64 if (keys %Errors) {
65 print "\n** ERRORS **\n";
66 foreach my $line (sort {$a cmp $b} keys %Errors) {
67 print " $line: $Errors{$line} Time(s)\n";
68 }
69 }
70
71 if (keys %Warnings) {
72 print "\n** Warnings:\n";
73 foreach my $line (sort {$a cmp $b} keys %Warnings) {
74 print " $line: $Warnings{$line} Time(s)\n";
75 }
76 }
77
78 if (keys %Startup and $Detail >= 5) {
79 foreach my $Version (keys %Startup) {
80 print "\nStart up version $Version: $Startup{$Version} Time(s)\n";
81 }
82 }
83
84 if ($Stop and $Detail) {
85 print "\nStopped: $Stop Time(s)\n";
86 }
87
88 if (keys %BackupStarted and $Detail) {
89 foreach my $Database (keys %BackupStarted) {
90 print "\nBackup started for $Database: $BackupStarted{$Database} Time(s)\n";
91 }
92 }
93
94 if (keys %BackupFile and $Detail >= 7) {
95 print "\nBacked up files:\n";
96 foreach my $File (sort {$a cmp $b} keys %BackupFile) {
97 print " $File: $BackupFile{$File} Time(s)\n";
98 }
99 }
100
101 if ($BackupCompleted and $Detail) {
102 print "\nBackup completed: $BackupCompleted Time(s)\n";
103 }
104
105 if (keys %Export and $Detail) {
106 print "\nExports:\n";
107 foreach my $Line (keys %Export) {
108 print " $Line $Export{$Line} Time(s)\n";
109 }
110 }
111
112 if (keys %OtherList) {
113 print "\n**Unmatched Entries**\n";
114 foreach my $line (sort {$a cmp $b} keys %OtherList) {
115 print " $line: $OtherList{$line} Time(s)\n";
116 }
117 }
118
+1
-1
scripts/services/dovecot less more
00 ########################################################
1 # $Id: dovecot 159 2013-08-19 09:35:30Z stefjakobs $
1 # $Id: dovecot 197 2014-05-30 17:31:32Z opoplawski $
22 ########################################################
33 # $Log: dovecot,v $
44 # Revision 1.18 2010/09/18 17:41:00 stefan
+9
-3
scripts/services/evtsecurity less more
00 ##########################################################################
1 # $Id: evtsecurity 150 2013-06-18 22:19:38Z mtremaine $
1 # $Id: evtsecurity 202 2014-07-18 17:52:11Z opoplawski $
22 ##########################################################################
33 # $Log: evtsecurity,v $
44 # Revision 1.3 2008/06/30 23:07:51 kirk
5151 $SuccessAuditUsers{$UserName}++;
5252 }
5353 elsif ($EventLogType eq "Failure Audit") {
54 $FailureAudits{"$Hostname $ExpandedString"}++;
54 if (($account,$domain,$reason) = ($ExpandedString =~ /^An account failed to log on\..*Account For Which Logon Failed:.*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Failure Reason:\s+(.+)\s+Status:.*Sub Status:/)) {
55 $FailureAudits{"$Hostname Log On Failure for $domain\\$account: $reason"}++;
56 } elsif (($account,$domain,$process) = ($ExpandedString =~ /^A privileged service was called\..*Account Name:\s+(\S+)\s+Account Domain:\s+(\S+).*Process Name:\s+(.+)\sService/)) {
57 $FailureAudits{"$Hostname Privileged service called for $domain\\$account: $process"}++ if $Detail;
58 } else {
59 $FailureAudits{"$Hostname $ExpandedString"}++;
60 }
5561 }
5662 else {
5763 # Report any unmatched entries...
6975
7076 if (keys %FailureAudits) {
7177 print "\nFailure Audits\n";
72 foreach $Error (keys %FailureAudits) {
78 foreach $Error (sort keys %FailureAudits) {
7379 print " $Error : $FailureAudits{$Error} Times\n";
7480 }
7581 }
+5
-2
scripts/services/evtsystem less more
00 ##########################################################################
1 # $Id: evtsystem 171 2013-10-25 15:36:42Z opoplawski $
1 # $Id: evtsystem 203 2014-07-18 18:04:48Z opoplawski $
22 ##########################################################################
33 # $Log: evtsystem,v $
44 # Revision 1.3 2008/06/30 23:07:51 kirk
108108
109109 if ($System eq "Microsoft-Windows-GroupPolicy") {
110110 #Ignore these
111 next if $ExpandedString =~ /^Group Policy settings for the computer were processed successfully\. There were no changes detected since the last successful processing of Group Policy\.$/;
111 next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. There were no changes detected since the last successful processing of Group Policy\.$/;
112 next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. New settings from \d+ Group Policy objects were detected and applied\.$/ and $Detail == 0;
112113 }
113114
114115 if ($System eq "Microsoft-Windows-Power-Troubleshooter") {
184185 next if $ExpandedString =~ /Driver initialized successfully\.$/ and $Detail < 10;
185186 next if $ExpandedString =~ /Network controller configured for .* link\.$/ and $Detail < 10;
186187 next if $ExpandedString =~ /^The driver package installation has succeeded\.$/ and $Detail < 10;
188 next if $ExpandedString =~ /^UVD Information$/;
189 next if $ExpandedString =~ /Link has been established:/;
187190
188191 # Add to the list
189192 $Systems{$System}->{"$Hostname $ExpandedString"}++;
+44
-16
scripts/services/freeradius less more
3030 my %wrongUser = ();
3131 my %wrong_ip = ();
3232 my %invalidUser = ();
33 my %discardRequest = ();
33 my %discards = ();
3434 my %warnings = ();
35 my %givingUps = ();
3536 my $killedChilds = 0;
3637
3738 my $ThisLine;
4849 ( $ThisLine =~ /^(?:SSL|TLS|rlm_(?:unix|eap|sql|radutmp)| TLS_accept| \[ldap\])/ ) ||
4950 ( $ThisLine =~ /^Ready to process requests\.$/ ) ||
5051 ( $ThisLine =~ /^Exiting normally\.$/ ) ||
51 ( $ThisLine =~ /^Loaded virtual server/ )
52 ( $ThisLine =~ /^Loaded virtual server/ ) ||
53 ( $ThisLine =~ /^HUP - / ) ||
54 ( $ThisLine =~ /^Received HUP signal\.$/ ) ||
55 ( $ThisLine =~ /^ ?Module: Reloaded module/ )
5256 ) {
5357 # ignore
5458 }
6468 # TD: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [user@example.com] (from client radius port 13 cli aa-bb-cc-11-22-33 via TLS tunnel)
6569 # TD: Login incorrect (TLS Alert write:fatal:handshake failure): [user@example.com] (from client radius port 13 cli aa-bb-cc-11-22-33)
6670 # TD:
67 elsif ( my ($user, $ip) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect \(.+\): \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
68 if (! $ip) { $ip = "not named"; }
71 elsif ( my ($user, $ip) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect(?: \(.+\))?: \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+)(?:;\w+)?)?(?: via TLS tunnel)?\)/) ) {
72 if (! $ip) { $ip = "*not named*"; }
6973 $wrongUser{$ip}{$user}++;
7074 $wrong_ip{$ip}++;
7175
7478 # TD: Login incorrect: [user@example.com] (from client radius port 175143 cli cc08.e051.a240)
7579 # TD: Login incorrect: [user@example.com] (from client radius1 port 0)
7680 elsif ( my ($user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Login incorrect: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
77 if (! $ip) { $ip = "not named"; }
81 if (! $ip) { $ip = "*not named*"; }
7882 $wrongPassword{$ip}{$user}++;
7983 $wrong_ip{$ip}++;
8084 }
8185
8286 # TD: Invalid user ( [ldap] Access Attribute denies access): [user@example.com] (from client radius port 13 cli aa-bb-cc-dd-ee-11 via TLS tunnel)
83 elsif ( my ($reason, $user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Invalid user \(\s*(.+)\): \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
84 if (! $ip) { $ip = "not named"; }
87 # TD: Invalid user: [user@example.com] (from client <host> port 13 cli aa-bb-cc-dd-ee-11)
88 elsif ( my ($reason, $user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Invalid user(?: \(\s*(.+)\))?: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
89 if (! $ip) { $ip = "*not named*"; }
90 if (! $reason) { $reason = "*no reason*"; }
8591 $invalidUser{$reason}{$user}++;
8692 }
8793
8894 # TD: Discarding duplicate request from client <host> port 47609 - ID: 182 due to unfinished request 12713766
89 elsif ( my ($client) = ($ThisLine =~ /Discarding duplicate request from client (\S+) port \d+ - ID: \d+ due to unfinished request/) ) {
90 $discardRequest{$client}++;
95 # TD: Discarding conflicting packet from client <host> port 42221 - ID: 85 due to recent request 9008535.
96 elsif ( my ($reason, $client) = ($ThisLine =~ /Discarding (duplicate request|conflicting packet) from client (\S+) port \d+ - ID: \d+ due to (unfinished|recent) request/) ) {
97 $discards{$reason}{$client}++;
98 }
99
100 # TD: Received conflicting packet from client radius2 port 60612 - ID: 30 due to unfinished request 1136681. Giving up on old request.
101 elsif ( my ($client) = ($ThisLine =~ /Received conflicting packet from client ([^ ]+) port \d{1,10} - ID: \d+ due to unfinished request \d+/) ) {
102 $givingUps{$client}++;
91103 }
92104
93105 # TD: Child PID 57436 is taking too much time: forcing failure and killing child.
98110 # TD: WARNING: Unresponsive child for request 4737598, in component accounting module unix
99111 # TD: WARNING: Child is hung for request 4737598 in component accounting module unix.
100112 elsif ( $ThisLine =~ m/^WARNING: (Unresponsive child|Child is hung) for request \d+,? in component (\w+) module ?(\w*)/ ) {
101 $warnings{$1}{"$2 [module: $3]"}++;
113 $warnings{"$1 in component:"}{"$2 [module: $3]"}++;
114 }
115
116 # TD: WARNING: Allowing fast client radius2 port 60612 - ID: 102 for recent request 9035637.
117 elsif ( $ThisLine =~ m/^WARNING: (Allowing fast client) ([^ ]+) port \d{1,10} - ID: \d+/ ) {
118 $warnings{"${1}s:"}{$2}++;
102119 }
103120
104121 else {
207224 }
208225 }
209226
210 if (keys %discardRequest) {
211 print "\nDuplicate requests discarded from client:\n";
212 foreach my $client (keys %discardRequest) {
213 printf " %-40s : %5d time(s)\n", $client, $discardRequest{$client};
214 }
227 if (keys %discards) {
228 print "\nDiscards:\n";
229 foreach my $reason (keys %discards) {
230 my $clients = $discards{$reason};
231 printf " %-40s\n", $reason;
232 foreach my $client (keys %$clients) {
233 printf " %-38s : %5d time(s)\n", $client, $clients->{$client};
234 }
235 }
236 }
237
238 if (keys %givingUps) {
239 print "\nGiving up on old requests:\n";
240 foreach my $client (keys %givingUps) {
241 printf " %-40s : %5d time(s)\n", $client, $givingUps{$client};
242 }
215243 }
216244
217245 if ($killedChilds) {
222250 print "\nWarnings:\n";
223251 foreach my $warning (keys %warnings) {
224252 my $components = $warnings{$warning};
225 printf " %-40s\n", "$warning in component:";
253 printf " %-40s\n", $warning;
226254 foreach my $component (keys %$components) {
227255 printf " %-38s : %5d time(s)\n", $component, $components->{$component};
228256 }
+2
-2
scripts/services/http less more
00 ##########################################################################
1 # $Id: http 170 2013-08-20 07:39:31Z stefjakobs $
1 # $Id: http 179 2014-01-09 16:29:00Z opoplawski $
22 ##########################################################################
33
44 #####################################################
410410 $hacks{$field{client_ip}}{$exploits[$i]}++;
411411 $total_hack_count += 1;
412412 $ban_ip{$field{client_ip}} = " ";
413 if ($field{http_rc} < 400) {
413 if ($field{http_rc} < 300) {
414414 $hack_success{$field{url}} = $field{http_rc};
415415 }
416416 }
+3
-1
scripts/services/kernel less more
00
11 ##########################################################################
2 # $Id: kernel 160 2013-08-19 09:37:46Z stefjakobs $
2 # $Id: kernel 183 2014-01-26 13:32:28Z stefjakobs $
33 ##########################################################################
44 # $Log: kernel,v $
55 # Revision 1.35 2008/03/24 23:31:26 kirk
120120 $SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/;
121121 # These happen when kerberos tickets expire, which can be normal
122122 $SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
123 # filter out mount options
124 $SkipError = 1 if $ThisLine =~ /errors=(?:continue|remount-ro|panic)/;
123125 $Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8));
124126 } elsif ( ( my $errormsg ) = ( $ThisLine =~ /((BUG|WARNING|INFO):.{0,40})/ ) ) {
125127 $Errors{$errormsg}++;
+88
-0
scripts/services/lvm less more
0 ########################################################
1 ## Copyright (c) 2014 Orion Poplawski
2 ## Covered under the included MIT/X-Consortium License:
3 ## http://www.opensource.org/licenses/mit-license.php
4 ## All modifications and contributions by other persons to
5 ## this script are assumed to have been donated to the
6 ## Logwatch project and thus assume the above copyright
7 ## and licensing terms. If you want to make contributions
8 ## under your own copyright or a different license this
9 ## must be explicitly stated in the contribution an the
10 ## Logwatch project reserves the right to not accept such
11 ## contributions. If you have made significant
12 ## contributions to this script and want to claim
13 ## copyright please contact logwatch-devel@lists.sourceforge.net.
14 #########################################################
15
16 use strict;
17 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
18 my $PoolThreshold = $ENV{'pool_threshold'} || 0;
19 my %PoolUsed;
20 my $SnapshotThreshold = $ENV{'snapshot_threshold'} || 0;
21 my %SnapshotUsed;
22 my %MonitoringOn;
23 my %MonitoringOff;
24 my %OtherList;
25
26 while (defined(my $ThisLine = <STDIN>)) {
27 chomp($ThisLine);
28 if ($ThisLine =~ /^Thin (\S+) is now (\d+)% full/) {
29 $PoolUsed{$1} = $2 if $2 >= $PoolThreshold;
30 } elsif ($ThisLine =~ /^Monitoring thin (\S+)\./) {
31 $MonitoringOn{$1}++;
32 } elsif ($ThisLine =~ /^No longer monitoring thin (\S+)\./) {
33 $MonitoringOff{$1}++;
34 } elsif ($ThisLine =~ /^Snapshot (\S+) is now (\d+)% full/) {
35 $SnapshotUsed{$1} = $2 if $2 >= $SnapshotThreshold;
36 } else {
37 $OtherList{$ThisLine}++;
38 }
39 }
40
41 if (keys %PoolUsed) {
42 print "Thin Pool Usage:\n";
43 foreach my $Pool (sort {$a cmp $b} keys %PoolUsed) {
44 print " $Pool: $PoolUsed{$Pool}% full\n";
45 }
46 print "\n";
47 }
48
49 if (keys %SnapshotUsed) {
50 print "Snapshot Usage:\n";
51 foreach my $Snapshot (sort {$a cmp $b} keys %SnapshotUsed) {
52 print " $Snapshot: $SnapshotUsed{$Snapshot}% full\n";
53 }
54 print "\n";
55 }
56
57 if (keys %MonitoringOn and $Detail) {
58 print "Monitoring started for:\n";
59 foreach my $Pool (sort {$a cmp $b} keys %MonitoringOn) {
60 print " $Pool: $MonitoringOn{$Pool} Time(s)\n";
61 }
62 print "\n";
63 }
64
65 if (keys %MonitoringOff and $Detail) {
66 print "Monitoring stopped for:\n";
67 foreach my $Pool (sort {$a cmp $b} keys %MonitoringOff) {
68 print " $Pool: $MonitoringOff{$Pool} Time(s)\n";
69 }
70 print "\n";
71 }
72
73 if (keys %OtherList) {
74 print "\n**Unmatched Entries**\n";
75 foreach my $line (sort {$a cmp $b} keys %OtherList) {
76 print " $line: $OtherList{$line} Time(s)\n";
77 }
78 }
79
80 exit(0);
81
82 # vi: shiftwidth=3 tabstop=3 syntax=perl et
83 # Local Variables:
84 # mode: perl
85 # perl-indent-level: 3
86 # indent-tabs-mode: nil
87 # End:
+1
-3
scripts/services/mdadm less more
2626 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
2727
2828 my @devices = ();
29 # Sometimes mdadm --examine --scan reports device with different names than
30 # what is in use. Use /etc/mdadm.conf instead if it exists.
3129 if ( -f "/etc/mdadm.conf" ) {
3230 open(MDADM,"< /etc/mdadm.conf");
3331 } elsif ( -f "/etc/mdadm/mdadm.conf" ) {
3432 open(MDADM,"< /etc/mdadm/mdadm.conf");
3533 } else {
36 open(MDADM,"mdadm --examine --scan 2>/dev/null|");
34 open(MDADM,"mdadm --detail --scan 2>/dev/null|");
3735 }
3836 while (<MDADM>) {
3937 if (/^ARRAY/) {
+5
-1
scripts/services/mysql less more
00 #!/usr/bin/perl -w
11 #
2 # $Id: mysql 150 2013-06-18 22:19:38Z mtremaine $
2 # $Id: mysql 184 2014-01-26 13:46:58Z stefjakobs $
33 #
44 # Logwatch service for mysqld error log
55 # To be placed in
6060 local $SIG{'__WARN__'} = sub {};
6161 $time = timelocal($6, $5, $4, $3, $2-1, $1);
6262 }
63
64 # Count lines with increasing number as one:
65 # [Warning] Aborted connection 107194 to db: ...
66 $line =~ s/(Aborted connection) \d+ (to db)/$1 $2/;
6367
6468 foreach my $cur_cat (@message_categories) {
6569 if($line =~ /$cur_cat->[1]/) {
+7
-2
scripts/services/named less more
00 ##########################################################################
1 # $Id: named 163 2013-08-19 10:17:44Z stefjakobs $
1 # $Id: named 198 2014-06-24 21:27:49Z opoplawski $
22 ##########################################################################
33 # $Log: named,v $
44 # Revision 1.62 2011/01/06 22:53:00 stefan
195195 ($ThisLine =~ /Malformed response from/) or
196196 ($ThisLine =~ /client .* response from Internet for .*/) or
197197 ($ThisLine =~ /client .+ query \(cache\) '.*' denied/) or
198 ($ThisLine =~ /client .+#\d+: query:/) or
198 ($ThisLine =~ /client .+(?: \([^)]+\))?: query:/) or
199199 # Do we really want to ignore these?
200200 #($ThisLine =~ /unknown logging category/) or
201201 ($ThisLine =~ /could not open entropy source/) or
250250 ($ThisLine =~ /update with no effect/) or
251251 ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or
252252 ($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or
253 ($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or
254 ($ThisLine =~ /a non-profit 501/) or
255 ($ThisLine =~ /corporation. Support and training for BIND \d+ are/) or
256 ($ThisLine =~ /available at https:\/\/www.isc.org\/support/) or
257 ($ThisLine =~ /----------------------------------------------------/) or
253258 # ignore this line because the following line describes the error
254259 ($ThisLine =~ /unexpected error/)
255260 ) {
+76
-0
scripts/services/omsa less more
0 ########################################################
1 ## Copyright (c) 2014 Orion Poplawski
2 ## Covered under the included MIT/X-Consortium License:
3 ## http://www.opensource.org/licenses/mit-license.php
4 ## All modifications and contributions by other persons to
5 ## this script are assumed to have been donated to the
6 ## Logwatch project and thus assume the above copyright
7 ## and licensing terms. If you want to make contributions
8 ## under your own copyright or a different license this
9 ## must be explicitly stated in the contribution an the
10 ## Logwatch project reserves the right to not accept such
11 ## contributions. If you have made significant
12 ## contributions to this script and want to claim
13 ## copyright please contact logwatch-devel@lists.sourceforge.net.
14 #########################################################
15
16 use strict;
17 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
18 my %ServiceError;
19 my %ServiceMessage;
20 my %OtherList;
21
22 # Lines are of the form:
23 # 3017 2048 - Storage Service Device failed: Battery 0 Controller 0
24 # \d+ \d+ - (\w+) Service (.*)
25 while (defined(my $ThisLine = <STDIN>)) {
26 chomp($ThisLine);
27 my ($Service,$Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service (.*)$/);
28 if ($Message =~ /fail|disable|replace/i) {
29 $ServiceError{$Service}->{$Message}++;
30 } elsif (defined($Service)) {
31 # Skip informational messages if needed
32 next if (($Service == "Storage Service") and ($Message =~ /^The Patrol Read has (started|stopped)/) and ($Detail < 5));
33 $ServiceMessage{$Service}->{$Message}++;
34 } else {
35 $OtherList{$ThisLine}++;
36 }
37 }
38
39 if (keys %ServiceError) {
40 print "ERRORS:\n";
41 foreach my $Service (sort {$a cmp $b} keys %ServiceError) {
42 print " $Service Service:\n";
43 foreach my $Error (sort {$a cmp $b} keys %{$ServiceError{$Service}}) {
44 print " $Error $ServiceError{$Service}->{$Error} Time(s)\n";
45 }
46 print "\n";
47 }
48 }
49
50 if (keys %ServiceMessage) {
51 print "Informational:\n";
52 foreach my $Service (sort {$a cmp $b} keys %ServiceMessage) {
53 print " $Service Service:\n";
54 foreach my $Message (sort {$a cmp $b} keys %{$ServiceMessage{$Service}}) {
55 print " $Message $ServiceMessage{$Service}->{$Message} Time(s)\n";
56 }
57 print "\n";
58 }
59 }
60
61 if (keys %OtherList) {
62 print "\n\n**Unmatched Entries**\n";
63 foreach my $line (sort {$a cmp $b} keys %OtherList) {
64 print " $line: $OtherList{$line} Time(s)\n";
65 }
66 }
67
68 exit(0);
69
70 # vi: shiftwidth=3 tabstop=3 syntax=perl et
71 # Local Variables:
72 # mode: perl
73 # perl-indent-level: 3
74 # indent-tabs-mode: nil
75 # End:
+16
-4
scripts/services/openvpn less more
00 ##########################################################################
1 # $Id: openvpn 150 2013-06-18 22:19:38Z mtremaine $
1 # $Id: openvpn 201 2014-07-18 17:05:39Z opoplawski $
22 ##########################################################################
33
44 ########################################################
3838 $ThisLine =~ s/^([\S]+)\/([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //;
3939
4040 if (
41 ($ThisLine =~ /^\[[\w.-]+\] Inactivity timeout \(--ping-restart\), restarting/) or
41 ($ThisLine =~ /Inactivity timeout \(--ping-restart\), restarting/) or
4242 ($ThisLine =~ /^\/sbin\//) or
4343 ($ThisLine =~ /^Attempting to establish TCP connection with [\d.]+:\d+/) or
4444 ($ThisLine =~ /^Closing TUN\/TAP interface/) or
4747 ($ThisLine =~ /^Control Channel MTU parms/) or
4848 ($ThisLine =~ /CRL CHECK OK: \/.*\//) or
4949 ($ThisLine =~ /^Data Channel MTU parms/) or
50 ($ThisLine =~ /^Delayed exit in \d+ seconds/) or
5051 ($ThisLine =~ /^Diffie-Hellman initialized/) or
5152 ($ThisLine =~ /^event_wait : Interrupted system call \(code=\d+\)/) or
5253 ($ThisLine =~ /^Exiting/) or
6465 ($ThisLine =~ /^MULTI: primary virtual IP for/) or
6566 ($ThisLine =~ /^MULTI: TCP INIT maxclients=\d+ maxevents=\d+/) or
6667 ($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or
68 ($ThisLine =~ /^MULTI_sva: pool returned IPv4=/) or
6769 ($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or
6870 ($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or
6971 ($ThisLine =~ /OpenVPN .* built on [A-Z][a-z]{2} [ 12]?[0-9] [0-9]{4}/) or
7072 ($ThisLine =~ /^OPTIONS IMPORT/) or
73 ($ThisLine =~ /^PLUGIN_CALL: plugin function /) or
74 ($ThisLine =~ /^PLUGIN_INIT: POST .* intercepted=/) or
7175 ($ThisLine =~ /^Preserving previous TUN\/TAP instance: \w+/) or
7276 ($ThisLine =~ /^PUSH: Received control message/) or
77 ($ThisLine =~ /^Re-using pre-shared static key/) or
7378 ($ThisLine =~ /^Re-using SSL\/TLS context/) or
7479 ($ThisLine =~ /read UDPv4 \[.*\]: No route to host \(code=[0-9]*\)/) or
7580 ($ThisLine =~ /^Restart pause, \d+ second\(s\)/) or
81 ($ThisLine =~ /^ROUTE_GATEWAY/) or
82 ($ThisLine =~ /^send_push_reply/) or
7683 ($ThisLine =~ /^SENT CONTROL/) or
7784 ($ThisLine =~ /^SIGTERM\[hard,[^\]]*\] received, process exiting/) or
7885 ($ThisLine =~ /^SIGUSR1\[soft,(connection-reset|ping-restart)\] received, (process|client-instance) restarting/) or
102109 # Don't care about these...
103110 } elsif (($status, $depth, $dn) = ( $ThisLine =~ /^VERIFY (.*): depth=(.*), (.*)/ )) {
104111
105 #TLS: tls_process: killed expiring key:
106112 #VERIFY OK: depth=0, /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s)
107113 $VerifyList{"status: $status depth: $depth DN: $dn"}++;
108114 } elsif (($status, $dn) = ( $ThisLine =~ /^VERIFY X509NAME (.*): (.*)/ )) {
109115 #VERIFY X509NAME OK: /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s)
110116 $VerifyList{"status: $status X509Name DN: $dn"}++;
117 } elsif (($status, $dn) = ( $ThisLine =~ /^CRL CHECK (.*): (.*)/ )) {
118
119 #CRL CHECK OK: C=US, ST=CO, L=Boulder, O=NWRA, OU=Boulder, CN=user, name=root, emailAddress=xxxx@xxxx.xxx
120 $VerifyList{"CRL check status: $status DN: $dn"}++;
111121 } elsif ($ThisLine =~ /^TLS: Username\/Password authentication/) {
112122 $VerifyList{$ThisLine}++;
113123 } elsif ($ThisLine =~ m/^MULTI: new incoming connection would exceed maximum number of clients/) {
114124 $MaxClients++;
115125 } elsif ($ThisLine =~ m/^OpenVPN [\d.]+ [\w-]+ [\[\]\w ]+ built on [\w]+ +[\d]+ [\d]+$/) {
116126 $VersionInfo{$ThisLine} = 1;
117 } elsif (($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with ([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) {
127 } elsif (($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) {
118128 push (@{$Connections{$config}{$peer}}, $port);
129 } elsif (($peer, $port) = ($ThisLine =~ m/^Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) {
130 push (@{$Connections{"client"}{$peer}}, $port);
119131 } elsif (($dir, $channel, $bits, $algo) = ($ThisLine =~ /^(Incoming|Outgoing) (Control Channel) Authentication: Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {
120132 $Auth{$channel}{$dir}{"$bits $algo"}++;
121133 } elsif (($channel, $dir, $bits, $algo) = ($ThisLine =~ /^(Data Channel) (Encrypt|Decrypt): Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {
+4
-2
scripts/services/php less more
00 ###############################################################################
1 # $Id: php 150 2013-06-18 22:19:38Z mtremaine $
1 # $Id: php 182 2014-01-26 12:46:02Z stefjakobs $
22 ###############################################################################
33 # $Log: php,v $
44 # Revision 1.2 2008/03/24 23:31:26 kirk
6161 while(<>) {
6262 my $line = $_;
6363 # skipping messages that are not within the requested range
64 next unless $line =~ /^\[($filter)\]/o;
64 # the last part of the regex matches optionally occurring specification
65 # of timezones, either in Continent/City or abbrevations like UTC
66 next unless $line =~ /^\[($filter)(?: \w+(?:\/\w+)?)?\]/o;
6567 $1 =~ /(\d+)-(\w+)-(\d+) (\d+):(\d+):(\d+)/;
6668 my $time;
6769
+15
-2
scripts/services/puppet less more
00 #!/usr/bin/perl
11 ##########################################################################
2 # $Id: puppet 150 2013-06-18 22:19:38Z mtremaine $
2 # $Id: puppet 188 2014-02-07 13:55:43Z stefjakobs $
33 ##########################################################################
44 # $Log$
55 ########################################################
5353 ($ThisLine =~ /FileBucket adding/) or
5454 ($ThisLine =~ /^Caching certificate/) or
5555 ($ThisLine =~ /^Certificate Request fingerprint/) or
56 ($ThisLine =~ /^Creating state file/)
56 ($ThisLine =~ /^Creating state file/) or
57 ($ThisLine =~ /Provider useradd does not support features manages/)
5758 ) {
5859 # Ignore
5960 } elsif (($junk, $failure, $reason) = ($ThisLine =~ /^(\(.*\) |)Could not ([^:]*): (.*)/)) {
103104 $ServiceStops{$1}++;
104105 } elsif ($ThisLine =~ /User\[(.+)\].+changed password/) {
105106 $PasswordChanged{$1}++;
107 } elsif ($ThisLine =~ /User\[(.+)\].+defined \'expiry\' as \'([0-9-]{10})\'/) {
108 $ExpiryChanged{$1}{$2}++;
106109
107110 # Generic rules need to be last
108111 } elsif (($type, $name, $attr) = $ThisLine =~ /([^\/]+)\[([^\]]+)\]\/([^\/]+)\) (created|defined content)/) {
225228 print "\nPassword changed:\n";
226229 foreach $ThisOne (keys %PasswordChanged) {
227230 print " $ThisOne: $PasswordChanged{$ThisOne} Time(s)\n";
231 }
232 }
233
234 if (keys %ExpiryChanged) {
235 print "\nExpiry changed:\n";
236 foreach $ThisOne (keys %ExpiryChanged) {
237 print " $ThisOne:\n";
238 foreach $date (keys %{${ExpiryChanged}{$ThisOne}}) {
239 print " $date: $ExpiryChanged{$ThisOne}{$date} Time(s)\n";
240 }
228241 }
229242 }
230243
+10
-10
scripts/services/secure less more
00 #########################################################################
1 # $Id: secure 172 2013-10-25 19:23:31Z opoplawski $
1 # $Id: secure 189 2014-02-07 13:56:36Z stefjakobs $
22 ##########################################################################
33 # $Log: secure,v $
44 # Revision 1.86 2009/11/14 16:26:41 kirk
230230 ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
231231 ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
232232 ( $ThisLine =~ /^login\[\d+\]: ROOT LOGIN on '\S+'/) or #debian: done in pam_unix (Similar message on other system is reported)
233 ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
233 ( $ThisLine =~ /^login(?:\[\d+\])?: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
234234 ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
235235 ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
236236 ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or
388388 $UserLogin{$User}++;
389389 } elsif ( ($User,undef) = ($ThisLine =~ /^com.apple.SecurityServer: authinternal authenticated user ([^ ]+) .*/ )) {
390390 $UserLogin{$User}++;
391 } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user ['`](.+)'/$1/ ) {
391 } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: delete user [`'](.+)'/$1/ ) {
392392 $DeletedUsers .= " $ThisLine\n";
393 } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) {
393 } elsif ( $ThisLine =~ s/^(?:useradd|adduser)(?:\[\d+\])?: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) {
394394 $NewUsers .= " $ThisLine\n";
395395 } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: remove(?:d)? group [`'](\S+)'( owned by \S+)?/$1/ ) {
396396 $DeletedGroups .= " $ThisLine\n";
397 } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) {
397 } elsif ( $ThisLine =~ s/^groupdel(?:\[\d+\])?: remove group `(.+)'/$1/ ) {
398398 $DeletedGroups .= " $ThisLine\n";
399 } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) {
399 } elsif ( $ThisLine =~ s/^(?:useradd|adduser)(?:\[\d+\])?: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) {
400400 $NewGroups .= " $ThisLine\n";
401 } elsif ( (undef,$User,,undef,$Group) = ($ThisLine =~ /(usermod|useradd)\[\d+\]: add [`']([^ ]+)' to (shadow|)group [`']([^ ]+)'/ )) {
401 } elsif ( (undef,$User,,undef,$Group) = ($ThisLine =~ /(usermod|useradd)(?:\[\d+\])?: add [`']([^ ]+)' to (shadow ?|)group [`']([^ ]+)'/ )) {
402402 $AddToGroup{$Group}{$User}++;
403 } elsif ( $ThisLine =~ s/^groupadd\[\d+\]: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) {
403 } elsif ( $ThisLine =~ s/^groupadd(?:\[\d+\])?: new group: name=(.+), (?:gid|GID)=(\d+).*$/$1 ($2)/ ) {
404404 $NewGroups .= " $ThisLine\n";
405 } elsif ( $ThisLine =~ s/^gpasswd\[\d+\]: set members of // ) {
405 } elsif ( $ThisLine =~ s/^gpasswd(?:\[\d+\])?: set members of // ) {
406406 $SetGroupMembers .= " $ThisLine\n";
407 } elsif ( $ThisLine =~ /^(?:userdel|usermod)\[\d+\]: delete [`'](.*)' from (shadow |)group [`'](.*)'\s*$/ ) {
407 } elsif ( $ThisLine =~ /^(?:userdel|usermod)(?:\[\d+\])?: delete [`'](.*)' from (shadow |)group [`'](.*)'\s*$/ ) {
408408 push @RemoveFromGroup, " user $1 from group $3\n";
409409 # This is an inetd lookup... $1 is the service (i.e. ftp), $2 is the response
410410 # I don't think these are important to log at this time
+8
-8
scripts/services/smartd less more
00
11 ##########################################################################
2 # $Id: smartd 165 2013-08-19 10:24:25Z stefjakobs $
2 # $Id: smartd 182 2014-01-26 12:46:02Z stefjakobs $
33 ##########################################################################
44 # $Log: smartd,v $
55 # Revision 1.26 2009/06/02 15:01:34 mike
5353 my %NotInDatabase = ();
5454 my %CantMonitor = ();
5555 my $UnableToMonitor = 0;
56 my %SelfTest = ();
56 my %DriveTest = ();
5757 my %Failed = ();
5858 my %OtherList = ();
5959 my $DLine = 0;
161161 } elsif ( my ($Device, $Num) = ($ThisLine =~ /^Device: ([^,]+), (\d+) Offline uncorrectable sectors/) ) {
162162 $Offsectors{$Device}++;
163163 $NumOffsectors{$Device} = $Num;
164 } elsif ( my ($Device,$TestType) = ($ThisLine =~ /^Device: ([^,]+), starting scheduled (Short|Long) Self-Test/) ) {
165 $SelfTest{$Device}{$TestType}++;
164 } elsif ( my ($Device,$TestType) = ($ThisLine =~ /^Device: ([^,]+), starting scheduled ((?:Short|Long|Conveyance|Selective) Self-|Offline Immediate )Test/) ) {
165 $DriveTest{$Device}{$TestType}++;
166166 } elsif ( my ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) {
167167 $Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++;
168168 } elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), failed (.*)$/) ) {
312312 }
313313 }
314314
315 if (keys %SelfTest) {
316 foreach my $Device (sort keys %SelfTest) {
315 if (keys %DriveTest) {
316 foreach my $Device (sort keys %DriveTest) {
317317 print "\n$Device :\n";
318 foreach my $Type (sort keys %{$SelfTest{$Device}}) {
319 print " started scheduled $Type self-test " . $SelfTest{$Device}{$Type} . " Time(s)\n";
318 foreach my $Type (sort keys %{$DriveTest{$Device}}) {
319 print " started scheduled ${Type}Test " . $DriveTest{$Device}{$Type} . " Time(s)\n";
320320 }
321321 }
322322 }
+7
-3
scripts/services/syslog-ng less more
00 ###########################################################################
1 # $Id: syslog-ng 156 2013-08-01 08:53:28Z stefjakobs $
1 # $Id: syslog-ng 190 2014-02-07 13:57:18Z stefjakobs $
22 ###########################################################################
33
44 ###########################################################################
115115
116116 #TD syslog-ng[4833]: Syslog connection closed; fd='45', client='AF_INET(192.168.1.1:40280)', local='AF_INET(192.168.1.10:625)'
117117 #TD syslog-ng[4833]: Syslog connection accepted; fd='52', client='AF_INET(192.168.1.1:40280)', local='AF_INET(192.168.1.10:625)'
118 elsif ($ThisLine =~ /^Syslog connection (\S+); fd='\d+', client='AF_INET\(([.\d]+):\d+\)', local='AF_INET\(([.\d]+:\d+)\)'$/) {
119 $Connections{$1}{$3}{$2}++;
118 # syslog-ng v3.X
119 #TD Syslog connection broken; fd='63', server='AF_INET(192.169.1.1:514)', time_reopen='60' : 44 Time(s)
120 #TD Syslog connection established; fd='48', server='AF_INET(192.168.1.1:514)', local='AF_INET(0.0.0.0:0)'
121 elsif ($ThisLine =~ /^Syslog connection (\S+); fd='\d+', (server|client)='AF_INET\(([.\d]+):\d+\)', (?:local='AF_INET\(([.\d]+:\d+)\)'|time_reopen='\d+')?$/) {
122 my $loc = defined($4) ? $4 : '0.0.0.0';
123 $Connections{"$1 ($2)"}{$loc}{$3}++;
120124 }
121125
122126 #TD syslog-ng[4833]: Connection broken to AF_INET(XXX.YYY.ZZZ.AAA:BBB), reopening in 60 seconds
+4
-0
scripts/services/tivoli-smc less more
7070 $ObjectName{"$3"}{"$2"}++;
7171 } elsif ($ThisLine =~ /(\w+) Object '([^']+)' (.+)/) {
7272 $Object{"$3"}{"$2"}++;
73 } elsif ($ThisLine =~ /cuGetBackQryResp: (.*):0,(.*)$/) {
74 $Object{$1}{$2}++;
7375 } elsif ($ThisLine =~ /(\w+) An interrupt has occurred/) {
7476 $Interrupted++;
7577 } elsif ($ThisLine =~ /(\w+) (.+)\.\s+The TSM return code is ([-0-9]+)/) {
8082 $Error{"$2"}{$4}++;
8183 } elsif ($ThisLine =~ /(\w+) Could not establish a TCP\/IP connection with address '([^']+)'\. The TCP\/IP error is '([^']+)'/) {
8284 $NoConnection{"$2"}{$3}++;
85 } elsif ($ThisLine =~ /(\w+) (An invalid TCP\/IP address was specified)/) {
86 $Error{"$2"}{$1}++;
8387 } elsif ($ThisLine =~ /File '(?:[^']+)' (.*)/) {
8488 $File{"$1"}++;
8589 }
+3
-9
scripts/services/zz-lm_sensors less more
2626 #Output sensors stats
2727
2828 my $pathto_sensors = $ENV{'pathto_sensors'} || '/usr/bin/sensors';
29 my $query_hddtemp = $ENV{'query_hddtemp'} || '/usr/bin/nc 127.0.0.1 7634';
30 my $get_kvm_status = $ENV{'get_kvm_status'} || 'cat /proc/cpuinfo | grep -c "QEMU Virtual CPU"';
29 my $get_kvm_status = $ENV{'get_kvm_status'} || 'grep -c "QEMU Virtual CPU" /proc/cpuinfo';
3130
32 my $sensors = qx($pathto_sensors);
33 my $hdd = qx($query_hddtemp);
3431 my $kvm = qx($get_kvm_status);
3532
36 if ($kvm == 0) {
33 if ($kvm == 0 and (($ENV{PRINTING} eq 'y') or $Detail)) {
34 my $sensors = qx($pathto_sensors);
3735 if ($sensors) {
3836 print $sensors;
39 }
40 if ($hdd) {
41 print $hdd;
42 print "\n";
4337 }
4438 }
4539
+5
-3
scripts/services/zz-sys less more
00
11 ##########################################################################
2 # $Id: zz-sys 150 2013-06-18 22:19:38Z mtremaine $
2 # $Id: zz-sys 185 2014-02-02 12:27:49Z stefjakobs $
33 ##########################################################################
44 # $Log: zz-sys,v $
55 # Revision 1.3 2008/06/30 23:07:51 kirk
5959 print STDERR "No Sys::MemInfo module installed. To install, execute the command:\n";
6060 print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n";
6161 } else {
62 import Sys::MemInfo qw(totalmem freemem);
62 import Sys::MemInfo qw(totalmem freemem totalswap freeswap);
63 my $swapused = &totalswap - &freeswap;
6364 printf " Total Memory: %6d MB\n", ((&totalmem - (&totalmem % (1024*1024))) / (1024*1024));
64 printf " Free Memory: %6d MB\n", ((&freemem - (&freemem % (1024*1024))) / (1024*1024));
65 printf " Free Memory: %6d MB\n", ((&freemem - (&freemem % (1024*1024))) / (1024*1024));
66 printf " Swap Used: %6d MB\n", (($swapused - ($swapused % (1024*1024))) / (1024*1024));
6567 }
6668
6769 # vi: shiftwidth=3 tabstop=3 syntax=perl et