Commit 75be1f8838d65ba3450739fd32a655d0c5d2116a - logwatch

Import upstream version 7.5.5 Willi Mann authored 3 years ago Debian Janitor committed 3 years ago

29 changed file(s) with 339 addition(s) and 451 deletion(s). Raw diff Collapse all Expand all

-0

HOWTO-Customize-LogWatch less more

340	340	When specifying filenames for either the LogFile or Archive statements,
341	341	you can use standard regexps (for example, *, ?, or [0-9]). In addition,
342	342	filenames with spaces are possible by enclosing them in single quotes.
	343	Similarly, filename case can be preserved by quoting the filename.
	344	Single-quoted strings do not expand regexp characters; double-quoted
	345	strings do.
343	346
344	347	For either the LogFile or Archive statements, the corresponding files
345	348	need not exist. In that case, the statement is ignored. Because of this,

-1

LICENSE less more

0		Copyright (c) 2002-2018 Kirk Bauer
	0	Copyright (c) 2002-2021 Kirk Bauer
1	1
2	2	Permission is hereby granted, free of charge, to any person obtaining a copy of
3	3	this software and associated documentation files (the "Software"), to deal in

-1

conf/html/footer.html less more

0	0	<!-- Start footer.html -->
1	1	<div class=\"copyright\">
2	2	<hr>
3		<p>Logwatch ©Copyright 2002-2006 Kirk Bauer</p>
	3	<p>Logwatch ©Copyright 2002-2021 Kirk Bauer</p>
4	4	<p>
5	5	Permission is hereby granted, free of charge, to any person obtaining a copy of
6	6	this software and associated documentation files (the "Software"), to deal in

-1

conf/html/header.html less more

7	7	h2 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; }
8	8	h3 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; }
9	9	th {background: #6D88AD; text-align: left; font-family: sans-serif; }
10		td {background: #EFEFEF; text-align: left; font-family: courier,serif; font-size: 10px; }
	10	td {background: #EFEFEF; text-align: left; font-family: monospace; font-size: 10px; }
11	11	li { font-family: sans-serif; }
12	12	.ref {padding-left: 1%; }
13	13	.service {padding-left: 1%; }

-0

conf/logfiles/dnf-rpm.conf less more

0	0	# What actual file? Defaults to LogPath if not absolute path....
1	1	LogFile = dnf.rpm.log
2	2
	3	# Logrotate format
3	4	Archive = dnf.rpm.log-*
	5	# DNF internal rotation format
	6	Archive = dnf.rpm.log.*
4	7
5	8	# Keep only the lines in the proper date range...
6	9	*ApplyStdDate = "%b %d %H:%M:%S"

-1

conf/services/lvm.conf less more

13	13	LogFile = messages
14	14
15	15	# Only give lines pertaining to the OMSA service...
16		*OnlyService = lvm
	16	*OnlyService = "(?:lvm\|dmeventd)"
17	17	*RemoveHeaders
18	18
19	19	#########################################################

-0

conf/services/sshd.conf less more

42	42	# specified threshold
43	43	#$illegal_users_threshold = 4
44	44
	45	# Set to No to disable IP lookups
	46	$sshd_ip_lookup = Yes
	47
45	48
46	49	########################################################
47	50	# This was written and is maintained by:

-1

logwatch.spec less more

0	0	Summary: Analyzes and Reports on system logs
1	1	Name: logwatch
2		Version: 7.5.4
	2	Version: 7.5.5
3	3	Release: 1
4	4	License: MIT
5	5	Group: Applications/System

-12

scripts/logwatch.pl less more

9	9
10	10	########################################################
11	11	# Specify version and build-date:
12		my $Version = '7.5.4';
13		my $VDate = '07/22/20';
	12	my $Version = '7.5.5';
	13	my $VDate = '01/22/21';
14	14
15	15	#######################################################
16	16	# Logwatch was originally written by:

291	291	if ( $Config{'encode'} eq "base64" ) {
292	292	eval "require MIME::Base64";
293	293	if ($@) {
294		print STDERR "No MIME::Base64 installed can not use --encode\n";
	294	print STDERR "No MIME::Base64 installed; can not use --encode\n";
295	295	} else {
296	296	import MIME::Base64;
297	297	}

1201	1201	if ( $Config{'encode'} eq "base64" ) {
1202	1202	$out_mime .= "Content-transfer-encoding: base64\n";
1203	1203	} else {
1204		$out_mime .= "Content-Transfer-Encoding: 7bit\n";
	1204	$out_mime .= "Content-Transfer-Encoding: 8bit\n";
1205	1205	}
1206	1206	#Config{output} html
1207	1207	if ( $Config{'format'} eq "html" ) {

1512	1512	#Printing starts here $out_mime $out_head $out_reference $out_body $out_foot
1513	1513	if (defined fileno OUTFILE) {
1514	1514	print OUTFILE $out_mime if $out_mime;
1515		if ( $Config{'encode'} eq "base64" ) {
1516	1515	my $out = '';
1517	1516	$out .= $out_head if $out_head;
1518	1517	$out .= $out_reference if $out_reference;

1521	1520	$out_body{$_} = ''; #We should track this down out_body could be an array instead also -mgt
1522	1521	}
1523	1522	$out .= $out_foot if $out_foot;
	1523	if ( $Config{'encode'} eq "base64" ) {
1524	1524	print OUTFILE encode_base64($out);
1525	1525	} else {
1526		print OUTFILE $out_head if $out_head;
1527		print OUTFILE $out_reference if $out_reference;
1528		foreach ( 0 .. $index_par ) {
1529		print OUTFILE $out_body{$_} if defined( $out_body{$_} );
1530		$out_body{$_} = '';
1531		}
1532		print OUTFILE $out_foot if $out_foot;
	1526	print OUTFILE $out;
1533	1527	}
1534	1528	}
1535	1529	#ends here

+19

-11

scripts/services/audit less more

35	35	use strict;
36	36	use Logwatch ':all';
37	37
38		my (%denials, %grants, %loads);
	38	my (%denials, %allowed, %loads);
39	39	my %OtherList;
40	40	my $othercount = 0;
41	41	my $Debug = ($ENV{'LOGWATCH_DEBUG'} \|\| 0);

54	54	my $ThisLine;
55	55	my %Warning = ();
56	56	my %AuditctlStatus = ();
	57	my %unconfineds = ();
57	58
58	59	print STDERR "\n\nDEBUG: Inside audit filter\n\n" if ( $Debug >= 5 );
59	60

127	128	$AuditctlStatus{$status}++;
128	129	} elsif ( $ThisLine =~ /audit$[0-9]+\.[0-9]+:[0-9]+$: apparmor=/) {
129	130	# AppArmor
130		if ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load\|replace)" name="([^"]+)"/ ) {
	131	if ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load\|replace)" (?:profile="unconfined")?name="([^"]+)"/ ) {
131	132	# type=1400 audit(1314853473.168:33616): apparmor="STATUS" operation="profile_replace" name="/usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI" pid=26566 comm="apparmor_parser"
132	133	$loads{$2}++;
133		} elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" parent=\d+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
	134	} elsif ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load\|replace)" profile="unconfined" name="([^"]+)"/ ) {
	135	# type=1400 audit(1462209116.753:18): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/named" pid=22094 comm="apparmor_parser"
	136	# type=1400 audit(1462209262.641:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1760 comm="apparmor_parser"
	137	$unconfineds{$2}++;
	138	} elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" (?:parent=\d+ )?profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
134	139	# type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33
135	140	# type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
	141	# type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s)
136	142	$denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++;
	143	} elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" info="([^"]+)" error=-*[0-9]+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
	144	# type=1400 audit(1597690743.153:8073): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-open-iscsi-review-mp389234-groovy_</var/snap/lxd/common/lxd>" name="/run/" pid=1694826 comm="mount" flags="rw, nosuid, nodev, remount": 1 Time(s)
	145	$denials{$1.' '.$4.' ('.$3.' via '.$5 .': '.$2. ')'}++;
137	146	} elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) {
138	147	# type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12"
139	148	# type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill"

148	157	if ( $ThisLine =~ /avc:\sdenied\s{\s([^}]+).scontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
149	158	$denials{$2.' '.$3.' ('.$1.$4 . ')'}++;
150	159	} elsif ( $ThisLine =~ /avc:\sgranted\s{\s([^}]+).scontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
151		$grants{$2.' '.$3.' ('.$1.$4 . ')'}++;
	160	$allowed{$2.' '.$3.' ('.$1.$4 . ')'}++;
152	161	} elsif ($ThisLine =~ /security_compute_sid:\sinvalid context\s(\S+)\sfor\sscontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
153	162	$InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++;
154	163	} elsif ($ThisLine =~ /security_sid_mls_copy:\sinvalid context\s(\S+)/) {

161	170	if ( $ThisLine =~ /avc:\sdenied\s{\s[^}]+.scontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
162	171	$denials{$1.' '.$2.' ('.$3 . ')'}++;
163	172	} elsif ( $ThisLine =~ /avc:\sgranted\s{\s[^}]+}.scontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
164		$grants{$1.' '.$2.' ('.$3 . ')'}++;
	173	$allowed{$1.' '.$2.' ('.$3 . ')'}++;
165	174	} elsif ($ThisLine =~ /security_compute_sid:\sinvalid context\s(\S+)\sfor\sscontext=(\S+)\stcontext=\S+\stclass=(\S+)/ ) {
166	175	$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
167	176	} elsif ($ThisLine =~ /security_sid_mls_copy:\sinvalid context\s(\S+)/) {

174	183	if ( $ThisLine =~ /avc:\sdenied\s{\s[^}]+.scontext=([^:]+):[^:]+:\S+\stcontext=([^:]+):[^:]+:\S+\stclass=(\S+)/ ) {
175	184	$denials{$1.' '.$2.' ('.$3 . ')'}++;
176	185	} elsif ( $ThisLine =~ /avc:\sgranted\s{\s[^}]+.scontext=([^:]+):[^:]+:\S+\stcontext=([^:]+):[^:]+:\S+\stclass=(\S+)/ ) {
177		$grants{$1.' '.$2.' ('.$3 . ')'}++;
	186	$allowed{$1.' '.$2.' ('.$3 . ')'}++;
178	187	} elsif ($ThisLine =~ /security_compute_sid:\sinvalid context\s(\S+)\sfor\sscontext=(\S+)\stcontext=\S+\stclass=(\S+)/ ) {
179	188	$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
180	189	} elsif ($ThisLine =~ /security_sid_mls_copy:\sinvalid context\s(\S+)/) {

199	208	}
200	209	}
201	210
202		if ( keys %grants ) {
203		print "\n\n* Grants *\n";
204		foreach my $key (sort keys %grants) {
205		print " $key: ". $grants{$key} . " times\n";
	211	if ( keys %allowed ) {
	212	print "\n\n* Allowed *\n";
	213	foreach my $key (sort keys %allowed) {
	214	print " $key: ". $allowed{$key} . " times\n";
206	215	}
207	216	}
208	217

219	228	print " $key: ". $loads{$key} . " times\n";
220	229	}
221	230	}
222
223	231
224	232	if ($Detail and $NumberOfDStarts+$NumberOfDStartsPid) {
225	233	print "\n Number of audit daemon starts: ",$NumberOfDStarts+$NumberOfDStartsPid," \n";

-0

scripts/services/clamav less more

57	57	( $ThisLine =~ /^Unix socket file/ ) or
58	58	( $ThisLine =~ /^Protecting against \d+ viruses\./ ) or
59	59	( $ThisLine =~ /^Reading databases from/ ) or
	60	( $ThisLine =~ /^Activating the newly loaded database/ ) or
60	61	( $ThisLine =~ /file removed\./ ) or
61	62	( $ThisLine =~ / (?:dis\|en)abled\.$/ ) or
62	63	( $ThisLine =~ /^Archive/ ) or

-1

scripts/services/dhcpd less more

78	78	($line =~ /^Solicit message from/) or
79	79	($line =~ /^Sending Advertise to/) or
80	80	($line =~ /^pool [0-9a-f]+ /) or
81		($line =~ /^[^ ]* file: /)
	81	($line =~ /^[^ ]* file: /) or
	82	($line =~ /^reuse_lease: lease age \d+ $secs$ under \d+\% threshold, reply with unaltered, existing lease for/) or
	83	0 # noop, but makes diffs easier when appending ignore statements
82	84	) {
83	85	# Ignore these lines
84	86	} elsif ($line =~ s/Listening on\s+//) {

118	120	($line =~ /^of the dhcpd.conf file\./)
119	121	) {
120	122	# Do nothing
	123	} elsif ($line =~ /lease age \d+ $secs$ under \d+% threshold, reply with unaltered, existing lease/) {
	124	# Do nothing
121	125
122	126	} elsif ($line =~ s/^exiting./DHCP server exiting./) {
123	127	$data{'Generic error'}{$line}++;

+16

-3

scripts/services/dovecot less more

74	74	my %ProxyLoginIMAP;
75	75	my %ProxyLoginPOP3;
76	76	my %SieveLogin;
	77	my %UnknownUsers;
77	78	my %VacationDup;
78	79	my %VacationResponse;
79	80

114	115	my $dovecottag = qr/dovecot(?:\[\d+\])?:(?:\s*\[[^]]+\])?/;
115	116
116	117	while (defined(my $ThisLine = <STDIN>)) {
117		# The *RemoveHeaders script is now invoked in the service configuration file
118		# so this next line is no longer needed
119		#$ThisLine =~ s/^\w{3} .\d \d\d:\d\d:\d\d (?:[^\s:]* \|)//;
120	118	if ( ($ThisLine =~ /(?:ssl-build-param\|ssl-params): SSL parameters regeneration completed/) or
121	119	($ThisLine =~ /ssl-params: Generating SSL parameters/) or
122	120	($ThisLine =~ /auth-worker/) or

170	168	$ConnectionSieve{$Host}++;
171	169	$Connection{$Host}++;
172	170	}
	171	} elsif (my ($User) = ( $ThisLine =~ /auth: (?:pam\|passwd-file)$(.),.$: unknown user/ ) ) {
	172	$UnknownUsers{$User}++;
173	173
174	174	# 'lda' for dovecot 2.0, 'deliver' for earlier versions
175	175	} elsif (my ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda\|deliver)$(.)$(?:<[^>]+><[^>]+>)?: msgid=.: saved mail to (.*)/ ) ) {

656	656	}
657	657	}
658	658
	659	if (keys %UnknownUsers) {
	660	my $UserCount = 0;
	661	foreach my $User (keys %UnknownUsers) {
	662	$UserCount += $UnknownUsers{$User};
	663	}
	664	print "\n\nUnknown users blocked: $UserCount Total\n";
	665	if ($Detail >= 10) {
	666	foreach my $User (sort keys %UnknownUsers) {
	667	print " $UnknownUsers{$User} $User\n";
	668	}
	669	}
	670	}
	671
659	672	if (keys %OtherList) {
660	673	print "\n\nUnmatched Entries\n";
661	674	foreach my $line (sort {$a cmp $b} keys %OtherList) {

+19

-0

scripts/services/exim less more

92	92	$KeepEnv++ if $MatchedDate;
93	93	next;
94	94	}
	95	if ( $ThisLine =~ /^ Suggested action: either install a certificate or change tls_advertise_hosts option/ ) {
	96	push @SelfSignedH, $ThisLine;
	97	next;
	98	}
95	99	$BadFormat{$ThisLine}++;
96	100	next;
97	101	} unless ($year1,$month1,$day1,$h1,$m1,$s1) = ($ThisLine =~ /^(\d+)\-(\d+)\-(\d+)\s(\d+):(\d+):(\d+)\s.+/);

264	268	elsif ( $ThisLine =~ /no IP address found for host/ ) {
265	269	$Lookup++;
266	270	push @LookupH, $ThisLine;
	271	}
	272	elsif ( $ThisLine =~ /No server certificate defined; will use a selfsigned one/ ) {
	273	$SelfSigned++;
	274	push @SelfSignedH, $ThisLine;
267	275	}
268	276	elsif ( $ThisLine =~ /DKIM: .* \[verification succeeded\]/ ) {
269	277	# Ignore successful DKIM verification reports

317	325	$StartQueue and print " Start queue run: $StartQueue Time(s)\n";
318	326	# End Queue
319	327	$EndQueue and print " End queue run: $EndQueue Time(s)\n";
	328	}
	329	}
	330
	331	if (@SelfSignedH) {
	332	print "\n--- Self-Signed Certificate in use ($SelfSigned Time(s))\n";
	333
	334	if ($Detail >= $LvlMsgs) {
	335	foreach $ThisOne (@SelfSignedH) {
	336	print "$ThisOne\n";
	337	}
320	338	}
321	339	}
322	340

748	766	}
749	767	}
750	768	}
	769
751	770	}
752	771	}
753	772

-1

scripts/services/fail2ban less more

65	65	($ThisLine =~ /INFO\s+(Set \|Socket\|Exiting\|Gamin\|Created\|Added\|Using\|Connected to \|rollover performed)/) or # syntax of 0.7.? fail2ban
66	66	($ThisLine =~ /..,... WARNING: Verbose level is /) or
67	67	($ThisLine =~ /..,... WARNING: Restoring firewall rules/) or
68		($ThisLine =~ /WARNING Determined IP using DNS Lookup: [^ ]+ = \['[^']+'\]/) or
	68	($ThisLine =~ /WARNING Determined IP using DNS Lookup/) or
69	69	($ThisLine =~ /INFO\s+(Stopping all jails\|Exiting Fail2ban)/) or
70	70	($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
71	71	($ThisLine =~ /INFO\s+(Added logfile = .*\|Set maxRetry = \d+\|Set findtime = \d+\|Set banTime = \d+)/) or

+17

-0

scripts/services/lvm less more

36	36	my %MonitoringOff;
37	37	my %MonitoringSnapshot;
38	38	my %MonitoringSnapshotOff;
	39	my %Resize;
39	40	my %OtherList;
40	41
41	42	while (defined(my $ThisLine = <STDIN>)) {

46	47	or $ThisLine =~ /pvscan\[\d+\] VG .* run autoactivation/
47	48	# This happens often at startup
48	49	or $ThisLine =~ /^WARNING: lvmetad is being updated, retrying/
	50	# This happens when dmeventd autostarted
	51	or $ThisLine =~ /dmeventd ready for processing\.$/
	52	or $ThisLine =~ /dmeventd shutting down\.$/
	53	or $ThisLine =~ /dmeventd was idle for .*, exiting\.$/
	54	# Misc cleanups
	55	or $ThisLine =~ /Logical volume .* successfully resized/
49	56	) {
50	57	# Ignore
51	58	} elsif ($ThisLine =~ /^(?:WARNING: )?Thin (\S+) is now (\d+(\.\d+)?)% full/) {

68	75	$MonitoringOff{$2}++;
69	76	} elsif ($ThisLine =~ /^(\d+) logical volume$s$ in volume group "(\S+)" now active/) {
70	77	$Active{$2}=$1;
	78	} elsif ($ThisLine =~ /^Size of logical volume (\S+) changed from (.) to (.)\.$/) {
	79	$Resize{$1}="$3"
71	80	} else {
72	81	$OtherList{$ThisLine}++;
73	82	}

93	102	print "Snapshot Usage:\n";
94	103	foreach my $Snapshot (sort {$a cmp $b} keys %SnapshotUsed) {
95	104	print " $Snapshot: $SnapshotUsed{$Snapshot}% full\n";
	105	}
	106	print "\n";
	107	}
	108
	109	if (keys %Resize) {
	110	print "Resize snapshot:\n";
	111	foreach my $Snapshot (sort {$a cmp $b} keys %Resize) {
	112	print " $Snapshot: $Resize{$Snapshot}\n";
96	113	}
97	114	print "\n";
98	115	}

-4

scripts/services/named less more

78	78	($ThisLine =~ /recvfrom: No route to host/) or
79	79	# Be sure to catch: transfer of 'zone' from IP#53: failed to connect: timed out
80	80	# not exact just triggers a full transfer
81		($ThisLine =~ /transfer of .*: (IXFR\|AXFR(\|-style IXFR) (started\|ended)\|connected using\|failed while receiving responses: not exact)/) or
82		($ThisLine =~ /Transfer status: success/) or
	81	($ThisLine =~ /transfer of .*: (:?IXFR\|AXFR(:?\|-style IXFR) (:?started\|ended)\|connected using\|failed while receiving responses: not exact)/) or
	82	# This will generate another error that we will catch
	83	($ThisLine =~ /transfer of .*: resetting/) or
	84	($ThisLine =~ /Transfer status: (:?success\|up to date)/) or
83	85	($ThisLine =~ /using \d+ CPU/) or
84	86	($ThisLine =~ /loading configuration/) or
85	87	($ThisLine =~ /command channel listening/) or

160	162	($ThisLine =~ /using built-in keys instead/) or
161	163	($ThisLine =~ /set up managed keys zone/) or
162	164	($ThisLine =~ /managed-keys-zone.*key now trusted/) or
163		($ThisLine =~ /dhcpupdate: forwarding update for zone/) or
	165	($ThisLine =~ /key .*: forwarding update for zone/) or
164	166	($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET\|YXDOMAIN)/) or
165	167	($ThisLine =~ /using .* as GeoIP directory/) or
166	168	($ThisLine =~ /GEO-.* Build/) or

212	214	$DeniedZoneTransfers{$Host}{$Zone}++;
213	215	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) {
214	216	$DeferredZoneTransfers{$Zone}++;
215		} elsif ( ($Zone, $Host) = ( $ThisLine =~ /transfer of '(.+)' from ([^\#]+)#[^\:]+: (failed\|(Transfer status\|giving up): ((network\|host) unreachable\|timed out\|connection refused))/ ) ) {
	217	} elsif ( ($Zone, $Host) = ( $ThisLine =~ /transfer of '(.+)' from ([^\#]+)#[^\:]+: (failed\|(Transfer status\|giving up): ((network\|host) unreachable\|timed out\|connection refused\|REFUSED))/ ) ) {
216	218	$FailedZoneTransfers{$Host}{$Zone}++;
217	219	} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) {
218	220	$ZoneLoaded{"cache $Zone"}++;

-0

scripts/services/omsa less more

62	62	next if (($Message =~ /^Controller event log: Time established as/) and ($Detail < 10));
63	63	next if (($Message =~ /^Controller event log: Unexpected sense: Encl PD .* CDB: 12 00 00 00 (:?04\|20) 00, Sense: 5\/24\/00/) and ($IgnoreNonCertifiedDrives));
64	64	next if (($Message =~ /^Controller event log: Unexpected sense: PD .* CDB: 12 01 dc 01 1d 00, Sense: (4\/cf\|5\/24)\/00/) and ($IgnoreNonCertifiedDrives));
	65	next if (($Message =~ /^Unexpected sense. SCSI sense data: Sense key: 5 Sense code: 24 Sense qualifier: 0:/) and ($IgnoreNonCertifiedDrives));
65	66	next if (($Message =~ /^Disk found is not supplied by an authorized hardware provider/) and ($IgnoreNonCertifiedDrives));
66	67	next if (($Message =~ /^The battery charge cycle is complete\./) and ($Detail < 5));
67	68	next if (($Message =~ /^The controller battery Learn cycle will start in (?:\d+) days\./) and ($Detail < 5));

-0

scripts/services/openvpn less more

124	124	($ThisLine =~ /^TCP\/UDP: Dynamic remote address changed during TCP connection establishment/) or
125	125	($ThisLine =~ /^TCP\/UDP: Preserving recently used remote address: /) or
126	126	($ThisLine =~ /^TCP connection established with [\d.]+:\d+/) or
	127	($ThisLine =~ /^TCP connection established with \[AF_INET6?\]/) or
127	128	($ThisLine =~ /^TCPv\d_(CLIENT\|SERVER) link (local\|remote)/) or
128	129	($ThisLine =~ /^TLS-Auth MTU parms/) or
129	130	($ThisLine =~ /^TLS: Initial packet from/) or

+27

-3

scripts/services/postfix less more

2285	2285	#TDpg unrecognized request type: ''
2286	2286	#TDpg rm /var/spool/postfix/postgrey/log.0000000002
2287	2287	#TDpg 2007/01/25-14:48:00 Pid_file already exists for running process (4775)... aborting at line 232 in file /usr/lib/perl5/vendor_perl/5.8.7/Net/Server.pm
2288
	2288	#TDpg Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
2289	2289
2290	2290	$line =~ /^cleaning / or
2291	2291	$line =~ /^delayed / or

2300	2300	# unanchored last
2301	2301	$line =~ /Pid_file already exists/ or
2302	2302	$line =~ /postgrey .* starting!/ or
2303		$line =~ /Server closing!/
	2303	$line =~ /Server closing!/ or
	2304	$line =~ /Resolved .localhost.IPv4/
2304	2305	);
2305	2306
2306	2307	my ($action,$reason,$delay,$host,$ip,$sender,$recip);

2607	2608	sub postfix_error;
2608	2609	sub postfix_warning;
2609	2610	sub postfix_script;
	2611	sub backwards_compatible;
2610	2612	sub postfix_postsuper;
2611	2613	sub process_delivery_attempt;
2612	2614	sub cleanhostreply;

2812	2814	if ($p1 =~ /^fatal: +(.*)$/) { postfix_fatal($1); next; }
2813	2815	if ($p1 =~ /^panic: +(.*)$/) { postfix_panic($1); next; }
2814	2816	if ($p1 =~ /^error: +(.*)$/) { postfix_error($1); next; }
	2817
	2818	# Backwards compatibility mode
	2819	if ($p1 =~ /compati/i) { backwards_compatible($p1); next; } # backwards-compatible default settings
2815	2820
2816	2821	# output by all services that use table lookups - process before specific messages
2817	2822	if ($p1 =~ /(?:lookup )?table (?:[^ ]+ )?has changed -- (?:restarting\|exiting)$/) {

3585	3590
3586	3591	### smtpd_tls_loglevel >= 1
3587	3592	# Server TLS messages
3588		elsif (($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Anonymous\|Trusted\|Untrusted) )?TLS connection established from ([^[]+)\[([^]]+)\](?::\d+)?: (.*)$/)) {
	3593	elsif (($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Anonymous\|Trusted\|Untrusted) )?TLS connection established from ([^[]+)\[([^]]+)\](?::\d+)?(?: to [^:]+)?: (.*)$/)) {
3589	3594	#TDsd TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
3590	3595	# Postfix 2.5+: status: Untrusted or Trusted
3591	3596	#TDsd Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

4804	4809	}
4805	4810	}
4806	4811
	4812	# Handles postfix backwards compatibility mode lines
	4813	#
	4814	sub backwards_compatible($) {
	4815	my $line = shift;
	4816
	4817	if ($line =~ /^Postfix is running with backwards-compatible default settings/o) {
	4818	$Totals{'backwardscompatible'}++;
	4819	}
	4820	elsif ($line =~ /^See http.*COMPATIBILITY_README.html for details/o) {
	4821	$Totals{'backwardscompatible'}++;
	4822	}
	4823	elsif ($line =~ /^To disable backwards compatibility use.*/o) {
	4824	$Totals{'backwardscompatible'}++;
	4825	}
	4826	}
	4827
4807	4828	# Clean up a server's reply, to give some uniformity to reports
4808	4829	#
4809	4830	sub cleanhostreply($ $ $ $) {

5211	5232	add_section ($S, 'postfixwaiting', 0, 'd', 'Postfix waiting to terminate');
5212	5233	end_section_group ($S, 'postfixstate');
5213	5234
	5235	begin_section_group ($S, 'backwardscompatible', "\n");
	5236	add_section ($S, 'backwardscompatible', 1, 'd', 'Running in backwards compatibile mode');
	5237	end_section_group ($S, 'backwardscompatible');
5214	5238
5215	5239	if ($Opts{'debug'} & Logreporters::D_SECT) {
5216	5240	print "\tSection table\n";

-3

scripts/services/secure less more

155	155	( $ThisLine =~ /sshguard\[\d+\]: (?:message repeated \d+ times: \[ )?\S+: not blocking /) or
156	156	( $ThisLine =~ /sshguard\[\d+\]: Received EOF from stdin/) or
157	157	( $ThisLine =~ /sshguard\[\d+\]: .*has already been blocked/) or
	158	( $ThisLine =~ /gnome-keyring-daemon\[\d+\]: asked to register item.*already registered/) or
158	159	0 # This line prevents blame shifting as lines are added above
159	160	) {
160	161	# Ignore these entries

353	354	$pwd_file_too_short++;
354	355	} elsif ( ($User,$Su) = ($ThisLine =~ /^su: ([^ ]+) to ([^ ]+) on \/dev\/ttyp([0-9a-z]+)/) ) {
355	356	$Su_User{$User}{$Su}++;
356		} elsif ( ($Su,$User) = ($ThisLine =~ /^su: $to ([^ ]+)$ ([^ ]+) on (?:none\|\/dev\/(pts\/\|ttyp)([0-9]+))/) ) {
	357	} elsif ( ($Su,$User) = ($ThisLine =~ /^su: $to ([^ ]+)$ ([^ ]+) on (?:none\|(\/dev\/)?(pts\/\|ttyp)([0-9]+))/) ) {
357	358	$Su_User{$User}{$Su}++;
358	359	} elsif ( ($Su,$User) = ($ThisLine =~ /^su\[\d+\]: Successful su for (\S+) by (\S+)/) ) {
359	360	$Su_User{$User}{$Su}++;

391	392	$DeniedAccess{"$User,$Reason"}++;
392	393	} elsif ($ThisLine =~ /^request-key: Cannot find command to construct key/) {
393	394	$RequestKeyFailures++;
394		} elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]\]: (AS_REQ\|TGS_REQ) $[0-9]+ etypes \{[ 0-9]+}$ ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE\|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes \{rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.)$/)) {
	395	} elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]\]: (AS_REQ\|TGS_REQ) $[0-9]+ etypes \{[ 0-9a-z\-\($,]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE\|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes \{rep=[0-9a-z\-]+, tkt=[0-9a-z\-]+, ses=[0-9a-z\-]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.)$/)) {
395	396	if($service=~/^krbtgt\/([^@]+)@\1/) {
396	397	$service='Login';
397	398	}

400	401	$e='';
401	402	}
402	403	$KerbList{$response}{$type}{$from}{$service}{$client}{$e}++;
403		} elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]\]: (AS_REQ\|TGS_REQ) $[0-9]+ etypes \{[ 0-9]+}$ ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH\|PREAUTH_FAILED\|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.)$/)) {
	404	} elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]\]: (AS_REQ\|TGS_REQ) $[0-9]+ etypes \{[ 0-9a-z\-\($,]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH\|PREAUTH_FAILED\|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.)$/)) {
404	405	if($service=~/^krbtgt\/([^@]+)@\1/) {
405	406	$service='Login';
406	407	}

+34

-11

scripts/services/sendmail less more

131	131	$Address, $Arg, $Attack,
132	132	$Auth,
133	133	$BlSite, $Bytes, $CommonName,
134		$DeliverStat, $Dest, $Domain,
135		$Error, $ErrorCount,
	134	$DeliverStat, $Dest, $DetailReason,
	135	$Domain, $Error, $ErrorCount,
136	136	$ETRN, $File, $Forward,
137	137	$FromUser, $Header, $HeaderMod,
138	138	$Host, $IP,

161	161
162	162	my (
163	163	%Abuse, %AddressError, %AttackAttempt,
164		%AUTHfailure, %AuthWarns, %BadAuth,
165		%BadRcptThrottle, %BlackHoled,
	164	%AUTHfailure, %AUTHnouser, %AuthWarns,
	165	%BadAuth, %BadRcptThrottle, %BlackHoled,
166	166	%BlackHoles, %CheckMailReject, %CheckRcptReject,
167	167	%CollectError, %CommandUnrecognized, %DisabledMailbox,
168	168	%DNSMap,

807	807	} elsif ( ($StatFile, $StatError) = ($ThisLine=~ /^poststats: (.?): (.)/) ) {
808	808	$StatFileError{$StatFile}{$StatError}++;
809	809	# file=srvrsmtp.c, LogLevel>9, LOG_WARNING
810		} elsif ( ($Auth, $Reason, $RelayHost) = ($ThisLine =~ /^AUTH failure $(.)?$: ([^\)])\(.* relay=(.*)/) ) {
811		$AUTHfailure{$RelayHost}{$Reason}++;
	810	} elsif ( ($Auth, $Reason, $DetailReason, $RelayHost) = ($ThisLine =~ /^AUTH failure $(.)?$: ([^\(])(\(.) relay=(.)/) ) {
	811	if ( $Reason =~ /^user not found / ) {
	812	(($User) = ($DetailReason =~ /$-20$ SASL$-13$: user not found: .user(?:=\|: )([^ ,])/));
	813	$AUTHnouser{$User}++;
	814	} else {
	815	$AUTHfailure{$RelayHost}{$Reason}++;
	816	}
812	817	# file=tls.c, LogLevel>7, LOG_INFO
813	818	} elsif ($ThisLine=~ /STARTTLS=.* field=cn_issuer, status=failed to extract CN/ ) {
814	819	$NoCommonName++;

832	837	$TLSConnectFailed{"no reason given"}++;
833	838	# file=tls.c, LogLevel>-1, LOG_INFO
834	839	} elsif (($CommonName,$StarttlsReason) = ($ThisLine =~ /^STARTTLS: (?:x509\|TLS) cert verify: depth=[0-9]+ .\/CN=([^\/,]).* state=[0-9]+, reason=(.*)$/ )) {
835		$StarttlsCert{$StarttlsReason}{$CommonName}++;
	840	# "reason=ok" now printing in sendmail 8.16.1; not an error
	841	if ($StarttlsReason !~ /^ok$/) {
	842	$StarttlsCert{$StarttlsReason}{$CommonName}++;
	843	}
836	844	# do the same if, incorrectly, Common Name is not defined
837	845	} elsif (($StarttlsReason) = ($ThisLine =~ /^STARTTLS: (?:x509\|TLS) cert verify: depth=[0-9]+ .* state=[0-9]+, reason=(.*)$/ )) {
838		$StarttlsCert{$StarttlsReason}{"(undefined CommonName)"}++;
	846	# "reason=ok" now printing in sendmail 8.16.1; not an error
	847	if ($StarttlsReason !~ /^ok$/) {
	848	$StarttlsCert{$StarttlsReason}{"(undefined CommonName)"}++;
	849	}
839	850	# file=tls.c, LogLevel>8, LOG_INFO
840	851	} elsif ( ($StarttlsMode, $StarttlsVerify, $StarttlsCipherType, $StarttlsNumBits) =
841	852	($ThisLine =~ /^STARTTLS=(server\|client), relay=., version=., verify=(\w), cipher=(.), bits=(\w\/\w)/) ) {

887	898	} elsif ( ($User,$Reason) = ($ThisLine =~ /SYSERR$(.)$: (.)/) ) {
888	899	$SysErr{$User}{$Reason}++;
889	900	# file=milter.c, LogLevel>8, LOG_INFO
890		} elsif ( ($HeaderMod) = ($ThisLine =~ /Milter (?:add\|insert\|change\|delete).: header: (.)/) ) {
	901	} elsif ( ($HeaderMod) = ($ThisLine =~ /Milter (?:$\w$ )?(?:add\|insert\|change\|delete).: header: (.*)/) ) {
891	902	foreach $Header (@MilterHeadersToCount) {
892	903	if ($HeaderMod =~ /$Header/) {
893	904	$MilterHeaderCount{$Header}++;

922	933	$KnownSpammer{$1}++;
923	934	} elsif (
924	935	# file=milter.c, LogLevel>8, LOG_INFO
925		( $ThisLine =~ /Milter (add\|change\|insert\|delete): /)
	936	( $ThisLine =~ /Milter (?:$\w*$ )?(add\|change\|insert\|delete): /)
926	937	) {
927	938	# We don't care about these statements above
928	939

939	950	$SPFResults{$SPFStatus}++;
940	951
941	952	# This is for the Sendmail Sender-ID milter
942		} elsif ( (my $SenderIDStatus, $SPFStatus) = ($ThisLine =~ /^Milter insert $1$: header: Authentication-Results:.; sender-id=(fail.\|softfail\|neutral\|none\|error\|unknown\|pass); spf=(fail.*\|softfail\|neutral\|none\|error\|unknown\|pass)/) ) {
	953	} elsif ( (my $SenderIDStatus, $SPFStatus) = ($ThisLine =~ /^Milter (?:$\w$ )?insert $1$: header: Authentication-Results:.; sender-id=(fail.\|softfail\|neutral\|none\|error\|unknown\|pass); spf=(fail.\|softfail\|neutral\|none\|error\|unknown\|pass)/) ) {
943	954	# Example string
944	955	# Milter insert (1): header: Authentication-Results: my.host.name
945	956	# sender=list-users-bounces+list-users=host.name@another.org;

1489	1500	}
1490	1501	$TotalError[++$ErrorIndex] = 0;
1491	1502
	1503	if (keys %AUTHnouser) {
	1504	eval "$PrintCond" if ($Detail >= 3);
	1505	print "\n\nFailed AUTH requests because of No User" if ($Detail >= 3);
	1506	my $UserCount = CountOrder(%AUTHnouser);
	1507	foreach $User (sort $UserCount keys %AUTHnouser) {
	1508	PrettyTimes(" $User", $AUTHnouser{$User}) if ($Detail >=5);
	1509	$TotalError[$ErrorIndex] += $AUTHnouser{$User};
	1510	}
	1511	print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
	1512	}
	1513	$TotalError[++$ErrorIndex] = 0;
	1514
1492	1515	if($RemoteProtocolError > 0) {
1493	1516	eval "$PrintCond" if ($Detail >= 3);
1494	1517	print "\n\n" . $RemoteProtocolError . " Remote Protocol Errors" if ($Detail >= 3);

-1

scripts/services/smartd less more

169	169	$DriveTest{$Device}{$TestType}++;
170	170	} elsif ( my ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) {
171	171	$Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++;
172		} elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), failed (.*)$/) ) {
	172	} elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), (?:failed\|SMART Failure:) (.*)$/) ) {
173	173	$Failed{$Device}{"$Text"}++;
174	174	} elsif ( ( $ThisLine =~ /warning/i ) ) {
175	175	$Warnings{$ThisLine}++;

-0

scripts/services/sshd less more

30	30	my $IgnoreHost = $ENV{'sshd_ignore_host'} \|\| "";
31	31	my $RefusedConnectionsThreshold = $ENV{'refused_connections_threshold'} \|\| 0;
32	32	my $IllegalUsersThreshold = $ENV{'illegal_users_threshold'} \|\| 0;
	33	$main::DoLookup = $ENV{'sshd_ip_lookup'};
33	34	my $DebugCounter = 0;
34	35
35	36	# No sense in running if 'sshd' doesn't even exist on this system...

-0

scripts/services/sssd less more

80	80	$EnumerationRequested++ unless $IgnoreEnumerationRequested;
81	81	} elsif ($Service eq "Daemon" && $ThisLine =~ /Keytab successfully retrieved and stored in:/) {
82	82	# Ignore
	83	} elsif ($Service eq "krb5_child" && $ThisLine =~ /Preauthentication failed/) {
	84	# Ignore - this will generate a pam auth failed message
83	85	} elsif ($Service eq "p11_child" && $ThisLine =~ /Certificate .* not valid .*Certificate key usage inadequate for attempted operation/) {
84	86	# sssd ssh does not ignore certificates of different types - ignore the errors generated by it
85	87	$ignore_p11_child_error = 1;

-0

scripts/services/systemd less more

76	76	$ThisLine =~ /^Inserted module / or
77	77	$ThisLine =~ /^Listening on / or
78	78	$ThisLine =~ /^Mounted / or
	79	$ThisLine =~ /^Queued start job for default target / or
79	80	$ThisLine =~ /^Relabelled / or
80	81	$ThisLine =~ /^Reloading\.$/ or # Happens on each boot at switch root
81	82	$ThisLine =~ /^RTC configured in / or

105	106	$ThisLine =~ /: Start(-pre)? operation timed out\. Terminating\./ or
106	107	$ThisLine =~ /hold-?off time over, scheduling restart\./ or
107	108	$ThisLine =~ /Service has no hold-off time.*, scheduling restart\./ or
	109	$ThisLine =~ /Service Restart.* expired, scheduling restart\./ or
108	110	$ThisLine =~ /Scheduled restart job, restart counter is at .*\./ or
109	111	$ThisLine =~ /Stopping timed out\. Killing\./ or
110	112	$ThisLine =~ /^Timed out waiting for/ or

136	138	$ThisLine =~ /^Removed slice / or
137	139	$ThisLine =~ /^pam_unix$systemd-user:session$: session (?:opened\|closed) for user/ or
138	140	$ThisLine =~ /Adding .* random time\.$/ or
	141	# https://bugzilla.redhat.com/show_bug.cgi?id=1890632
	142	$ThisLine =~ /Not generating service for XDG autostart .*,/ or
	143	$ThisLine =~ /gnome-systemd-autostart-condition not found/ or
	144	$ThisLine =~ /kde-systemd-start-condition not found/ or
	145	$ThisLine =~ /Unknown key name .* in section 'Desktop Entry'/ or
139	146	# These happen on every shutdown - downgraded to debug message in systemd v235
140	147	# https://github.com/systemd/systemd/issues/6777
141	148	$ThisLine =~ /^Failed to propagate agent release message: (?:Connection reset by peer\|Transport endpoint is not connected)/ or

-0

scripts/services/zz-lm_sensors less more

33	33	#Exit early if the report is not for the current host.
34	34	use POSIX qw(uname);
35	35	my $logwatch_hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'};
	36	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
36	37	my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname();
37	38	$hostname =~ s/\..*//;
38	39	exit (0) if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} and ($logwatch_hostname ne $hostname));

+154

-394

scripts/services/zz-network less more

8	8
9	9	#######################################################
10	10	## Copyright (c) 2008 Laurent Dufour
	11	## Francis Borras
11	12	## Covered under the included MIT/X-Consortium License:
12	13	## http://www.opensource.org/licenses/mit-license.php
13	14	## All modifications and contributions by other persons to

77	78	}
78	79	}
79	80
80		sub routingCapabilities ()
81		{
82		print "\n\n------------- Routing capabilities----------\n\n";
83		chkcfg('routed');
84		chkcfg('gated');
85		chkcfg('zebra');
86		chkcfg('ripd');
87		chkcfg('ripngd');
88		chkcfg('isisd');
89		chkcfg('ospfd');
90		chkcfg('ospf6d');
91		chkcfg('bgpd');
92		if ( -f $pathto_vtysh )
93		{
94		print "\n";
95		system("$pathto_vtysh -e 'sh ver'");
96		}
97
98		if ($OSname eq "SunOS") {
99		if ( ($release eq "5.10") \|\| ($release eq "5.11") ) {
100
101		if ( -f $pathto_routeadm)
102		{
103		open(FILE1, "$pathto_routeadm -p \|") \|\| die "can't open $!";
104		while (<FILE1>)
105		{
106		print $_;
107		}
108		close(FILE1) \|\| die "can't close $!";
109		}
110
111		}
112		}
113		print "\n\n------------- Routing capabilities----------\n\n";
114		print "\n";
115		}
116
117		sub routingState ()
118		{
119		print "\n\n------------- Routing states ---------------\n\n";
120		if ($OSname eq "Linux") {
121		if ( -f $pathto_sysctl_conf) {
122		open(SYSCTL, "< $pathto_sysctl_conf") \|\| die "can't open $!";
123		while (<SYSCTL>)
124		{
125		if ($_ =~ /ip_forward/ ) {
126		print $_;
127		}
128		}
129		}
130		else
131		{
132		open(SYSCTL,"< /proc/sys/net/ipv4/ip_forward") \|\| die "can't open $!";
133		while (<SYSCTL>)
134		{
135		print "/proc/sys/net/ipv4/ip_forward set to $_";
136		}
137		close(SYSCTL) \|\| die "can't close $!";
138		}
139		}
140
141		elsif ($OSname eq "SunOS") {
142		if ( ($release eq "5.10") \|\| ($release eq "5.11") ) {
143
144		if ( -f $pathto_routeadm)
145		{
146		open(FILE1, "$pathto_routeadm -p \|") \|\| die "can't open $!";
147		while (<FILE1>)
148		{
149		if (/ipv(\d+)-forwarding .*default=(\S+) current=(\S+)/) {
150		print "IPv$1 forwarding is $3 (normal state is $2)\n";
151		}
152		}
153		close(FILE1) \|\| die "can't close $!";
154		}
155
156		}
157		}
158
159		else
160		{
161		print "Unable to find routing information in your system.\n";
162		}
163		print "\n\n------------- Routing states ---------------\n\n";
164		print "\n";
165		}
166
167
168
169
170
171		sub routingReport ()
172		{
173		print "\n\n------------- Network routes ---------------\n\n";
174		if ($OSname eq "Linux") {
175
176		open(NET, "netstat -r -n \|") \|\| die "can't run netstat: $!";
177		while (<NET>)
178		{
179		print $_;
180		}
181		close(NET) \|\| die "can't close netstat: $!";
182		}
183		else
184		{
185		open(NET, "netstat -r -n \|") \|\| die "can't run netstat: $!";
186		while (<NET>)
187		{
188		print $_;
189		}
190		close(NET) \|\| die "can't close netstat: $!";
191		}
192		print "\n\n------------- Network routes ---------------\n\n";
193		print "\n";
194		}
195
196
197
198
199
200
201		sub ListeningSockets ()
202		{
203		print "\n\n------------- Listening sockets ---------------\n\n";
204		if ($OSname eq "Linux") {
205		open(NET, "netstat -l \|") \|\| die "can't run netstat: $!";
206		while (<NET>)
207		{
208		if ($_ =~ /LISTEN/ ) { # grep LISTEN
209		if (($_ =~ /LISTENING/ ) == 0 ) { #grep -v LISTENING
210		print $_;
211		}
212		}
213
214		}
215		close(NET) \|\| die "can't run netstat: $!";
216		}
217		else
218		{
219
220		open(NET, "netstat -a -n \|") \|\| die "can't run netstat: $!";
221		while (<NET>)
222		{
223		if ($_ =~ /LISTEN/ ) {# grep LISTEN
224		if (($_ =~ /LISTENING/ ) == 0 ) { # grep -v LISTENING
225		print $_;
226		}
227		}
228
229		}
230		close(NET) \|\| die "can't run netstat: $!";
231
232		}
233		print "\n\n------------- Listening sockets ---------------\n\n";
234		print "\n";
235		}
236
237
238
239
240		sub NetworkStats()
241		{
242		my $awkprog='{printf("%s \t%6s %6s %6s \n", $1, $2, $5, $9 ); }';
243		print "\n\n------------- Network statistics ---------------\n\n";
244		if ($OSname eq "Linux") {
245
246		my $cmd_to_show_int="";
247
248		if ( -f $pathto_ip) {
249		$cmd_to_show_int=$pathto_ip." a";
250		}
251		else
252		{
253		$cmd_to_show_int="$pathto_ifconfig -a";
254		}
255
256		open(NET, "$cmd_to_show_int \|") \|\| die "can't run $cmd_to_show_int: $!";
257		while (<NET>)
258		{
259		print $_;
260		}
261		close(NET) \|\| die "can't close $cmd_to_show_int: $!";
262
263		print "\n";
264		system("netstat -i \| grep -v Kernel \| awk '$awkprog' ");
265		}
266		else {
267		my $netstat_cmd = "netstat -i";
268		if ($OSname eq "SunOS") {
269		$netstat_cmd .= " -a";
270		}
271		open(NET, "$netstat_cmd \|") \|\| die "can't run netstat: $!";
272		while (<NET>)
273		{
274		print $_;
275		}
276		close(NET) \|\| die "can't close netstat: $!";
277
278		}
279		print "\n\n------------- Network statistics ---------------\n\n";
280		print "\n";
281		}
282
283
284
285
286
287
288
289
290		sub IfconfigIface {
291
292		my ($iface) = $_[0];
293		open(NET, "$pathto_ifconfig $iface \|") \|\| die "can't run ifconfig: $!";
294		while (<NET>)
295		{
296		print $_;
297		}
298		close(NET) \|\| die "can't close ifconfig: $!";
299		print "\n";
300		}
301
302
303
304
305
306
307
308
309		sub InterfacesReport ()
310		{
311
312		print "\n\n------------- Network Interfaces ---------------\n\n";
313		print "Ethernet : $total_ethernet_iface\n";
314		print "Other : $total_other_iface\n";
315		print "Total : $total_iface\n";
316		print "\n\n------------- Ethernet -------------------------\n\n";
317
318		if ($OSname eq "Linux") {
319		foreach $element (@ethernet_iface_list) { print "$element"; }
320		}
321		else
322		{
323		foreach $element (@short_ethernet_iface_list) { IfconfigIface ($element);}
324		}
325
326
327
328
329		print "\n\n------------- Other ----------------------------\n\n";
330		if ($OSname eq "Linux") {
331
332		foreach $element (@other_iface_list) { print "$element"; }
333
334		}
335		else
336		{
337		foreach $element (@short_other_iface_list) { IfconfigIface ($element); }
338		}
339
340
341
342		print "\n\n------------- Network Interfaces ---------------\n\n";
343		print "\n";
344		}
345
346		sub InterfacesCheck
347		{
348		if ($OSname eq "Linux") {
349
350		my $cmd_to_show_int="";
351
352		$cmd_to_show_int="$pathto_ifconfig -a";
353
354		open(NET, "$cmd_to_show_int \|") \|\| die "can't use $cmd_to_show_int: $!";
355		while (<NET>)
356		{
357		if ($_ =~ /Link/ ){# grep Link
358		if ($_ =~ /Ether/ ){# grep Ether
359		($if_name,$msg)=split(/ +/, $_ , 2);
360		if ($if_name =~ /(\S+)/ ) {
361		push (@ethernet_iface_list, $_);
362		push (@short_ethernet_iface_list, $if_name);
363		$total_ethernet_iface++;
364		$total_iface++;
365		}
366		}
367		else
368		{
369		($if_name,$msg)=split(/ +/, $_ , 2);
370		if ($if_name =~ /(\S+)/ ) {
371		push (@other_iface_list, $_);
372		push (@short_other_iface_list, $if_name);
373		$total_other_iface++;
374		$total_iface++;
375		}
376		}
377		}
378		}
379		close(NET) \|\| die "can't use $cmd_to_show_int: $!";
380
381		}
382
383		elsif ($OSname eq "SunOS") {
384
385		# Representative 'ifconfig -a' output from a local zone
386		# (global zone is similar, but has the top-level lo0, in0, etc)
387		# as well.
388		#lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
389		# inet 127.0.0.1 netmask ff000000
390		#in0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
391		# inet 192.168.1.31 netmask ffffff00 broadcast 192.168.1.255
392		#local1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 4
393		# inet 172.16.0.3 netmask fffffff8 broadcast 172.16.0.7
394		#out0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
395		# inet 184.105.220.67 netmask fffffff8 broadcast 184.105.220.71
396		#lo0:1: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
397		# inet6 ::1/128
398
399		# Run through twice; a single interface plumbed with both IPv4 and IPv6
400		# can be listed separately, but shouldn't count as two interfaces
401		foreach my $ip (qw( 4 6 )) {
402		open(NET, "$pathto_ifconfig -a$ip \|") \|\| die "can't run '$pathto_ifconfig -a$ip': $!";
403		while (<NET>)
404		{
405		if ($_ =~ /^(\w+\d+(?::\d+)?): flags=\d+<[^>]+> mtu (\d+)/) {
406		($if_name, $mtu) = ($1, $2);
407		if (! grep { $_ eq $if_name } (@ethernet_iface_list, @other_iface_list)) {
408		# Not seen before; process it
409		$total_iface++;
410		if ($mtu == 1500) {
411		# Guess that it's ethernet
412		push @ethernet_iface_list, $if_name;
413		push @short_ethernet_iface_list, $if_name;
414		$total_ethernet_iface++;
415		} else {
416		push @other_iface_list, $if_name;
417		push @short_other_iface_list, $if_name;
418		$total_other_iface++;
419		}
420		}
421		}
422		}
423		close(NET) \|\| die "can't use '$pathto_ifconfig -a$ip': $!";
424		}
425
426		}
427		else
428		{
429
430
431		open(NET, "netstat -i \|") \|\| die "can't run netstat: $!";
432		while (<NET>)
433		{
434		if (($_ =~ /Name/ ) == 0 ) {# grep -v Name
435		if ($_ =~ /1500/ ){# grep Ether
436		($if_name,$msg)=split(/ +/, $_ , 2);
437		if ($if_name =~ /(\S+)/ ) {
438		push (@ethernet_iface_list, $_);
439		push (@short_ethernet_iface_list, $if_name);
440		$total_ethernet_iface++;
441		$total_iface++;
442		}
443		}
444		else
445		{
446		($if_name,$msg)=split(/ +/, $_ , 2);
447		if ($if_name =~ /(\S+)/ ) {
448		push (@other_iface_list, $_);
449		push (@short_other_iface_list, $if_name);
450		$total_other_iface++;
451		$total_iface++;
452		}
453		}
454		}
455		}
456		close(NET) \|\| die "can't run fconfig: $!";
457
458		}
459
460
461		}
462
463		InterfacesCheck();
464		InterfacesReport();
465		if ($Detail > 10) {
466		ListeningSockets();
467		}
468		NetworkStats();
469		if ($Detail > 5) {
470		routingState();
471		routingCapabilities();
472		routingReport();
473		}
	81	sub routingCapabilities () {
	82	print "\n\n------------- Routing capabilities----------\n\n";
	83	chkcfg('routed');
	84	chkcfg('gated');
	85	chkcfg('zebra');
	86	chkcfg('ripd');
	87	chkcfg('ripngd');
	88	chkcfg('isisd');
	89	chkcfg('ospfd');
	90	chkcfg('ospf6d');
	91	chkcfg('bgpd');
	92	if ( -f $pathto_vtysh ) {
	93	print "\n";
	94	system("$pathto_vtysh -e 'sh ver'");
	95	}
	96
	97	if ($OSname eq "SunOS") {
	98	if ( ($release eq "5.10") \|\| ($release eq "5.11") ) {
	99	if ( -f $pathto_routeadm) {
	100	open(FILE1, "$pathto_routeadm -p \|") \|\| die "can't open $!";
	101	while (<FILE1>) {
	102	print $_;
	103	}
	104	close(FILE1) \|\| die "can't close $!";
	105	}
	106	}
	107	}
	108	print "\n\n------------- Routing capabilities----------\n\n";
	109	print "\n";
	110	}
	111
	112	sub routingState () {
	113	print "\n\n------------- Routing states ---------------\n\n";
	114	if ($OSname eq "Linux") {
	115	if ( -f $pathto_sysctl_conf) {
	116	open(SYSCTL, "< $pathto_sysctl_conf") \|\| die "can't open $!";
	117	while (<SYSCTL>) {
	118	if ($_ =~ /ip_forward/ ) {
	119	print "IP Forwarding enabled";
	120	}
	121	}
	122	}
	123	else {
	124	open(SYSCTL,"< /proc/sys/net/ipv4/ip_forward") \|\| die "can't open $!";
	125	while (<SYSCTL>) {
	126	print "/proc/sys/net/ipv4/ip_forward set to $_";
	127	}
	128	close(SYSCTL) \|\| die "can't close $!";
	129	}
	130	}
	131	elsif ($OSname eq "SunOS") {
	132	if ( ($release eq "5.10") \|\| ($release eq "5.11") ) {
	133	if ( -f $pathto_routeadm) {
	134	open(FILE1, "$pathto_routeadm -p \|") \|\| die "can't open $!";
	135	while (<FILE1>) {
	136	if (/ipv(\d+)-forwarding .*default=(\S+) current=(\S+)/) {
	137	print "IPv$1 forwarding is $3 (normal state is $2)\n";
	138	}
	139	}
	140	close(FILE1) \|\| die "can't close $!";
	141	}
	142	}
	143	}
	144
	145	else {
	146	print "Unable to find routing information in your system.\n";
	147	}
	148	print "\n\n------------- Routing states ---------------\n\n";
	149	print "\n";
	150	}
	151
	152	sub routingReport () {
	153	print "\n\n------------- Network routes ---------------\n\n";
	154	if ($OSname eq "Linux") {
	155	open(NET, "netstat -r -n \|") \|\| die "can't run netstat: $!";
	156	while (<NET>) {
	157	print $_;
	158	}
	159	close(NET) \|\| die "can't close netstat: $!";
	160	}
	161	else {
	162	open(NET, "netstat -r -n \|") \|\| die "can't run netstat: $!";
	163	while (<NET>) {
	164	print $_;
	165	}
	166	close(NET) \|\| die "can't close netstat: $!";
	167	}
	168	print "\n\n------------- Network routes ---------------\n\n";
	169	print "\n";
	170	}
	171
	172	sub ListeningSockets () {
	173	print "\n\n------------- Listening sockets ---------------\n\n";
	174	if ($OSname eq "Linux") {
	175	open(NET, "netstat -lnptu \|") \|\| die "can't run netstat: $!";
	176	while (<NET>) {
	177	print $_;
	178	}
	179	close(NET) \|\| die "can't run netstat: $!";
	180	}
	181	else {
	182	open(NET, "netstat -a -n \|") \|\| die "can't run netstat: $!";
	183	while (<NET>) {
	184	if ($_ =~ /LISTEN/ ) {# grep LISTEN
	185	if (($_ =~ /LISTENING/ ) == 0 ) { # grep -v LISTENING
	186	print $_;
	187	}
	188	}
	189	}
	190	close(NET) \|\| die "can't run netstat: $!";
	191	}
	192	print "\n\n------------- Listening sockets ---------------\n\n";
	193	print "\n";
	194	}
	195
	196	sub NetworkStats() {
	197	print "\n\n------------- Network statistics ---------------\n\n";
	198	if ($OSname eq "Linux") {
	199	my $cmd_to_show_int="";
	200	if ( -f $pathto_ip) {
	201	$cmd_to_show_int=$pathto_ip." -s -h a";
	202	}
	203	else {
	204	$cmd_to_show_int="$pathto_ifconfig -s -a";
	205	}
	206	open(NET, "$cmd_to_show_int \|") \|\| die "can't run $cmd_to_show_int: $!";
	207	while (<NET>) {
	208	print $_;
	209	}
	210	close(NET) \|\| die "can't close $cmd_to_show_int: $!";
	211	}
	212	else {
	213	my $netstat_cmd = "netstat -i";
	214	if ($OSname eq "SunOS") {
	215	$netstat_cmd .= " -a";
	216	}
	217	open(NET, "$netstat_cmd \|") \|\| die "can't run netstat: $!";
	218	while (<NET>) {
	219	print $_;
	220	}
	221	close(NET) \|\| die "can't close netstat: $!";
	222	}
	223	print "\n\n------------- Network statistics ---------------\n\n";
	224	print "\n";
	225	}
	226
	227	NetworkStats();
	228	ListeningSockets();
	229	if ($Detail > 5) {
	230	routingState();
	231	routingCapabilities();
	232	routingReport();
	233	}
474	234
475	235	# vi: shiftwidth=3 tabstop=3 syntax=perl et
476	236	# Local Variables:

-2

scripts/shared/applystddate less more

24	24	# customize the Timefilter by appending a string:
25	25	# *ApplyStdDate = "%H:%M %d/%m/%Y"
26	26	$SearchDate = TimeFilter($ARGV[0] \|\| '%b %e %H:%M:%S ');
27		$SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S(:?\.[0-9]+)?(:?[+-][0-9]{2}:[0-9]{2}\|Z) ');
	27	$SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S(:?\.[0-9]+)?(:?[+-][0-9]{2}:?[0-9]{2}\|Z) ');
28	28
29	29	# The date might be "Dec 09", but it needs to be "Dec 9"...
30	30	#$SearchDate =~ s/ 0/ /;

39	39	if ($ThisLine =~ m/^$SearchDate/o) {
40	40	print $ThisLine;
41	41	} elsif ($ThisLine =~ /^$SearchDateRsyslog/o) {
42		$ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(:?\.[0-9]+)?(:?[+-][0-9]{2}:[0-9]{2}\|Z) //o;
	42	$ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(:?\.[0-9]+)?(:?[+-][0-9]{2}:?[0-9]{2}\|Z) //o;
43	43	print POSIX::strftime("%b %e %H:%M:%S", $6, $5, $4, $3, $2-1, $1 - 1900) . " " . $ThisLine;
44	44	} elsif ($ThisLine =~ m/(Mon\|Tue\|Wed\|Thu\|Fri\|Sat\|Sun) $SearchDate\d{4}/o) {
45	45	print $ThisLine;