Import upstream version 7.5.5
Willi Mann authored 3 years ago
Debian Janitor committed 3 years ago
340 | 340 | When specifying filenames for either the LogFile or Archive statements, |
341 | 341 | you can use standard regexps (for example, *, ?, or [0-9]). In addition, |
342 | 342 | filenames with spaces are possible by enclosing them in single quotes. |
343 | Similarly, filename case can be preserved by quoting the filename. | |
344 | Single-quoted strings do not expand regexp characters; double-quoted | |
345 | strings do. | |
343 | 346 | |
344 | 347 | For either the LogFile or Archive statements, the corresponding files |
345 | 348 | need not exist. In that case, the statement is ignored. Because of this, |
0 | Copyright (c) 2002-2018 Kirk Bauer | |
0 | Copyright (c) 2002-2021 Kirk Bauer | |
1 | 1 | |
2 | 2 | Permission is hereby granted, free of charge, to any person obtaining a copy of |
3 | 3 | this software and associated documentation files (the "Software"), to deal in |
0 | 0 | <!-- Start footer.html --> |
1 | 1 | <div class=\"copyright\"> |
2 | 2 | <hr> |
3 | <p>Logwatch ©Copyright 2002-2006 Kirk Bauer</p> | |
3 | <p>Logwatch ©Copyright 2002-2021 Kirk Bauer</p> | |
4 | 4 | <p> |
5 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of |
6 | 6 | this software and associated documentation files (the "Software"), to deal in |
7 | 7 | h2 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; } |
8 | 8 | h3 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; } |
9 | 9 | th {background: #6D88AD; text-align: left; font-family: sans-serif; } |
10 | td {background: #EFEFEF; text-align: left; font-family: courier,serif; font-size: 10px; } | |
10 | td {background: #EFEFEF; text-align: left; font-family: monospace; font-size: 10px; } | |
11 | 11 | li { font-family: sans-serif; } |
12 | 12 | .ref {padding-left: 1%; } |
13 | 13 | .service {padding-left: 1%; } |
0 | 0 | # What actual file? Defaults to LogPath if not absolute path.... |
1 | 1 | LogFile = dnf.rpm.log |
2 | 2 | |
3 | # Logrotate format | |
3 | 4 | Archive = dnf.rpm.log-* |
5 | # DNF internal rotation format | |
6 | Archive = dnf.rpm.log.* | |
4 | 7 | |
5 | 8 | # Keep only the lines in the proper date range... |
6 | 9 | *ApplyStdDate = "%b %d %H:%M:%S" |
13 | 13 | LogFile = messages |
14 | 14 | |
15 | 15 | # Only give lines pertaining to the OMSA service... |
16 | *OnlyService = lvm | |
16 | *OnlyService = "(?:lvm|dmeventd)" | |
17 | 17 | *RemoveHeaders |
18 | 18 | |
19 | 19 | ######################################################### |
42 | 42 | # specified threshold |
43 | 43 | #$illegal_users_threshold = 4 |
44 | 44 | |
45 | # Set to No to disable IP lookups | |
46 | $sshd_ip_lookup = Yes | |
47 | ||
45 | 48 | |
46 | 49 | ######################################################## |
47 | 50 | # This was written and is maintained by: |
0 | 0 | Summary: Analyzes and Reports on system logs |
1 | 1 | Name: logwatch |
2 | Version: 7.5.4 | |
2 | Version: 7.5.5 | |
3 | 3 | Release: 1 |
4 | 4 | License: MIT |
5 | 5 | Group: Applications/System |
9 | 9 | |
10 | 10 | ######################################################## |
11 | 11 | # Specify version and build-date: |
12 | my $Version = '7.5.4'; | |
13 | my $VDate = '07/22/20'; | |
12 | my $Version = '7.5.5'; | |
13 | my $VDate = '01/22/21'; | |
14 | 14 | |
15 | 15 | ####################################################### |
16 | 16 | # Logwatch was originally written by: |
291 | 291 | if ( $Config{'encode'} eq "base64" ) { |
292 | 292 | eval "require MIME::Base64"; |
293 | 293 | if ($@) { |
294 | print STDERR "No MIME::Base64 installed can not use --encode\n"; | |
294 | print STDERR "No MIME::Base64 installed; can not use --encode\n"; | |
295 | 295 | } else { |
296 | 296 | import MIME::Base64; |
297 | 297 | } |
1201 | 1201 | if ( $Config{'encode'} eq "base64" ) { |
1202 | 1202 | $out_mime .= "Content-transfer-encoding: base64\n"; |
1203 | 1203 | } else { |
1204 | $out_mime .= "Content-Transfer-Encoding: 7bit\n"; | |
1204 | $out_mime .= "Content-Transfer-Encoding: 8bit\n"; | |
1205 | 1205 | } |
1206 | 1206 | #Config{output} html |
1207 | 1207 | if ( $Config{'format'} eq "html" ) { |
1512 | 1512 | #Printing starts here $out_mime $out_head $out_reference $out_body $out_foot |
1513 | 1513 | if (defined fileno OUTFILE) { |
1514 | 1514 | print OUTFILE $out_mime if $out_mime; |
1515 | if ( $Config{'encode'} eq "base64" ) { | |
1516 | 1515 | my $out = ''; |
1517 | 1516 | $out .= $out_head if $out_head; |
1518 | 1517 | $out .= $out_reference if $out_reference; |
1521 | 1520 | $out_body{$_} = ''; #We should track this down out_body could be an array instead also -mgt |
1522 | 1521 | } |
1523 | 1522 | $out .= $out_foot if $out_foot; |
1523 | if ( $Config{'encode'} eq "base64" ) { | |
1524 | 1524 | print OUTFILE encode_base64($out); |
1525 | 1525 | } else { |
1526 | print OUTFILE $out_head if $out_head; | |
1527 | print OUTFILE $out_reference if $out_reference; | |
1528 | foreach ( 0 .. $index_par ) { | |
1529 | print OUTFILE $out_body{$_} if defined( $out_body{$_} ); | |
1530 | $out_body{$_} = ''; | |
1531 | } | |
1532 | print OUTFILE $out_foot if $out_foot; | |
1526 | print OUTFILE $out; | |
1533 | 1527 | } |
1534 | 1528 | } |
1535 | 1529 | #ends here |
35 | 35 | use strict; |
36 | 36 | use Logwatch ':all'; |
37 | 37 | |
38 | my (%denials, %grants, %loads); | |
38 | my (%denials, %allowed, %loads); | |
39 | 39 | my %OtherList; |
40 | 40 | my $othercount = 0; |
41 | 41 | my $Debug = ($ENV{'LOGWATCH_DEBUG'} || 0); |
54 | 54 | my $ThisLine; |
55 | 55 | my %Warning = (); |
56 | 56 | my %AuditctlStatus = (); |
57 | my %unconfineds = (); | |
57 | 58 | |
58 | 59 | print STDERR "\n\nDEBUG: Inside audit filter\n\n" if ( $Debug >= 5 ); |
59 | 60 | |
127 | 128 | $AuditctlStatus{$status}++; |
128 | 129 | } elsif ( $ThisLine =~ /audit\([0-9]+\.[0-9]+:[0-9]+\): apparmor=/) { |
129 | 130 | # AppArmor |
130 | if ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load|replace)" name="([^"]+)"/ ) { | |
131 | if ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load|replace)" (?:profile="unconfined")?name="([^"]+)"/ ) { | |
131 | 132 | # type=1400 audit(1314853473.168:33616): apparmor="STATUS" operation="profile_replace" name="/usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI" pid=26566 comm="apparmor_parser" |
132 | 133 | $loads{$2}++; |
133 | } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" parent=\d+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) { | |
134 | } elsif ( $ThisLine =~ /apparmor="STATUS" operation="profile_(load|replace)" profile="unconfined" name="([^"]+)"/ ) { | |
135 | # type=1400 audit(1462209116.753:18): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/named" pid=22094 comm="apparmor_parser" | |
136 | # type=1400 audit(1462209262.641:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1760 comm="apparmor_parser" | |
137 | $unconfineds{$2}++; | |
138 | } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" (?:parent=\d+ )?profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) { | |
134 | 139 | # type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33 |
135 | 140 | # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0 |
141 | # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s) | |
136 | 142 | $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++; |
143 | } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" info="([^"]+)" error=-*[0-9]+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) { | |
144 | # type=1400 audit(1597690743.153:8073): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-open-iscsi-review-mp389234-groovy_</var/snap/lxd/common/lxd>" name="/run/" pid=1694826 comm="mount" flags="rw, nosuid, nodev, remount": 1 Time(s) | |
145 | $denials{$1.' '.$4.' ('.$3.' via '.$5 .': '.$2. ')'}++; | |
137 | 146 | } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) { |
138 | 147 | # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12" |
139 | 148 | # type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill" |
148 | 157 | if ( $ThisLine =~ /avc:\s*denied\s*{\s*([^}]+).*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { |
149 | 158 | $denials{$2.' '.$3.' ('.$1.$4 . ')'}++; |
150 | 159 | } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*([^}]+).*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { |
151 | $grants{$2.' '.$3.' ('.$1.$4 . ')'}++; | |
160 | $allowed{$2.' '.$3.' ('.$1.$4 . ')'}++; | |
152 | 161 | } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { |
153 | 162 | $InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++; |
154 | 163 | } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { |
161 | 170 | if ( $ThisLine =~ /avc:\s*denied\s*{\s*[^}]+.*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { |
162 | 171 | $denials{$1.' '.$2.' ('.$3 . ')'}++; |
163 | 172 | } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*[^}]+}.*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { |
164 | $grants{$1.' '.$2.' ('.$3 . ')'}++; | |
173 | $allowed{$1.' '.$2.' ('.$3 . ')'}++; | |
165 | 174 | } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) { |
166 | 175 | $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++; |
167 | 176 | } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { |
174 | 183 | if ( $ThisLine =~ /avc:\s*denied\s*{\s*[^}]+.*scontext=([^:]+):[^:]+:\S+\s*tcontext=([^:]+):[^:]+:\S+\s*tclass=(\S+)/ ) { |
175 | 184 | $denials{$1.' '.$2.' ('.$3 . ')'}++; |
176 | 185 | } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*[^}]+.*scontext=([^:]+):[^:]+:\S+\s*tcontext=([^:]+):[^:]+:\S+\s*tclass=(\S+)/ ) { |
177 | $grants{$1.' '.$2.' ('.$3 . ')'}++; | |
186 | $allowed{$1.' '.$2.' ('.$3 . ')'}++; | |
178 | 187 | } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) { |
179 | 188 | $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++; |
180 | 189 | } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { |
199 | 208 | } |
200 | 209 | } |
201 | 210 | |
202 | if ( keys %grants ) { | |
203 | print "\n\n*** Grants ***\n"; | |
204 | foreach my $key (sort keys %grants) { | |
205 | print " $key: ". $grants{$key} . " times\n"; | |
211 | if ( keys %allowed ) { | |
212 | print "\n\n*** Allowed ***\n"; | |
213 | foreach my $key (sort keys %allowed) { | |
214 | print " $key: ". $allowed{$key} . " times\n"; | |
206 | 215 | } |
207 | 216 | } |
208 | 217 | |
219 | 228 | print " $key: ". $loads{$key} . " times\n"; |
220 | 229 | } |
221 | 230 | } |
222 | ||
223 | 231 | |
224 | 232 | if ($Detail and $NumberOfDStarts+$NumberOfDStartsPid) { |
225 | 233 | print "\n Number of audit daemon starts: ",$NumberOfDStarts+$NumberOfDStartsPid," \n"; |
57 | 57 | ( $ThisLine =~ /^Unix socket file/ ) or |
58 | 58 | ( $ThisLine =~ /^Protecting against \d+ viruses\./ ) or |
59 | 59 | ( $ThisLine =~ /^Reading databases from/ ) or |
60 | ( $ThisLine =~ /^Activating the newly loaded database/ ) or | |
60 | 61 | ( $ThisLine =~ /file removed\./ ) or |
61 | 62 | ( $ThisLine =~ / (?:dis|en)abled\.$/ ) or |
62 | 63 | ( $ThisLine =~ /^Archive/ ) or |
78 | 78 | ($line =~ /^Solicit message from/) or |
79 | 79 | ($line =~ /^Sending Advertise to/) or |
80 | 80 | ($line =~ /^pool [0-9a-f]+ /) or |
81 | ($line =~ /^[^ ]* file: /) | |
81 | ($line =~ /^[^ ]* file: /) or | |
82 | ($line =~ /^reuse_lease: lease age \d+ \(secs\) under \d+\% threshold, reply with unaltered, existing lease for/) or | |
83 | 0 # noop, but makes diffs easier when appending ignore statements | |
82 | 84 | ) { |
83 | 85 | # Ignore these lines |
84 | 86 | } elsif ($line =~ s/Listening on\s+//) { |
118 | 120 | ($line =~ /^of the dhcpd.conf file\./) |
119 | 121 | ) { |
120 | 122 | # Do nothing |
123 | } elsif ($line =~ /lease age \d+ \(secs\) under \d+% threshold, reply with unaltered, existing lease/) { | |
124 | # Do nothing | |
121 | 125 | |
122 | 126 | } elsif ($line =~ s/^exiting./DHCP server exiting./) { |
123 | 127 | $data{'Generic error'}{$line}++; |
74 | 74 | my %ProxyLoginIMAP; |
75 | 75 | my %ProxyLoginPOP3; |
76 | 76 | my %SieveLogin; |
77 | my %UnknownUsers; | |
77 | 78 | my %VacationDup; |
78 | 79 | my %VacationResponse; |
79 | 80 | |
114 | 115 | my $dovecottag = qr/dovecot(?:\[\d+\])?:(?:\s*\[[^]]+\])?/; |
115 | 116 | |
116 | 117 | while (defined(my $ThisLine = <STDIN>)) { |
117 | # The *RemoveHeaders script is now invoked in the service configuration file | |
118 | # so this next line is no longer needed | |
119 | #$ThisLine =~ s/^\w{3} .\d \d\d:\d\d:\d\d (?:[^\s:]* |)//; | |
120 | 118 | if ( ($ThisLine =~ /(?:ssl-build-param|ssl-params): SSL parameters regeneration completed/) or |
121 | 119 | ($ThisLine =~ /ssl-params: Generating SSL parameters/) or |
122 | 120 | ($ThisLine =~ /auth-worker/) or |
170 | 168 | $ConnectionSieve{$Host}++; |
171 | 169 | $Connection{$Host}++; |
172 | 170 | } |
171 | } elsif (my ($User) = ( $ThisLine =~ /auth: (?:pam|passwd-file)\((.*),.*\): unknown user/ ) ) { | |
172 | $UnknownUsers{$User}++; | |
173 | 173 | |
174 | 174 | # 'lda' for dovecot 2.0, 'deliver' for earlier versions |
175 | 175 | } elsif (my ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\)(?:<[^>]+><[^>]+>)?: msgid=.*: saved mail to (.*)/ ) ) { |
656 | 656 | } |
657 | 657 | } |
658 | 658 | |
659 | if (keys %UnknownUsers) { | |
660 | my $UserCount = 0; | |
661 | foreach my $User (keys %UnknownUsers) { | |
662 | $UserCount += $UnknownUsers{$User}; | |
663 | } | |
664 | print "\n\nUnknown users blocked: $UserCount Total\n"; | |
665 | if ($Detail >= 10) { | |
666 | foreach my $User (sort keys %UnknownUsers) { | |
667 | print " $UnknownUsers{$User} $User\n"; | |
668 | } | |
669 | } | |
670 | } | |
671 | ||
659 | 672 | if (keys %OtherList) { |
660 | 673 | print "\n\n**Unmatched Entries**\n"; |
661 | 674 | foreach my $line (sort {$a cmp $b} keys %OtherList) { |
92 | 92 | $KeepEnv++ if $MatchedDate; |
93 | 93 | next; |
94 | 94 | } |
95 | if ( $ThisLine =~ /^ Suggested action: either install a certificate or change tls_advertise_hosts option/ ) { | |
96 | push @SelfSignedH, $ThisLine; | |
97 | next; | |
98 | } | |
95 | 99 | $BadFormat{$ThisLine}++; |
96 | 100 | next; |
97 | 101 | } unless ($year1,$month1,$day1,$h1,$m1,$s1) = ($ThisLine =~ /^(\d+)\-(\d+)\-(\d+)\s(\d+):(\d+):(\d+)\s.+/); |
264 | 268 | elsif ( $ThisLine =~ /no IP address found for host/ ) { |
265 | 269 | $Lookup++; |
266 | 270 | push @LookupH, $ThisLine; |
271 | } | |
272 | elsif ( $ThisLine =~ /No server certificate defined; will use a selfsigned one/ ) { | |
273 | $SelfSigned++; | |
274 | push @SelfSignedH, $ThisLine; | |
267 | 275 | } |
268 | 276 | elsif ( $ThisLine =~ /DKIM: .* \[verification succeeded\]/ ) { |
269 | 277 | # Ignore successful DKIM verification reports |
317 | 325 | $StartQueue and print " Start queue run: $StartQueue Time(s)\n"; |
318 | 326 | # End Queue |
319 | 327 | $EndQueue and print " End queue run: $EndQueue Time(s)\n"; |
328 | } | |
329 | } | |
330 | ||
331 | if (@SelfSignedH) { | |
332 | print "\n--- Self-Signed Certificate in use ($SelfSigned Time(s))\n"; | |
333 | ||
334 | if ($Detail >= $LvlMsgs) { | |
335 | foreach $ThisOne (@SelfSignedH) { | |
336 | print "$ThisOne\n"; | |
337 | } | |
320 | 338 | } |
321 | 339 | } |
322 | 340 | |
748 | 766 | } |
749 | 767 | } |
750 | 768 | } |
769 | ||
751 | 770 | } |
752 | 771 | } |
753 | 772 |
65 | 65 | ($ThisLine =~ /INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using|Connected to |rollover performed)/) or # syntax of 0.7.? fail2ban |
66 | 66 | ($ThisLine =~ /..,... WARNING: Verbose level is /) or |
67 | 67 | ($ThisLine =~ /..,... WARNING: Restoring firewall rules/) or |
68 | ($ThisLine =~ /WARNING Determined IP using DNS Lookup: [^ ]+ = \['[^']+'\]/) or | |
68 | ($ThisLine =~ /WARNING Determined IP using DNS Lookup/) or | |
69 | 69 | ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or |
70 | 70 | ($ThisLine =~ /INFO\s+Initiated '.*' backend/) or |
71 | 71 | ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or |
36 | 36 | my %MonitoringOff; |
37 | 37 | my %MonitoringSnapshot; |
38 | 38 | my %MonitoringSnapshotOff; |
39 | my %Resize; | |
39 | 40 | my %OtherList; |
40 | 41 | |
41 | 42 | while (defined(my $ThisLine = <STDIN>)) { |
46 | 47 | or $ThisLine =~ /pvscan\[\d+\] VG .* run autoactivation/ |
47 | 48 | # This happens often at startup |
48 | 49 | or $ThisLine =~ /^WARNING: lvmetad is being updated, retrying/ |
50 | # This happens when dmeventd autostarted | |
51 | or $ThisLine =~ /dmeventd ready for processing\.$/ | |
52 | or $ThisLine =~ /dmeventd shutting down\.$/ | |
53 | or $ThisLine =~ /dmeventd was idle for .*, exiting\.$/ | |
54 | # Misc cleanups | |
55 | or $ThisLine =~ /Logical volume .* successfully resized/ | |
49 | 56 | ) { |
50 | 57 | # Ignore |
51 | 58 | } elsif ($ThisLine =~ /^(?:WARNING: )?Thin (\S+) is now (\d+(\.\d+)?)% full/) { |
68 | 75 | $MonitoringOff{$2}++; |
69 | 76 | } elsif ($ThisLine =~ /^(\d+) logical volume\(s\) in volume group "(\S+)" now active/) { |
70 | 77 | $Active{$2}=$1; |
78 | } elsif ($ThisLine =~ /^Size of logical volume (\S+) changed from (.*) to (.*)\.$/) { | |
79 | $Resize{$1}="$3" | |
71 | 80 | } else { |
72 | 81 | $OtherList{$ThisLine}++; |
73 | 82 | } |
93 | 102 | print "Snapshot Usage:\n"; |
94 | 103 | foreach my $Snapshot (sort {$a cmp $b} keys %SnapshotUsed) { |
95 | 104 | print " $Snapshot: $SnapshotUsed{$Snapshot}% full\n"; |
105 | } | |
106 | print "\n"; | |
107 | } | |
108 | ||
109 | if (keys %Resize) { | |
110 | print "Resize snapshot:\n"; | |
111 | foreach my $Snapshot (sort {$a cmp $b} keys %Resize) { | |
112 | print " $Snapshot: $Resize{$Snapshot}\n"; | |
96 | 113 | } |
97 | 114 | print "\n"; |
98 | 115 | } |
78 | 78 | ($ThisLine =~ /recvfrom: No route to host/) or |
79 | 79 | # Be sure to catch: transfer of 'zone' from IP#53: failed to connect: timed out |
80 | 80 | # not exact just triggers a full transfer |
81 | ($ThisLine =~ /transfer of .*: (IXFR|AXFR(|-style IXFR) (started|ended)|connected using|failed while receiving responses: not exact)/) or | |
82 | ($ThisLine =~ /Transfer status: success/) or | |
81 | ($ThisLine =~ /transfer of .*: (:?IXFR|AXFR(:?|-style IXFR) (:?started|ended)|connected using|failed while receiving responses: not exact)/) or | |
82 | # This will generate another error that we will catch | |
83 | ($ThisLine =~ /transfer of .*: resetting/) or | |
84 | ($ThisLine =~ /Transfer status: (:?success|up to date)/) or | |
83 | 85 | ($ThisLine =~ /using \d+ CPU/) or |
84 | 86 | ($ThisLine =~ /loading configuration/) or |
85 | 87 | ($ThisLine =~ /command channel listening/) or |
160 | 162 | ($ThisLine =~ /using built-in keys instead/) or |
161 | 163 | ($ThisLine =~ /set up managed keys zone/) or |
162 | 164 | ($ThisLine =~ /managed-keys-zone.*key now trusted/) or |
163 | ($ThisLine =~ /dhcpupdate: forwarding update for zone/) or | |
165 | ($ThisLine =~ /key .*: forwarding update for zone/) or | |
164 | 166 | ($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET|YXDOMAIN)/) or |
165 | 167 | ($ThisLine =~ /using .* as GeoIP directory/) or |
166 | 168 | ($ThisLine =~ /GEO-.* Build/) or |
212 | 214 | $DeniedZoneTransfers{$Host}{$Zone}++; |
213 | 215 | } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) { |
214 | 216 | $DeferredZoneTransfers{$Zone}++; |
215 | } elsif ( ($Zone, $Host) = ( $ThisLine =~ /transfer of '(.+)' from ([^\#]+)#[^\:]+: (failed|(Transfer status|giving up): ((network|host) unreachable|timed out|connection refused))/ ) ) { | |
217 | } elsif ( ($Zone, $Host) = ( $ThisLine =~ /transfer of '(.+)' from ([^\#]+)#[^\:]+: (failed|(Transfer status|giving up): ((network|host) unreachable|timed out|connection refused|REFUSED))/ ) ) { | |
216 | 218 | $FailedZoneTransfers{$Host}{$Zone}++; |
217 | 219 | } elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) { |
218 | 220 | $ZoneLoaded{"cache $Zone"}++; |
62 | 62 | next if (($Message =~ /^Controller event log: Time established as/) and ($Detail < 10)); |
63 | 63 | next if (($Message =~ /^Controller event log: Unexpected sense: Encl PD .* CDB: 12 00 00 00 (:?04|20) 00, Sense: 5\/24\/00/) and ($IgnoreNonCertifiedDrives)); |
64 | 64 | next if (($Message =~ /^Controller event log: Unexpected sense: PD .* CDB: 12 01 dc 01 1d 00, Sense: (4\/cf|5\/24)\/00/) and ($IgnoreNonCertifiedDrives)); |
65 | next if (($Message =~ /^Unexpected sense. SCSI sense data: Sense key: 5 Sense code: 24 Sense qualifier: 0:/) and ($IgnoreNonCertifiedDrives)); | |
65 | 66 | next if (($Message =~ /^Disk found is not supplied by an authorized hardware provider/) and ($IgnoreNonCertifiedDrives)); |
66 | 67 | next if (($Message =~ /^The battery charge cycle is complete\./) and ($Detail < 5)); |
67 | 68 | next if (($Message =~ /^The controller battery Learn cycle will start in (?:\d+) days\./) and ($Detail < 5)); |
124 | 124 | ($ThisLine =~ /^TCP\/UDP: Dynamic remote address changed during TCP connection establishment/) or |
125 | 125 | ($ThisLine =~ /^TCP\/UDP: Preserving recently used remote address: /) or |
126 | 126 | ($ThisLine =~ /^TCP connection established with [\d.]+:\d+/) or |
127 | ($ThisLine =~ /^TCP connection established with \[AF_INET6?\]/) or | |
127 | 128 | ($ThisLine =~ /^TCPv\d_(CLIENT|SERVER) link (local|remote)/) or |
128 | 129 | ($ThisLine =~ /^TLS-Auth MTU parms/) or |
129 | 130 | ($ThisLine =~ /^TLS: Initial packet from/) or |
2285 | 2285 | #TDpg unrecognized request type: '' |
2286 | 2286 | #TDpg rm /var/spool/postfix/postgrey/log.0000000002 |
2287 | 2287 | #TDpg 2007/01/25-14:48:00 Pid_file already exists for running process (4775)... aborting at line 232 in file /usr/lib/perl5/vendor_perl/5.8.7/Net/Server.pm |
2288 | ||
2288 | #TDpg Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4 | |
2289 | 2289 | |
2290 | 2290 | $line =~ /^cleaning / or |
2291 | 2291 | $line =~ /^delayed / or |
2300 | 2300 | # unanchored last |
2301 | 2301 | $line =~ /Pid_file already exists/ or |
2302 | 2302 | $line =~ /postgrey .* starting!/ or |
2303 | $line =~ /Server closing!/ | |
2303 | $line =~ /Server closing!/ or | |
2304 | $line =~ /Resolved .*localhost.*IPv4/ | |
2304 | 2305 | ); |
2305 | 2306 | |
2306 | 2307 | my ($action,$reason,$delay,$host,$ip,$sender,$recip); |
2607 | 2608 | sub postfix_error; |
2608 | 2609 | sub postfix_warning; |
2609 | 2610 | sub postfix_script; |
2611 | sub backwards_compatible; | |
2610 | 2612 | sub postfix_postsuper; |
2611 | 2613 | sub process_delivery_attempt; |
2612 | 2614 | sub cleanhostreply; |
2812 | 2814 | if ($p1 =~ /^fatal: +(.*)$/) { postfix_fatal($1); next; } |
2813 | 2815 | if ($p1 =~ /^panic: +(.*)$/) { postfix_panic($1); next; } |
2814 | 2816 | if ($p1 =~ /^error: +(.*)$/) { postfix_error($1); next; } |
2817 | ||
2818 | # Backwards compatibility mode | |
2819 | if ($p1 =~ /compati/i) { backwards_compatible($p1); next; } # backwards-compatible default settings | |
2815 | 2820 | |
2816 | 2821 | # output by all services that use table lookups - process before specific messages |
2817 | 2822 | if ($p1 =~ /(?:lookup )?table (?:[^ ]+ )?has changed -- (?:restarting|exiting)$/) { |
3585 | 3590 | |
3586 | 3591 | ### smtpd_tls_loglevel >= 1 |
3587 | 3592 | # Server TLS messages |
3588 | elsif (($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Anonymous|Trusted|Untrusted) )?TLS connection established from ([^[]+)\[([^]]+)\](?::\d+)?: (.*)$/)) { | |
3593 | elsif (($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Anonymous|Trusted|Untrusted) )?TLS connection established from ([^[]+)\[([^]]+)\](?::\d+)?(?: to [^:]+)?: (.*)$/)) { | |
3589 | 3594 | #TDsd TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) |
3590 | 3595 | # Postfix 2.5+: status: Untrusted or Trusted |
3591 | 3596 | #TDsd Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) |
4804 | 4809 | } |
4805 | 4810 | } |
4806 | 4811 | |
4812 | # Handles postfix backwards compatibility mode lines | |
4813 | # | |
4814 | sub backwards_compatible($) { | |
4815 | my $line = shift; | |
4816 | ||
4817 | if ($line =~ /^Postfix is running with backwards-compatible default settings/o) { | |
4818 | $Totals{'backwardscompatible'}++; | |
4819 | } | |
4820 | elsif ($line =~ /^See http.*COMPATIBILITY_README.html for details/o) { | |
4821 | $Totals{'backwardscompatible'}++; | |
4822 | } | |
4823 | elsif ($line =~ /^To disable backwards compatibility use.*/o) { | |
4824 | $Totals{'backwardscompatible'}++; | |
4825 | } | |
4826 | } | |
4827 | ||
4807 | 4828 | # Clean up a server's reply, to give some uniformity to reports |
4808 | 4829 | # |
4809 | 4830 | sub cleanhostreply($ $ $ $) { |
5211 | 5232 | add_section ($S, 'postfixwaiting', 0, 'd', 'Postfix waiting to terminate'); |
5212 | 5233 | end_section_group ($S, 'postfixstate'); |
5213 | 5234 | |
5235 | begin_section_group ($S, 'backwardscompatible', "\n"); | |
5236 | add_section ($S, 'backwardscompatible', 1, 'd', 'Running in backwards compatibile mode'); | |
5237 | end_section_group ($S, 'backwardscompatible'); | |
5214 | 5238 | |
5215 | 5239 | if ($Opts{'debug'} & Logreporters::D_SECT) { |
5216 | 5240 | print "\tSection table\n"; |
155 | 155 | ( $ThisLine =~ /sshguard\[\d+\]: (?:message repeated \d+ times: \[ )?\S+: not blocking /) or |
156 | 156 | ( $ThisLine =~ /sshguard\[\d+\]: Received EOF from stdin/) or |
157 | 157 | ( $ThisLine =~ /sshguard\[\d+\]: .*has already been blocked/) or |
158 | ( $ThisLine =~ /gnome-keyring-daemon\[\d+\]: asked to register item.*already registered/) or | |
158 | 159 | 0 # This line prevents blame shifting as lines are added above |
159 | 160 | ) { |
160 | 161 | # Ignore these entries |
353 | 354 | $pwd_file_too_short++; |
354 | 355 | } elsif ( ($User,$Su) = ($ThisLine =~ /^su: ([^ ]+) to ([^ ]+) on \/dev\/ttyp([0-9a-z]+)/) ) { |
355 | 356 | $Su_User{$User}{$Su}++; |
356 | } elsif ( ($Su,$User) = ($ThisLine =~ /^su: \(to ([^ ]+)\) ([^ ]+) on (?:none|\/dev\/(pts\/|ttyp)([0-9]+))/) ) { | |
357 | } elsif ( ($Su,$User) = ($ThisLine =~ /^su: \(to ([^ ]+)\) ([^ ]+) on (?:none|(\/dev\/)?(pts\/|ttyp)([0-9]+))/) ) { | |
357 | 358 | $Su_User{$User}{$Su}++; |
358 | 359 | } elsif ( ($Su,$User) = ($ThisLine =~ /^su\[\d+\]: Successful su for (\S+) by (\S+)/) ) { |
359 | 360 | $Su_User{$User}{$Su}++; |
391 | 392 | $DeniedAccess{"$User,$Reason"}++; |
392 | 393 | } elsif ($ThisLine =~ /^request-key: Cannot find command to construct key/) { |
393 | 394 | $RequestKeyFailures++; |
394 | } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes \{rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) { | |
395 | } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9a-z\-\(\),]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes \{rep=[0-9a-z\-\(\)]+, tkt=[0-9a-z\-\(\)]+, ses=[0-9a-z\-\(\)]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) { | |
395 | 396 | if($service=~/^krbtgt\/([^@]+)@\1/) { |
396 | 397 | $service='Login'; |
397 | 398 | } |
400 | 401 | $e=''; |
401 | 402 | } |
402 | 403 | $KerbList{$response}{$type}{$from}{$service}{$client}{$e}++; |
403 | } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH|PREAUTH_FAILED|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) { | |
404 | } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9a-z\-\(\),]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH|PREAUTH_FAILED|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) { | |
404 | 405 | if($service=~/^krbtgt\/([^@]+)@\1/) { |
405 | 406 | $service='Login'; |
406 | 407 | } |
131 | 131 | $Address, $Arg, $Attack, |
132 | 132 | $Auth, |
133 | 133 | $BlSite, $Bytes, $CommonName, |
134 | $DeliverStat, $Dest, $Domain, | |
135 | $Error, $ErrorCount, | |
134 | $DeliverStat, $Dest, $DetailReason, | |
135 | $Domain, $Error, $ErrorCount, | |
136 | 136 | $ETRN, $File, $Forward, |
137 | 137 | $FromUser, $Header, $HeaderMod, |
138 | 138 | $Host, $IP, |
161 | 161 | |
162 | 162 | my ( |
163 | 163 | %Abuse, %AddressError, %AttackAttempt, |
164 | %AUTHfailure, %AuthWarns, %BadAuth, | |
165 | %BadRcptThrottle, %BlackHoled, | |
164 | %AUTHfailure, %AUTHnouser, %AuthWarns, | |
165 | %BadAuth, %BadRcptThrottle, %BlackHoled, | |
166 | 166 | %BlackHoles, %CheckMailReject, %CheckRcptReject, |
167 | 167 | %CollectError, %CommandUnrecognized, %DisabledMailbox, |
168 | 168 | %DNSMap, |
807 | 807 | } elsif ( ($StatFile, $StatError) = ($ThisLine=~ /^poststats: (.*?): (.*)/) ) { |
808 | 808 | $StatFileError{$StatFile}{$StatError}++; |
809 | 809 | # file=srvrsmtp.c, LogLevel>9, LOG_WARNING |
810 | } elsif ( ($Auth, $Reason, $RelayHost) = ($ThisLine =~ /^AUTH failure \((.*)?\): ([^\)]*)\(.* relay=(.*)/) ) { | |
811 | $AUTHfailure{$RelayHost}{$Reason}++; | |
810 | } elsif ( ($Auth, $Reason, $DetailReason, $RelayHost) = ($ThisLine =~ /^AUTH failure \((.*)?\): ([^\(]*)(\(.*) relay=(.*)/) ) { | |
811 | if ( $Reason =~ /^user not found / ) { | |
812 | (($User) = ($DetailReason =~ /\(-20\) SASL\(-13\): user not found: .*user(?:=|: )([^ ,]*)/)); | |
813 | $AUTHnouser{$User}++; | |
814 | } else { | |
815 | $AUTHfailure{$RelayHost}{$Reason}++; | |
816 | } | |
812 | 817 | # file=tls.c, LogLevel>7, LOG_INFO |
813 | 818 | } elsif ($ThisLine=~ /STARTTLS=.* field=cn_issuer, status=failed to extract CN/ ) { |
814 | 819 | $NoCommonName++; |
832 | 837 | $TLSConnectFailed{"no reason given"}++; |
833 | 838 | # file=tls.c, LogLevel>-1, LOG_INFO |
834 | 839 | } elsif (($CommonName,$StarttlsReason) = ($ThisLine =~ /^STARTTLS: (?:x509|TLS) cert verify: depth=[0-9]+ .*\/CN=([^\/,]*).* state=[0-9]+, reason=(.*)$/ )) { |
835 | $StarttlsCert{$StarttlsReason}{$CommonName}++; | |
840 | # "reason=ok" now printing in sendmail 8.16.1; not an error | |
841 | if ($StarttlsReason !~ /^ok$/) { | |
842 | $StarttlsCert{$StarttlsReason}{$CommonName}++; | |
843 | } | |
836 | 844 | # do the same if, incorrectly, Common Name is not defined |
837 | 845 | } elsif (($StarttlsReason) = ($ThisLine =~ /^STARTTLS: (?:x509|TLS) cert verify: depth=[0-9]+ .* state=[0-9]+, reason=(.*)$/ )) { |
838 | $StarttlsCert{$StarttlsReason}{"(undefined CommonName)"}++; | |
846 | # "reason=ok" now printing in sendmail 8.16.1; not an error | |
847 | if ($StarttlsReason !~ /^ok$/) { | |
848 | $StarttlsCert{$StarttlsReason}{"(undefined CommonName)"}++; | |
849 | } | |
839 | 850 | # file=tls.c, LogLevel>8, LOG_INFO |
840 | 851 | } elsif ( ($StarttlsMode, $StarttlsVerify, $StarttlsCipherType, $StarttlsNumBits) = |
841 | 852 | ($ThisLine =~ /^STARTTLS=(server|client), relay=.*, version=.*, verify=(\w*), cipher=(.*), bits=(\w*\/\w*)/) ) { |
887 | 898 | } elsif ( ($User,$Reason) = ($ThisLine =~ /SYSERR\((.*)\): (.*)/) ) { |
888 | 899 | $SysErr{$User}{$Reason}++; |
889 | 900 | # file=milter.c, LogLevel>8, LOG_INFO |
890 | } elsif ( ($HeaderMod) = ($ThisLine =~ /Milter (?:add|insert|change|delete).*: header: (.*)/) ) { | |
901 | } elsif ( ($HeaderMod) = ($ThisLine =~ /Milter (?:\(\w*\) )?(?:add|insert|change|delete).*: header: (.*)/) ) { | |
891 | 902 | foreach $Header (@MilterHeadersToCount) { |
892 | 903 | if ($HeaderMod =~ /$Header/) { |
893 | 904 | $MilterHeaderCount{$Header}++; |
922 | 933 | $KnownSpammer{$1}++; |
923 | 934 | } elsif ( |
924 | 935 | # file=milter.c, LogLevel>8, LOG_INFO |
925 | ( $ThisLine =~ /Milter (add|change|insert|delete): /) | |
936 | ( $ThisLine =~ /Milter (?:\(\w*\) )?(add|change|insert|delete): /) | |
926 | 937 | ) { |
927 | 938 | # We don't care about these statements above |
928 | 939 | |
939 | 950 | $SPFResults{$SPFStatus}++; |
940 | 951 | |
941 | 952 | # This is for the Sendmail Sender-ID milter |
942 | } elsif ( (my $SenderIDStatus, $SPFStatus) = ($ThisLine =~ /^Milter insert \(1\): header: Authentication-Results:.*; sender-id=(fail.*|softfail|neutral|none|error|unknown|pass); spf=(fail.*|softfail|neutral|none|error|unknown|pass)/) ) { | |
953 | } elsif ( (my $SenderIDStatus, $SPFStatus) = ($ThisLine =~ /^Milter (?:\(\w*\) )?insert \(1\): header: Authentication-Results:.*; sender-id=(fail.*|softfail|neutral|none|error|unknown|pass); spf=(fail.*|softfail|neutral|none|error|unknown|pass)/) ) { | |
943 | 954 | # Example string |
944 | 955 | # Milter insert (1): header: Authentication-Results: my.host.name |
945 | 956 | # sender=list-users-bounces+list-users=host.name@another.org; |
1489 | 1500 | } |
1490 | 1501 | $TotalError[++$ErrorIndex] = 0; |
1491 | 1502 | |
1503 | if (keys %AUTHnouser) { | |
1504 | eval "$PrintCond" if ($Detail >= 3); | |
1505 | print "\n\nFailed AUTH requests because of No User" if ($Detail >= 3); | |
1506 | my $UserCount = CountOrder(%AUTHnouser); | |
1507 | foreach $User (sort $UserCount keys %AUTHnouser) { | |
1508 | PrettyTimes(" $User", $AUTHnouser{$User}) if ($Detail >=5); | |
1509 | $TotalError[$ErrorIndex] += $AUTHnouser{$User}; | |
1510 | } | |
1511 | print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3); | |
1512 | } | |
1513 | $TotalError[++$ErrorIndex] = 0; | |
1514 | ||
1492 | 1515 | if($RemoteProtocolError > 0) { |
1493 | 1516 | eval "$PrintCond" if ($Detail >= 3); |
1494 | 1517 | print "\n\n" . $RemoteProtocolError . " Remote Protocol Errors" if ($Detail >= 3); |
169 | 169 | $DriveTest{$Device}{$TestType}++; |
170 | 170 | } elsif ( my ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) { |
171 | 171 | $Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++; |
172 | } elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), failed (.*)$/) ) { | |
172 | } elsif ( my ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), (?:failed|SMART Failure:) (.*)$/) ) { | |
173 | 173 | $Failed{$Device}{"$Text"}++; |
174 | 174 | } elsif ( ( $ThisLine =~ /warning/i ) ) { |
175 | 175 | $Warnings{$ThisLine}++; |
30 | 30 | my $IgnoreHost = $ENV{'sshd_ignore_host'} || ""; |
31 | 31 | my $RefusedConnectionsThreshold = $ENV{'refused_connections_threshold'} || 0; |
32 | 32 | my $IllegalUsersThreshold = $ENV{'illegal_users_threshold'} || 0; |
33 | $main::DoLookup = $ENV{'sshd_ip_lookup'}; | |
33 | 34 | my $DebugCounter = 0; |
34 | 35 | |
35 | 36 | # No sense in running if 'sshd' doesn't even exist on this system... |
80 | 80 | $EnumerationRequested++ unless $IgnoreEnumerationRequested; |
81 | 81 | } elsif ($Service eq "Daemon" && $ThisLine =~ /Keytab successfully retrieved and stored in:/) { |
82 | 82 | # Ignore |
83 | } elsif ($Service eq "krb5_child" && $ThisLine =~ /Preauthentication failed/) { | |
84 | # Ignore - this will generate a pam auth failed message | |
83 | 85 | } elsif ($Service eq "p11_child" && $ThisLine =~ /Certificate .* not valid .*Certificate key usage inadequate for attempted operation/) { |
84 | 86 | # sssd ssh does not ignore certificates of different types - ignore the errors generated by it |
85 | 87 | $ignore_p11_child_error = 1; |
76 | 76 | $ThisLine =~ /^Inserted module / or |
77 | 77 | $ThisLine =~ /^Listening on / or |
78 | 78 | $ThisLine =~ /^Mounted / or |
79 | $ThisLine =~ /^Queued start job for default target / or | |
79 | 80 | $ThisLine =~ /^Relabelled / or |
80 | 81 | $ThisLine =~ /^Reloading\.$/ or # Happens on each boot at switch root |
81 | 82 | $ThisLine =~ /^RTC configured in / or |
105 | 106 | $ThisLine =~ /: Start(-pre)? operation timed out\. Terminating\./ or |
106 | 107 | $ThisLine =~ /hold-?off time over, scheduling restart\./ or |
107 | 108 | $ThisLine =~ /Service has no hold-off time.*, scheduling restart\./ or |
109 | $ThisLine =~ /Service Restart.* expired, scheduling restart\./ or | |
108 | 110 | $ThisLine =~ /Scheduled restart job, restart counter is at .*\./ or |
109 | 111 | $ThisLine =~ /Stopping timed out\. Killing\./ or |
110 | 112 | $ThisLine =~ /^Timed out waiting for/ or |
136 | 138 | $ThisLine =~ /^Removed slice / or |
137 | 139 | $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/ or |
138 | 140 | $ThisLine =~ /Adding .* random time\.$/ or |
141 | # https://bugzilla.redhat.com/show_bug.cgi?id=1890632 | |
142 | $ThisLine =~ /Not generating service for XDG autostart .*,/ or | |
143 | $ThisLine =~ /gnome-systemd-autostart-condition not found/ or | |
144 | $ThisLine =~ /kde-systemd-start-condition not found/ or | |
145 | $ThisLine =~ /Unknown key name .* in section 'Desktop Entry'/ or | |
139 | 146 | # These happen on every shutdown - downgraded to debug message in systemd v235 |
140 | 147 | # https://github.com/systemd/systemd/issues/6777 |
141 | 148 | $ThisLine =~ /^Failed to propagate agent release message: (?:Connection reset by peer|Transport endpoint is not connected)/ or |
33 | 33 | #Exit early if the report is not for the current host. |
34 | 34 | use POSIX qw(uname); |
35 | 35 | my $logwatch_hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'}; |
36 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; | |
36 | 37 | my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname(); |
37 | 38 | $hostname =~ s/\..*//; |
38 | 39 | exit (0) if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} and ($logwatch_hostname ne $hostname)); |
8 | 8 | |
9 | 9 | ####################################################### |
10 | 10 | ## Copyright (c) 2008 Laurent Dufour |
11 | ## Francis Borras | |
11 | 12 | ## Covered under the included MIT/X-Consortium License: |
12 | 13 | ## http://www.opensource.org/licenses/mit-license.php |
13 | 14 | ## All modifications and contributions by other persons to |
77 | 78 | } |
78 | 79 | } |
79 | 80 | |
80 | sub routingCapabilities () | |
81 | { | |
82 | print "\n\n------------- Routing capabilities----------\n\n"; | |
83 | chkcfg('routed'); | |
84 | chkcfg('gated'); | |
85 | chkcfg('zebra'); | |
86 | chkcfg('ripd'); | |
87 | chkcfg('ripngd'); | |
88 | chkcfg('isisd'); | |
89 | chkcfg('ospfd'); | |
90 | chkcfg('ospf6d'); | |
91 | chkcfg('bgpd'); | |
92 | if ( -f $pathto_vtysh ) | |
93 | { | |
94 | print "\n"; | |
95 | system("$pathto_vtysh -e 'sh ver'"); | |
96 | } | |
97 | ||
98 | if ($OSname eq "SunOS") { | |
99 | if ( ($release eq "5.10") || ($release eq "5.11") ) { | |
100 | ||
101 | if ( -f $pathto_routeadm) | |
102 | { | |
103 | open(FILE1, "$pathto_routeadm -p |") || die "can't open $!"; | |
104 | while (<FILE1>) | |
105 | { | |
106 | print $_; | |
107 | } | |
108 | close(FILE1) || die "can't close $!"; | |
109 | } | |
110 | ||
111 | } | |
112 | } | |
113 | print "\n\n------------- Routing capabilities----------\n\n"; | |
114 | print "\n"; | |
115 | } | |
116 | ||
117 | sub routingState () | |
118 | { | |
119 | print "\n\n------------- Routing states ---------------\n\n"; | |
120 | if ($OSname eq "Linux") { | |
121 | if ( -f $pathto_sysctl_conf) { | |
122 | open(SYSCTL, "< $pathto_sysctl_conf") || die "can't open $!"; | |
123 | while (<SYSCTL>) | |
124 | { | |
125 | if ($_ =~ /ip_forward/ ) { | |
126 | print $_; | |
127 | } | |
128 | } | |
129 | } | |
130 | else | |
131 | { | |
132 | open(SYSCTL,"< /proc/sys/net/ipv4/ip_forward") || die "can't open $!"; | |
133 | while (<SYSCTL>) | |
134 | { | |
135 | print "/proc/sys/net/ipv4/ip_forward set to $_"; | |
136 | } | |
137 | close(SYSCTL) || die "can't close $!"; | |
138 | } | |
139 | } | |
140 | ||
141 | elsif ($OSname eq "SunOS") { | |
142 | if ( ($release eq "5.10") || ($release eq "5.11") ) { | |
143 | ||
144 | if ( -f $pathto_routeadm) | |
145 | { | |
146 | open(FILE1, "$pathto_routeadm -p |") || die "can't open $!"; | |
147 | while (<FILE1>) | |
148 | { | |
149 | if (/ipv(\d+)-forwarding .*default=(\S+) current=(\S+)/) { | |
150 | print "IPv$1 forwarding is $3 (normal state is $2)\n"; | |
151 | } | |
152 | } | |
153 | close(FILE1) || die "can't close $!"; | |
154 | } | |
155 | ||
156 | } | |
157 | } | |
158 | ||
159 | else | |
160 | { | |
161 | print "Unable to find routing information in your system.\n"; | |
162 | } | |
163 | print "\n\n------------- Routing states ---------------\n\n"; | |
164 | print "\n"; | |
165 | } | |
166 | ||
167 | ||
168 | ||
169 | ||
170 | ||
171 | sub routingReport () | |
172 | { | |
173 | print "\n\n------------- Network routes ---------------\n\n"; | |
174 | if ($OSname eq "Linux") { | |
175 | ||
176 | open(NET, "netstat -r -n |") || die "can't run netstat: $!"; | |
177 | while (<NET>) | |
178 | { | |
179 | print $_; | |
180 | } | |
181 | close(NET) || die "can't close netstat: $!"; | |
182 | } | |
183 | else | |
184 | { | |
185 | open(NET, "netstat -r -n |") || die "can't run netstat: $!"; | |
186 | while (<NET>) | |
187 | { | |
188 | print $_; | |
189 | } | |
190 | close(NET) || die "can't close netstat: $!"; | |
191 | } | |
192 | print "\n\n------------- Network routes ---------------\n\n"; | |
193 | print "\n"; | |
194 | } | |
195 | ||
196 | ||
197 | ||
198 | ||
199 | ||
200 | ||
201 | sub ListeningSockets () | |
202 | { | |
203 | print "\n\n------------- Listening sockets ---------------\n\n"; | |
204 | if ($OSname eq "Linux") { | |
205 | open(NET, "netstat -l |") || die "can't run netstat: $!"; | |
206 | while (<NET>) | |
207 | { | |
208 | if ($_ =~ /LISTEN/ ) { # grep LISTEN | |
209 | if (($_ =~ /LISTENING/ ) == 0 ) { #grep -v LISTENING | |
210 | print $_; | |
211 | } | |
212 | } | |
213 | ||
214 | } | |
215 | close(NET) || die "can't run netstat: $!"; | |
216 | } | |
217 | else | |
218 | { | |
219 | ||
220 | open(NET, "netstat -a -n |") || die "can't run netstat: $!"; | |
221 | while (<NET>) | |
222 | { | |
223 | if ($_ =~ /LISTEN/ ) {# grep LISTEN | |
224 | if (($_ =~ /LISTENING/ ) == 0 ) { # grep -v LISTENING | |
225 | print $_; | |
226 | } | |
227 | } | |
228 | ||
229 | } | |
230 | close(NET) || die "can't run netstat: $!"; | |
231 | ||
232 | } | |
233 | print "\n\n------------- Listening sockets ---------------\n\n"; | |
234 | print "\n"; | |
235 | } | |
236 | ||
237 | ||
238 | ||
239 | ||
240 | sub NetworkStats() | |
241 | { | |
242 | my $awkprog='{printf("%s \t%6s %6s %6s \n", $1, $2, $5, $9 ); }'; | |
243 | print "\n\n------------- Network statistics ---------------\n\n"; | |
244 | if ($OSname eq "Linux") { | |
245 | ||
246 | my $cmd_to_show_int=""; | |
247 | ||
248 | if ( -f $pathto_ip) { | |
249 | $cmd_to_show_int=$pathto_ip." a"; | |
250 | } | |
251 | else | |
252 | { | |
253 | $cmd_to_show_int="$pathto_ifconfig -a"; | |
254 | } | |
255 | ||
256 | open(NET, "$cmd_to_show_int |") || die "can't run $cmd_to_show_int: $!"; | |
257 | while (<NET>) | |
258 | { | |
259 | print $_; | |
260 | } | |
261 | close(NET) || die "can't close $cmd_to_show_int: $!"; | |
262 | ||
263 | print "\n"; | |
264 | system("netstat -i | grep -v Kernel | awk '$awkprog' "); | |
265 | } | |
266 | else { | |
267 | my $netstat_cmd = "netstat -i"; | |
268 | if ($OSname eq "SunOS") { | |
269 | $netstat_cmd .= " -a"; | |
270 | } | |
271 | open(NET, "$netstat_cmd |") || die "can't run netstat: $!"; | |
272 | while (<NET>) | |
273 | { | |
274 | print $_; | |
275 | } | |
276 | close(NET) || die "can't close netstat: $!"; | |
277 | ||
278 | } | |
279 | print "\n\n------------- Network statistics ---------------\n\n"; | |
280 | print "\n"; | |
281 | } | |
282 | ||
283 | ||
284 | ||
285 | ||
286 | ||
287 | ||
288 | ||
289 | ||
290 | sub IfconfigIface { | |
291 | ||
292 | my ($iface) = $_[0]; | |
293 | open(NET, "$pathto_ifconfig $iface |") || die "can't run ifconfig: $!"; | |
294 | while (<NET>) | |
295 | { | |
296 | print $_; | |
297 | } | |
298 | close(NET) || die "can't close ifconfig: $!"; | |
299 | print "\n"; | |
300 | } | |
301 | ||
302 | ||
303 | ||
304 | ||
305 | ||
306 | ||
307 | ||
308 | ||
309 | sub InterfacesReport () | |
310 | { | |
311 | ||
312 | print "\n\n------------- Network Interfaces ---------------\n\n"; | |
313 | print "Ethernet : $total_ethernet_iface\n"; | |
314 | print "Other : $total_other_iface\n"; | |
315 | print "Total : $total_iface\n"; | |
316 | print "\n\n------------- Ethernet -------------------------\n\n"; | |
317 | ||
318 | if ($OSname eq "Linux") { | |
319 | foreach $element (@ethernet_iface_list) { print "$element"; } | |
320 | } | |
321 | else | |
322 | { | |
323 | foreach $element (@short_ethernet_iface_list) { IfconfigIface ($element);} | |
324 | } | |
325 | ||
326 | ||
327 | ||
328 | ||
329 | print "\n\n------------- Other ----------------------------\n\n"; | |
330 | if ($OSname eq "Linux") { | |
331 | ||
332 | foreach $element (@other_iface_list) { print "$element"; } | |
333 | ||
334 | } | |
335 | else | |
336 | { | |
337 | foreach $element (@short_other_iface_list) { IfconfigIface ($element); } | |
338 | } | |
339 | ||
340 | ||
341 | ||
342 | print "\n\n------------- Network Interfaces ---------------\n\n"; | |
343 | print "\n"; | |
344 | } | |
345 | ||
346 | sub InterfacesCheck | |
347 | { | |
348 | if ($OSname eq "Linux") { | |
349 | ||
350 | my $cmd_to_show_int=""; | |
351 | ||
352 | $cmd_to_show_int="$pathto_ifconfig -a"; | |
353 | ||
354 | open(NET, "$cmd_to_show_int |") || die "can't use $cmd_to_show_int: $!"; | |
355 | while (<NET>) | |
356 | { | |
357 | if ($_ =~ /Link/ ){# grep Link | |
358 | if ($_ =~ /Ether/ ){# grep Ether | |
359 | ($if_name,$msg)=split(/ +/, $_ , 2); | |
360 | if ($if_name =~ /(\S+)/ ) { | |
361 | push (@ethernet_iface_list, $_); | |
362 | push (@short_ethernet_iface_list, $if_name); | |
363 | $total_ethernet_iface++; | |
364 | $total_iface++; | |
365 | } | |
366 | } | |
367 | else | |
368 | { | |
369 | ($if_name,$msg)=split(/ +/, $_ , 2); | |
370 | if ($if_name =~ /(\S+)/ ) { | |
371 | push (@other_iface_list, $_); | |
372 | push (@short_other_iface_list, $if_name); | |
373 | $total_other_iface++; | |
374 | $total_iface++; | |
375 | } | |
376 | } | |
377 | } | |
378 | } | |
379 | close(NET) || die "can't use $cmd_to_show_int: $!"; | |
380 | ||
381 | } | |
382 | ||
383 | elsif ($OSname eq "SunOS") { | |
384 | ||
385 | # Representative 'ifconfig -a' output from a local zone | |
386 | # (global zone is similar, but has the top-level lo0, in0, etc) | |
387 | # as well. | |
388 | #lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 | |
389 | # inet 127.0.0.1 netmask ff000000 | |
390 | #in0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 | |
391 | # inet 192.168.1.31 netmask ffffff00 broadcast 192.168.1.255 | |
392 | #local1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 4 | |
393 | # inet 172.16.0.3 netmask fffffff8 broadcast 172.16.0.7 | |
394 | #out0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6 | |
395 | # inet 184.105.220.67 netmask fffffff8 broadcast 184.105.220.71 | |
396 | #lo0:1: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1 | |
397 | # inet6 ::1/128 | |
398 | ||
399 | # Run through twice; a single interface plumbed with both IPv4 and IPv6 | |
400 | # can be listed separately, but shouldn't count as two interfaces | |
401 | foreach my $ip (qw( 4 6 )) { | |
402 | open(NET, "$pathto_ifconfig -a$ip |") || die "can't run '$pathto_ifconfig -a$ip': $!"; | |
403 | while (<NET>) | |
404 | { | |
405 | if ($_ =~ /^(\w+\d+(?::\d+)?): flags=\d+<[^>]+> mtu (\d+)/) { | |
406 | ($if_name, $mtu) = ($1, $2); | |
407 | if (! grep { $_ eq $if_name } (@ethernet_iface_list, @other_iface_list)) { | |
408 | # Not seen before; process it | |
409 | $total_iface++; | |
410 | if ($mtu == 1500) { | |
411 | # Guess that it's ethernet | |
412 | push @ethernet_iface_list, $if_name; | |
413 | push @short_ethernet_iface_list, $if_name; | |
414 | $total_ethernet_iface++; | |
415 | } else { | |
416 | push @other_iface_list, $if_name; | |
417 | push @short_other_iface_list, $if_name; | |
418 | $total_other_iface++; | |
419 | } | |
420 | } | |
421 | } | |
422 | } | |
423 | close(NET) || die "can't use '$pathto_ifconfig -a$ip': $!"; | |
424 | } | |
425 | ||
426 | } | |
427 | else | |
428 | { | |
429 | ||
430 | ||
431 | open(NET, "netstat -i |") || die "can't run netstat: $!"; | |
432 | while (<NET>) | |
433 | { | |
434 | if (($_ =~ /Name/ ) == 0 ) {# grep -v Name | |
435 | if ($_ =~ /1500/ ){# grep Ether | |
436 | ($if_name,$msg)=split(/ +/, $_ , 2); | |
437 | if ($if_name =~ /(\S+)/ ) { | |
438 | push (@ethernet_iface_list, $_); | |
439 | push (@short_ethernet_iface_list, $if_name); | |
440 | $total_ethernet_iface++; | |
441 | $total_iface++; | |
442 | } | |
443 | } | |
444 | else | |
445 | { | |
446 | ($if_name,$msg)=split(/ +/, $_ , 2); | |
447 | if ($if_name =~ /(\S+)/ ) { | |
448 | push (@other_iface_list, $_); | |
449 | push (@short_other_iface_list, $if_name); | |
450 | $total_other_iface++; | |
451 | $total_iface++; | |
452 | } | |
453 | } | |
454 | } | |
455 | } | |
456 | close(NET) || die "can't run fconfig: $!"; | |
457 | ||
458 | } | |
459 | ||
460 | ||
461 | } | |
462 | ||
463 | InterfacesCheck(); | |
464 | InterfacesReport(); | |
465 | if ($Detail > 10) { | |
466 | ListeningSockets(); | |
467 | } | |
468 | NetworkStats(); | |
469 | if ($Detail > 5) { | |
470 | routingState(); | |
471 | routingCapabilities(); | |
472 | routingReport(); | |
473 | } | |
81 | sub routingCapabilities () { | |
82 | print "\n\n------------- Routing capabilities----------\n\n"; | |
83 | chkcfg('routed'); | |
84 | chkcfg('gated'); | |
85 | chkcfg('zebra'); | |
86 | chkcfg('ripd'); | |
87 | chkcfg('ripngd'); | |
88 | chkcfg('isisd'); | |
89 | chkcfg('ospfd'); | |
90 | chkcfg('ospf6d'); | |
91 | chkcfg('bgpd'); | |
92 | if ( -f $pathto_vtysh ) { | |
93 | print "\n"; | |
94 | system("$pathto_vtysh -e 'sh ver'"); | |
95 | } | |
96 | ||
97 | if ($OSname eq "SunOS") { | |
98 | if ( ($release eq "5.10") || ($release eq "5.11") ) { | |
99 | if ( -f $pathto_routeadm) { | |
100 | open(FILE1, "$pathto_routeadm -p |") || die "can't open $!"; | |
101 | while (<FILE1>) { | |
102 | print $_; | |
103 | } | |
104 | close(FILE1) || die "can't close $!"; | |
105 | } | |
106 | } | |
107 | } | |
108 | print "\n\n------------- Routing capabilities----------\n\n"; | |
109 | print "\n"; | |
110 | } | |
111 | ||
112 | sub routingState () { | |
113 | print "\n\n------------- Routing states ---------------\n\n"; | |
114 | if ($OSname eq "Linux") { | |
115 | if ( -f $pathto_sysctl_conf) { | |
116 | open(SYSCTL, "< $pathto_sysctl_conf") || die "can't open $!"; | |
117 | while (<SYSCTL>) { | |
118 | if ($_ =~ /ip_forward/ ) { | |
119 | print "IP Forwarding enabled"; | |
120 | } | |
121 | } | |
122 | } | |
123 | else { | |
124 | open(SYSCTL,"< /proc/sys/net/ipv4/ip_forward") || die "can't open $!"; | |
125 | while (<SYSCTL>) { | |
126 | print "/proc/sys/net/ipv4/ip_forward set to $_"; | |
127 | } | |
128 | close(SYSCTL) || die "can't close $!"; | |
129 | } | |
130 | } | |
131 | elsif ($OSname eq "SunOS") { | |
132 | if ( ($release eq "5.10") || ($release eq "5.11") ) { | |
133 | if ( -f $pathto_routeadm) { | |
134 | open(FILE1, "$pathto_routeadm -p |") || die "can't open $!"; | |
135 | while (<FILE1>) { | |
136 | if (/ipv(\d+)-forwarding .*default=(\S+) current=(\S+)/) { | |
137 | print "IPv$1 forwarding is $3 (normal state is $2)\n"; | |
138 | } | |
139 | } | |
140 | close(FILE1) || die "can't close $!"; | |
141 | } | |
142 | } | |
143 | } | |
144 | ||
145 | else { | |
146 | print "Unable to find routing information in your system.\n"; | |
147 | } | |
148 | print "\n\n------------- Routing states ---------------\n\n"; | |
149 | print "\n"; | |
150 | } | |
151 | ||
152 | sub routingReport () { | |
153 | print "\n\n------------- Network routes ---------------\n\n"; | |
154 | if ($OSname eq "Linux") { | |
155 | open(NET, "netstat -r -n |") || die "can't run netstat: $!"; | |
156 | while (<NET>) { | |
157 | print $_; | |
158 | } | |
159 | close(NET) || die "can't close netstat: $!"; | |
160 | } | |
161 | else { | |
162 | open(NET, "netstat -r -n |") || die "can't run netstat: $!"; | |
163 | while (<NET>) { | |
164 | print $_; | |
165 | } | |
166 | close(NET) || die "can't close netstat: $!"; | |
167 | } | |
168 | print "\n\n------------- Network routes ---------------\n\n"; | |
169 | print "\n"; | |
170 | } | |
171 | ||
172 | sub ListeningSockets () { | |
173 | print "\n\n------------- Listening sockets ---------------\n\n"; | |
174 | if ($OSname eq "Linux") { | |
175 | open(NET, "netstat -lnptu |") || die "can't run netstat: $!"; | |
176 | while (<NET>) { | |
177 | print $_; | |
178 | } | |
179 | close(NET) || die "can't run netstat: $!"; | |
180 | } | |
181 | else { | |
182 | open(NET, "netstat -a -n |") || die "can't run netstat: $!"; | |
183 | while (<NET>) { | |
184 | if ($_ =~ /LISTEN/ ) {# grep LISTEN | |
185 | if (($_ =~ /LISTENING/ ) == 0 ) { # grep -v LISTENING | |
186 | print $_; | |
187 | } | |
188 | } | |
189 | } | |
190 | close(NET) || die "can't run netstat: $!"; | |
191 | } | |
192 | print "\n\n------------- Listening sockets ---------------\n\n"; | |
193 | print "\n"; | |
194 | } | |
195 | ||
196 | sub NetworkStats() { | |
197 | print "\n\n------------- Network statistics ---------------\n\n"; | |
198 | if ($OSname eq "Linux") { | |
199 | my $cmd_to_show_int=""; | |
200 | if ( -f $pathto_ip) { | |
201 | $cmd_to_show_int=$pathto_ip." -s -h a"; | |
202 | } | |
203 | else { | |
204 | $cmd_to_show_int="$pathto_ifconfig -s -a"; | |
205 | } | |
206 | open(NET, "$cmd_to_show_int |") || die "can't run $cmd_to_show_int: $!"; | |
207 | while (<NET>) { | |
208 | print $_; | |
209 | } | |
210 | close(NET) || die "can't close $cmd_to_show_int: $!"; | |
211 | } | |
212 | else { | |
213 | my $netstat_cmd = "netstat -i"; | |
214 | if ($OSname eq "SunOS") { | |
215 | $netstat_cmd .= " -a"; | |
216 | } | |
217 | open(NET, "$netstat_cmd |") || die "can't run netstat: $!"; | |
218 | while (<NET>) { | |
219 | print $_; | |
220 | } | |
221 | close(NET) || die "can't close netstat: $!"; | |
222 | } | |
223 | print "\n\n------------- Network statistics ---------------\n\n"; | |
224 | print "\n"; | |
225 | } | |
226 | ||
227 | NetworkStats(); | |
228 | ListeningSockets(); | |
229 | if ($Detail > 5) { | |
230 | routingState(); | |
231 | routingCapabilities(); | |
232 | routingReport(); | |
233 | } | |
474 | 234 | |
475 | 235 | # vi: shiftwidth=3 tabstop=3 syntax=perl et |
476 | 236 | # Local Variables: |
24 | 24 | # customize the Timefilter by appending a string: |
25 | 25 | # *ApplyStdDate = "%H:%M %d/%m/%Y" |
26 | 26 | $SearchDate = TimeFilter($ARGV[0] || '%b %e %H:%M:%S '); |
27 | $SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S(:?\.[0-9]+)?(:?[+-][0-9]{2}:[0-9]{2}|Z) '); | |
27 | $SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S(:?\.[0-9]+)?(:?[+-][0-9]{2}:?[0-9]{2}|Z) '); | |
28 | 28 | |
29 | 29 | # The date might be "Dec 09", but it needs to be "Dec 9"... |
30 | 30 | #$SearchDate =~ s/ 0/ /; |
39 | 39 | if ($ThisLine =~ m/^$SearchDate/o) { |
40 | 40 | print $ThisLine; |
41 | 41 | } elsif ($ThisLine =~ /^$SearchDateRsyslog/o) { |
42 | $ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(:?\.[0-9]+)?(:?[+-][0-9]{2}:[0-9]{2}|Z) //o; | |
42 | $ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(:?\.[0-9]+)?(:?[+-][0-9]{2}:?[0-9]{2}|Z) //o; | |
43 | 43 | print POSIX::strftime("%b %e %H:%M:%S", $6, $5, $4, $3, $2-1, $1 - 1900) . " " . $ThisLine; |
44 | 44 | } elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate\d{4}/o) { |
45 | 45 | print $ThisLine; |