Commit 82669d11de0c2e8701c09946a9da44265a9d1e52 - logwatch

+20

-0

LICENSE less more

	0	Copyright (c) 2011 Kirk Bauer
	1
	2	Permission is hereby granted, free of charge, to any person obtaining a copy of
	3	this software and associated documentation files (the "Software"), to deal in
	4	the Software without restriction, including without limitation the rights to
	5	use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
	6	of the Software, and to permit persons to whom the Software is furnished to do
	7	so, subject to the following conditions:
	8
	9	The above copyright notice and this permission notice shall be included in all
	10	copies or substantial portions of the Software.
	11
	12	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	13	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	14	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	15	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	16	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	17	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	18	SOFTWARE.
	19

+4

-5

README less more

3	3	through your logs for a given period of time and make a report in the areas
4	4	that you wish with the detail that you wish.
5	5
6		I recommend using Perl 5.8 to run Logwatch.
	6	Perl 5.8 or newer is recommended to run Logwatch. [But it will work with 5.6.1+]
7	7
8	8	------------------------------------------------------------------
9	9

90	90
91	91	Logwatch Development List:
92	92	For discussion about Logwatch development.
93		To Subscribe: echo "subscribe" \| mail logwatch-devel-request@kaybee.org
94		Send Mail To: logwatch-devel@kaybee.org
	93	To Subscribe: visit https://lists.sourceforge.net/lists/listinfo/logwatch-devel
	94	Send Mail To: logwatch-devel@lists.sourceforge.net
95	95
96	96	------------------------------------------------------------------
97	97
98	98	Please send suggestions, bug reports, and patches to:
99		logwatch-devel@kaybee.org
	99	logwatch-devel@lists.sourceforge.net
100	100
101	101	Please ask questions at:
102	102	logwatch@kaybee.org

110	110	Newest releases can be found at:
111	111	ftp://ftp.logwatch.org/pub/redhat/RPMS
112	112	http://www.logwatch.org
113

+26

-0

conf/html/footer.html less more

	0	<!-- Start footer.html -->
	1	<div class=\"copyright\">
	2	<hr>
	3	<p>Logwatch ©Copyright 2002-2006 Kirk Bauer</p>
	4	<p>
	5	Permission is hereby granted, free of charge, to any person obtaining a copy of
	6	this software and associated documentation files (the "Software"), to deal in
	7	the Software without restriction, including without limitation the rights to
	8	use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
	9	of the Software, and to permit persons to whom the Software is furnished to do
	10	so, subject to the following conditions:
	11	</p>
	12	<p>
	13	The above copyright notice and this permission notice shall be included in all
	14	copies or substantial portions of the Software.
	15	</p>
	16	<p>
	17	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	18	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	19	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	20	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	21	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	22	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	23	SOFTWARE.
	24	</p></div>
	25	</body></html>

+24

-0

conf/html/header.html less more

	0	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
	1	<html>
	2	<head>
	3	<title>Logwatch $Version ( $VDate )</title>
	4	<meta name="generator" content="Logwatch $Version ( $VDate )">
	5	<style type="text/css">
	6	h1 {color: gray; border-bottom: 3px double silver; font-family: sans-serif; }
	7	h2 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; }
	8	h3 {color: white; border-bottom: 1px solid silver; font-family: sans-serif; }
	9	th {background: #6D88AD; text-align: left; font-family: sans-serif; }
	10	td {background: #EFEFEF; text-align: left; font-family: courier,serif; font-size: 10px; }
	11	li { font-family: sans-serif; }
	12	.ref {padding-left: 1%; }
	13	.service {padding-left: 1%; }
	14	.return_link {border-top: 1px; border-bottom: 1px;
	15	padding: 1%; margin-top: 1%; margin-bottom: 1%; font-family: sans-serif; }
	16	.copyright {color: black; border-top: 1px solid grey;
	17	border-bottom: 1px solid grey;
	18	padding: 1%; margin-top: 1%; margin-bottom: 1%;}
	19	</style>
	20	</head>
	21	<body style="width:90%; margin-left: 5%; margin-right: 5%" bgcolor="#FFFFFF" >
	22	<hr>
	23	<!-- End header.html -->

+3

-3

conf/ignore.conf less more

2	2	# Kirk Bauer <kirk@kaybee.org>
3	3	#
4	4	# Please send all comments, suggestions, bug reports,
5		# etc, to logwatch-devel@logwatch.org.
	5	# etc, to logwatch-devel@lists.sourceforge.net.
6	6	#
7	7	########################################################
8	8
9	9	#######################################################
10	10	#Ignore entries for logwatch.
11	11	######################################################
12		#This file is used to filter out any lines that you
	12	#This file is used to filter out any lines that you
13	13	# do not want to see in your reports.
14	14	#
15	15	#Simply cut and paste as much of the line as needed
16		# below be warned that it is possible to really
	16	# below be warned that it is possible to really
17	17	# limit your reports by placing a bad value below.
18	18	#
19	19	#BAD EXMAPLE: putting a single "." alone on a line will

+1

-0

conf/logfiles/bfd.conf less more

9	9	# Which logfile group...
10	10	LogFile = /var/log/bfd_log
11	11	Archive = /var/log/bfd_log.*
	12	Archive = /var/log/bfd_log-*
12	13
13	14

+1

-0

conf/logfiles/cisco.conf less more

17	17	# If the archives are searched, here is one or more line
18	18	# (optionally containing wildcards) that tell where they are...
19	19	Archive = cisco.log.*
	20	Archive = cisco.log-*
20	21
21	22	# Expand the repeats (actually just removes them now)
22	23	#*ExpandRepeats

+25

-0

conf/logfiles/citadel.conf less more

	0	##########################################################################
	1	# $Id$
	2	##########################################################################
	3
	4	########################################################
	5	# This was written and is maintained by:
	6	# Stefan Jakobs <logwatch@localside.net>
	7	#
	8	# Please send all comments, suggestions, bug reports,
	9	# etc, to <logwatch@localside.net>.
	10	########################################################
	11
	12	# What actual file? Defaults to LogPath if not absolute path....
	13	LogFile = citadel.log
	14
	15	# If the archives are searched, here is one or more line
	16	# (optionally containing wildcards) that tell where they are...
	17	Archive = citadel.log.*
	18
	19	# Keep only the lines in the proper date range...
	20	*ApplyStdDate
	21
	22
	23	# vi: shiftwidth=3 tabstop=3 et
	24

+8

-3

conf/logfiles/clam-update.conf less more

29	29	# Important note:
30	30	#
31	31	# Under normal operation - ie. a detail level of 'lo' (0), no output will
32		# be produced if no updates have taken place. However, if no update
	32	# be produced if no updates have taken place. However, if no update
33	33	# attempt has been done, an alert will be output to inform you about this
34	34	# (which probably means that freshclam isn't running).
35		#
36		# If you have stopped using ClamAV and would like to get rid of the
	35	#
	36	# If you have stopped using ClamAV and would like to get rid of the
37	37	# alert, you should delete the logfile. If there's no logfile, no alerts
38	38	# will be output - but if Logwatch finds a logfile and no update attempts
39	39	# have been made for whatever timeperiod Logwatch is analyzing, an alert

52	52	Archive = clamav/freshclam.log.*
53	53	Archive = archiv/clam-update.*
54	54	Archive = archiv/freshclam.log.*
	55	Archive = clam-update-*
	56	Archive = freshclam.log-*
	57	Archive = clamav/freshclam.log-*
	58	Archive = archiv/clam-update-*
	59	Archive = archiv/freshclam.log-*
55	60
56	61	# vi: shiftwidth=3 tabstop=3 et

+28

-0

conf/logfiles/clamav.conf less more

	0	#########################################################################
	1	# Files - all shown with default paths:
	2	#
	3	# /usr/share/logwatch/default.conf/logfiles/clamav.conf (this file)
	4	# /usr/share/logwatch/default.conf/services/clamav.conf
	5	# /usr/share/logwatch/scripts/services/clamav
	6	#
	7	# ... and of course
	8	#
	9	# /var/log/clamd.log
	10	#########################################################################
	11
	12	# What actual file? Defaults to LogPath if not absolute path....
	13	LogFile = clamd
	14	LogFile = clamav
	15	LogFile = clamd.log
	16	LogFile = clamav.log
	17
	18	# If the archives are searched, here is one or more line
	19	# (optionally containing wildcards) that tell where they are...
	20	Archive = clamd.*
	21	Archive = clamav.*
	22	Archive = clamav/clamd.*
	23	Archive = clamav/clamav.*
	24	Archive = archiv/clamd.*
	25	Archive = archiv/clamav.*
	26
	27	# vi: shiftwidth=3 tabstop=3 et

+2

-0

conf/logfiles/cron.conf less more

18	18	# (optionally containing wildcards) that tell where they are...
19	19	Archive = cron.*
20	20	Archive = archiv/cron.*
	21	Archive = cron-*
	22	Archive = archiv/cron-*
21	23
22	24	*RemoveService = anacron
23	25

+3

-1

conf/logfiles/daemon.conf less more

14	14	LogFile = daemon.log
15	15	LogFile = daemon.log.0
16	16	Archive = daemon.log.*.gz
	17	Archive = daemon.log-*.gz
	18
17	19	*ExpandRepeats
18	20	*ApplyStdDate
19	21
20	22	###########################################################################
21	23	# Please send all comments, suggestions, bug reports,
22		# etc, to logwatch-devel@logwatch.org
	24	# etc, to logwatch-devel@lists.sourceforge.net
23	25	###########################################################################

+1

-1

conf/logfiles/denyhosts.conf less more

6	6	#
7	7	###############################################################################
8	8	LogFile = denyhosts
9		Archive =
10	9	Archive = denyhosts.*
	10	Archive = denyhosts-*
11	11	*ApplyEuroDate
12	12	# vi: shiftwidth=3 tabstop=3 et

+5

-5

conf/logfiles/dnssec.conf less more

10	10	#
11	11	#Redistribution and use in source and binary forms, with or without
12	12	#modification, are permitted provided that the following conditions are met:
13		#
	13	#
14	14	#* Redistributions of source code must retain the above copyright notice,
15	15	# this list of conditions and the following disclaimer.
16		#
	16	#
17	17	#* Redistributions in binary form must reproduce the above copyright
18	18	# notice, this list of conditions and the following disclaimer in the
19	19	# documentation and/or other materials provided with the distribution.
20		#
	20	#
21	21	#* Neither the name of Sparta, Inc nor the names of its contributors may
22	22	# be used to endorse or promote products derived from this software
23	23	# without specific prior written permission.
24		#
	24	#
25	25	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
26	26	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27	27	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

44	44	#############################################################################
45	45
46	46	########################################################
47		# Define log file group for DNSSEC
	47	# Define log file group for DNSSEC
48	48	########################################################
49	49
50	50	# What actual file? Defaults to LogPath if not absolute path....

+1

-1

conf/logfiles/dpkg.conf less more

16	16	# Note: if these are gzipped, you need to end with a .gz even if
17	17	# you use wildcards...
18	18	Archive = dpkg.log.*.gz
19
	19	Archive = dpkg.log-*.gz
20	20	*ApplyEuroDate
21	21	# vi: shiftwidth=3 tabstop=3 et

+1

-0

conf/logfiles/emerge.conf less more

17	17	# (optionally containing wildcards) that tell where they are...
18	18	#If you use a "-" in naming add that as well -mgt
19	19	Archive = emerge.log.*
	20	Archive = emerge.log-*
20	21
21	22	#*ApplyUSDate
22	23

+4

-0

conf/logfiles/eventlog.conf less more

22	22	Archive = eventlog.*.gz
23	23	Archive = archiv/eventlog.*
24	24	Archive = archiv/eventlog.*.gz
	25	Archive = eventlog-*
	26	Archive = eventlog-*.gz
	27	Archive = archiv/eventlog-*
	28	Archive = archiv/eventlog-*.gz
25	29
26	30	# Expand the repeats (actually just removes them now)
27	31	*ExpandRepeats

+5

-1

conf/logfiles/exim.conf less more

19	19	Archive = archiv/exim/main.log.*
20	20	Archive = exim/mainlog.*
21	21	Archive = exim4/mainlog.*
	22	Archive = exim/main.log-*
	23	Archive = archiv/exim/main.log-*
	24	Archive = exim/mainlog-*
	25	Archive = exim4/mainlog-*
22	26
23	27	########################################################
24	28	# This was written by:
25	29	# Dariusz Nierada (dnierada@kat.supermedia.pl)
26	30	# Please send all comments, suggestions, bug reports,
27		# etc, to logwatch-devel@logwatch.org
	31	# etc, to logwatch-devel@lists.sourceforge.net
28	32	########################################################
29	33
30	34	# vi: shiftwidth=3 tabstop=3 et

+1

-0

conf/logfiles/extreme-networks.conf less more

17	17	# If the archives are searched, here is one or more line
18	18	# (optionally containing wildcards) that tell where they are...
19	19	Archive = extreme-networks.log.*
	20	Archive = extreme-networks.log-*
20	21
21	22	# Expand the repeats (actually just removes them now)
22	23	#*ExpandRepeats

+1

-0

conf/logfiles/fail2ban.conf less more

27	27
28	28	Archive = fail2ban.log.1
29	29	Archive = fail2ban.log.*.gz
	30	Archive = fail2ban.log-*
30	31

+40

-0

conf/logfiles/http-error.conf less more

	0	########################################################
	1	# Define log file group for httpd
	2	########################################################
	3
	4	# What actual file? Defaults to LogPath if not absolute path....
	5	LogFile = httpd/*error_log
	6	LogFile = apache/*error.log.1
	7	LogFile = apache/*error.log
	8	LogFile = apache2/*error.log.1
	9	LogFile = apache2/*error.log
	10	LogFile = apache2/*error_log
	11	LogFile = apache-ssl/*error.log.1
	12	LogFile = apache-ssl/*error.log
	13
	14
	15	# If the archives are searched, here is one or more line
	16	# (optionally containing wildcards) that tell where they are...
	17	#If you use a "-" in naming add that as well -mgt
	18	Archive = archiv/httpd/error_log.
	19	Archive = httpd/error_log.
	20	Archive = apache/error.log..gz
	21	Archive = apache2/error.log..gz
	22	Archive = apache2/error_log..gz
	23	Archive = apache-ssl/error.log..gz
	24	Archive = varnish/error.log..gz
	25	Archive = archiv/httpd/error_log-
	26	Archive = httpd/error_log-
	27	Archive = apache/error.log-.gz
	28	Archive = apache2/error.log-.gz
	29	Archive = apache2/error_log-.gz
	30	Archive = apache-ssl/error.log-.gz
	31
	32	# Expand the repeats (actually just removes them now)
	33	*ExpandRepeats
	34
	35
	36	# Keep only the lines in the proper date range...
	37	*ApplyhttpDate
	38
	39	# vi: shiftwidth=3 tabstop=3 et

+7

-2

conf/logfiles/http.conf less more

0	0	########################################################
1		# Define log file group for httpd
	1	# Define log file group for httpd
2	2	########################################################
3	3
4	4	# What actual file? Defaults to LogPath if not absolute path....

21	21	Archive = apache2/access.log..gz
22	22	Archive = apache2/access_log..gz
23	23	Archive = apache-ssl/access.log..gz
24
	24	Archive = archiv/httpd/access_log-
	25	Archive = httpd/access_log-
	26	Archive = apache/access.log-.gz
	27	Archive = apache2/access.log-.gz
	28	Archive = apache2/access_log-.gz
	29	Archive = apache-ssl/access.log-.gz
25	30
26	31	# Expand the repeats (actually just removes them now)
27	32	*ExpandRepeats

+1

-1

conf/logfiles/iptables.conf less more

14	14
15	15	# If the archives are searched, here is one or more line
16	16	# (optionally containing wildcards) that tell where they are...
17		#If you use a "-" in naming add that as well -mgt
18	17	Archive = ulogd/ulogd.syslogemu.*
	18	Archive = ulogd/ulogd.syslogemu-*
19	19
20	20	# Keep only the lines in the proper date range...
21	21	*ApplyStdDate

+2

-1

conf/logfiles/kernel.conf less more

14	14	LogFile = kern.log
15	15	LogFile = kern.log.0
16	16	Archive = kern.log.*.gz
	17	Archive = kern.log-*.gz
17	18	*ExpandRepeats
18	19	*ApplyStdDate
19	20
20	21	###########################################################################
21	22	# Please send all comments, suggestions, bug reports,
22		# etc, to logwatch-devel@logwatch.org
	23	# etc, to logwatch-devel@lists.sourceforge.net
23	24	###########################################################################

+4

-0

conf/logfiles/maillog.conf less more

23	23	Archive = syslog.*
24	24	Archive = archiv/maillog.*
25	25	Archive = mail.log.*.gz
	26	Archive = maillog-*
	27	Archive = syslog-*
	28	Archive = archiv/maillog-*
	29	Archive = mail.log-*.gz
26	30
27	31
28	32	# Expand the repeats (actually just removes them now)

+2

-0

conf/logfiles/messages.conf less more

17	17	#If you use a "-" in naming add that as well -mgt
18	18	Archive = messages.*
19	19	Archive = archiv/messages.*
	20	Archive = messages-*
	21	Archive = archiv/messages-*
20	22
21	23	# Expand the repeats (actually just removes them now)
22	24	*ExpandRepeats

+16

-0

conf/logfiles/mysql.conf less more

	0	########################################################
	1	# Logfile definition for MySQL
	2	# File is to be placed in
	3	# /etc/logwatch/conf/logfiles/mysql.conf
	4	########################################################
	5
	6	# What actual file? Defaults to LogPath if not absolute path....
	7	LogFile = /var/log/mysql/mysqld.err.1
	8	LogFile = /var/log/mysql/mysqld.err
	9
	10	Archive = /var/log/mysql/mysqld.err.*.gz
	11	Archive = /var/log/mysql/mysqld.err-*.gz
	12
	13	# Expand the repeats (actually just removes them now)
	14	*ExpandRepeats
	15

+1

-0

conf/logfiles/netopia.conf less more

18	18	# (optionally containing wildcards) that tell where they are...
19	19	#If you use a "-" in naming add that as well -mgt
20	20	Archive = netopia.log.*
	21	Archive = netopia.log-*
21	22
22	23	# Expand the repeats (actually just removes them now)
23	24	#*ExpandRepeats

+1

-0

conf/logfiles/netscreen.conf less more

18	18	# (optionally containing wildcards) that tell where they are...
19	19	#If you use a "-" in naming add that as well -mgt
20	20	Archive = netscreen.log.*
	21	Archive = netscreen.log-*
21	22
22	23	# Expand the repeats (actually just removes them now)
23	24	#*ExpandRepeats

+9

-0

conf/logfiles/php.conf less more

15	15
16	16	# What actual file? Defaults to LogPath if not absolute path....
17	17	LogFile = httpd/php_log
	18	LogFile = apache2/php_error_log.1
	19	LogFile = apache2/php_error_log
	20	LogFile = apache2/php_error.log.1
	21	LogFile = apache2/php_error.log
18	22
19	23	# adjust your php.ini accordingly:
20	24	# error_log = /var/log/httpd/php_log

24	28	# (optionally containing wildcards) that tell where they are...
25	29	#If you use a "-" in naming add that as well -mgt
26	30	Archive = httpd/php_log.*
	31	Archive = httpd/php_log-*
	32	Archive = apache2/php_error_log.*
	33	Archive = apache2/php_error_log-*
	34	Archive = apache2/php_error.log.*
	35	Archive = apache2/php_error.log-*
27	36
28	37	# vi: shiftwidth=3 tabstop=3 et

+1

-0

conf/logfiles/pix.conf less more

8	8
9	9	LogFile = pix.log
10	10	Archive = pix.log.*
	11	Archive = pix.log-*
11	12
12	13	# vi: shiftwidth=3 tabstop=3 et

+1

-0

conf/logfiles/pureftp.conf less more

16	16	# (optionally containing wildcards) that tell where they are...
17	17	#If you use a "-" in naming add that as well -mgt
18	18	Archive = pureftp/syslog.log.*
	19	Archive = pureftp/syslog.log-*
19	20
20	21	# Keep only the lines in the proper date range...
21	22	*ApplyStdDate

+5

-5

conf/logfiles/resolver.conf less more

10	10	#
11	11	#Redistribution and use in source and binary forms, with or without
12	12	#modification, are permitted provided that the following conditions are met:
13		#
	13	#
14	14	#* Redistributions of source code must retain the above copyright notice,
15	15	# this list of conditions and the following disclaimer.
16		#
	16	#
17	17	#* Redistributions in binary form must reproduce the above copyright
18	18	# notice, this list of conditions and the following disclaimer in the
19	19	# documentation and/or other materials provided with the distribution.
20		#
	20	#
21	21	#* Neither the name of Sparta, Inc nor the names of its contributors may
22	22	# be used to endorse or promote products derived from this software
23	23	# without specific prior written permission.
24		#
	24	#
25	25	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
26	26	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27	27	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

44	44	#############################################################################
45	45
46	46	########################################################
47		# Define log file group for resolver
	47	# Define log file group for resolver
48	48	########################################################
49	49
50	50	# What actual file? Defaults to LogPath if not absolute path....

+1

-0

conf/logfiles/rt314.conf less more

8	8	# (optionally containing wildcards) that tell where they are...
9	9	#If you use a "-" in naming add that as well -mgt
10	10	Archive = netgear.log.*
	11	Archive = netgear.log-*
11	12
12	13	# Keep only the lines in the proper date range...
13	14	*ApplyStdDate

+1

-1

conf/logfiles/samba.conf less more

11	11
12	12	# What actual file? Defaults to LogPath if not absolute path....
13	13	LogFile = samba-log.*
14		LogFile = samba/*
	14	LogFile = samba/*.log
15	15
16	16	#Negate hostlimit command
17	17	NoHostFilter = Yes

+5

-0

conf/logfiles/secure.conf less more

22	22	Archive = archiv/secure.*
23	23	Archive = authlog.*
24	24	Archive = auth.log.*.gz
	25	Archive = secure-*
	26	Archive = archiv/secure-*
	27	Archive = authlog-*
	28	Archive = auth.log-*.gz
	29
25	30
26	31	# Expand the repeats (actually just removes them now)
27	32	*ExpandRepeats

+3

-1

conf/logfiles/sonicwall.conf less more

8	8	# Kirk Bauer <kirk@kaybee.org>
9	9	#
10	10	# Please send all comments, suggestions, bug reports,
11		# etc, to logwatch-devel@logwatch.org
	11	# etc, to logwatch-devel@lists.sourceforge.net
12	12	########################################################
13	13
14	14	# What actual file? Defaults to LogPath if not absolute path....

19	19	#If you use a "-" in naming add that as well -mgt
20	20	Archive = sonicwall.log.*
21	21	Archive = archiv/sonicwall.log.*
	22	Archive = sonicwall.log-*
	23	Archive = archiv/sonicwall.log-*
22	24
23	25	# Keep only the lines in the proper date range...
24	26	*ApplyStdDate

+4

-3

conf/logfiles/syslog.conf less more

14	14
15	15	# Syslog file for debian-based systems
16	16
17		Logfile =
18		Archive =
	17	Logfile =
	18	Archive =
19	19	LogFile = syslog
20	20	LogFile = syslog.0
21	21	Archive = syslog.*.gz
	22	Archive = syslog-*.gz
22	23	*ExpandRepeats
23	24	#Comma separated list works best -mgt
24	25	*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty

26	27
27	28	###########################################################################
28	29	# Please send all comments, suggestions, bug reports,
29		# etc, to logwatch-devel@logwatch.org
	30	# etc, to logwatch-devel@lists.sourceforge.net
30	31	###########################################################################

+1

-0

conf/logfiles/tac_acc.conf less more

4	4	# (optionally containing wildcards) that tell where they are...
5	5	#If you use a "-" in naming add that as well -mgt
6	6	Archive = tac_acc.log.*
	7	Archive = tac_acc.log-*
7	8
8	9	# Keep only the lines in the proper date range...
9	10	*ApplyStdDate

+1

-0

conf/logfiles/up2date.conf less more

16	16	# (optionally containing wildcards) that tell where they are...
17	17	#If you use a "-" in naming add that as well -mgt
18	18	Archive = up2date.*
	19	Archive = up2date-*
19	20
20	21	# vi: shiftwidth=3 tabstop=3 et

+3

-1

conf/logfiles/vsftpd.conf less more

18	18	#If you use a "-" in naming add that as well -mgt
19	19	Archive = vsftpd.log.*
20	20	Archive = archiv/vsftpd.log.*
	21	Archive = vsftpd.log-*
	22	Archive = archiv/vsftpd.log-*
21	23
22		*ApplyStdDate =
	24	*ApplyStdDate =
23	25	# vi: shiftwidth=3 tabstop=3 et

+3

-1

conf/logfiles/windows.conf less more

6	6	# William Roumier <w.roumier@hotmail.fr>
7	7	#
8	8	# Please send all comments, suggestions, bug reports,
9		# etc, to logwatch-devel@logwatch.org
	9	# etc, to logwatch-devel@lists.sourceforge.net
10	10	##########################################################################
11	11
12	12	# What actual file? Defaults to LogPath if not absolute path....

18	18	# you use wildcards...
19	19	Archive = windows.log.*
20	20	Archive = windows.log.*.gz
	21	Archive = windows.log-*
	22	Archive = windows.log-*.gz
21	23
22	24	# Expand the repeats (actually just removes them now)
23	25	*ExpandRepeats

+2

-0

conf/logfiles/xferlog.conf less more

17	17	#If you use a "-" in naming add that as well -mgt
18	18	Archive = xferlog.*
19	19	Archive = archiv/xferlog.*
	20	Archive = xferlog-*
	21	Archive = archiv/xferlog-*
20	22
21	23	# vi: shiftwidth=3 tabstop=3 et

+14

-13

conf/logwatch.conf less more

9	9	# NOTE:
10	10	# All these options are the defaults if you run logwatch with no
11	11	# command-line arguments. You can override all of these on the
12		# command-line.
	12	# command-line.
13	13
14	14	# You can put comments anywhere you want to. They are effective for the
15	15	# rest of the line.

38	38	Encode = none
39	39
40	40	# Default person to mail reports to. Can be a local account or a
41		# complete email address. Variable Print should be set to No to
42		# enable mail feature.
	41	# complete email address. Variable Output should be set to mail, or
	42	# --output mail should be passed on command line to enable mail feature.
43	43	MailTo = root
44	44	# WHen using option --multiemail, it is possible to specify a different
45	45	# email recipient per host processed. For example, to send the report

73	73	# Low = 0
74	74	# Med = 5
75	75	# High = 10
76		Detail = Low
	76	Detail = Low
77	77
78	78
79	79	# The 'Service' option expects either the name of a filter
80	80	# (in /usr/share/logwatch/scripts/services/*) or 'All'.
81	81	# The default service(s) to report on. This should be left as All for
82		# most people.
	82	# most people.
83	83	Service = All
84	84	# You can also disable certain services (when specifying all)
85	85	Service = "-zz-network" # Prevents execution of zz-network service, which

99	99	# You can also choose to use the 'LogFile' option. This will cause
100	100	# logwatch to only analyze that one logfile.. for example:
101	101	#LogFile = messages
102		# will process /var/log/messages. This will run all the filters that
	102	# will process /var/log/messages. This will run all the filters that
103	103	# process that logfile. This option is probably not too useful to
104		# most people. Setting 'Service' to 'All' above analyizes all LogFiles
	104	# most people. Setting 'Service' to 'All' above analyzes all LogFiles
105	105	# anyways...
106	106
107	107	#
108		# By default we assume that all Unix systems have sendmail or a sendmail-like system.
109		# The mailer code Prints a header with To: From: and Subject:.
110		# At this point you can change the mailer to any thing else that can handle that output
111		# stream. TODO test variables in the mailer string to see if the To/From/Subject can be set
112		# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
	108	# By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
	109	# The mailer code prints a header with To: From: and Subject:.
	110	# At this point you can change the mailer to anything that can handle this output
	111	# stream.
	112	# TODO test variables in the mailer string to see if the To/From/Subject can be set
	113	# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
113	114	mailer = "/usr/sbin/sendmail -t"
114	115
115	116	#

117	118	# (as returned by 'hostname' command) will be processed. The hostname
118	119	# can also be overridden on the commandline (with --hostname option). This
119	120	# can allow a log host to process only its own logs, or Logwatch can be
120		# run once per host included in the logfiles.
	121	# run once per host included in the logfiles.
121	122	#
122	123	# The default is to report on all log entries, regardless of its source host.
123	124	# Note that some logfiles do not include host information and will not be

+8

-8

conf/services/amavis.conf less more

27	27
28	28	# Specifies the percentiles of collected data to show in the timing report.
29	29	# Valid values are from 0 to 100, inclusive.
30		#
	30	#
31	31	#$amavis_Timing_Percentiles = 0 5 25 50 75 95 100
32	32
33	33	# Show spam score percentiles
34		#
	34	#
35	35	#$amavis_Show_SpamScore = Yes
36	36
37	37	# Specifies the percentiles of spam scores to show
38	38	# Valid values are from 0 to 100, inclusive.
39		#
	39	#
40	40	#$amavis_SpamScore_Percentiles = 0 50 90 95 98 100
41	41
42	42	# Show top N percent of the timings report
43		#
	43	#
44	44	#$amavis_Timings = 95
45	45
46	46	# Show SpamAssassin rules hit
47		#
	47	#
48	48	#$amavis_Show_SARules = Yes
49	49
50	50	# Show top N SpamAssassin Ham rules hit
51		#
	51	#
52	52	#$amavis_SARulesTopHam = 20
53	53
54	54	# Show top N SpamAssassin Spam rules hit
55		#
	55	#
56	56	#$amavis_SARulesTopSpam = 20
57	57
58	58	# If available, show most recent amavis startup details
59		#
	59	#
60	60	#$amavis_Show_StartInfo = Yes
61	61
62	62

+2

-2

conf/services/audit.conf less more

20	20	# Note that audit lines may have something like audit(1114839915.618:0)
21	21	# as the service name
22	22	# (Some implementations might not precede it with "kernel:")
23		OnlyService = (kernel:)?\s(type=[0-9]+\s)?audit.
	23	OnlyService = (kernel:)?\s(\[\s\d+\.\d+\]\s)?(type=[0-9]+\s)?audit.
24	24	*RemoveHeaders
25	25
26	26	########################################################

28	28	# Ron Kuris <swcafe@gmail.com>
29	29	#
30	30	# Please send all comments, suggestions, bug reports,
31		# etc, to logwatch-devel@logwatch.org
	31	# etc, to logwatch-devel@lists.sourceforge.net
32	32	########################################################
33	33

+32

-0

conf/services/citadel.conf less more

	0	###########################################################################
	1	# $Id:$
	2	###########################################################################
	3
	4	# You can put comments anywhere you want to. They are effective for the
	5	# rest of the line.
	6
	7	# this is in the format of <name> = <value>. Whitespace at the beginning
	8	# and end of the lines is removed. Whitespace before and after the = sign
	9	# is removed. Everything is case insensitive.
	10
	11	# Yes = True = On = 1
	12	# No = False = Off = 0
	13
	14	Title = "Citadel"
	15
	16	# Which logfile group...
	17	LogFile = citadel
	18
	19	# Only give lines pertaining to the citadel service...
	20	*OnlyService = "citadel"
	21	*RemoveHeaders
	22
	23	########################################################
	24	# This was written and is maintained by:
	25	# Stefan Jakobs <logwatch at localside.net>
	26	#
	27	# Please send all comments, suggestions, bug reports,
	28	# etc, to logwatch at localside.net.
	29	########################################################
	30
	31	# vi: shiftwidth=3 tabstop=3 et

+3

-3

conf/services/clam-update.conf less more

29	29	# Important note:
30	30	#
31	31	# Under normal operation - ie. a detail level of 'lo' (0), no output will
32		# be produced if no updates have taken place. However, if no update
	32	# be produced if no updates have taken place. However, if no update
33	33	# attempt has been done, an alert will be output to inform you about this
34	34	# (which probably means that freshclam isn't running).
35		#
36		# If you have stopped using ClamAV and would like to get rid of the
	35	#
	36	# If you have stopped using ClamAV and would like to get rid of the
37	37	# alert, you should delete the logfile. If there's no logfile, no alerts
38	38	# will be output - but if Logwatch finds a logfile and no update attempts
39	39	# have been made for whatever timeperiod Logwatch is analyzing, an alert

+13

-0

conf/services/clamav.conf less more

8	8	##################################################################
9	9
10	10	Title = "Clamav"
	11
	12	# If you log to syslog, you probably want...
11	13	LogFile = messages
	14
	15	*applystddate
12	16	*OnlyService = clamd
	17
	18	# If clamd logs to a file directly, you want only...
	19	# (comment out *OnlyService above)
	20	#LogFile = clamav
	21
13	22	*RemoveHeaders
14	23
15	24	# To turnoff unmatched output set to 1
16	25	$clamav_ignoreunmatched = 0
17	26
	27	# To set a detail level different from the global one, uncomment
	28	# and set it to an appropriate number
	29	#$clamav_detail_level = 5
	30
18	31	# vi: shiftwidth=3 tabstop=3 et

+4

-4

conf/services/courier.conf less more

16	16	# Which logfile group...
17	17	LogFile = maillog
18	18
19		# Because the Courier Mail Server has very generic service names (pop3d
	19	# Because the Courier Mail Server has very generic service names (pop3d
20	20	# etc.), it might sometimes be necessary to disable courier.
21	21	$courier_enable=1
22	22

27	27	#$courier_override_detail_level=5
28	28
29	29	# Output format
30		# 0 make IPtables-Like output
	30	# 0 make IPtables-Like output
31	31	# 1 make nicely-formatted tables
32		# Default to 0 because that fits
	32	# Default to 0 because that fits
33	33	# better with the rest of logwatch
34	34	$courier_tables=0
35	35

45	45	#Change this to 1 if you want to do reverse DNS lookups
46	46	$courier_ip_lookup=0
47	47
48		# Allows to print all unmatched lines (only useful if courier
	48	# Allows to print all unmatched lines (only useful if courier
49	49	# is the only service that logs to maillog)
50	50	#$courier_print_all_unmatched=0
51	51

+5

-5

conf/services/dnssec.conf less more

10	10	#
11	11	#Redistribution and use in source and binary forms, with or without
12	12	#modification, are permitted provided that the following conditions are met:
13		#
	13	#
14	14	#* Redistributions of source code must retain the above copyright notice,
15	15	# this list of conditions and the following disclaimer.
16		#
	16	#
17	17	#* Redistributions in binary form must reproduce the above copyright
18	18	# notice, this list of conditions and the following disclaimer in the
19	19	# documentation and/or other materials provided with the distribution.
20		#
	20	#
21	21	#* Neither the name of Sparta, Inc nor the names of its contributors may
22	22	# be used to endorse or promote products derived from this software
23	23	# without specific prior written permission.
24		#
	24	#
25	25	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
26	26	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27	27	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

44	44	#############################################################################
45	45
46	46	###########################################################################
47		# Configuration file for dnssec filter
	47	# Configuration file for dnssec filter
48	48	###########################################################################
49	49
50	50	Title = "DNSSEC"

+2

-2

conf/services/exim.conf less more

17	17	LogFile = exim
18	18
19	19	# Only give lines pertaining to the mountd service...
20		#*OnlyService =
21		#*RemoveHeaders =
	20	#*OnlyService =
	21	#*RemoveHeaders =
22	22
23	23	########################################################
24	24	# This was written and is maintained by:

+3

-3

conf/services/eximstats.conf less more

17	17	LogFile = exim
18	18
19	19	# Only give lines pertaining to the mountd service...
20		#*OnlyService =
21		#*RemoveHeaders =
	20	#*OnlyService =
	21	#*RemoveHeaders =
22	22
23	23	# Location of eximstats executable
24	24	$eximstats = "/usr/sbin/eximstats"

29	29	#
30	30	# Please send all comments, suggestions, bug reports,
31	31	# etc, to jeff.frost@frostconsultingllc.com and
32		# logwatch-devel@logwatch.org
	32	# logwatch-devel@lists.sourceforge.net
33	33	########################################################
34	34
35	35	# vi: shiftwidth=3 tabstop=3 et

+31

-0

conf/services/fetchmail.conf less more

	0	###########################################################################
	1	# $Id: fetchmail $
	2	###########################################################################
	3
	4	# You can put comments anywhere you want to. They are effective for the
	5	# rest of the line.
	6
	7	# this is in the format of <name> = <value>. Whitespace at the beginning
	8	# and end of the lines is removed. Whitespace before and after the = sign
	9	# is removed. Everything is case insensitive.
	10
	11	# Yes = True = On = 1
	12	# No = False = Off = 0
	13
	14	Title = "Fetchmail"
	15
	16	# Which logfile group...
	17	LogFile = maillog
	18
	19	*OnlyService = fetchmail
	20	*RemoveHeaders
	21
	22	#Fetchmail Global ENV Variables
	23
	24	########################################################
	25	# This was written and is maintained by:
	26	# Oron Peled <oron \@\ actcom.net.il>
	27	#
	28	########################################################
	29
	30	# vi: shiftwidth=3 tabstop=3 et

+15

-0

conf/services/http-error.conf less more

	0	#
	1	# Service definition for http error log
	2	#
	3	# File to be placed in
	4	# /etc/logwatch/conf/services/http-error.conf
	5	#
	6
	7	Title = http errors
	8
	9	# Which logfile group...
	10	LogFile = http-error
	11
	12	# PHP notices should be fixed
	13	Detail = High
	14

+3

-3

conf/services/http.conf less more

0	0	###########################################################################
1		# Configuration file for http filter
	1	# Configuration file for http filter
2	2	###########################################################################
3	3
4	4	Title = "httpd"

26	26	# agent
27	27	#
28	28	#$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent"
29		#$HTTP_FORMAT = "space space space brace quote space space quote quote"
	29	#$HTTP_FORMAT = "space space space brace quote space space quote quote"
30	30	# Define the field formats
31	31	#
32	32	# the only currently supported formats are:

42	42
43	43	# Ignore requests
44	44	# Note - will not do ANY processing, counts, etc... just skip it and go to
45		# the next entry in the log file.
	45	# the next entry in the log file.
46	46	# Examples:
47	47	# 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits
48	48	# $HTTP_IGNORE_URLS = ^/model/\d{1,10}$

+2

-2

conf/services/imapd.conf less more

18	18
19	19	# Only give lines pertaining to courier...
20	20	# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1
21		#but you will get at least all currently supported logs
	21	#but you will get at least all currently supported logs
22	22	*OnlyService = (imapd\|imapd-ssl\|imapsd)
23	23
24		*RemoveHeaders =
	24	*RemoveHeaders =
25	25
26	26	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/iptables.conf less more

34	34
35	35	########################################################
36	36	# Please send all comments, suggestions, bug reports,
37		# etc, to logwatch-devel@logwatch.org
	37	# etc, to logwatch-devel@lists.sourceforge.net
38	38	########################################################
39	39
40	40	# vi: shiftwidth=3 tabstop=3 et

+5

-0

conf/services/kernel.conf less more

20	20	*OnlyService = (kernel\|SUNW,[-\w]+?)
21	21	*RemoveHeaders
22	22
	23	# Ignore segfaults and general protection faults in the listed programs
	24	# The value is a regular expression that the executable name is matched
	25	# against. Separate multiple executables with \|
	26	# $ignore_faults = npviewer.bin
	27
23	28	########################################################
24	29	# This was written and is maintained by:
25	30	# Kirk Bauer <kirk@kaybee.org>

+2

-2

conf/services/mailscanner.conf less more

17	17	LogFile = maillog
18	18
19	19	# Only give lines pertaining to the sendmail service...
20		*OnlyService = MailScanner
	20	*OnlyService = MailScanner
21	21	*RemoveHeaders
22	22
23	23	#Mailscanner Global ENV Variables

26	26
27	27	########################################################
28	28	# This was written and is maintained by:
29		# Mike Tremaine <mgt \@\ stellarcore.net>
	29	# Mike Tremaine <mgt \@\ stellarcore.net>
30	30	#
31	31	########################################################
32	32

+13

-0

conf/services/mysql.conf less more

	0	#
	1	# Service definition for MySQL error log
	2	#
	3
	4	Title = mysqld
	5
	6	# Which logfile group...
	7	LogFile = mysql
	8
	9	#
	10	Detail = High
	11
	12	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/openvpn.conf less more

19	19	# Only give lines pertaining to ntpd...
20	20	*OnlyService = openvpn
21	21
22		*RemoveHeaders =
	22	*RemoveHeaders =
23	23
24	24	# vi: shiftwidth=3 tabstop=3 et

+2

-2

conf/services/pop3.conf less more

19	19
20	20	# Only give lines pertaining to courier...
21	21	# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1
22		#but you will get at least all currently supported logs
	22	#but you will get at least all currently supported logs
23	23	*OnlyService = (pop3d-ssl\|pop3d\|spop3d\|tpop3d)
24	24
25		*RemoveHeaders =
	25	*RemoveHeaders =
26	26
27	27	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/portsentry.conf less more

18	18
19	19	# Only give lines pertaining to the portsentry service...
20	20	*OnlyService = portsentry
21		*RemoveHeaders =
	21	*RemoveHeaders =
22	22
23	23	########################################################
24	24	# This was written and is maintained by:

+1

-1

conf/services/postfix.conf less more

19	19	# Only give lines pertaining to the postfix service...
20	20	OnlyService = "postfix/[a-zA-Z0-9]"
21	21	# *OnlyService = "postfix/smtpd"
22		*RemoveHeaders =
	22	*RemoveHeaders =
23	23
24	24	########################################################
25	25	# This was written and is maintained by:

+31

-0

conf/services/puppet.conf less more

	0	###########################################################################
	1	# $Id: cron.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $
	2	###########################################################################
	3
	4	# You can put comments anywhere you want to. They are effective for the
	5	# rest of the line.
	6
	7	# this is in the format of <name> = <value>. Whitespace at the beginning
	8	# and end of the lines is removed. Whitespace before and after the = sign
	9	# is removed. Everything is case insensitive.
	10
	11	# Yes = True = On = 1
	12	# No = False = Off = 0
	13
	14	Title = "Puppet"
	15
	16	# Which logfile group...
	17	LogFile = syslog
	18	LogFile = messages
	19	*OnlyService = puppet(d\|-agent)
	20	*RemoveHeaders
	21
	22	########################################################
	23	# This was written and is maintained by:
	24	# Kirk Bauer <kirk@kaybee.org>
	25	#
	26	# Please send all comments, suggestions, bug reports,
	27	# etc, to kirk@kaybee.org.
	28	########################################################
	29
	30	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/qmail.conf less more

18	18
19	19	# Only give lines pertaining to the qmail service...
20	20	*OnlyService = qmail
21		*RemoveHeaders =
	21	*RemoveHeaders =
22	22
23	23	# This sets whether to display counts of emails from each user & to each user.
24	24	# Will make rather a large log file if run on a primary mail server.

+1

-1

conf/services/scsi.conf less more

27	27	# cadtool@stepmind.com
28	28	#
29	29	# Please send all comments, suggestions, bug reports,
30		# etc, to logwatch-devel@logwatch.org
	30	# etc, to logwatch-devel@lists.sourceforge.net
31	31	########################################################
32	32	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/sendmail.conf less more

137	137
138	138	########################################################
139	139	# Please send all comments, suggestions, bug reports,
140		# etc, to logwatch-devel@logwatch.org
	140	# etc, to logwatch-devel@lists.sourceforge.net
141	141	########################################################
142	142
143	143	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/sonicwall.conf less more

23	23
24	24	########################################################
25	25	# Please send all comments, suggestions, bug reports,
26		# etc, to logwatch-devel@logwatch.org
	26	# etc, to logwatch-devel@lists.sourceforge.net
27	27	########################################################
28	28
29	29	# vi: shiftwidth=3 tabstop=3 et

+2

-2

conf/services/sshd.conf less more

18	18	LogFile = messages
19	19
20	20	# Only give lines pertaining to the sshd service...
21		*OnlyService = sshd
	21	*OnlyService = sshd
22	22	*RemoveHeaders
23	23
24	24	# Variable $sshd_ignore_host is used to filter out hosts that login

33	33	# indication of an attack or a problem.
34	34	# Set this variable to a positive integer to trim out the lower count
35	35	# refused connections from the report. i.e. 10 would not show any hosts
36		# with less than 10 refusals.
	36	# with less than 10 refusals.
37	37	# This has no effect if the $Detail variable is greater than 5.
38	38	#$refused_connections_threshold = 10
39	39

+1

-1

conf/services/sudo.conf less more

17	17	LogFile = secure
18	18
19	19	# Only give lines pertaining to the sudo service...
20		*OnlyService = sudo
	20	*OnlyService = sudo
21	21	*RemoveHeaders
22	22
23	23	# number of times same command $0 run by same user for summary only to be

+32

-0

conf/services/syslog-ng.conf less more

	0	###########################################################################
	1	# $Id: syslog-ng.conf,v 1.4 2009/11/29 12:41:47 general stab $
	2	###########################################################################
	3
	4	# You can put comments anywhere you want to. They are effective for the
	5	# rest of the line.
	6
	7	# this is in the format of <name> = <value>. Whitespace at the beginning
	8	# and end of the lines is removed. Whitespace before and after the = sign
	9	# is removed. Everything is case insensitive.
	10
	11	# Yes = True = On = 1
	12	# No = False = Off = 0
	13
	14	Title = "Syslog-ng"
	15
	16	# Which logfile group...
	17	LogFile = messages
	18
	19	# Only give lines pertaining to the syslogd service...
	20	OnlyService = "syslog-ng\[[0-9]\]"
	21	*RemoveHeaders
	22
	23	########################################################
	24	# This was written and is maintained by:
	25	# Stefan Jakobs <logwatch at localside.net>
	26	#
	27	# Please send all comments, suggestions, bug reports,
	28	# etc, to logwatch at localside.net.
	29	########################################################
	30
	31	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/vpopmail.conf less more

18	18
19	19	# Only give lines pertaining to the qmail service...
20	20	*OnlyService = vpopmail
21		*RemoveHeaders =
	21	*RemoveHeaders =
22	22
23	23	# Do you want to report succeful logins?
24	24	$successful_logins = 0

+1

-1

conf/services/windows.conf less more

6	6	# William Roumier <w.roumier@hotmail.fr>
7	7	#
8	8	# Please send all comments, suggestions, bug reports,
9		# etc, to logwatch-devel@logwatch.org
	9	# etc, to logwatch-devel@lists.sourceforge.net
10	10	##########################################################################
11	11	# This service analyzes the syslog entries for Windows
12	12	# systems. It requires an utility to extract information

+1

-1

conf/services/zz-network.conf less more

28	28
29	29	########################################################
30	30	# Please send all comments, suggestions, bug reports,
31		# etc, to logwatch-devel@logwatch.org
	31	# etc, to logwatch-devel@lists.sourceforge.net
32	32	########################################################
33	33
34	34	# vi: shiftwidth=3 tabstop=3 et

+1

-1

conf/services/zz-sys.conf less more

22	22
23	23	########################################################
24	24	# Please send all comments, suggestions, bug reports,
25		# etc, to logwatch-devel@logwatch.org
	25	# etc, to logwatch-devel@lists.sourceforge.net
26	26	########################################################
27	27
28	28	# vi: shiftwidth=3 tabstop=3 et

+30

-0

conf/services/zz-zfs.conf less more

	0	###########################################################################
	1	# $Id$
	2	###########################################################################
	3
	4	# Show status of ZFS pools
	5
	6	Title = "ZFS Report"
	7
	8	LogFile = NONE
	9
	10	# Where your zpool and zfs commands live
	11	#$pathto_zpool = "/usr/sbin/zpool"
	12	#$pathto_zfs = "/usr/sbin/zfs"
	13
	14	# If you want to set the detail level for zz-zfs separately from the
	15	# rest of logwatch, you can do it here:
	16	$zfs_detail = 0
	17
	18	# Set this to print only the summary (default if detail level is "Low")
	19	#$summary_only = 1
	20
	21	# Set this to print only the status detail
	22	#$detail_only = 1
	23
	24	########################################################
	25	# Please send all comments, suggestions, bug reports,
	26	# etc, to logwatch-devel@logwatch.org
	27	########################################################
	28
	29	# vi: shiftwidth=3 tabstop=3 et

+1

-0

ignore.conf.5 less more

0

.so man5/logwatch.conf.5⏎

+20

-8

install_logwatch.sh less more

129	129	fi
130	130
131	131	printf "Enter the path for the Logwatch ConfigDir [$CONFIGDIR] : "
132		read config
	132	read config
133	133
134	134	if [ "$config" = "" ]; then
135	135	printf "### Using $CONFIGDIR\n"

262	262	done
263	263
264	264	#Man page
265		if [ -d $MANDIR/man8 ] && [ $HAVE_MAKEWHATIS ]; then
	265	if [ -d $MANDIR/man5 ] && [ -d $MANDIR/man8 ] && [ $HAVE_MAKEWHATIS ]; then
266	266	install -m 0644 logwatch.8 $MANDIR/man8
	267	install -m 0644 logwatch.conf.5 $MANDIR/man5
	268	install -m 0644 override.conf.5 $MANDIR/man5
	269	install -m 0644 ignore.conf.5 $MANDIR/man5
267	270	#OpenBSD no -s
268	271	if [ $OS = "OpenBSD" ]; then
269		makewhatis -u $MANDIR/man8
	272	makewhatis -u $MANDIR/man5 $MANDIR/man8
270	273	else
271	274	#FreeBSD and NetBSD no -s no -u
272	275	if [ $OS = "FreeBSD" ] \|\| [ $OS = "NetBSD" ]; then
273		makewhatis $MANDIR/man8
	276	makewhatis $MANDIR/man5 $MANDIR/man8
274	277	else
275	278	#MacOS X aka Darwin no -u [even thought the manpage says]
276	279	if [ $OS = "Darwin" ]; then
277		makewhatis -s 8 $MANDIR
	280	makewhatis -s "5 8" $MANDIR
278	281	else
279	282	#Linux
280		makewhatis -u -s 8 $MANDIR
	283	makewhatis -u -s "5 8" $MANDIR
281	284	fi
282	285	fi
283	286	fi

286	289	#Go for the safe install rather then editing man.cf
287	290	mkdir -p $MANDIR/man1m > /dev/null 2>&1
288	291	install -m 0644 logwatch.8 $MANDIR/man1m
	292	install -m 0644 logwatch.conf.5 $MANDIR/man1m
	293	install -m 0644 override.conf.5 $MANDIR/man1m
	294	install -m 0644 ignore.conf.5 $MANDIR/man1m
289	295	catman -w -M $MANDIR/man1m
290	296	else
	297	install -m 0755 -d $MANDIR/man5
	298	install -m 0644 logwatch.conf.5 $MANDIR/man5
	299	install -m 0644 override.conf.5 $MANDIR/man5
	300	install -m 0644 ignore.conf.5 $MANDIR/man5
	301
291	302	install -m 0755 -d $MANDIR/man8
292	303	install -m 0644 logwatch.8 $MANDIR/man8
293		printf "Installed manpage in $MANDIR/man8.\n"
294		printf "Check your man.cf or man.conf to enable MANSECTS 8\n"
	304
	305	printf "Installed manpages in $MANDIR/man5 and $MANDIR/man8.\n"
	306	printf "Check your man.cf or man.conf to enable MANSECTS 5 and 8\n"
295	307	fi
296	308	fi
297	309

+6

-6

lib/Logwatch.pm less more

199	199	}
200	200	}
201	201	my $count = $BB <=> $AA;
202
	202
203	203	return $count if $count;
204	204	if (ref $coderef) {
205	205	$a = $A;

346	346	This function merely prints out some information about --range to STDERR.
347	347
348	348	=cut
349
	349
350	350	sub RangeHelpDM {
351	351	eval "use Date::Manip"; my $hasDM = $@ ? 0 : 1;
352	352

426	426	in a range
427	427
428	428	=cut
429
	429
430	430	sub GetPeriod {
431	431
432	432	my $range = lc $ENV{"LOGWATCH_DATE_RANGE"} \|\| "yesterday";

533	533	This function returns a regexp to filter by date/time
534	534
535	535	=cut
536
	536
537	537
538	538	sub TimeFilter {
539	539	my ($format) = $_[0];

562	562	$format =~ s/%a/.../;
563	563	$format =~ s/%d/../;
564	564	$format =~ s/%e/../;
565		if ($period eq 'month') {last;}
	565	if ($period eq 'month') {last;}
566	566	$format =~ s/%b/.../;
567	567	$format =~ s/%m/../;
568	568	if ($period eq 'year') {last;}

571	571	}
572	572
573	573	$SearchDate .= "(";
574
	574
575	575	for my $time (@time_t) {
576	576	if ($time) {
577	577	$SearchDate .= strftime($format, localtime($time)) . "\|";

+2

-4

logwatch.8 less more

10	10	.I log-file-group
11	11	.B ] [--service
12	12	.I service-name
13		.B ] [--print] [--mailto
	13	.B ] [--mailto
14	14	.I address
15	15	.B ] [--archives] [--range
16	16	.I range

62	62	.I All
63	63	which will process all services (and logfile-groups) for which you have
64	64	filters installed.
65		.IP "\fB--print\fR"
66		Print the results to stdout (i.e. the screen).
67	65	.IP "\fB--mailto\fR address"
68	66	Mail the results to the email address or user specified in
69	67	.I address.

141	139	files, and describes how to customize Logwatch by overriding these default
142	140	files.
143	141	.RE
144		.I License
	142	.I LICENSE
145	143	.RS
146	144	Describes the License under which Logwatch is distributed. Additional
147	145	clauses may be specified in individual files.

+37

-0

logwatch.conf.5 less more

	0	.\" Written by Ivana Varekova <varekova@redhat.com>.
	1	.TH LOGWATCH.CONF 5 2010-02-10 "GNU" "Linux Programmer's Manual"
	2	.SH NAME
	3	logwatch.conf, ignore.conf, override.conf - logwatch configuration files
	4	.SH DESCRIPTION
	5
	6	.BR logwatch.conf
	7	- (
	8	.BR /etc/logwatch/conf/logwatch.conf
	9	)
	10	- can contain the local configuration options.
	11	The list of valid settings and their default values are in
	12	.BR /usr/share/logwatch/default.conf/logwatch.conf.
	13
	14	.BR ignore.conf
	15	- (
	16	.BR /etc/logwatch/conf/ignore.conf
	17	)
	18	is the list of regular expressions.
	19	The set of logs decribed by this set is ignored by logwatch.
	20
	21	.BR override.conf
	22	- (
	23	.BR /etc/logwatch/conf/override.conf
	24	)
	25	contains the settings which overrides the standard configuration
	26	of specific log files or services. The syntax is the same as in
	27	log/service files.
	28
	29	.SH FILES
	30	.I /etc/logwatch/conf/logwatch.conf
	31	.I /etc/logwatch/conf/logwatch.conf
	32	.I /etc/logwatch/conf/logwatch.conf
	33	.I /usr/share/logwatch/default.conf/logwatch.conf
	34
	35	.SH "SEE ALSO"
	36	.BR logwatch (8)

+1

-0

override.conf.5 less more

0

.so man5/logwatch.conf.5

+0

-1

~~project/.lastver~~ less more

0

7.3.5

+0

-1

~~project/.project~~ less more

0

logwatch

+0

-1

~~project/.release~~ less more

0

1

+0

-1

~~project/.reltype~~ less more

0

stable

+0

-1

~~project/.version~~ less more

0

7.3.6

+0

-5

~~project/BUILD_README~~ less more

0		This project uses ProjectAdmin, a project building and
1		maintenance tool available at:
2
3		http://linux.kaybee.org
4

+0

-279

~~project/CHANGES~~ less more

0		Version 7.3.5 -> 7.3.6 [stable]:
1		[May 19, 2007]
2		- Fixed bug with --mailto not working with printing now enabled by default
3		- Fixed problem with the Samba filter
4
5		Version 7.3.4 -> 7.3.5 [stable]:
6		- New services bfd, zz-runtime, evtsystem, evtsecurity, and evtapplication.
7		- Default behavior is now to print output which means you will see the
8		report if you run it from the command-line and when run from cron it will
9		be emailed to you by the cron daemon. You can change this through config
10		or command-line options.
11
12		Version 7.3.3 -> 7.3.4 [stable]:
13		- Fixed problems with 7.3.3 release
14
15		Version 7.3.2 -> 7.3.3 [stable]:
16		- Substantial Postfix improvements and other minor changes and fixes
17
18		Version 7.3.1 -> 7.3.2 [stable]:
19		- Better FC5 support (fixed bug with subdirectories under log directories)
20		- Numerous other filter improvements
21		- Added dpkg, pix, denyhosts, and php services
22
23		Version 7.3.5 -> 7.3.1 [stable]:
24		- Numerous patches applied by Bjorn L and contributed by many, thanks!
25
26		Version 7.2 -> 7.2.1 [stable]:
27		- Fixed missing HTML files in RPM
28
29		Version pre7.2 -> 7.2 [stable]:
30		- html/encode code from Mike
31		- Other misc bug fixes, enhancements, patches
32
33		Version 7.0 -> pre7.1 [beta]:
34		- Custom local service filter scripts now supported.
35		- Expanded duplicate detection of configuration
36		parameters.
37		- Brought documentation up-to-date to reflect the
38		compliance with Filesystem Hierarchy Standard of
39		version 7.0, as well as the above two changes.
40		The logWatch man page, the README, and
41		HOWTO-Customize-LogWatch have been updated.
42		HOWTO-Make-Filter and HOWTO-Customize-Configuration
43		are no longer applicable.
44		- New install_logwatch.sh script for those installing
45		directly from tar file (not installing with RPM).
46		- New dnssec service filter.
47
48		Version pre7.0 -> 7.0 [stable]:
49		[unknown]
50		- Final release with the new /etc/logwatch directory structure
51
52		Version 6.1.2 -> pre7.0 [beta]:
53		[unknown]
54		- Numerous changes, most notably a whole new directory structure.
55
56		Version 6.1.1 -> 6.1.2 [stable]:
57		[unknown]
58		- Fixed lock-up problem in http filter when using perl 5.6
59		- Small improvements to clamav filter
60
61		Version 6.1 -> 6.1.1 [stable]:
62		[unknown]
63		- More cleanup and more application of community patches. Thanks everybody,
64		especially Bjorn and Mike!
65		- More cleanup and more application of community patches. Thanks everybody,
66		especilaly Bjorn!
67
68		Version pre6.1 -> 6.1 [stable]:
69		[unknown]
70		- More cleanup and more application of community patches. Thanks everybody,
71		especilaly Bjorn!
72
73		Version 6.0.2 -> pre6.1 [beta]:
74		[unknown]
75		- More changes by Bjorn
76		- New services added: audit, sonicwall, and zz-network (must be enabled in logwatch.conf to make it active)
77		- Added --numeric to inhibit certain DNS lookups
78		- Significant improvements for the --range option (run --range help for info)
79		- This release is courtesy of Bjorn
80
81		Version 6.0.1 -> 6.0.2 [stable]:
82		[unknown]
83		- Build containing numerous bug fixes applied by Bjorn
84
85		Version 6.0 -> 6.0.1 [stable]:
86		[unknown]
87		- Just applied a few small cleanup changes
88
89		Version pre6.0 -> 6.0 [stable]:
90		[unknown]
91		- More consolidated patches from Mike Tremaine for final 6.0 release
92
93		Version 5.2.2 -> pre6.0 [beta]:
94		[unknown]
95		- Once again, added consolidated patches from Mike Tremaine <mgt@stellarcore.net>, since I can't seem to get them done!
96		- Added filters for extreme-networks, saslauthd, and xntpd
97		- Added tons of changes from a ton of people that Mike Tremaine <mgt@stellarcore.net>
98		put together for me.
99		- Added openvpn and netscreen filters
100		- New HTML output
101		- Better multi-platform support
102		- Lots of other changes I'm sure that I missed
103
104		Version 5.2.1 -> 5.2.2 [stable]:
105		[unknown]
106		- Added more patches from blues@ds.pg.gda.pl
107
108		Version 5.2 -> 5.2.1 [stable]:
109		[unknown]
110		- Few minor bug fixes from 5.2
111
112		Version 5.1 -> 5.2 [stable]:
113		[unknown]
114		- Added check for large user mailboxes
115		- Added pop3 and imapd filters
116		- Updated clamav support
117		- New cisco log filter
118		- Tons of updates to existing filters (too many to list!)
119
120		Version pre5.1 -> 5.1 [stable]:
121		[unknown]
122		- More solaris support and filter enhancements
123
124		Version 5.0 -> pre5.1 [beta]:
125		[unknown]
126		- More Solaris support
127		- Tons of filter enhancements sent in by users
128		- Added filters for shaperd, oidentd, and mailscanner (Solaris)
129		- Tons of patches and new options of --splithosts and --multiemail
130		- Added Yum and Clam-update filters
131		- Couple of patches from blues@ds.pg.gda.pl
132
133		Version 4.3.2 -> pre5.0 [beta]:
134		[unknown]
135		- Main script: couple of security fixes and many bug fixes
136		- Basic Solaris support
137		- Now there is a Logwatch.pm that the filters can use common code from
138		- Improvements to numerous filters, especially sendmail
139		- Added new filters; amavis, clamav-milter, courier, http, postfix, pound, pureftpd, vsftpd
140
141		Version 4.3.1 -> 4.3.2 [stable]:
142		[unknown]
143		- Just applied numerous minor patches (most of them from Jim O'Halloran)
144
145		Version 4.3 -> 4.3.1 [stable]:
146		[unknown]
147		- Fixed an error in the ftpd-messages script that I somehow missed
148
149		Version 4.2.1 -> 4.3 [stable]:
150		[unknown]
151		- Numerous minor bug fixes and enhancements
152		- Added RAID and drive failure notification
153		- Added smartd service filter
154
155		Version pre4.3 -> 4.2.1 [stable]:
156		[unknown]
157		- Fixed missing autorpm filter components
158
159		Version 4.1 -> 4.2 [stable]:
160		[unknown]
161		- More improvments in the kernel script
162		- Added support for AutoRPM log processing
163
164		Version 4.0.1 -> 4.1 [stable]:
165		[unknown]
166		- Fixed IP lookup bug in kernel script
167		- Sendmail improvements sent in from Alex K <Alex@wtwf.com>
168		- Just some more cleanup as I wanted to get a new stable release out there
169		- Fixed Perl warning in Pluto filter
170		- applied some changes from Eric Gerbier <eric.gerbier@meteo.fr> for proftpd filter
171		- Fixed formatting of Pluto filter
172		- Removed use of /bin/date from all scripts (thanks Mark D. Nagel <mnagel@willingminds.com>)
173		- Added afpd service filter
174
175		Version 4.0 -> 4.0.1 [stable]:
176		[unknown]
177		- Had to undo the foreign-language fixed in applystddate for sh-utils 2.0.12
178		- Had to take the 'require 5.6.0' line out of sudo filter as Perl 5.8 complains
179
180		Version 3.3 -> pre4.0 [beta]:
181		[unknown]
182		- Exim script will no longer cause errors if modules don't exist
183		- Reworked the method of processing shared scripts
184		- Added patches from RHL8.0 distribution of logwatch
185		- Fixed all current Red Hat Bugzilla issues
186		(bugs 68243 73487 75086 68805 69605 68807 68862 72809)
187		- Applied some wu-ftpd patches submitted by Jay Berkenbilt
188		- Now Logwatch places service delimiters in the output file and service filters no longer need to
189		- Double-quotes can be used to preserve case in configuration file values
190		- General code cleanup
191		- Can now process logs only from a specified host
192		- Added a stunnel filter and new Pluto filter
193		- Added ability to remove services by using '-servicename' in logwatch.conf
194		- Fixed bug when using Perl 5.8
195		- Added much better iptables support
196		- Numerous other bug fixes
197
198		Version 3.2 -> 3.3 [stable]:
199		[unknown]
200		- Fixes in iptables and sendmail parsing
201		- Some Solaris compatibility changes
202		- Added arpwatch filter
203
204		Version 3.1 -> pre3.2 [beta]:
205		[unknown]
206		- Added basic iptables support
207		- Added --logdir and --hostname command-line options
208		- Numerous other bug fixes
209
210		Version pre3.1 -> 3.1 [stable]:
211		[unknown]
212		- Fixed possible hanging problem in samba applydate
213		- Fixed bug with cron filter not reporting any activity
214		- Added ipop3d, portsentry, qmail and vpopmail contributed filters
215
216		Version 3.0 -> pre3.1 [beta]:
217		[unknown]
218		- Samba filter actually works to some degree
219
220		Version pre3.0 -> 3.0 [stable]:
221		[unknown]
222		- Hopefully now properly included the up2date filter!
223		- Added simple/minimal dhcpd filter
224		- Fixed fortune module so it works again
225
226		Version 2.9 -> pre3.0 [beta]:
227		[unknown]
228		- Updated cron filter to handle newer cron daemons
229		- Fixed up2date filter
230		- Actually properly included the up2date filter
231		- Added pam_unix filter
232
233		Version 2.8.5 -> 2.9 [stable]:
234		[unknown]
235		- Cleaned up named, sshd, secure, and proftpd filters
236		- Added Exim, up2date, and sudo filters
237
238		Version 2.8.2 -> 2.8.5 [stable]:
239		[unknown]
240		- Added filter for syslog entries from the NetGear rt314 router(by Daniel J. Barrett <dbarrett@blazemonger.com>)
241		- Added an enhanced sendmail filter that also handles messages from the blackhole SPAM filter
242		- Logwatch will now bypass any empty logfiles
243
244		Version 2.8.1 -> 2.8.2 [stable]:
245		[unknown]
246		- Fixed bad pluto filter in last release
247
248		Version 2.8 -> 2.8.1 [stable]:
249		[unknown]
250		- Added mktemp warning about -d switch if it fails
251		- Added Pluto filter
252		- Fixed bug with xferlog date processing
253		- Removed some unmatched entries for pro-ftpd
254
255		Version 2.7 -> 2.8 [stable]:
256		[unknown]
257		- Added in.qpopper filter
258		- Added some more error checking
259		- Cleaned up the cron and ftp filters
260
261		Version 2.6 -> 2.7 [stable]:
262		[unknown]
263		- Supports multiple copies of the same command (such as *remove) in config files
264		- No longer requires an = sign when no arguments are given
265		- Added some more filtering
266		- Added a $summarize_connections variable for the "secure" service
267
268		Version 2.5 -> 2.6 [stable]:
269		[unknown]
270		- Now uses mktemp if available
271		- Added some filters that were missing from the 2.5 release
272
273		Version 2.1.1 -> 2.5 [stable]:
274		[unknown]
275		- Implemented several bug fixes and patches that have been sent in
276		- Fixed a possible root exploit using a race condition in /tmp
277		- Fixed bugs 46371, 56191, 58578, 61202, 61829, 61831, 61832 from bugzilla.redhat.com
278

+0

-0

~~project/TODO~~ less more

(Empty file)

+0

-3

~~project/applyversion~~ less more

0		=scripts/logwatch.pl
1		s/^my\s+\$Version\s=\s'.*'/my \$Version = '__VERSION__'/
2		s/^my\s+\$VDate\s=\s'.*'/my \$VDate = '__SHORTDATE__'/

+0

-5

~~project/copy_beta_post~~ less more

0		output/changes.html /var/www/mason/html/projects/logwatch/tabs/docs/changes.html
1		output/recentchanges.html /var/www/mason/html/projects/logwatch/tabs/download/beta-changes.html
2		output/download.html /var/www/mason/html/projects/logwatch/tabs/download/beta-tar-download.html
3		output/rpm-download.html /var/www/mason/html/projects/logwatch/tabs/download/beta-rpm-download.html
4		output/release_date.txt /var/www/mason/html/projects/logwatch/beta-last-release.comp

+0

-5

~~project/copy_stable_post~~ less more

0		output/changes.html /var/www/mason/html/projects/logwatch/tabs/docs/changes.html
1		output/recentchanges.html /var/www/mason/html/projects/logwatch/tabs/download/stable-changes.html
2		output/download.html /var/www/mason/html/projects/logwatch/tabs/download/stable-tar-download.html
3		output/rpm-download.html /var/www/mason/html/projects/logwatch/tabs/download/stable-rpm-download.html
4		output/release_date.txt /var/www/mason/html/projects/logwatch/stable-last-release.comp

+0

-9

~~project/custom/scripts/post/man_pages~~ less more

0		#!/bin/bash
1
2		if [ "$RELTYPE" = 'stable' ] ; then
3		echo -n "Converting man pages to HTML... "
4		#man ./logwatch.8 \| man2html -nodepage > /var/www/mason/html/projects/logwatch/tabs/docs/logwatch.8.html
5		man2html -r logwatch.8 > /var/www/mason/html/projects/logwatch/tabs/docs/logwatch.8.html
6		chmod a+r /var/www/mason/html/projects/logwatch/tabs/docs/*.html
7		echo "Done."
8		fi

+0

-11

~~project/custom/scripts/pre/fix_path~~ less more

0		#!/bin/bash
1
2		PROG=scripts/logwatch.pl
3		TMP=project/tmp/fix_path.tmp
4
5		cp $PROG $TMP
6
7		sed \
8		-e 's/^$my \$BaseDir = .kirk.$$/#\1/' \
9		-e 's/^#$my \$BaseDir = "\/etc\/log\.d";$$/\1/' \
10		$TMP > $PROG

+0

-4

~~project/description~~ less more

0		Logwatch is a customizable, pluggable log-monitoring system. It will go
1		through your logs for a given period of time and make a report in the areas
2		that you wish with the detail that you wish. Easy to use - works right out
3		of the package on many systems.

+0

-4

~~project/output_html~~ less more

0		recentchanges
1		changes
2		download
3		rpm-download

+0

-1

~~project/output_txt~~ less more

0

release_date

+0

-11

~~project/project.conf~~ less more

0		MODULES="rpm cvs"
1		WEBSITE="http://www.logwatch.org"
2		LICENSE="MIT"
3		SUMMARY="Analyzes and Reports on system logs"
4		FULLNAME="Logwatch"
5		GROUP="Utilities/System"
6		BUILDARCH="noarch"
7		REQUIRES="perl,textutils,sh-utils,grep,mailx"
8		CVS=logwatch
9		KEYWORDS="admin security administration logs"
10		OUTPUT="html txt"

+0

-44

~~project/rpm_changelog~~ less more

0		* Fri Sep 15 2006 Kirk Bauer <kirk@kaybee.org> 7.3.1-1
1		- Fixed install script to create empty scripts directory in /etc
2
3		* Sat Oct 08 2005 Kirk Bauer <kirk@kaybee.org> pre7.0-1
4		- Numerous changes, most notably a whole new directory structure.
5
6		* Thu Feb 24 2005 Kirk Bauer <kirk@kaybee.org> 6.0.1-1
7		- Now includes ignore.conf in the RPM
8
9		* Mon Nov 03 2003 Kirk Bauer <kirk@kaybee.org> pre5.0-1
10		- Now can build without change as non-root user
11
12		* Thu Feb 27 2003 Erik Ogan <erik@ogan.net> 4.3.2
13		- Added libdir & lib/Logwatch.pm
14
15		* Sun Oct 13 2002 Kirk Bauer <kirk@kaybee.org> pre4.0-14
16		- Changed the 'logwatch' cron.daily job to '0logwatch' to run before logrotate
17
18		* Thu Oct 10 2002 Kirk Bauer <kirk@kaybee.org> pre4.0-1
19		- Cronjob is now just named logwatch and not 00-logwatch
20
21		* Wed May 01 2002 Kirk Bauer <kirk@kaybee.org> 3.0-6
22		- up2date packaged... finally!
23
24		* Wed May 01 2002 Kirk Bauer <kirk@kaybee.org> 3.0-5
25		- Hopefully now properly included the up2date filter!
26
27		* Mon Apr 29 2002 Kirk Bauer <kirk@kaybee.org> pre3.0-1
28		- Now properly includes logfile-specific scripts
29
30		* Tue Apr 09 2002 Kirk Bauer <kirk@kaybee.org> 2.8-2
31		- Made man page entry in files list backwards compatible
32
33		* Thu Mar 28 2002 Kirk Bauer <kirk@kaybee.org> 2.5-2
34		- Updated new changes from Red Hat's rawhide packaging
35
36		* Wed Nov 18 1998 Kirk Bauer <kirk@kaybee.org>
37		- Modified to comply with RHCN standards
38
39		* Sun Feb 23 1998 Kirk Bauer <kirk@kaybee.org>
40		- Minor changes and addition of man-page
41
42		* Sun Feb 22 1998 Kirk Bauer <kirk@kaybee.org>
43		- initial release

+0

-36

~~project/rpm_files~~ less more

0		%defattr(-,root,root)
1		%doc README HOWTO-Customize-LogWatch
2		%dir %{_var}/cache/logwatch
3		%dir %{_sysconfdir}/logwatch
4		%dir %{_sysconfdir}/logwatch/scripts
5		%dir %{_sysconfdir}/logwatch/scripts/services
6		%dir %{_sysconfdir}/logwatch/conf
7		%dir %{_sysconfdir}/logwatch/conf/logfiles
8		%dir %{_sysconfdir}/logwatch/conf/services
9		%dir %{_datadir}/logwatch
10		%dir %{_datadir}/logwatch/default.conf
11		%dir %{_datadir}/logwatch/default.conf/services
12		%dir %{_datadir}/logwatch/default.conf/logfiles
13		%dir %{_datadir}/logwatch/default.conf/html
14		%dir %{_datadir}/logwatch/dist.conf
15		%dir %{_datadir}/logwatch/dist.conf/services
16		%dir %{_datadir}/logwatch/dist.conf/logfiles
17		%dir %{_datadir}/logwatch/scripts
18		%dir %{_datadir}/logwatch/scripts/logfiles
19		%dir %{_datadir}/logwatch/scripts/services
20		%dir %{_datadir}/logwatch/scripts/shared
21		%dir %{_datadir}/logwatch/scripts/logfiles/*
22		%dir %{_datadir}/logwatch/lib
23		%{_datadir}/logwatch/scripts/logwatch.pl
24		%{_sbindir}/logwatch
25		%{_datadir}/logwatch/scripts/shared/*
26		%{_datadir}/logwatch/scripts/services/*
27		%{_datadir}/logwatch/scripts/logfiles//
28		%{_datadir}/logwatch/lib/Logwatch.pm
29		%{_datadir}/logwatch/default.conf/*.conf
30		%{_datadir}/logwatch/default.conf/services/*.conf
31		%{_datadir}/logwatch/default.conf/logfiles/*.conf
32		%{_datadir}/logwatch/default.conf/html/*.html
33		%{_sysconfdir}/cron.daily/0logwatch
34		%doc %{_mandir}/man8/logwatch.8*
35		%config(noreplace) %{_sysconfdir}/logwatch/conf/*.conf

+0

-45

~~project/rpm_install~~ less more

0		install -m 0755 -d %{buildroot}%{_var}/cache/logwatch
1		install -m 0755 -d %{buildroot}%{_sysconfdir}/logwatch/scripts
2		install -m 0755 -d %{buildroot}%{_sysconfdir}/logwatch/scripts/services
3		install -m 0755 -d %{buildroot}%{_sysconfdir}/logwatch/conf
4		install -m 0755 -d %{buildroot}%{_sysconfdir}/logwatch/conf/logfiles
5		install -m 0755 -d %{buildroot}%{_sysconfdir}/logwatch/conf/services
6		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/default.conf/logfiles
7		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/default.conf/services
8		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/default.conf/html
9		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/dist.conf/logfiles
10		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/dist.conf/services
11		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/scripts/services
12		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/scripts/shared
13		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/lib
14
15		install -m 0755 scripts/logwatch.pl %{buildroot}%{_datadir}/logwatch/scripts/logwatch.pl
16		for i in scripts/logfiles/* ; do
17		if [ $(ls $i \| wc -l) -ne 0 ] ; then
18		install -m 0755 -d %{buildroot}%{_datadir}/logwatch/$i
19		install -m 0755 $i/* %{buildroot}%{_datadir}/logwatch/$i
20		fi
21		done
22		install -m 0755 scripts/services/* %{buildroot}%{_datadir}/logwatch/scripts/services
23		install -m 0755 scripts/shared/* %{buildroot}%{_datadir}/logwatch/scripts/shared
24		install -m 0755 lib/* %{buildroot}%{_datadir}/logwatch/lib
25
26		install -m 0644 conf/*.conf %{buildroot}%{_datadir}/logwatch/default.conf
27		install -m 0644 conf/logfiles/* %{buildroot}%{_datadir}/logwatch/default.conf/logfiles
28		install -m 0644 conf/services/* %{buildroot}%{_datadir}/logwatch/default.conf/services
29		install -m 0644 conf/html/* %{buildroot}%{_datadir}/logwatch/default.conf/html
30
31		install -m 0755 -d %{buildroot}%{_mandir}/man8
32		install -m 0644 logwatch.8 %{buildroot}%{_mandir}/man8
33		install -m 0755 -T logwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
34
35		rm -f %{buildroot}%{_sysconfdir}/cron.daily/logwatch \
36		%{buildroot}%{_sbindir}/logwatch
37
38		install -m 0755 -d %{buildroot}%{_sysconfdir}/cron.daily
39		install -m 0755 -d %{buildroot}%{_sbindir}
40		ln -s %{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}%{_sbindir}/logwatch
41
42		echo "###### REGULAR EXPRESSIONS IN THIS FILE WILL BE TRIMMED FROM REPORT OUTPUT #####" > %{buildroot}%{_sysconfdir}/logwatch/conf/ignore.conf
43		echo "# Local configuration options go here (defaults are in %{_datadir}/logwatch/default.conf/logwatch.conf)" > %{buildroot}%{_sysconfdir}/logwatch/conf/logwatch.conf
44		echo "# Configuration overrides for specific logfiles/services may be placed here." > %{buildroot}%{_sysconfdir}/logwatch/conf/override.conf

+6

-1

scripts/logfiles/autorpm/applydate less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	use POSIX qw(strftime);

39	39	}
40	40
41	41	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	42	# Local Variables:
	43	# mode: perl
	44	# perl-indent-level: 3
	45	# indent-tabs-mode: nil
	46	# End:

+6

-1

scripts/logfiles/cron/applydate less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	use POSIX qw(strftime);

66	66	}
67	67
68	68	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	69	# Local Variables:
	70	# mode: perl
	71	# perl-indent-level: 3
	72	# indent-tabs-mode: nil
	73	# End:

+85

-0

scripts/logfiles/emerge/applydate less more

	0
	1	##########################################################################
	2	# $Id: applydate,v 1.5 2008/03/24 23:31:26 kirk Exp $
	3	##########################################################################
	4	# $Log: applydate,v $
	5	# Revision 1.5 2008/03/24 23:31:26 kirk
	6	# added copyright/license notice to each script
	7	#
	8	# Revision 1.4 2007/02/16 04:38:13 bjorn
	9	# Check timestamp using proper "seconds since epoch" format, by Jason.
	10	#
	11	# Revision 1.3 2005/06/18 19:36:32 bjorn
	12	# Bug fix from Mike Frysinger for incorrect variable reference
	13	#
	14	# Revision 1.2 2005/05/03 19:33:39 bjorn
	15	# Added support for new date ranges
	16	#
	17	# Revision 1.1 2005/04/20 22:13:32 bjorn
	18	# Initial file by Matt Brown
	19	#
	20	##########################################################################
	21
	22	##########################################################################
	23	# This was written by: Matt Brown, mdbrown at uwaterloo dot ca
	24	#
	25	# Please send all comments, suggestions, bug reports,
	26	# etc, to logwatch-devel@lists.sourceforge.net.
	27	##########################################################################
	28
	29	########################################################
	30	## Copyright (c) 2008 Kirk Bauer
	31	## Covered under the included MIT/X-Consortium License:
	32	## http://www.opensource.org/licenses/mit-license.php
	33	## All modifications and contributions by other persons to
	34	## this script are assumed to have been donated to the
	35	## Logwatch project and thus assume the above copyright
	36	## and licensing terms. If you want to make contributions
	37	## under your own copyright or a different license this
	38	## must be explicitly stated in the contribution an the
	39	## Logwatch project reserves the right to not accept such
	40	## contributions. If you have made significant
	41	## contributions to this script and want to claim
	42	## copyright please contact logwatch-devel@lists.sourceforge.net.
	43	#########################################################
	44
	45	# Processes emerge logs to remove entries outside the desired date range
	46
	47	use strict;
	48	use Logwatch ':dates';
	49	use POSIX qw(strftime);
	50
	51	my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
	52
	53	# Set the date we are looking for based on the desired date range
	54	my $SearchDate = TimeFilter('%Y %b %e %H:%M:%S');
	55
	56	if ($Debug > 5) {
	57	print STDERR "DEBUG: Inside applydate (emerge)...\n";
	58	print STDERR "DEBUG: Looking For: $SearchDate\n";
	59	}
	60
	61	# Examine each line of the file, writing out only the lines that are within
	62	# the date range
	63
	64	my $emergeTime;
	65
	66	while (defined(my $line = <STDIN>)) {
	67	$line =~ /^(\d+):/;
	68	$emergeTime = strftime('%Y %b %e %H:%M:%S', localtime($1));
	69
	70	if ($Debug > 5) {
	71	print STDERR "DEBUG: converted time: $emergeTime\n";
	72	}
	73
	74	if ($emergeTime =~ /$SearchDate/) {
	75	print $line;
	76	}
	77	}
	78
	79	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	80	# Local Variables:
	81	# mode: perl
	82	# perl-indent-level: 3
	83	# indent-tabs-mode: nil
	84	# End:

+7

-2

scripts/logfiles/samba/applydate less more

7	7	# Luuk de Boer <luuk@pi.net>
8	8	#
9	9	# Please send all comments, suggestions, bug reports,
10		# etc, to logwatch-devel@logwatch.org
	10	# etc, to logwatch-devel@lists.sourceforge.net
11	11	########################################################
12	12
13	13	########################################################

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	use POSIX qw(strftime);

66	66	}
67	67
68	68	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	69	# Local Variables:
	70	# mode: perl
	71	# perl-indent-level: 3
	72	# indent-tabs-mode: nil
	73	# End:

+6

-1

scripts/logfiles/samba/removeheaders less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	while (defined($ThisLine = <STDIN>)) {

33	33	}
34	34
35	35	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	36	# Local Variables:
	37	# mode: perl
	38	# perl-indent-level: 3
	39	# indent-tabs-mode: nil
	40	# End:

+6

-1

scripts/logfiles/up2date/applydate less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	use POSIX qw(strftime);

39	39	}
40	40
41	41	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	42	# Local Variables:
	43	# mode: perl
	44	# perl-indent-level: 3
	45	# indent-tabs-mode: nil
	46	# End:

+6

-1

scripts/logfiles/up2date/removeheaders less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	while (defined($ThisLine = <STDIN>)) {

24	24	}
25	25
26	26	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	27	# Local Variables:
	28	# mode: perl
	29	# perl-indent-level: 3
	30	# indent-tabs-mode: nil
	31	# End:

+6

-1

scripts/logfiles/xferlog/applydate less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	use POSIX qw(strftime);

39	39	}
40	40
41	41	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	42	# Local Variables:
	43	# mode: perl
	44	# perl-indent-level: 3
	45	# indent-tabs-mode: nil
	46	# End:

+6

-1

scripts/logfiles/xferlog/removeheaders less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	while (defined($ThisLine = <STDIN>)) {

24	24	}
25	25
26	26	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	27	# Local Variables:
	28	# mode: perl
	29	# perl-indent-level: 3
	30	# indent-tabs-mode: nil
	31	# End:

+7

-3

scripts/logfiles/yum/applydate less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use POSIX qw(strftime);

41	41	}
42	42	}
43	43
44
45
	44	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	45	# Local Variables:
	46	# mode: perl
	47	# perl-indent-level: 3
	48	# indent-tabs-mode: nil
	49	# End:

+68

-48

scripts/logwatch.pl less more

0	0	#!/usr/bin/perl -w
1	1	use strict;
2	2	##########################################################################
3		# $Id: logwatch.pl,v 1.213 2009/07/29 01:56:19 mike Exp $
4	3	##########################################################################
5	4	# Most current version can always be found at:
6	5	# ftp://ftp.logwatch.org/pub/linux (tarball)

8	7
9	8	########################################################
10	9	# Specify version and build-date:
11		my $Version = '7.3.6';
12		my $VDate = '05/19/07';
	10	my $Version = '7.4.0';
	11	my $VDate = '03/01/11';
13	12
14	13	#######################################################
15	14	# Logwatch was written and is maintained by:

92	91	$Config{'encode'} = "none"; #8.0
93	92	$Config{'hostformat'} = "none"; #8.0
94	93	$Config{'html_wrap'} = 80;
	94	$Config{'supress_ignores'} = 0;
95	95
96	96	if (-e "$ConfigDir/conf/html/header.html") {
97	97	$Config{'html_header'} = "$ConfigDir/conf/html/header.html";

227	227
228	228	if ($tmp_mailto) {
229	229	$Config{'mailto'} = $tmp_mailto;
230		$Config{'output'} = "mail"; #8.0
	230	$Config{'output'} = "mail"; #8.0
231	231	}
232	232
233	233	if ($tmp_savefile) {
234	234	$Config{'filename'} = $tmp_savefile;
235		$Config{'output'} = "file"; #8.0
	235	$Config{'output'} = "file"; #8.0
236	236	}
237	237
238	238	if ($Config{'hostformat'} eq "splitmail") {

564	564	if (exists $tmphash{$offservice}) {
565	565	delete $tmphash{$offservice};
566	566	}
567
	567
568	568	} else {
569	569	die "Wrong configuration entry for \"Service\", if \"All\" selected, only \"-\" items are allowed\n";
570	570	}

605	605	# Now lets fill up @LogFileList again...
606	606	foreach my $ServiceName (@ServiceList) {
607	607	foreach my $LogName ( @{$ServiceData{$ServiceName}{'logfiles'} } ) {
608		unless ( grep m/^$LogName$/, @LogFileList ) {
	608	unless ( grep m/^$LogName$/, @LogFileList ) {
609	609	push @LogFileList, $LogName;
610	610	}
611	611	}

668	668	unless ($TempDir =~ m=/$=) {
669	669	$TempDir .= "/";
670	670	}
671
	671
672	672	#############################################################################
673	673
674	674	# Set up the environment...

728	728	my $DestFile = $TempDir . $LogFile . "-archive";
729	729	my $Archive;
730	730	foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
	731	if ($Archive =~ /'/) {
	732	print "File $Archive has invalid embedded quotes. File ignored.\n";
	733	next;
	734	}
731	735	my $CheckTime;
732	736	# We need to find out what's the earliest log we need
733	737	my @time_t = TimeBuild();

755	759	my @FileStat = stat($Archive);
756	760	if ($CheckTime <= ($FileStat[9])) {
757	761	if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) {
758		my $arguments = "$Archive >> $DestFile";
	762	my $arguments = "'${Archive}' >> $DestFile";
759	763	system("$Config{'pathtozcat'} $arguments") == 0
760		or die "system '$Config{'pathtozcat'} $arguments' failed: $?"
	764	or die "system '$Config{'pathtozcat'} $arguments' failed: $?"
761	765	} elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) {
762		my $arguments = "$Archive 2>/dev/null >> $DestFile";
	766	my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
763	767	system("$Config{'pathtobzcat'} $arguments") == 0
764		or die "system '$Config{'pathtobzcat'} $arguments' failed: $?"
	768	or die "system '$Config{'pathtobzcat'} $arguments' failed: $?"
765	769	} elsif ((-f "$Archive") && (-s "$Archive")) {
766		my $arguments = "$Archive >> $DestFile";
	770	my $arguments = "'${Archive}' >> $DestFile";
767	771	system("$Config{'pathtocat'} $arguments") == 0
768		or die "system '$Config{'pathtocat'} $arguments' failed: $?"
	772	or die "system '$Config{'pathtocat'} $arguments' failed: $?"
769	773	} #End if/elsif existence
770	774	} #End if $CheckTime
771	775

775	779	foreach my $ThisFile (@FileList) {
776	780	#Existence check for files -mgt
777	781	next unless (-f $ThisFile);
	782	if ($ThisFile =~ /'/) {
	783	print "File $ThisFile has invalid embedded quotes. File ignored.\n";
	784	next;
	785	}
778	786	if (! -r $ThisFile) {
779	787	print "File $ThisFile is not readable. Check permissions.";
780	788	if ($> != 0) {

784	792	next;
785	793	}
786	794	#FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt
787		$FileText .= ($ThisFile . " ");
	795	$FileText .= ("'" . $ThisFile . "' ");
788	796	} #End foreach ThisFile
789	797
790	798	# remove the ENV entries set by previous service

850	858	} else {
851	859	#System call does the log processing
852	860	system("$Config{'pathtocat'} $Command") == 0
853		or die "system '$Config{'pathtocat'} $Command' failed: $?"
	861	or die "system '$Config{'pathtocat'} $Command' failed: $?"
854	862	}
855	863	}
856	864	}

871	879	my $eeefile = ("$TempDir" . "$newlogfile");
872	880	if ((!(-d $eeefile)) && (!($eeefile =~ m/-archive/))) {
873	881	system("$Config{'pathtocat'} $eeefile $ecpcmd") == 0
874		or die "system '$Config{'pathtocat'} $eeefile $ecpcmd' failed: $?"
	882	or die "system '$Config{'pathtocat'} $eeefile $ecpcmd' failed: $?"
875	883	}
876	884	}
877	885	#read in the final host list

929	937	}
930	938	return $word;
931	939	}
932
	940
933	941	######################################################################
934		#sub CleanVars
	942	#sub CleanVars
935	943	#Notes: Called during #Load CONFIG, READ OPTIONS, make adjustments
936	944	######################################################################
937	945	sub CleanVars {

1070	1078	#########################################################################
1071	1079	sub Usage () {
1072	1080	# Show usage for this program
1073		print "\nUsage: $0 [--detail <level>] [--logfile <name>] [--output <output_type>]\n" .
	1081	print "\nUsage: $0 [--detail <level>] [--logfile <name>] [--output <output_type>]\n" .
1074	1082	" [--format <format_type>] [--encode <enconding>] [--numeric]\n" .
1075	1083	" [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]\n" .
1076	1084	" [--filename <filename>] [--help\|--usage] [--version] [--service <name>]\n" .

1119	1127	} elsif ($Config{'output'} eq "file") {
1120	1128	open(OUTFILE,">>" . $Config{'filename'}) or die "Can't open output file: $Config{'filename'} $!\n";
1121	1129	} else {
1122		#fixme mailto
	1130	#fixme mailto
1123	1131	if (($Config{'hostformat'} eq "splitmail") \|\| ($emailopen eq "")) {
1124	1132	#Use mailer = in logwatch.conf to set options. Default should be "sendmail -t"
1125	1133	#In theory this should be able to handle many different mailers. I might need to add

1139	1147	print OUTFILE "Subject: Logwatch for $Config{'hostname'} (${OStitle})\n";
1140	1148	}
1141	1149	#Add MIME
1142		$out_mime = "MIME-Version: 1.0\n";
	1150	$out_mime = "MIME-Version: 1.0\n";
1143	1151	#Config{encode} switch
1144	1152	if ( $Config{'encode'} eq "base64" ) {
1145	1153	$out_mime .= "Content-transfer-encoding: base64\n";

1157	1165	print OUTFILE "Reporting on hosts: @hosts\n";
1158	1166	}
1159	1167	$emailopen = 'y';
1160		} #End if hostformat \|\| emailopen
	1168	} #End if hostformat \|\| emailopen
1161	1169	} #End if printing/save/else
1162	1170	$printing = 'y';
1163	1171

1181	1189	$index_par++;
1182	1190	if ( $Config{'format'} eq "html" ) {
1183	1191	&output( $index_par, "LOGWATCH Summary" . (($Config{'hostformat'} ne "none") ? ": $Config{'hostname'}" : ""), "start");
1184		&output( $index_par, " Logwatch Version: $Version ($VDate)\n", "line");
	1192	&output( $index_par, " Logwatch Version: $Version ($VDate)\n", "line");
1185	1193	} else {
1186	1194	&output( $index_par, "\n ################### Logwatch $Version ($VDate) #################### \n", "line");
1187	1195	}

1199	1207	if ( $Config{'format'} eq "html" ) {
1200	1208	&output( $index_par, "\n", "stop");
1201	1209	} else {
1202		&output( $index_par, " ################################################################## \n", "line");
	1210	&output( $index_par, "################################################################## \n", "line");
1203	1211	}
1204	1212
1205	1213	}

1214	1222	sub parselogs {
1215	1223	my $Service;
1216	1224
1217		#Load our ignore file
	1225	#Load our ignore file order is [assume normal install] /etc/conf, /usr/share/logwatch/dist.conf and then default.conf -mgt
1218	1226	my @IGNORE;
1219	1227	if ( -e "$ConfigDir/conf/ignore.conf") {
1220	1228	open( IGNORE, "$ConfigDir/conf/ignore.conf" ) or return undef;
	1229	@IGNORE = grep {!/(^#\|^\s+$)/} <IGNORE>;
	1230	close IGNORE;
	1231	} elsif ( -e "$BaseDir/dist.conf/ignore.conf") {
	1232	open( IGNORE, "$BaseDir/dist.conf/ignore.conf" ) or return undef;
	1233	@IGNORE = grep {!/(^#\|^\s+$)/} <IGNORE>;
	1234	close IGNORE;
	1235	} elsif ( -e "$BaseDir/default.conf/ignore.conf") {
	1236	open( IGNORE, "$BaseDir/default.conf/ignore.conf" ) or return undef;
1221	1237	@IGNORE = grep {!/(^#\|^\s+$)/} <IGNORE>;
1222	1238	close IGNORE;
1223	1239	}

1304	1320
1305	1321	my $Command = '';
1306	1322	if ($FileList[0] eq 'none') {
1307		$Command = " $FilterText 2>&1 ";
	1323	$Command = " $FilterText 2>&1 ";
1308	1324	} elsif ($FileText) {
1309	1325	if ($HostStrip ne " ") {
1310		$Command = " ( $Config{'pathtocat'} $FileText \| $HostStrip \| $FilterText) 2>&1 ";
	1326	$Command = " ( $Config{'pathtocat'} $FileText \| $HostStrip \| $FilterText) 2>&1 ";
1311	1327	} else {
1312		$Command = " ( $Config{'pathtocat'} $FileText \| $FilterText) 2>&1 ";
1313		}
1314		}
1315
	1328	$Command = " ( $Config{'pathtocat'} $FileText \| $FilterText) 2>&1 ";
	1329	}
	1330	}
	1331
1316	1332	if ($Command) {
1317	1333	if ($Config{'debug'}>4) {
1318	1334	print "\nProcessing Service: " . $Service . "\n" . $Command . "\n";

1353	1369
1354	1370	if ($has_output and $ServiceData{$Service}{'title'}) {
1355	1371	if ( $Config{'format'} eq "html" ) {
1356		if ($Ignored > 0) { &output( $index_par, "\n $Ignored Ignored Lines\n", "header"); };
	1372	if ( ($Ignored > 0) && ($Config{'supress_ignores'} == 0) ) { &output( $index_par, "\n $Ignored Ignored Lines\n", "header"); };
1357	1373	#&output( $index_par, "\n <h3><font color=\"blue\">$ServiceData{$Service}{'title'} End </font></h3>\n", "header");
1358	1374	} else {
1359		if ($Ignored > 0) { &output( $index_par, "\n $Ignored Ignored Lines\n", "line"); };
	1375	if ( ($Ignored > 0) && ($Config{'supress_ignores'} == 0) ) { &output( $index_par, "\n $Ignored Ignored Lines\n", "line"); };
1360	1376	&output( $index_par, "\n ---------------------- $ServiceData{$Service}{'title'} End ------------------------- \n\n", "line");
1361	1377	}
1362	1378	&output( $index_par, "\n", "stop");

1364	1380	}
1365	1381	}
1366	1382
1367		#HTML should be external to logwatch.pl -mgt
	1383	#HTML should be external to logwatch.pl -mgt
1368	1384	#These are steps only needed for HTML output
1369	1385	if ( $Config{'format'} eq "html" ) {
1370		#HEADER
	1386	#HEADER
1371	1387	#Setup temp Variables to swap
1372	1388	my %HTML_var;
1373	1389	$HTML_var{Version} = "$Version";
1374	1390	$HTML_var{VDate} = "$VDate";
1375		#open template this needs to allow directory override like the rest of the confs
	1391	#open template this needs to allow directory override like the rest of the confs
1376	1392	open(HEADER, "$Config{html_header}") \|\| die "Can not open HTML Header at $Config{html_header}: $!\n";
1377		my @header = <HEADER>;
	1393	my @header = <HEADER>;
1378	1394	close HEADER;
1379		#Expand variables... There must be a better way -mgt
	1395	#Expand variables... There must be a better way -mgt
1380	1396	for my $header_line (@header) {
1381	1397	$header_line =~ s/\$([\w\_\-\{\}\[\]]+)/$HTML_var{$1}/g;
1382	1398	$out_head .= $header_line;
1383	1399	}
1384	1400
1385	1401	#FOOTER
1386		#open template this needs to allow directory override like the rest of the confs
	1402	#open template this needs to allow directory override like the rest of the confs
1387	1403	open(FOOTER, "$Config{html_footer}") \|\| die "Can not open HTML Footer at $Config{html_header}: $!\n";
1388		my @footer = <FOOTER>;
	1404	my @footer = <FOOTER>;
1389	1405	close FOOTER;
1390		#Expand variables... There must be a better way -mgt
	1406	#Expand variables... There must be a better way -mgt
1391	1407	for my $footer_line (@footer) {
1392	1408	$footer_line =~ s/\$([\w\_\-\{\}\[\]]+)/$HTML_var{$1}/g;
1393	1409	$out_foot .= $footer_line;
1394		}
	1410	}
1395	1411
1396	1412	#Set up out_reference
1397	1413	&output("ul","<a name=top><ul>", "ref_extra") if defined( $index_par );

1401	1417	&output("ul","</ul></a>", "ref_extra") if defined( $index_par );
1402	1418
1403	1419	}
1404
	1420
1405	1421	if ( $Config{'format'} eq "html" ) {
1406	1422	$index_par++;
1407	1423	&output( $index_par, "Logwatch Ended at " . localtime(time) , "start" );

1410	1426	&output( $index_par, $report_finish, "line") if ($printing);
1411	1427	}
1412	1428
1413		#Printing starts here $out_mime $out_head $out_reference $out_body $out_foot
	1429	#Printing starts here $out_mime $out_head $out_reference $out_body $out_foot
1414	1430	print OUTFILE $out_mime if $out_mime;
1415	1431	if ( $Config{'encode'} eq "base64" ) {
1416	1432	print OUTFILE encode_base64($out_head) if $out_head;

1439	1455	$out_reference = '';
1440	1456	@reports = ();
1441	1457	close(OUTFILE) unless ($Config{'output'} eq "stdout"); #fixme should never be true -mgt
1442		}
	1458	}
1443	1459	}
1444	1460	#############################################################################
1445	1461	#END parselogs

1472	1488	<h2><a name=\"$index\">$reports[$index]</a></h2>
1473	1489	</tr></th>\n";
1474	1490	}
1475		}
	1491	}
1476	1492
1477	1493	if ( $type eq "stop" ) {
1478	1494	if ( $Config{'format'} eq "html" ) {

1531	1547	}
1532	1548	}
1533	1549	}
1534
1535	1550	}
1536	1551	###########################################################################
1537	1552	#END sub output
1538	1553	###########################################################################
1539	1554	# vi: shiftwidth=3 tabstop=3 et
	1555	# Local Variables:
	1556	# mode: perl
	1557	# perl-indent-level: 3
	1558	# indent-tabs-mode: nil
	1559	# End:

+0

-594

~~scripts/services/.#http.1.19~~ less more

0		##########################################################################
1		# $Id: http,v 1.19 2005/04/22 13:46:02 bjorn Exp $
2		##########################################################################
3		# $Log: http,v $
4		# Revision 1.19 2005/04/22 13:46:02 bjorn
5		# Adds filetype extensions, per Paweł Gołaszewski
6		#
7		# Revision 1.18 2005/04/17 19:12:14 bjorn
8		# Changes to needs_exam to deal with error codes, and many print format changes
9		#
10		# Revision 1.17 2005/02/24 22:51:45 kirk
11		# added "/.".
12		# removed the duplicate '\/' from the ends of some lines.
13		# added "/mailman/.*".
14		# added "/announce", "/scrape", and the extension "torrent".
15		# added vl2 to the archive extensions. (It's a zip file for a game.)
16		#
17		# Revision 1.16 2005/02/24 17:08:04 kirk
18		# Applying consolidated patches from Mike Tremaine
19		#
20		# Revision 1.8 2005/02/21 19:09:52 mgt
21		# Bump to 5.2.8 removed some cvs logs -mgt
22		#
23		# Revision 1.7 2005/02/16 00:43:28 mgt
24		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
25		#
26		# Revision 1.6 2005/02/13 23:50:42 mgt
27		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
28		#
29		# Revision 1.5 2004/10/11 18:37:15 mgt
30		# patches from Pawel -mgt
31		#
32		# Revision 1.4 2004/07/29 19:33:29 mgt
33		# Chmod and removed perl call -mgt
34		#
35		# Revision 1.3 2004/07/10 01:54:34 mgt
36		# sync with kirk -mgt
37		#
38		##########################################################################
39
40		########################################################
41		# This was written and is maintained by:
42		# Michael Romeo <michaelromeo@mromeo.com>
43		#
44		# Please send all comments, suggestions, bug reports,
45		# etc, to kirk@kaybee.org.
46		########################################################
47
48
49		use diagnostics;
50		use strict;
51		use Logwatch ':sort';
52		# use re "debug";
53		#
54		# parse httpd access_log
55		#
56		# Get the detail level and
57		# Build tables of the log format to parse it and determine whats what
58		#
59
60		my $detail = 10;
61		my @log_fields =();
62		my @log_format =();
63		my $ignore_error_hacks = 0;
64		$detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
65		@log_fields = split(" ", $ENV{'http_fields'});
66		@log_format = split(" ", $ENV{'http_format'});
67		$ignore_error_hacks = $ENV{'http_ignore_error_hacks'};
68
69		#
70		# Initialization etc.
71		#
72
73		my $byte_summary = 0;
74		my $failed_requests = 0;
75		my %field = ();
76		my %hacks =();
77		my %hack_success =();
78		my %needs_exam =();
79		my %ban_ip =();
80		my %robots =();
81		my $pattern = "";
82		my $flag = 0;
83		my $isahack = 0;
84		my $a5xx_resp = 0;
85		my $a4xx_resp = 0;
86		my $a3xx_resp = 0;
87		my $a2xx_resp = 0;
88		my $a1xx_resp = 0;
89		my $image_count = 0;
90		my $image_bytes = 0;
91		my $docs_count = 0;
92		my $docs_bytes = 0;
93		my $archive_count = 0;
94		my $archive_bytes = 0;
95		my $sound_count = 0;
96		my $sound_bytes = 0;
97		my $movie_count = 0;
98		my $movie_bytes = 0;
99		my $winexec_count = 0;
100		my $winexec_bytes = 0;
101		my $content_count = 0;
102		my $content_bytes = 0;
103		my $redirect_count = 0;
104		my $redirect_bytes = 0;
105		my $other_count = 0;
106		my $other_bytes = 0;
107		my $total_hack_count = 0;
108		my $wpad_count = 0;
109		my $wpad_bytes = 0;
110		my $src_count = 0;
111		my $src_bytes = 0;
112		my $logs_count = 0;
113		my $logs_bytes = 0;
114		my $images_count = 0;
115		my $images_bytes = 0;
116		my $fonts_count = 0;
117		my $fonts_bytes = 0;
118		my $config_count = 0;
119		my $config_bytes = 0;
120		my $xpcomext_count = 0;
121		my $xpcomext_bytes = 0;
122		my $mozext_count = 0;
123		my $mozext_bytes = 0;
124		my $proxy_count = 0;
125		my $proxy_bytes = 0;
126		my %proxy_host = ();
127		my $host = "";
128		my $notparsed = "";
129		my $notparsed_count =0;
130
131		######################
132		my $image_types = '(\.bmp\|\.cdr\|\.emz\|\.gif\|\.ico\|\.jpeg\|\.jpg\|\.png\|\.svg\|\.sxd\|\.tif\|\.tiff\|\.wbmp\|\.wmf\|\.wmz\|\.xdm)';
133		my $content_types = '(';
134		$content_types = $content_types.'\/server-status\|\/server-info';
135		$content_types = $content_types.'\|\.htm\|\.html\|\.jhtml\|\.phtml\|\.shtml\|\/\.?';
136		$content_types = $content_types.'\|\.html\.[a-z]{2,3}(_[A-Z]{2,3})?';
137		$content_types = $content_types.'\|\.inc\|\.php\|\.php3\|\.asmx\|\.asp\|\.pl\|\.wml';
138		$content_types = $content_types.'\|^\/mailman\/.*';
139		$content_types = $content_types.'\|\/sqwebmail.*';
140		$content_types = $content_types.'\|^\/announce\|^\/scrape'; # BitTorrent tracker mod_bt
141		$content_types = $content_types.'\|\.torrent';
142		$content_types = $content_types.'\|\.css\|\.js\|\.cgi';
143		$content_types = $content_types.'\|\.fla\|\.swf\|\.rdf';
144		$content_types = $content_types.'\|\.class\|\.jsp\|\.jar\|\.java';
145		$content_types = $content_types.'\|COPYRIGHT\|readme\|README\|FAQ\|INSTALL\|\.txt)';
146		my $docs_types = '(\.asc\|\.djvu\|\.doc\|\.dot\|\.dtd\|\.dvi\|\.gnumeric\|\.mcd\|\.mso\|\.pdf\|\.pps\|\.ppt\|\.ps\|\.rtf\|\.sxi\|\.tex\|\.text\|\.tm\|\.xls\|\.xml)';
147		my $archive_types = '(\.ace\|\.bz2\|\.cab\|\.deb\|\.dsc\|\.ed2k\|\.gz\|\.hqx\|\.md5\|\.rar\|\.rpm\|\.sig\|\.sign\|\.tar\|\.tbz2\|\.tgz\|\.vl2\|\.Z\|\.zip)';
148		my $sound_types = '(\.au\|\.aud\|\.mid\|\.mp3\|\.ogg\|\.pls\|\.ram\|\.raw\|\.rm\|\.wav\|\.wma\|\.wmv\|\.xsm)';
149		my $movie_types = '(\.asf\|\.ass\|\.avi\|\.idx\|\.mid\|\.mpg\|\.mpeg\|\.mov\|\.qt\|\.psb\|\.srt\|\.ssa\|\.smi\|\.sub)';
150		my $winexec_types = '(\.bat\|\.com\|\.exe\|\.dll)';
151		my $wpad_files = '(wpad\.dat\|wspad\.dat\|proxy\.pac)';
152		my $program_src = '(';
153		$program_src = $program_src.'\.bas\|\.c\|\.cpp\|\.diff\|\.f\|\.h\|\.init\|\.m\|\.mo\|\.pas\|\.patch\|\.po\|\.pot\|\.sh\|\.spec';
154		$program_src = $program_src.'\|Makefile\|Makefile_c\|Makefile_f77)';
155		my $images_types = '(\.bin\|\.cue\|\.img\|\.iso\|\.run)';
156		my $logs_types = '(\.log\|_log\|-log\|\.logs\|\.out\|\.wyniki)';
157		my $fonts_types = '(\.aft\|\.ttf)';
158		my $config_types = '(\.cfg\|\.conf\|\.config\|\.ini\|\.properties)';
159		my $xpcomext_types = '(\.xpt)';
160		my $mozext_types = '(\.xul)';
161
162		# HTTP Status codes from HTTP/Status.pm, to avoid loading package
163		# that may or may not exist. We only need those >=400, but all
164		# are included for potential future use.
165		my %StatusCode = (
166		100 => 'Continue',
167		101 => 'Switching Protocols',
168		102 => 'Processing', # WebDAV
169		200 => 'OK',
170		201 => 'Created',
171		202 => 'Accepted',
172		203 => 'Non-Authoritative Information',
173		204 => 'No Content',
174		205 => 'Reset Content',
175		206 => 'Partial Content',
176		207 => 'Multi-Status', # WebDAV
177		300 => 'Multiple Choices',
178		301 => 'Moved Permanently',
179		302 => 'Found',
180		303 => 'See Other',
181		304 => 'Not Modified',
182		305 => 'Use Proxy',
183		307 => 'Temporary Redirect',
184		400 => 'Bad Request',
185		401 => 'Unauthorized',
186		402 => 'Payment Required',
187		403 => 'Forbidden',
188		404 => 'Not Found',
189		405 => 'Method Not Allowed',
190		406 => 'Not Acceptable',
191		407 => 'Proxy Authentication Required',
192		408 => 'Request Timeout',
193		409 => 'Conflict',
194		410 => 'Gone',
195		411 => 'Length Required',
196		412 => 'Precondition Failed',
197		413 => 'Request Entity Too Large',
198		414 => 'Request-URI Too Large',
199		415 => 'Unsupported Media Type',
200		416 => 'Request Range Not Satisfiable',
201		417 => 'Expectation Failed',
202		422 => 'Unprocessable Entity', # WebDAV
203		423 => 'Locked', # WebDAV
204		424 => 'Failed Dependency', # WebDAV
205		500 => 'Internal Server Error',
206		501 => 'Not Implemented',
207		502 => 'Bad Gateway',
208		503 => 'Service Unavailable',
209		504 => 'Gateway Timeout',
210		505 => 'HTTP Version Not Supported',
211		507 => 'Insufficient Storage', # WebDAV
212		);
213
214		#
215		# what to look for as an attack USE LOWER CASE!!!!!!
216		#
217		my @exploits = (
218		'null',
219		'/../../../',
220		'../../config.sys',
221		'/../../../autoexec.bat',
222		'/../../windows/user.dat',
223		'\\\x02\\\xb1',
224		'\\\x04\\\x01',
225		'\\\x05\\\x01',
226		'\\\x90\\\x02\\\xb1\\\x02\\\xb1',
227		'\\\x90\\\x90\\\x90\\\x90',
228		'\\\xff\\\xff\\\xff\\\xff',
229		'\\\xe1\\\xcd\\\x80',
230		'\\\xff\xe0\\\xe8\\\xf8\\\xff\\\xff\\\xff-m',
231		'\\\xc7f\\\x0c',
232		'\\\x84o\\\x01',
233		'\\\x81',
234		'\\\xff\\\xe0\\\xe8',
235		'\/c\+dir',
236		'\/c\+dir\+c',
237		'\.htpasswd',
238		'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
239		'author.exe',
240		'boot.ini',
241		'cmd.exe',
242		'cltreq.asp',
243		'c%20dir%20C',
244		'default.ida',
245		'httpodbc.dll',
246		'nsiislog.dll',
247		'owssvr.dll',
248		'passwd',
249		'phpmyadmin',
250		'root.exe',
251		'shtml.exe',
252		'win.ini',
253		'XXXXXXXXXXXXXXXXXXXXXX'
254		);
255
256		#
257		# Define some usefull RE paterns
258		#
259
260		my %re_pattern = (
261		space => '(.*)',
262		brace => '\[(.*)\]',
263		quote => '\"(.*)\"');
264
265		#
266		# Build the regex to parse the line
267		#
268
269		for (my $i = 0; $i < @log_format; $i++) {
270		# print "$i $log_format[$i] $re_pattern{$log_format[$i]} \n";
271		$pattern = $pattern.$re_pattern{$log_format[$i]}.'\\s';
272		}
273
274		# this is easier than coding last element logic in the loop
275		chop($pattern);
276		chop($pattern);
277
278		################# print "RE pattern = $pattern \n";
279
280		#
281		# Process log file on stdin
282		#
283
284		while (my $line = <STDIN>) {
285		chomp($line);
286
287		################## print "Line = $line \n";
288
289		#
290		# parse the line per the input spec
291		#
292
293		my @parsed_line = $line =~ /$pattern/o;
294
295		if (not @parsed_line) {
296		$notparsed_count++;
297		if ($notparsed_count <= 10) {
298		$notparsed = $notparsed . " " . $line . "\n";
299		}
300		next;
301		}
302
303		# hash the results so we can identify the fields
304		#
305		for (my $i = 0; $i < @log_fields; $i++) {
306		# print "$i $log_fields[$i] $parsed_line[$i] \n";
307		$field{$log_fields[$i]} = $parsed_line[$i];
308		}
309
310		##
311		## Do the default stuff
312		##
313
314		#
315		# Break up the request into method, url and protocol
316		#
317
318		($field{method},$field{url},$field{protocol}) = split(/ /,$field{"request"});
319		if (! $field{url}) {
320		$field{url}='null';
321		}
322		$field{lc_url} = lc $field{url};
323
324		#
325		# Bytes sent Summary
326		# Apache uses "-" to represent 0 bytes transfered
327		#
328
329		if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0};
330		$byte_summary += $field{bytes_transfered};
331
332		#
333		# loop to check for typical exploit attempts
334		#
335
336		$isahack = 0;
337		for (my $i = 0; $i < @exploits; $i++) {
338		# print "$i $exploits[$i] $field{lc_url} \n";
339		if ($field{lc_url} =~ /$exploits[$i]/) {
340		$hacks{$field{client_ip}}{$exploits[$i]}++;
341		$total_hack_count += 1;
342		$ban_ip{$field{client_ip}} = " ";
343		if ($field{http_rc} < 400) {
344		$hack_success{$field{url}} = $field{http_rc};
345		}
346		$isahack = 1;
347		}
348		}
349
350		#
351		# Count types and bytes
352		#
353		# this is only printed if detail > 4 but it also looks
354		# for 'strange' stuff so it needs to run always
355		#
356
357		($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"});
358
359		if ($field{base_url} =~ /$image_types$/o) {
360		$image_count += 1;
361		$image_bytes += $field{bytes_transfered};
362		} elsif ($field{base_url} =~ /$docs_types$/o) {
363		$docs_count += 1;
364		$docs_bytes += $field{bytes_transfered};
365		} elsif ($field{base_url} =~ /$archive_types$/o) {
366		$archive_count += 1;
367		$archive_bytes += $field{bytes_transfered};
368		} elsif ($field{base_url} =~ /$sound_types$/o) {
369		$sound_count += 1;
370		$sound_bytes += $field{bytes_transfered};
371		} elsif ($field{base_url} =~ /$movie_types$/o) {
372		$movie_count += 1;
373		$movie_bytes += $field{bytes_transfered};
374		} elsif ($field{base_url} =~ /$winexec_types$/o) {
375		$winexec_count += 1;
376		$winexec_bytes += $field{bytes_transfered};
377		} elsif ($field{base_url} =~ /$content_types$/o) {
378		$content_count += 1;
379		$content_bytes += $field{bytes_transfered};
380		} elsif ($field{base_url} =~ /$wpad_files$/o) {
381		$wpad_count += 1;
382		$wpad_bytes += $field{bytes_transfered};
383		} elsif ($field{base_url} =~ /$program_src$/o) {
384		$src_count += 1;
385		$src_bytes += $field{bytes_transfered};
386		} elsif ($field{base_url} =~ /$images_types$/o) {
387		$images_count += 1;
388		$images_bytes += $field{bytes_transfered};
389		} elsif ($field{base_url} =~ /$logs_types$/o) {
390		$logs_count += 1;
391		$logs_bytes += $field{bytes_transfered};
392		} elsif ($field{base_url} =~ /$fonts_types$/o) {
393		$fonts_count += 1;
394		$fonts_bytes += $field{bytes_transfered};
395		} elsif ($field{base_url} =~ /$config_types$/o) {
396		$config_count += 1;
397		$config_bytes += $field{bytes_transfered};
398		} elsif ($field{base_url} =~ /$xpcomext_types$/) {
399		$xpcomext_count += 1;
400		$xpcomext_bytes += $field{bytes_transfered};
401		} elsif ($field{base_url} =~ /$mozext_types$/) {
402		$mozext_count += 1;
403		$mozext_bytes += $field{bytes_transfered};
404		} elsif ($field{http_rc} =~ /3\d\d/) {
405		$redirect_count += 1;
406		$redirect_bytes += $field{bytes_transfered};
407		} elsif ($field{method} =~ /CONNECT/) {
408		$proxy_count += 1;
409		$proxy_bytes += $field{bytes_transfered};
410		$proxy_host{"$field{client_ip} -> $field{base_url}"}++;
411		} else {
412		$other_count += 1;
413		$other_bytes += $field{bytes_transfered};
414		}
415		if ( $field{http_rc} >= 400 ) {
416		my $fmt_url = $field{url};
417		if (length($field{url}) > 60) {
418		$fmt_url = substr($field{url},0,42) . " ... " .
419		substr($field{url},-15,15);
420		}
421		$needs_exam{$field{http_rc}}{$fmt_url}++;
422		}
423
424		##
425		## Do the > 4 stuff
426		##
427		#
428		# Response Summary
429		#
430
431		if ($field{http_rc} > 499 ) {
432		$a5xx_resp += 1;
433		} elsif ($field{http_rc} > 399 ) {
434		$a4xx_resp += 1;
435		} elsif($field{http_rc} > 299 ) {
436		$a3xx_resp += 1;
437		} elsif($field{http_rc} > 199 ) {
438		$a2xx_resp += 1;
439		} else {
440		$a1xx_resp += 1;
441		}
442
443		#
444		# Count the robots who actually ask for the robots.txt file
445		#
446
447		if ($field{lc_url} =~ /^\/robots.txt$/) {
448		if (defined $field{agent}) {
449		$robots{$field{agent}} +=1;
450		}
451		}
452
453		} ## End of while loop
454
455		#############################################
456		## output the results
457		##
458
459		if ($detail >4) {
460		printf "%.2f MB transfered " , $byte_summary/(1024*1024);
461		print "in ";
462		print my $resp_total = ($a1xx_resp + $a2xx_resp + $a3xx_resp + $a4xx_resp + $a5xx_resp);
463		print " responses ";
464		print " (1xx $a1xx_resp, 2xx $a2xx_resp, 3xx $a3xx_resp,";
465		print " 4xx $a4xx_resp, 5xx $a5xx_resp) \n";
466		my $lr = length($resp_total);
467		if ($image_count > 0) { printf " %d Images (%.2f MB),\n" , $lr, $image_count, $image_bytes/(10241024); }
468		if ($docs_count > 0) { printf " %d Documents (%.2f MB),\n" , $lr, $docs_count, $docs_bytes/(10241024); }
469		if ($archive_count > 0) { printf " %d Archives (%.2f MB),\n" , $lr, $archive_count, $archive_bytes/(10241024); }
470		if ($sound_count > 0) { printf " %d Sound files (%.2f MB),\n" , $lr, $sound_count, $sound_bytes/(10241024); }
471		if ($movie_count > 0) { printf " %d Movies files (%.2f MB),\n" , $lr, $movie_count, $movie_bytes/(10241024); }
472		if ($winexec_count > 0) { printf " %d Windows executable files (%.2f MB),\n" , $lr, $winexec_count, $winexec_bytes/(10241024); }
473		if ($content_count > 0) { printf " %d Content pages (%.2f MB),\n" , $lr, $content_count, $content_bytes/(10241024); }
474		if ($redirect_count > 0) { printf " %d Redirects (%.2f MB),\n" , $lr, $redirect_count, $redirect_bytes/(10241024); }
475		if ($wpad_count > 0) { printf " %d Proxy Configuration Files (%.2f MB),\n" , $lr, $wpad_count, $wpad_bytes/(10241024); }
476		if ($src_count > 0) { printf " %d Program source files (%.2f MB),\n" , $lr, $src_count, $src_bytes/(10241024); }
477		if ($images_count > 0) { printf " %d CD Images (%.2f MB),\n" , $lr, $images_count, $images_bytes/(10241024); }
478		if ($logs_count > 0) { printf " %d Various Logs (%.2f MB),\n" , $lr, $logs_count, $logs_bytes/(10241024); }
479		if ($fonts_count > 0) { printf " %d Fonts (%.2f MB),\n" , $lr, $fonts_count, $fonts_bytes/(10241024); }
480		if ($config_count > 0) { printf " %d Configs (%.2f MB),\n" , $lr, $config_count, $config_bytes/(10241024); }
481		if ($xpcomext_count > 0) { printf " %d XPCOM Type Libraries (%.2f MB),\n" , $lr, $xpcomext_count, $xpcomext_bytes/(10241024); }
482		if ($mozext_count > 0) { printf " %d Mozilla extensions (%.2f MB),\n" , $lr, $mozext_count, $mozext_bytes/(10241024); }
483		if ($proxy_count > 0) { printf " %d mod_proxy requests (%.2f MB),\n" , $lr, $proxy_count, $proxy_bytes/(10241024); }
484		if ($other_count > 0) { printf " %d Other (%.2f MB) \n" , $lr, $other_count, $other_bytes/(10241024); }
485		}
486
487		#
488		# List attempted exploits
489		#
490
491		if (($detail >4) and $total_hack_count) {
492		print "\nAttempts to use known hacks by ".(keys %hacks).
493		" hosts were logged $total_hack_count time(s) from:\n";
494		my $order = TotalCountOrder(%hacks);
495		foreach my $i (sort $order keys %hacks) {
496		my $hacks_per_ip = 0;
497		foreach my $j ( keys %{$hacks{$i}} ) {
498		$hacks_per_ip += $hacks{$i}{$j};
499		}
500		print " $i: $hacks_per_ip Time(s)\n";
501		if ($detail > 9) {
502		foreach my $j ( keys %{$hacks{$i}} ) {
503		print " $j $hacks{$i}{$j} Time(s) \n";
504		}
505		} else {
506		print "\n";
507		}
508		}
509		}
510
511		if (keys %proxy_host) {
512		print "\nConnection attempts using mod_proxy:\n";
513		foreach $host (sort {$a cmp $b} keys %proxy_host) {
514		print " $host: $proxy_host{$host} Time(s)\n";
515		}
516		}
517		#
518		# List (wannabe) blackhat sites
519		#
520
521		$flag = 1;
522		foreach my $i (sort keys %ban_ip) {
523		if ($flag) {
524		print "\nA total of ".scalar(keys %ban_ip)." sites probed the server \n";
525		$flag = 0;
526		}
527		#if ($detail > 4) {
528		print " $i\n";
529		#}
530		}
531
532		#
533		# List possible successful probes
534		#
535
536		$flag = 1;
537		foreach my $i (keys %hack_success) {
538		if ($flag) {
539		print "\n!!!! ".scalar(keys %hack_success)." possible successful probes \n";
540		$flag = 0;
541		}
542		print " $i HTTP Response $hack_success{$i} \n";
543		}
544
545		#
546		# List error response codes
547		#
548
549		if (keys %needs_exam) {
550		print "\nRequests with error response codes\n";
551		# my $count = TotalCountOrder(%needs_exam);
552		for my $code (sort keys %needs_exam) {
553		if (not defined $StatusCode{$code}) {
554		$StatusCode{$code} = "$undefined$";
555		}
556		print " $code $StatusCode{$code}\n";
557		for my $url (sort keys %{$needs_exam{$code}}) {
558		print " $url: $needs_exam{$code}{$url} Time(s)\n";
559		}
560		}
561		}
562
563		#
564		# List robots that identified themselves
565		#
566
567		if ($detail > 4) {
568		$flag = 1;
569		foreach my $i (keys %robots) {
570		if ($flag) {
571		print "\nA total of ".scalar(keys %robots)." ROBOTS were logged \n";
572		$flag = 0;
573		}
574		if ($detail > 9) {
575		print " $i $robots{$i} Time(s) \n";
576		}
577		}
578		}
579
580		if ($notparsed) {
581		print "\nThis is a listing of log lines that were not parsed correctly.\n";
582		print "Perhaps the variables \$HTTP_FIELDS and \$HTTP_FORMAT in file\n";
583		print "conf/services/http.conf are not correct?\n\n";
584		if ($notparsed_count > 10) {
585		print "(Only the first ten are printed; there were a total of $notparsed_count)\n";
586		}
587		print $notparsed;
588		}
589
590		exit (0);
591
592		# vi: shiftwidth=3 tabstop=3 syntax=perl et
593

+0

-707

~~scripts/services/.#http.1.29~~ less more

0		##########################################################################
1		# $Id: http,v 1.29 2005/07/21 05:41:58 bjorn Exp $
2		##########################################################################
3		# $Log: http,v $
4		# Revision 1.29 2005/07/21 05:41:58 bjorn
5		# Deleted two exploit strings, submitted by Gilles Detilllieux, and
6		# corrected typo, submitted by Eric Oberlander.
7		#
8		# Revision 1.28 2005/06/14 05:16:17 bjorn
9		# Patch for handling /\G.../gc construct in perl 5.6
10		#
11		# Revision 1.27 2005/06/06 18:38:41 bjorn
12		# Deleted reference to phpmyadmin
13		#
14		# Revision 1.26 2005/06/01 17:39:49 bjorn
15		# Using new $LogFormat variable. $HTTP_FIELDS and $HTTP_FORMAT deprecated.
16		#
17		# Revision 1.25 2005/05/08 16:52:34 bjorn
18		# Allow for extra spaces in request field
19		#
20		# Revision 1.24 2005/05/02 17:06:25 bjorn
21		# Tightened up check for 'passwd' exploit
22		#
23		# Revision 1.23 2005/04/28 16:05:22 bjorn
24		# Made 'exploits' match case-insensitive, as well
25		#
26		# Revision 1.22 2005/04/28 15:50:36 bjorn
27		# Added file types, made case-insensitive, from Markus Lude
28		#
29		# Revision 1.21 2005/04/25 16:37:46 bjorn
30		# Commented out 'use diagnostics' for release
31		#
32		# Revision 1.20 2005/04/23 14:39:05 bjorn
33		# Support for .html.language-extension and sqwebmaili, from Willi Mann.
34		#
35		# Revision 1.19 2005/04/22 13:46:02 bjorn
36		# Adds filetype extensions, per Paweł Gołaszewski
37		#
38		# Revision 1.18 2005/04/17 19:12:14 bjorn
39		# Changes to needs_exam to deal with error codes, and many print format changes
40		#
41		# Revision 1.17 2005/02/24 22:51:45 kirk
42		# added "/.".
43		# removed the duplicate '\/' from the ends of some lines.
44		# added "/mailman/.*".
45		# added "/announce", "/scrape", and the extension "torrent".
46		# added vl2 to the archive extensions. (It's a zip file for a game.)
47		#
48		# Revision 1.16 2005/02/24 17:08:04 kirk
49		# Applying consolidated patches from Mike Tremaine
50		#
51		# Revision 1.8 2005/02/21 19:09:52 mgt
52		# Bump to 5.2.8 removed some cvs logs -mgt
53		#
54		# Revision 1.7 2005/02/16 00:43:28 mgt
55		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
56		#
57		# Revision 1.6 2005/02/13 23:50:42 mgt
58		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
59		#
60		# Revision 1.5 2004/10/11 18:37:15 mgt
61		# patches from Pawel -mgt
62		#
63		# Revision 1.4 2004/07/29 19:33:29 mgt
64		# Chmod and removed perl call -mgt
65		#
66		# Revision 1.3 2004/07/10 01:54:34 mgt
67		# sync with kirk -mgt
68		#
69		##########################################################################
70
71		########################################################
72		# This was written and is maintained by:
73		# Michael Romeo <michaelromeo@mromeo.com>
74		#
75		# Please send all comments, suggestions, bug reports,
76		# etc, to kirk@kaybee.org.
77		########################################################
78
79
80		#use diagnostics;
81		use strict;
82		use Logwatch ':sort';
83		# use re "debug";
84		#
85		# parse httpd access_log
86		#
87		# Get the detail level and
88		# Build tables of the log format to parse it and determine whats what
89		#
90
91		my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
92		my $logformat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"\|%h %l %u %t \"%r\" %>s %b\|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b";
93
94		if (defined $ENV{'logformat'}) {
95		$logformat = $ENV{'logformat'};
96		}
97
98		my @log_fields = ();
99		my @log_format = ();
100		if ((defined $ENV{'http_fields'}) and (defined $ENV{'http_format'})) {
101		@log_fields = split(" ", $ENV{'http_fields'});
102		@log_format = split(" ", $ENV{'http_format'});
103		}
104
105		#
106		# Initialization etc.
107		#
108
109		my $byte_summary = 0;
110		my $failed_requests = 0;
111		my %field = ();
112		my %hacks =();
113		my %hack_success =();
114		my %needs_exam =();
115		my %ban_ip =();
116		my %robots =();
117		my $pattern = "";
118		my $flag = 0;
119		my $isahack = 0;
120		my $a5xx_resp = 0;
121		my $a4xx_resp = 0;
122		my $a3xx_resp = 0;
123		my $a2xx_resp = 0;
124		my $a1xx_resp = 0;
125		my $image_count = 0;
126		my $image_bytes = 0;
127		my $docs_count = 0;
128		my $docs_bytes = 0;
129		my $archive_count = 0;
130		my $archive_bytes = 0;
131		my $sound_count = 0;
132		my $sound_bytes = 0;
133		my $movie_count = 0;
134		my $movie_bytes = 0;
135		my $winexec_count = 0;
136		my $winexec_bytes = 0;
137		my $content_count = 0;
138		my $content_bytes = 0;
139		my $redirect_count = 0;
140		my $redirect_bytes = 0;
141		my $other_count = 0;
142		my $other_bytes = 0;
143		my $total_hack_count = 0;
144		my $wpad_count = 0;
145		my $wpad_bytes = 0;
146		my $src_count = 0;
147		my $src_bytes = 0;
148		my $logs_count = 0;
149		my $logs_bytes = 0;
150		my $images_count = 0;
151		my $images_bytes = 0;
152		my $fonts_count = 0;
153		my $fonts_bytes = 0;
154		my $config_count = 0;
155		my $config_bytes = 0;
156		my $xpcomext_count = 0;
157		my $xpcomext_bytes = 0;
158		my $mozext_count = 0;
159		my $mozext_bytes = 0;
160		my $proxy_count = 0;
161		my $proxy_bytes = 0;
162		my %proxy_host = ();
163		my $host = "";
164		my $notparsed = "";
165		my $notparsed_count =0;
166
167		######################
168		# file type comparisons are case-insensitive
169		my $image_types = '(\.bmp\|\.cdr\|\.emz\|\.gif\|\.ico\|\.jpeg\|\.jpg\|\.png\|\.svg\|\.sxd\|\.tif\|\.tiff\|\.wbmp\|\.wmf\|\.wmz\|\.xdm)';
170		my $content_types = '(';
171		$content_types = $content_types.'\/server-status\|\/server-info';
172		$content_types = $content_types.'\|\.htm\|\.html\|\.jhtml\|\.phtml\|\.shtml\|\/\.?';
173		$content_types = $content_types.'\|\.html\.[a-z]{2,3}(_[A-Z]{2,3})?';
174		$content_types = $content_types.'\|\.inc\|\.php\|\.php3\|\.asmx\|\.asp\|\.pl\|\.wml';
175		$content_types = $content_types.'\|^\/mailman\/.*';
176		$content_types = $content_types.'\|\/sqwebmail.*';
177		$content_types = $content_types.'\|^\/announce\|^\/scrape'; # BitTorrent tracker mod_bt
178		$content_types = $content_types.'\|\.torrent';
179		$content_types = $content_types.'\|\.css\|\.js\|\.cgi';
180		$content_types = $content_types.'\|\.fla\|\.swf\|\.rdf';
181		$content_types = $content_types.'\|\.class\|\.jsp\|\.jar\|\.java';
182		$content_types = $content_types.'\|COPYRIGHT\|README\|FAQ\|INSTALL\|\.txt)';
183		my $docs_types = '(\.asc\|\.bib\|\.djvu\|\.doc\|\.dot\|\.dtd\|\.dvi\|\.gnumeric\|\.mcd\|\.mso\|\.pdf\|\.pps\|\.ppt\|\.ps\|\.rtf\|\.sxi\|\.tex\|\.text\|\.tm\|\.xls\|\.xml)';
184		my $archive_types = '(\.ace\|\.bz2\|\.cab\|\.deb\|\.dsc\|\.ed2k\|\.gz\|\.hqx\|\.md5\|\.rar\|\.rpm\|\.sig\|\.sign\|\.tar\|\.tbz2\|\.tgz\|\.vl2\|\.z\|\.zip)';
185		my $sound_types = '(\.au\|\.aud\|\.mid\|\.mp3\|\.ogg\|\.pls\|\.ram\|\.raw\|\.rm\|\.wav\|\.wma\|\.wmv\|\.xsm)';
186		my $movie_types = '(\.asf\|\.ass\|\.avi\|\.idx\|\.mid\|\.mpg\|\.mpeg\|\.mov\|\.qt\|\.psb\|\.srt\|\.ssa\|\.smi\|\.sub)';
187		my $winexec_types = '(\.bat\|\.com\|\.exe\|\.dll)';
188		my $wpad_files = '(wpad\.dat\|wspad\.dat\|proxy\.pac)';
189		my $program_src = '(';
190		$program_src = $program_src.'\.bas\|\.c\|\.cpp\|\.diff\|\.f\|\.h\|\.init\|\.m\|\.mo\|\.pas\|\.patch\|\.po\|\.pot\|\.py\|\.sh\|\.spec';
191		$program_src = $program_src.'\|Makefile\|Makefile_c\|Makefile_f77)';
192		my $images_types = '(\.bin\|\.cue\|\.img\|\.iso\|\.run)';
193		my $logs_types = '(\.log\|_log\|-log\|\.logs\|\.out\|\.wyniki)';
194		my $fonts_types = '(\.aft\|\.ttf)';
195		my $config_types = '(\.cfg\|\.conf\|\.config\|\.ini\|\.properties)';
196		my $xpcomext_types = '(\.xpt)';
197		my $mozext_types = '(\.xul)';
198
199		# HTTP Status codes from HTTP/Status.pm, to avoid loading package
200		# that may or may not exist. We only need those >=400, but all
201		# are included for potential future use.
202		my %StatusCode = (
203		100 => 'Continue',
204		101 => 'Switching Protocols',
205		102 => 'Processing', # WebDAV
206		200 => 'OK',
207		201 => 'Created',
208		202 => 'Accepted',
209		203 => 'Non-Authoritative Information',
210		204 => 'No Content',
211		205 => 'Reset Content',
212		206 => 'Partial Content',
213		207 => 'Multi-Status', # WebDAV
214		300 => 'Multiple Choices',
215		301 => 'Moved Permanently',
216		302 => 'Found',
217		303 => 'See Other',
218		304 => 'Not Modified',
219		305 => 'Use Proxy',
220		307 => 'Temporary Redirect',
221		400 => 'Bad Request',
222		401 => 'Unauthorized',
223		402 => 'Payment Required',
224		403 => 'Forbidden',
225		404 => 'Not Found',
226		405 => 'Method Not Allowed',
227		406 => 'Not Acceptable',
228		407 => 'Proxy Authentication Required',
229		408 => 'Request Timeout',
230		409 => 'Conflict',
231		410 => 'Gone',
232		411 => 'Length Required',
233		412 => 'Precondition Failed',
234		413 => 'Request Entity Too Large',
235		414 => 'Request-URI Too Large',
236		415 => 'Unsupported Media Type',
237		416 => 'Request Range Not Satisfiable',
238		417 => 'Expectation Failed',
239		422 => 'Unprocessable Entity', # WebDAV
240		423 => 'Locked', # WebDAV
241		424 => 'Failed Dependency', # WebDAV
242		500 => 'Internal Server Error',
243		501 => 'Not Implemented',
244		502 => 'Bad Gateway',
245		503 => 'Service Unavailable',
246		504 => 'Gateway Timeout',
247		505 => 'HTTP Version Not Supported',
248		507 => 'Insufficient Storage', # WebDAV
249		);
250
251		#
252		# what to look for as an attack USE LOWER CASE!!!!!!
253		#
254		my @exploits = (
255		'null',
256		'/\.\./\.\./\.\./',
257		'../../config.sys',
258		'/../../../autoexec.bat',
259		'/../../windows/user.dat',
260		'\\\x02\\\xb1',
261		'\\\x04\\\x01',
262		'\\\x05\\\x01',
263		'\\\x90\\\x02\\\xb1\\\x02\\\xb1',
264		'\\\x90\\\x90\\\x90\\\x90',
265		'\\\xff\\\xff\\\xff\\\xff',
266		'\\\xe1\\\xcd\\\x80',
267		'\\\xff\xe0\\\xe8\\\xf8\\\xff\\\xff\\\xff-m',
268		'\\\xc7f\\\x0c',
269		'\\\x84o\\\x01',
270		'\\\x81',
271		'\\\xff\\\xe0\\\xe8',
272		'\/c\+dir',
273		'\/c\+dir\+c',
274		'\.htpasswd',
275		'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
276		'author.exe',
277		'boot.ini',
278		'cmd.exe',
279		'c%20dir%20c',
280		'default.ida',
281		'fp30reg.dll',
282		'httpodbc.dll',
283		'nsiislog.dll',
284		'passwd$',
285		'root.exe',
286		'shtml.exe',
287		'win.ini',
288		'xxxxxxxxxxxxxxxxxxxxxx',
289		);
290
291		#
292		# Define some useful RE paterns
293		#
294
295		my %re_pattern = (
296		space => '(.*)',
297		brace => '\[(.*)\]',
298		quote => '\"(.*)\"');
299
300		#
301		# Build the regex to parse the line
302		#
303
304		for (my $i = 0; $i < @log_format; $i++) {
305		$pattern = $pattern.$re_pattern{$log_format[$i]}.'\\s';
306		}
307
308		# this is easier than coding last element logic in the loop
309		chop($pattern);
310		chop($pattern);
311
312		# The following are used to build up pattern matching strings for
313		# the log format used in the access_log files.
314		my @parse_string = ();
315		my @parse_field = ();
316		my $parse_index = 0;
317		my $parse_subindex = 0;
318		$parse_string[$parse_index] = "";
319		$parse_field[$parse_index] = ();
320		if ($pattern) {
321		# accommodate usage of HTTP_FIELDS and HTTP_FORMAT
322		$parse_string[0] = $pattern;
323		$parse_field[0] = [@log_fields];
324		$parse_index++;
325		}
326
327		$parse_string[$parse_index] = "";
328		$parse_field[$parse_index] = ();
329		my $end_loop = 1;
330		$logformat =~ s/%[\d,!]*/%/g;
331		while ($end_loop) {
332
333		if ($logformat =~ /\G%h/gc) {
334		$parse_string[$parse_index] .= "(\\S*?)";
335		$parse_field[$parse_index][$parse_subindex++] = "client_ip";
336		} elsif ($logformat =~ /\G%l/gc) {
337		$parse_string[$parse_index] .= "(\\S*?)";
338		$parse_field[$parse_index][$parse_subindex++] = "ident";
339		} elsif ($logformat =~ /\G%u/gc) {
340		$parse_string[$parse_index] .= "(\\S*?)";
341		$parse_field[$parse_index][$parse_subindex++] = "userid";
342		} elsif ($logformat =~ /\G%t/gc) {
343		$parse_string[$parse_index] .= "(\\[.*\\])";
344		$parse_field[$parse_index][$parse_subindex++] = "timestamp";
345		} elsif ($logformat =~ /\G%r/gc) {
346		$parse_string[$parse_index] .= "(.*)";
347		$parse_field[$parse_index][$parse_subindex++] = "request";
348		} elsif ($logformat =~ /\G%>?s/gc) {
349		$parse_string[$parse_index] .= "(\\d{3})";
350		$parse_field[$parse_index][$parse_subindex++] = "http_rc";
351		} elsif ($logformat =~ /\G%b/gc) {
352		# "transfered" is misspelled, but not corrected because this string
353		# comes from the configuration file, and would create a compatibility
354		# issue
355		$parse_field[$parse_index][$parse_subindex++] = "bytes_transfered";
356		$parse_string[$parse_index] .= "(-\|\\d*)";
357		} elsif ($logformat =~ /\G%{Referer}i/gci) {
358		$parse_string[$parse_index] .= "(.*)";
359		$parse_field[$parse_index][$parse_subindex++] = "referrer";
360		} elsif ($logformat =~ /\G%{User-Agent}i/gci) {
361		$parse_string[$parse_index] .= "(.*)";
362		$parse_field[$parse_index][$parse_subindex++] = "agent";
363		} elsif ($logformat =~ /\G%({.*?})./gc) {
364		$parse_string[$parse_index] .= "(.*?)";
365		$parse_field[$parse_index][$parse_subindex++] = "not_used";
366		} elsif ($logformat =~ /\G\\|/gc) {
367		$parse_index++;
368		$parse_subindex = 0;
369		$parse_string[$parse_index] = "";
370		$parse_field[$parse_index] = ();
371		# perl 5.6 does not detect end of string properly in next elsif block,
372		# so we test it explicitly here
373		} elsif ($logformat =~ /\G$/gc) {
374		$end_loop = 0;
375		} elsif ((my $filler) = ($logformat =~ /\G([^%\\|]*)/gc)) {
376		$parse_string[$parse_index] .= $filler;
377		# perl 5.6 loses track of match position, so we force it. Perl 5.8
378		# and later does it correctly, so it was fixed in 5.7 development.
379		if ($] < 5.007) {pos($logformat) += length($filler);}
380		} else {
381		$end_loop = 0;
382		}
383		}
384
385
386		################# print "RE pattern = $pattern \n";
387
388		#
389		# Process log file on stdin
390		#
391
392		while (my $line = <STDIN>) {
393		chomp($line);
394
395		################## print "Line = $line \n";
396
397		#
398		# parse the line per the input spec
399		#
400		my @parsed_line;
401		for $parse_index (0..$#parse_string) {
402		if (@parsed_line = $line =~ /$parse_string[$parse_index]/) {
403		@log_fields = @{$parse_field[$parse_index]};
404		last;
405		}
406		}
407
408		if (not @parsed_line) {
409		$notparsed_count++;
410		if ($notparsed_count <= 10) {
411		$notparsed = $notparsed . " " . $line . "\n";
412		}
413		next;
414		}
415
416		# hash the results so we can identify the fields
417		#
418		for my $i (0..$#log_fields) {
419		# print "$i $log_fields[$i] $parsed_line[$i] \n";
420		$field{$log_fields[$i]} = $parsed_line[$i];
421		}
422
423		##
424		## Do the default stuff
425		##
426
427		#
428		# Break up the request into method, url and protocol
429		#
430
431		($field{method},$field{url},$field{protocol}) = split(/ +/,$field{"request"});
432		if (! $field{url}) {
433		$field{url}='null';
434		}
435		$field{lc_url} = lc $field{url};
436
437		#
438		# Bytes sent Summary
439		# Apache uses "-" to represent 0 bytes transferred
440		#
441
442		if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0};
443		$byte_summary += $field{bytes_transfered};
444
445		#
446		# loop to check for typical exploit attempts
447		#
448
449		$isahack = 0;
450		for (my $i = 0; $i < @exploits; $i++) {
451		# print "$i $exploits[$i] $field{lc_url} \n";
452		if ($field{lc_url} =~ /$exploits[$i]/i) {
453		$hacks{$field{client_ip}}{$exploits[$i]}++;
454		$total_hack_count += 1;
455		$ban_ip{$field{client_ip}} = " ";
456		if ($field{http_rc} < 400) {
457		$hack_success{$field{url}} = $field{http_rc};
458		}
459		$isahack = 1;
460		}
461		}
462
463		#
464		# Count types and bytes
465		#
466		# this is only printed if detail > 4 but it also looks
467		# for 'strange' stuff so it needs to run always
468		#
469
470		($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"});
471
472		if ($field{base_url} =~ /$image_types$/oi) {
473		$image_count += 1;
474		$image_bytes += $field{bytes_transfered};
475		} elsif ($field{base_url} =~ /$docs_types$/oi) {
476		$docs_count += 1;
477		$docs_bytes += $field{bytes_transfered};
478		} elsif ($field{base_url} =~ /$archive_types$/oi) {
479		$archive_count += 1;
480		$archive_bytes += $field{bytes_transfered};
481		} elsif ($field{base_url} =~ /$sound_types$/oi) {
482		$sound_count += 1;
483		$sound_bytes += $field{bytes_transfered};
484		} elsif ($field{base_url} =~ /$movie_types$/oi) {
485		$movie_count += 1;
486		$movie_bytes += $field{bytes_transfered};
487		} elsif ($field{base_url} =~ /$winexec_types$/oi) {
488		$winexec_count += 1;
489		$winexec_bytes += $field{bytes_transfered};
490		} elsif ($field{base_url} =~ /$content_types$/oi) {
491		$content_count += 1;
492		$content_bytes += $field{bytes_transfered};
493		} elsif ($field{base_url} =~ /$wpad_files$/oi) {
494		$wpad_count += 1;
495		$wpad_bytes += $field{bytes_transfered};
496		} elsif ($field{base_url} =~ /$program_src$/oi) {
497		$src_count += 1;
498		$src_bytes += $field{bytes_transfered};
499		} elsif ($field{base_url} =~ /$images_types$/oi) {
500		$images_count += 1;
501		$images_bytes += $field{bytes_transfered};
502		} elsif ($field{base_url} =~ /$logs_types$/oi) {
503		$logs_count += 1;
504		$logs_bytes += $field{bytes_transfered};
505		} elsif ($field{base_url} =~ /$fonts_types$/oi) {
506		$fonts_count += 1;
507		$fonts_bytes += $field{bytes_transfered};
508		} elsif ($field{base_url} =~ /$config_types$/oi) {
509		$config_count += 1;
510		$config_bytes += $field{bytes_transfered};
511		} elsif ($field{base_url} =~ /$xpcomext_types$/oi) {
512		$xpcomext_count += 1;
513		$xpcomext_bytes += $field{bytes_transfered};
514		} elsif ($field{base_url} =~ /$mozext_types$/oi) {
515		$mozext_count += 1;
516		$mozext_bytes += $field{bytes_transfered};
517		} elsif ($field{http_rc} =~ /3\d\d/) {
518		$redirect_count += 1;
519		$redirect_bytes += $field{bytes_transfered};
520		} elsif ($field{method} =~ /CONNECT/) {
521		$proxy_count += 1;
522		$proxy_bytes += $field{bytes_transfered};
523		$proxy_host{"$field{client_ip} -> $field{base_url}"}++;
524		} else {
525		$other_count += 1;
526		$other_bytes += $field{bytes_transfered};
527		}
528		if ( $field{http_rc} >= 400 ) {
529		my $fmt_url = $field{url};
530		if (length($field{url}) > 60) {
531		$fmt_url = substr($field{url},0,42) . " ... " .
532		substr($field{url},-15,15);
533		}
534		$needs_exam{$field{http_rc}}{$fmt_url}++;
535		}
536
537		##
538		## Do the > 4 stuff
539		##
540		#
541		# Response Summary
542		#
543
544		if ($field{http_rc} > 499 ) {
545		$a5xx_resp += 1;
546		} elsif ($field{http_rc} > 399 ) {
547		$a4xx_resp += 1;
548		} elsif($field{http_rc} > 299 ) {
549		$a3xx_resp += 1;
550		} elsif($field{http_rc} > 199 ) {
551		$a2xx_resp += 1;
552		} else {
553		$a1xx_resp += 1;
554		}
555
556		#
557		# Count the robots who actually ask for the robots.txt file
558		#
559
560		if ($field{lc_url} =~ /^\/robots.txt$/) {
561		if (defined $field{agent}) {
562		$robots{$field{agent}} +=1;
563		}
564		}
565
566		} ## End of while loop
567
568		#############################################
569		## output the results
570		##
571
572		if ($detail >4) {
573		printf "%.2f MB transferred " , $byte_summary/(1024*1024);
574		print "in ";
575		print my $resp_total = ($a1xx_resp + $a2xx_resp + $a3xx_resp + $a4xx_resp + $a5xx_resp);
576		print " responses ";
577		print " (1xx $a1xx_resp, 2xx $a2xx_resp, 3xx $a3xx_resp,";
578		print " 4xx $a4xx_resp, 5xx $a5xx_resp) \n";
579		my $lr = length($resp_total);
580		if ($image_count > 0) { printf " %d Images (%.2f MB),\n" , $lr, $image_count, $image_bytes/(10241024); }
581		if ($docs_count > 0) { printf " %d Documents (%.2f MB),\n" , $lr, $docs_count, $docs_bytes/(10241024); }
582		if ($archive_count > 0) { printf " %d Archives (%.2f MB),\n" , $lr, $archive_count, $archive_bytes/(10241024); }
583		if ($sound_count > 0) { printf " %d Sound files (%.2f MB),\n" , $lr, $sound_count, $sound_bytes/(10241024); }
584		if ($movie_count > 0) { printf " %d Movies files (%.2f MB),\n" , $lr, $movie_count, $movie_bytes/(10241024); }
585		if ($winexec_count > 0) { printf " %d Windows executable files (%.2f MB),\n" , $lr, $winexec_count, $winexec_bytes/(10241024); }
586		if ($content_count > 0) { printf " %d Content pages (%.2f MB),\n" , $lr, $content_count, $content_bytes/(10241024); }
587		if ($redirect_count > 0) { printf " %d Redirects (%.2f MB),\n" , $lr, $redirect_count, $redirect_bytes/(10241024); }
588		if ($wpad_count > 0) { printf " %d Proxy Configuration Files (%.2f MB),\n" , $lr, $wpad_count, $wpad_bytes/(10241024); }
589		if ($src_count > 0) { printf " %d Program source files (%.2f MB),\n" , $lr, $src_count, $src_bytes/(10241024); }
590		if ($images_count > 0) { printf " %d CD Images (%.2f MB),\n" , $lr, $images_count, $images_bytes/(10241024); }
591		if ($logs_count > 0) { printf " %d Various Logs (%.2f MB),\n" , $lr, $logs_count, $logs_bytes/(10241024); }
592		if ($fonts_count > 0) { printf " %d Fonts (%.2f MB),\n" , $lr, $fonts_count, $fonts_bytes/(10241024); }
593		if ($config_count > 0) { printf " %d Configs (%.2f MB),\n" , $lr, $config_count, $config_bytes/(10241024); }
594		if ($xpcomext_count > 0) { printf " %d XPCOM Type Libraries (%.2f MB),\n" , $lr, $xpcomext_count, $xpcomext_bytes/(10241024); }
595		if ($mozext_count > 0) { printf " %d Mozilla extensions (%.2f MB),\n" , $lr, $mozext_count, $mozext_bytes/(10241024); }
596		if ($proxy_count > 0) { printf " %d mod_proxy requests (%.2f MB),\n" , $lr, $proxy_count, $proxy_bytes/(10241024); }
597		if ($other_count > 0) { printf " %d Other (%.2f MB) \n" , $lr, $other_count, $other_bytes/(10241024); }
598		}
599
600		#
601		# List attempted exploits
602		#
603
604		if (($detail >4) and $total_hack_count) {
605		print "\nAttempts to use known hacks by ".(keys %hacks).
606		" hosts were logged $total_hack_count time(s) from:\n";
607		my $order = TotalCountOrder(%hacks);
608		foreach my $i (sort $order keys %hacks) {
609		my $hacks_per_ip = 0;
610		foreach my $j ( keys %{$hacks{$i}} ) {
611		$hacks_per_ip += $hacks{$i}{$j};
612		}
613		print " $i: $hacks_per_ip Time(s)\n";
614		if ($detail > 9) {
615		foreach my $j ( keys %{$hacks{$i}} ) {
616		print " $j $hacks{$i}{$j} Time(s) \n";
617		}
618		} else {
619		print "\n";
620		}
621		}
622		}
623
624		if (keys %proxy_host) {
625		print "\nConnection attempts using mod_proxy:\n";
626		foreach $host (sort {$a cmp $b} keys %proxy_host) {
627		print " $host: $proxy_host{$host} Time(s)\n";
628		}
629		}
630		#
631		# List (wannabe) blackhat sites
632		#
633
634		$flag = 1;
635		foreach my $i (sort keys %ban_ip) {
636		if ($flag) {
637		print "\nA total of ".scalar(keys %ban_ip)." sites probed the server \n";
638		$flag = 0;
639		}
640		#if ($detail > 4) {
641		print " $i\n";
642		#}
643		}
644
645		#
646		# List possible successful probes
647		#
648
649		$flag = 1;
650		foreach my $i (keys %hack_success) {
651		if ($flag) {
652		print "\n!!!! ".scalar(keys %hack_success)." possible successful probes \n";
653		$flag = 0;
654		}
655		print " $i HTTP Response $hack_success{$i} \n";
656		}
657
658		#
659		# List error response codes
660		#
661
662		if (keys %needs_exam) {
663		print "\nRequests with error response codes\n";
664		# my $count = TotalCountOrder(%needs_exam);
665		for my $code (sort keys %needs_exam) {
666		if (not defined $StatusCode{$code}) {
667		$StatusCode{$code} = "$undefined$";
668		}
669		print " $code $StatusCode{$code}\n";
670		for my $url (sort keys %{$needs_exam{$code}}) {
671		print " $url: $needs_exam{$code}{$url} Time(s)\n";
672		}
673		}
674		}
675
676		#
677		# List robots that identified themselves
678		#
679
680		if ($detail > 4) {
681		$flag = 1;
682		foreach my $i (keys %robots) {
683		if ($flag) {
684		print "\nA total of ".scalar(keys %robots)." ROBOTS were logged \n";
685		$flag = 0;
686		}
687		if ($detail > 9) {
688		print " $i $robots{$i} Time(s) \n";
689		}
690		}
691		}
692
693		if ($notparsed) {
694		print "\nThis is a listing of log lines that were not parsed correctly.\n";
695		print "Perhaps the variable \$LogFormat in file conf/services/http.conf\n";
696		print "is not correct?\n\n";
697		if ($notparsed_count > 10) {
698		print "(Only the first ten are printed; there were a total of $notparsed_count)\n";
699		}
700		print $notparsed;
701		}
702
703		exit (0);
704
705		# vi: shiftwidth=3 tabstop=3 syntax=perl et
706

+0

-722

~~scripts/services/.#http.1.31~~ less more

0		##########################################################################
1		# $Id: http,v 1.31 2005/09/07 21:03:39 bjorn Exp $
2		##########################################################################
3		# $Log: http,v $
4		# Revision 1.31 2005/09/07 21:03:39 bjorn
5		# Added HTTP_IGNORE_URLS option, by Lance Cleveland
6		#
7		# Revision 1.30 2005/08/23 22:25:51 mike
8		# Patch from Taco IJsselmuiden fixes debian bug 323919 -mgt
9		#
10		# Revision 1.29 2005/07/21 05:41:58 bjorn
11		# Deleted two exploit strings, submitted by Gilles Detilllieux, and
12		# corrected typo, submitted by Eric Oberlander.
13		#
14		# Revision 1.28 2005/06/14 05:16:17 bjorn
15		# Patch for handling /\G.../gc construct in perl 5.6
16		#
17		# Revision 1.27 2005/06/06 18:38:41 bjorn
18		# Deleted reference to phpmyadmin
19		#
20		# Revision 1.26 2005/06/01 17:39:49 bjorn
21		# Using new $LogFormat variable. $HTTP_FIELDS and $HTTP_FORMAT deprecated.
22		#
23		# Revision 1.25 2005/05/08 16:52:34 bjorn
24		# Allow for extra spaces in request field
25		#
26		# Revision 1.24 2005/05/02 17:06:25 bjorn
27		# Tightened up check for 'passwd' exploit
28		#
29		# Revision 1.23 2005/04/28 16:05:22 bjorn
30		# Made 'exploits' match case-insensitive, as well
31		#
32		# Revision 1.22 2005/04/28 15:50:36 bjorn
33		# Added file types, made case-insensitive, from Markus Lude
34		#
35		# Revision 1.21 2005/04/25 16:37:46 bjorn
36		# Commented out 'use diagnostics' for release
37		#
38		# Revision 1.20 2005/04/23 14:39:05 bjorn
39		# Support for .html.language-extension and sqwebmaili, from Willi Mann.
40		#
41		# Revision 1.19 2005/04/22 13:46:02 bjorn
42		# Adds filetype extensions, per Paweł Gołaszewski
43		#
44		# Revision 1.18 2005/04/17 19:12:14 bjorn
45		# Changes to needs_exam to deal with error codes, and many print format changes
46		#
47		# Revision 1.17 2005/02/24 22:51:45 kirk
48		# added "/.".
49		# removed the duplicate '\/' from the ends of some lines.
50		# added "/mailman/.*".
51		# added "/announce", "/scrape", and the extension "torrent".
52		# added vl2 to the archive extensions. (It's a zip file for a game.)
53		#
54		# Revision 1.16 2005/02/24 17:08:04 kirk
55		# Applying consolidated patches from Mike Tremaine
56		#
57		# Revision 1.8 2005/02/21 19:09:52 mgt
58		# Bump to 5.2.8 removed some cvs logs -mgt
59		#
60		# Revision 1.7 2005/02/16 00:43:28 mgt
61		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
62		#
63		# Revision 1.6 2005/02/13 23:50:42 mgt
64		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
65		#
66		# Revision 1.5 2004/10/11 18:37:15 mgt
67		# patches from Pawel -mgt
68		#
69		# Revision 1.4 2004/07/29 19:33:29 mgt
70		# Chmod and removed perl call -mgt
71		#
72		# Revision 1.3 2004/07/10 01:54:34 mgt
73		# sync with kirk -mgt
74		#
75		##########################################################################
76
77		########################################################
78		# This was written and is maintained by:
79		# Michael Romeo <michaelromeo@mromeo.com>
80		#
81		# Please send all comments, suggestions, bug reports,
82		# etc, to kirk@kaybee.org.
83		########################################################
84
85
86		#use diagnostics;
87		use strict;
88		use Logwatch ':sort';
89		# use re "debug";
90		#
91		# parse httpd access_log
92		#
93		# Get the detail level and
94		# Build tables of the log format to parse it and determine whats what
95		#
96
97		my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
98		my $ignoreURLs = $ENV{'http_ignore_urls'};
99		my $logformat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"\|%h %l %u %t \"%r\" %>s %b\|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b";
100
101		if (defined $ENV{'logformat'}) {
102		$logformat = $ENV{'logformat'};
103		}
104
105		my @log_fields = ();
106		my @log_format = ();
107		if ((defined $ENV{'http_fields'}) and (defined $ENV{'http_format'})) {
108		@log_fields = split(" ", $ENV{'http_fields'});
109		@log_format = split(" ", $ENV{'http_format'});
110		}
111
112		#
113		# Initialization etc.
114		#
115
116		my $byte_summary = 0;
117		my $failed_requests = 0;
118		my %field = ();
119		my %hacks =();
120		my %hack_success =();
121		my %needs_exam =();
122		my %ban_ip =();
123		my %robots =();
124		my $pattern = "";
125		my $flag = 0;
126		my $isahack = 0;
127		my $a5xx_resp = 0;
128		my $a4xx_resp = 0;
129		my $a3xx_resp = 0;
130		my $a2xx_resp = 0;
131		my $a1xx_resp = 0;
132		my $image_count = 0;
133		my $image_bytes = 0;
134		my $docs_count = 0;
135		my $docs_bytes = 0;
136		my $archive_count = 0;
137		my $archive_bytes = 0;
138		my $sound_count = 0;
139		my $sound_bytes = 0;
140		my $movie_count = 0;
141		my $movie_bytes = 0;
142		my $winexec_count = 0;
143		my $winexec_bytes = 0;
144		my $content_count = 0;
145		my $content_bytes = 0;
146		my $redirect_count = 0;
147		my $redirect_bytes = 0;
148		my $other_count = 0;
149		my $other_bytes = 0;
150		my $total_hack_count = 0;
151		my $wpad_count = 0;
152		my $wpad_bytes = 0;
153		my $src_count = 0;
154		my $src_bytes = 0;
155		my $logs_count = 0;
156		my $logs_bytes = 0;
157		my $images_count = 0;
158		my $images_bytes = 0;
159		my $fonts_count = 0;
160		my $fonts_bytes = 0;
161		my $config_count = 0;
162		my $config_bytes = 0;
163		my $xpcomext_count = 0;
164		my $xpcomext_bytes = 0;
165		my $mozext_count = 0;
166		my $mozext_bytes = 0;
167		my $proxy_count = 0;
168		my $proxy_bytes = 0;
169		my %proxy_host = ();
170		my $host = "";
171		my $notparsed = "";
172		my $notparsed_count =0;
173
174		######################
175		# file type comparisons are case-insensitive
176		my $image_types = '(\.bmp\|\.cdr\|\.emz\|\.gif\|\.ico\|\.jpeg\|\.jpg\|\.png\|\.svg\|\.sxd\|\.tif\|\.tiff\|\.wbmp\|\.wmf\|\.wmz\|\.xdm)';
177		my $content_types = '(';
178		$content_types = $content_types.'\/server-status\|\/server-info';
179		$content_types = $content_types.'\|\.htm\|\.html\|\.jhtml\|\.phtml\|\.shtml\|\/\.?';
180		$content_types = $content_types.'\|\.html\.[a-z]{2,3}(_[A-Z]{2,3})?';
181		$content_types = $content_types.'\|\.inc\|\.php\|\.php3\|\.asmx\|\.asp\|\.pl\|\.wml';
182		$content_types = $content_types.'\|^\/mailman\/.*';
183		$content_types = $content_types.'\|\/sqwebmail.*';
184		$content_types = $content_types.'\|^\/announce\|^\/scrape'; # BitTorrent tracker mod_bt
185		$content_types = $content_types.'\|\.torrent';
186		$content_types = $content_types.'\|\.css\|\.js\|\.cgi';
187		$content_types = $content_types.'\|\.fla\|\.swf\|\.rdf';
188		$content_types = $content_types.'\|\.class\|\.jsp\|\.jar\|\.java';
189		$content_types = $content_types.'\|COPYRIGHT\|README\|FAQ\|INSTALL\|\.txt)';
190		my $docs_types = '(\.asc\|\.bib\|\.djvu\|\.doc\|\.dot\|\.dtd\|\.dvi\|\.gnumeric\|\.mcd\|\.mso\|\.pdf\|\.pps\|\.ppt\|\.ps\|\.rtf\|\.sxi\|\.tex\|\.text\|\.tm\|\.xls\|\.xml)';
191		my $archive_types = '(\.ace\|\.bz2\|\.cab\|\.deb\|\.dsc\|\.ed2k\|\.gz\|\.hqx\|\.md5\|\.rar\|\.rpm\|\.sig\|\.sign\|\.tar\|\.tbz2\|\.tgz\|\.vl2\|\.z\|\.zip)';
192		my $sound_types = '(\.au\|\.aud\|\.mid\|\.mp3\|\.ogg\|\.pls\|\.ram\|\.raw\|\.rm\|\.wav\|\.wma\|\.wmv\|\.xsm)';
193		my $movie_types = '(\.asf\|\.ass\|\.avi\|\.idx\|\.mid\|\.mpg\|\.mpeg\|\.mov\|\.qt\|\.psb\|\.srt\|\.ssa\|\.smi\|\.sub)';
194		my $winexec_types = '(\.bat\|\.com\|\.exe\|\.dll)';
195		my $wpad_files = '(wpad\.dat\|wspad\.dat\|proxy\.pac)';
196		my $program_src = '(';
197		$program_src = $program_src.'\.bas\|\.c\|\.cpp\|\.diff\|\.f\|\.h\|\.init\|\.m\|\.mo\|\.pas\|\.patch\|\.po\|\.pot\|\.py\|\.sh\|\.spec';
198		$program_src = $program_src.'\|Makefile\|Makefile_c\|Makefile_f77)';
199		my $images_types = '(\.bin\|\.cue\|\.img\|\.iso\|\.run)';
200		my $logs_types = '(\.log\|_log\|-log\|\.logs\|\.out\|\.wyniki)';
201		my $fonts_types = '(\.aft\|\.ttf)';
202		my $config_types = '(\.cfg\|\.conf\|\.config\|\.ini\|\.properties)';
203		my $xpcomext_types = '(\.xpt)';
204		my $mozext_types = '(\.xul)';
205
206		# HTTP Status codes from HTTP/Status.pm, to avoid loading package
207		# that may or may not exist. We only need those >=400, but all
208		# are included for potential future use.
209		my %StatusCode = (
210		100 => 'Continue',
211		101 => 'Switching Protocols',
212		102 => 'Processing', # WebDAV
213		200 => 'OK',
214		201 => 'Created',
215		202 => 'Accepted',
216		203 => 'Non-Authoritative Information',
217		204 => 'No Content',
218		205 => 'Reset Content',
219		206 => 'Partial Content',
220		207 => 'Multi-Status', # WebDAV
221		300 => 'Multiple Choices',
222		301 => 'Moved Permanently',
223		302 => 'Found',
224		303 => 'See Other',
225		304 => 'Not Modified',
226		305 => 'Use Proxy',
227		307 => 'Temporary Redirect',
228		400 => 'Bad Request',
229		401 => 'Unauthorized',
230		402 => 'Payment Required',
231		403 => 'Forbidden',
232		404 => 'Not Found',
233		405 => 'Method Not Allowed',
234		406 => 'Not Acceptable',
235		407 => 'Proxy Authentication Required',
236		408 => 'Request Timeout',
237		409 => 'Conflict',
238		410 => 'Gone',
239		411 => 'Length Required',
240		412 => 'Precondition Failed',
241		413 => 'Request Entity Too Large',
242		414 => 'Request-URI Too Large',
243		415 => 'Unsupported Media Type',
244		416 => 'Request Range Not Satisfiable',
245		417 => 'Expectation Failed',
246		422 => 'Unprocessable Entity', # WebDAV
247		423 => 'Locked', # WebDAV
248		424 => 'Failed Dependency', # WebDAV
249		500 => 'Internal Server Error',
250		501 => 'Not Implemented',
251		502 => 'Bad Gateway',
252		503 => 'Service Unavailable',
253		504 => 'Gateway Timeout',
254		505 => 'HTTP Version Not Supported',
255		507 => 'Insufficient Storage', # WebDAV
256		);
257
258		#
259		# what to look for as an attack USE LOWER CASE!!!!!!
260		#
261		my @exploits = (
262		'null',
263		<<<<<<< http
264		'/\.\./\.\./\.\./',
265		'../../config.sys',
266		'/../../../autoexec.bat',
267		'/../../windows/user.dat',
268		=======
269		'/\.\./\.\./\.\./',
270		'\.\./\.\./config.sys',
271		'/\.\./\.\./\.\./autoexec.bat',
272		'/\.\./\.\./windows/user.dat',
273		>>>>>>> 1.31
274		'\\\x02\\\xb1',
275		'\\\x04\\\x01',
276		'\\\x05\\\x01',
277		'\\\x90\\\x02\\\xb1\\\x02\\\xb1',
278		'\\\x90\\\x90\\\x90\\\x90',
279		'\\\xff\\\xff\\\xff\\\xff',
280		'\\\xe1\\\xcd\\\x80',
281		'\\\xff\xe0\\\xe8\\\xf8\\\xff\\\xff\\\xff-m',
282		'\\\xc7f\\\x0c',
283		'\\\x84o\\\x01',
284		'\\\x81',
285		'\\\xff\\\xe0\\\xe8',
286		'\/c\+dir',
287		'\/c\+dir\+c',
288		'\.htpasswd',
289		'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
290		'author.exe',
291		'boot.ini',
292		'cmd.exe',
293		'c%20dir%20c',
294		'default.ida',
295		'fp30reg.dll',
296		'httpodbc.dll',
297		'nsiislog.dll',
298		'passwd$',
299		'root.exe',
300		'shtml.exe',
301		'win.ini',
302		'xxxxxxxxxxxxxxxxxxxxxx',
303		);
304
305		#
306		# Define some useful RE paterns
307		#
308
309		my %re_pattern = (
310		space => '(.*)',
311		brace => '\[(.*)\]',
312		quote => '\"(.*)\"');
313
314		#
315		# Build the regex to parse the line
316		#
317
318		for (my $i = 0; $i < @log_format; $i++) {
319		$pattern = $pattern.$re_pattern{$log_format[$i]}.'\\s';
320		}
321
322		# this is easier than coding last element logic in the loop
323		chop($pattern);
324		chop($pattern);
325
326		# The following are used to build up pattern matching strings for
327		# the log format used in the access_log files.
328		my @parse_string = ();
329		my @parse_field = ();
330		my $parse_index = 0;
331		my $parse_subindex = 0;
332		$parse_string[$parse_index] = "";
333		$parse_field[$parse_index] = ();
334		if ($pattern) {
335		# accommodate usage of HTTP_FIELDS and HTTP_FORMAT
336		$parse_string[0] = $pattern;
337		$parse_field[0] = [@log_fields];
338		$parse_index++;
339		}
340
341		$parse_string[$parse_index] = "";
342		$parse_field[$parse_index] = ();
343		my $end_loop = 1;
344		$logformat =~ s/%[\d,!]*/%/g;
345		while ($end_loop) {
346
347		if ($logformat =~ /\G%h/gc) {
348		$parse_string[$parse_index] .= "(\\S*?)";
349		$parse_field[$parse_index][$parse_subindex++] = "client_ip";
350		} elsif ($logformat =~ /\G%l/gc) {
351		$parse_string[$parse_index] .= "(\\S*?)";
352		$parse_field[$parse_index][$parse_subindex++] = "ident";
353		} elsif ($logformat =~ /\G%u/gc) {
354		$parse_string[$parse_index] .= "(\\S*?)";
355		$parse_field[$parse_index][$parse_subindex++] = "userid";
356		} elsif ($logformat =~ /\G%t/gc) {
357		$parse_string[$parse_index] .= "(\\[.*\\])";
358		$parse_field[$parse_index][$parse_subindex++] = "timestamp";
359		} elsif ($logformat =~ /\G%r/gc) {
360		$parse_string[$parse_index] .= "(.*)";
361		$parse_field[$parse_index][$parse_subindex++] = "request";
362		} elsif ($logformat =~ /\G%>?s/gc) {
363		$parse_string[$parse_index] .= "(\\d{3})";
364		$parse_field[$parse_index][$parse_subindex++] = "http_rc";
365		} elsif ($logformat =~ /\G%b/gc) {
366		# "transfered" is misspelled, but not corrected because this string
367		# comes from the configuration file, and would create a compatibility
368		# issue
369		$parse_field[$parse_index][$parse_subindex++] = "bytes_transfered";
370		$parse_string[$parse_index] .= "(-\|\\d*)";
371		} elsif ($logformat =~ /\G%{Referer}i/gci) {
372		$parse_string[$parse_index] .= "(.*)";
373		$parse_field[$parse_index][$parse_subindex++] = "referrer";
374		} elsif ($logformat =~ /\G%{User-Agent}i/gci) {
375		$parse_string[$parse_index] .= "(.*)";
376		$parse_field[$parse_index][$parse_subindex++] = "agent";
377		} elsif ($logformat =~ /\G%({.*?})./gc) {
378		$parse_string[$parse_index] .= "(.*?)";
379		$parse_field[$parse_index][$parse_subindex++] = "not_used";
380		} elsif ($logformat =~ /\G\\|/gc) {
381		$parse_index++;
382		$parse_subindex = 0;
383		$parse_string[$parse_index] = "";
384		$parse_field[$parse_index] = ();
385		# perl 5.6 does not detect end of string properly in next elsif block,
386		# so we test it explicitly here
387		} elsif ($logformat =~ /\G$/gc) {
388		$end_loop = 0;
389		} elsif ((my $filler) = ($logformat =~ /\G([^%\\|]*)/gc)) {
390		$parse_string[$parse_index] .= $filler;
391		# perl 5.6 loses track of match position, so we force it. Perl 5.8
392		# and later does it correctly, so it was fixed in 5.7 development.
393		if ($] < 5.007) {pos($logformat) += length($filler);}
394		} else {
395		$end_loop = 0;
396		}
397		}
398
399
400		################# print "RE pattern = $pattern \n";
401
402		#
403		# Process log file on stdin
404		#
405
406		while (my $line = <STDIN>) {
407		chomp($line);
408
409		################## print "Line = $line \n";
410
411		#
412		# parse the line per the input spec
413		#
414		my @parsed_line;
415		for $parse_index (0..$#parse_string) {
416		if (@parsed_line = $line =~ /$parse_string[$parse_index]/) {
417		@log_fields = @{$parse_field[$parse_index]};
418		last;
419		}
420		}
421
422		if (not @parsed_line) {
423		$notparsed_count++;
424		if ($notparsed_count <= 10) {
425		$notparsed = $notparsed . " " . $line . "\n";
426		}
427		next;
428		}
429
430		# hash the results so we can identify the fields
431		#
432		for my $i (0..$#log_fields) {
433		# print "$i $log_fields[$i] $parsed_line[$i] \n";
434		$field{$log_fields[$i]} = $parsed_line[$i];
435		}
436
437		##
438		## Do the default stuff
439		##
440
441		#
442		# Break up the request into method, url and protocol
443		#
444
445		($field{method},$field{url},$field{protocol}) = split(/ +/,$field{"request"});
446		if (! $field{url}) {
447		$field{url}='null';
448		}
449		$field{lc_url} = lc $field{url};
450
451		#
452		# Bytes sent Summary
453		# Apache uses "-" to represent 0 bytes transferred
454		#
455
456		if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0};
457		$byte_summary += $field{bytes_transfered};
458
459		#
460		# loop to check for typical exploit attempts
461		#
462
463		$isahack = 0;
464		for (my $i = 0; $i < @exploits; $i++) {
465		# print "$i $exploits[$i] $field{lc_url} \n";
466		if ($field{lc_url} =~ /$exploits[$i]/i) {
467		$hacks{$field{client_ip}}{$exploits[$i]}++;
468		$total_hack_count += 1;
469		$ban_ip{$field{client_ip}} = " ";
470		if ($field{http_rc} < 400) {
471		$hack_success{$field{url}} = $field{http_rc};
472		}
473		$isahack = 1;
474		}
475		}
476
477		#
478		# Count types and bytes
479		#
480		# this is only printed if detail > 4 but it also looks
481		# for 'strange' stuff so it needs to run always
482		#
483
484		($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"});
485
486		if ($field{base_url} =~ /$image_types$/oi) {
487		$image_count += 1;
488		$image_bytes += $field{bytes_transfered};
489		} elsif ($field{base_url} =~ /$docs_types$/oi) {
490		$docs_count += 1;
491		$docs_bytes += $field{bytes_transfered};
492		} elsif ($field{base_url} =~ /$archive_types$/oi) {
493		$archive_count += 1;
494		$archive_bytes += $field{bytes_transfered};
495		} elsif ($field{base_url} =~ /$sound_types$/oi) {
496		$sound_count += 1;
497		$sound_bytes += $field{bytes_transfered};
498		} elsif ($field{base_url} =~ /$movie_types$/oi) {
499		$movie_count += 1;
500		$movie_bytes += $field{bytes_transfered};
501		} elsif ($field{base_url} =~ /$winexec_types$/oi) {
502		$winexec_count += 1;
503		$winexec_bytes += $field{bytes_transfered};
504		} elsif ($field{base_url} =~ /$content_types$/oi) {
505		$content_count += 1;
506		$content_bytes += $field{bytes_transfered};
507		} elsif ($field{base_url} =~ /$wpad_files$/oi) {
508		$wpad_count += 1;
509		$wpad_bytes += $field{bytes_transfered};
510		} elsif ($field{base_url} =~ /$program_src$/oi) {
511		$src_count += 1;
512		$src_bytes += $field{bytes_transfered};
513		} elsif ($field{base_url} =~ /$images_types$/oi) {
514		$images_count += 1;
515		$images_bytes += $field{bytes_transfered};
516		} elsif ($field{base_url} =~ /$logs_types$/oi) {
517		$logs_count += 1;
518		$logs_bytes += $field{bytes_transfered};
519		} elsif ($field{base_url} =~ /$fonts_types$/oi) {
520		$fonts_count += 1;
521		$fonts_bytes += $field{bytes_transfered};
522		} elsif ($field{base_url} =~ /$config_types$/oi) {
523		$config_count += 1;
524		$config_bytes += $field{bytes_transfered};
525		} elsif ($field{base_url} =~ /$xpcomext_types$/oi) {
526		$xpcomext_count += 1;
527		$xpcomext_bytes += $field{bytes_transfered};
528		} elsif ($field{base_url} =~ /$mozext_types$/oi) {
529		$mozext_count += 1;
530		$mozext_bytes += $field{bytes_transfered};
531		} elsif ($field{http_rc} =~ /3\d\d/) {
532		$redirect_count += 1;
533		$redirect_bytes += $field{bytes_transfered};
534		} elsif ($field{method} =~ /CONNECT/) {
535		$proxy_count += 1;
536		$proxy_bytes += $field{bytes_transfered};
537		$proxy_host{"$field{client_ip} -> $field{base_url}"}++;
538		} else {
539		$other_count += 1;
540		$other_bytes += $field{bytes_transfered};
541		}
542		if ( ($field{http_rc} >= 400) &&
543		!((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/)) ) {
544		my $fmt_url = $field{url};
545		if (length($field{url}) > 60) {
546		$fmt_url = substr($field{url},0,42) . " ... " .
547		substr($field{url},-15,15);
548		}
549		$needs_exam{$field{http_rc}}{$fmt_url}++;
550		}
551
552		##
553		## Do the > 4 stuff
554		##
555		#
556		# Response Summary
557		#
558
559		if ($field{http_rc} > 499 ) {
560		$a5xx_resp += 1;
561		} elsif ($field{http_rc} > 399 ) {
562		$a4xx_resp += 1;
563		} elsif($field{http_rc} > 299 ) {
564		$a3xx_resp += 1;
565		} elsif($field{http_rc} > 199 ) {
566		$a2xx_resp += 1;
567		} else {
568		$a1xx_resp += 1;
569		}
570
571		#
572		# Count the robots who actually ask for the robots.txt file
573		#
574
575		if ($field{lc_url} =~ /^\/robots.txt$/) {
576		if (defined $field{agent}) {
577		$robots{$field{agent}} +=1;
578		}
579		}
580
581		} ## End of while loop
582
583		#############################################
584		## output the results
585		##
586
587		if ($detail >4) {
588		printf "%.2f MB transferred " , $byte_summary/(1024*1024);
589		print "in ";
590		print my $resp_total = ($a1xx_resp + $a2xx_resp + $a3xx_resp + $a4xx_resp + $a5xx_resp);
591		print " responses ";
592		print " (1xx $a1xx_resp, 2xx $a2xx_resp, 3xx $a3xx_resp,";
593		print " 4xx $a4xx_resp, 5xx $a5xx_resp) \n";
594		my $lr = length($resp_total);
595		if ($image_count > 0) { printf " %d Images (%.2f MB),\n" , $lr, $image_count, $image_bytes/(10241024); }
596		if ($docs_count > 0) { printf " %d Documents (%.2f MB),\n" , $lr, $docs_count, $docs_bytes/(10241024); }
597		if ($archive_count > 0) { printf " %d Archives (%.2f MB),\n" , $lr, $archive_count, $archive_bytes/(10241024); }
598		if ($sound_count > 0) { printf " %d Sound files (%.2f MB),\n" , $lr, $sound_count, $sound_bytes/(10241024); }
599		if ($movie_count > 0) { printf " %d Movies files (%.2f MB),\n" , $lr, $movie_count, $movie_bytes/(10241024); }
600		if ($winexec_count > 0) { printf " %d Windows executable files (%.2f MB),\n" , $lr, $winexec_count, $winexec_bytes/(10241024); }
601		if ($content_count > 0) { printf " %d Content pages (%.2f MB),\n" , $lr, $content_count, $content_bytes/(10241024); }
602		if ($redirect_count > 0) { printf " %d Redirects (%.2f MB),\n" , $lr, $redirect_count, $redirect_bytes/(10241024); }
603		if ($wpad_count > 0) { printf " %d Proxy Configuration Files (%.2f MB),\n" , $lr, $wpad_count, $wpad_bytes/(10241024); }
604		if ($src_count > 0) { printf " %d Program source files (%.2f MB),\n" , $lr, $src_count, $src_bytes/(10241024); }
605		if ($images_count > 0) { printf " %d CD Images (%.2f MB),\n" , $lr, $images_count, $images_bytes/(10241024); }
606		if ($logs_count > 0) { printf " %d Various Logs (%.2f MB),\n" , $lr, $logs_count, $logs_bytes/(10241024); }
607		if ($fonts_count > 0) { printf " %d Fonts (%.2f MB),\n" , $lr, $fonts_count, $fonts_bytes/(10241024); }
608		if ($config_count > 0) { printf " %d Configs (%.2f MB),\n" , $lr, $config_count, $config_bytes/(10241024); }
609		if ($xpcomext_count > 0) { printf " %d XPCOM Type Libraries (%.2f MB),\n" , $lr, $xpcomext_count, $xpcomext_bytes/(10241024); }
610		if ($mozext_count > 0) { printf " %d Mozilla extensions (%.2f MB),\n" , $lr, $mozext_count, $mozext_bytes/(10241024); }
611		if ($proxy_count > 0) { printf " %d mod_proxy requests (%.2f MB),\n" , $lr, $proxy_count, $proxy_bytes/(10241024); }
612		if ($other_count > 0) { printf " %d Other (%.2f MB) \n" , $lr, $other_count, $other_bytes/(10241024); }
613		}
614
615		#
616		# List attempted exploits
617		#
618
619		if (($detail >4) and $total_hack_count) {
620		print "\nAttempts to use known hacks by ".(keys %hacks).
621		" hosts were logged $total_hack_count time(s) from:\n";
622		my $order = TotalCountOrder(%hacks);
623		foreach my $i (sort $order keys %hacks) {
624		my $hacks_per_ip = 0;
625		foreach my $j ( keys %{$hacks{$i}} ) {
626		$hacks_per_ip += $hacks{$i}{$j};
627		}
628		print " $i: $hacks_per_ip Time(s)\n";
629		if ($detail > 9) {
630		foreach my $j ( keys %{$hacks{$i}} ) {
631		print " $j $hacks{$i}{$j} Time(s) \n";
632		}
633		} else {
634		print "\n";
635		}
636		}
637		}
638
639		if (keys %proxy_host) {
640		print "\nConnection attempts using mod_proxy:\n";
641		foreach $host (sort {$a cmp $b} keys %proxy_host) {
642		print " $host: $proxy_host{$host} Time(s)\n";
643		}
644		}
645		#
646		# List (wannabe) blackhat sites
647		#
648
649		$flag = 1;
650		foreach my $i (sort keys %ban_ip) {
651		if ($flag) {
652		print "\nA total of ".scalar(keys %ban_ip)." sites probed the server \n";
653		$flag = 0;
654		}
655		#if ($detail > 4) {
656		print " $i\n";
657		#}
658		}
659
660		#
661		# List possible successful probes
662		#
663
664		$flag = 1;
665		foreach my $i (keys %hack_success) {
666		if ($flag) {
667		print "\n!!!! ".scalar(keys %hack_success)." possible successful probes \n";
668		$flag = 0;
669		}
670		print " $i HTTP Response $hack_success{$i} \n";
671		}
672
673		#
674		# List error response codes
675		#
676
677		if (keys %needs_exam) {
678		print "\nRequests with error response codes\n";
679		# my $count = TotalCountOrder(%needs_exam);
680		for my $code (sort keys %needs_exam) {
681		if (not defined $StatusCode{$code}) {
682		$StatusCode{$code} = "$undefined$";
683		}
684		print " $code $StatusCode{$code}\n";
685		for my $url (sort keys %{$needs_exam{$code}}) {
686		print " $url: $needs_exam{$code}{$url} Time(s)\n";
687		}
688		}
689		}
690
691		#
692		# List robots that identified themselves
693		#
694
695		if ($detail > 4) {
696		$flag = 1;
697		foreach my $i (keys %robots) {
698		if ($flag) {
699		print "\nA total of ".scalar(keys %robots)." ROBOTS were logged \n";
700		$flag = 0;
701		}
702		if ($detail > 9) {
703		print " $i $robots{$i} Time(s) \n";
704		}
705		}
706		}
707
708		if ($notparsed) {
709		print "\nThis is a listing of log lines that were not parsed correctly.\n";
710		print "Perhaps the variable \$LogFormat in file conf/services/http.conf\n";
711		print "is not correct?\n\n";
712		if ($notparsed_count > 10) {
713		print "(Only the first ten are printed; there were a total of $notparsed_count)\n";
714		}
715		print $notparsed;
716		}
717
718		exit (0);
719
720		# vi: shiftwidth=3 tabstop=3 syntax=perl et
721

+0

-736

~~scripts/services/.#http.1.32~~ less more

0		##########################################################################
1		# $Id: http,v 1.32 2005/10/19 05:27:21 bjorn Exp $
2		##########################################################################
3		# $Log: http,v $
4		# Revision 1.32 2005/10/19 05:27:21 bjorn
5		# Added http_rc_detail_rep facility, by David Baldwin
6		#
7		# Revision 1.31 2005/09/07 21:03:39 bjorn
8		# Added HTTP_IGNORE_URLS option, by Lance Cleveland
9		#
10		# Revision 1.30 2005/08/23 22:25:51 mike
11		# Patch from Taco IJsselmuiden fixes debian bug 323919 -mgt
12		#
13		# Revision 1.29 2005/07/21 05:41:58 bjorn
14		# Deleted two exploit strings, submitted by Gilles Detilllieux, and
15		# corrected typo, submitted by Eric Oberlander.
16		#
17		# Revision 1.28 2005/06/14 05:16:17 bjorn
18		# Patch for handling /\G.../gc construct in perl 5.6
19		#
20		# Revision 1.27 2005/06/06 18:38:41 bjorn
21		# Deleted reference to phpmyadmin
22		#
23		# Revision 1.26 2005/06/01 17:39:49 bjorn
24		# Using new $LogFormat variable. $HTTP_FIELDS and $HTTP_FORMAT deprecated.
25		#
26		# Revision 1.25 2005/05/08 16:52:34 bjorn
27		# Allow for extra spaces in request field
28		#
29		# Revision 1.24 2005/05/02 17:06:25 bjorn
30		# Tightened up check for 'passwd' exploit
31		#
32		# Revision 1.23 2005/04/28 16:05:22 bjorn
33		# Made 'exploits' match case-insensitive, as well
34		#
35		# Revision 1.22 2005/04/28 15:50:36 bjorn
36		# Added file types, made case-insensitive, from Markus Lude
37		#
38		# Revision 1.21 2005/04/25 16:37:46 bjorn
39		# Commented out 'use diagnostics' for release
40		#
41		# Revision 1.20 2005/04/23 14:39:05 bjorn
42		# Support for .html.language-extension and sqwebmaili, from Willi Mann.
43		#
44		# Revision 1.19 2005/04/22 13:46:02 bjorn
45		# Adds filetype extensions, per Paweł Gołaszewski
46		#
47		# Revision 1.18 2005/04/17 19:12:14 bjorn
48		# Changes to needs_exam to deal with error codes, and many print format changes
49		#
50		# Revision 1.17 2005/02/24 22:51:45 kirk
51		# added "/.".
52		# removed the duplicate '\/' from the ends of some lines.
53		# added "/mailman/.*".
54		# added "/announce", "/scrape", and the extension "torrent".
55		# added vl2 to the archive extensions. (It's a zip file for a game.)
56		#
57		# Revision 1.16 2005/02/24 17:08:04 kirk
58		# Applying consolidated patches from Mike Tremaine
59		#
60		# Revision 1.8 2005/02/21 19:09:52 mgt
61		# Bump to 5.2.8 removed some cvs logs -mgt
62		#
63		# Revision 1.7 2005/02/16 00:43:28 mgt
64		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
65		#
66		# Revision 1.6 2005/02/13 23:50:42 mgt
67		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
68		#
69		# Revision 1.5 2004/10/11 18:37:15 mgt
70		# patches from Pawel -mgt
71		#
72		# Revision 1.4 2004/07/29 19:33:29 mgt
73		# Chmod and removed perl call -mgt
74		#
75		# Revision 1.3 2004/07/10 01:54:34 mgt
76		# sync with kirk -mgt
77		#
78		##########################################################################
79
80		########################################################
81		# This was written and is maintained by:
82		# Michael Romeo <michaelromeo@mromeo.com>
83		#
84		# Please send all comments, suggestions, bug reports,
85		# etc, to kirk@kaybee.org.
86		########################################################
87
88
89		#use diagnostics;
90		use strict;
91		use Logwatch ':sort';
92		# use re "debug";
93		#
94		# parse httpd access_log
95		#
96		# Get the detail level and
97		# Build tables of the log format to parse it and determine whats what
98		#
99
100		my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
101		my $ignoreURLs = $ENV{'http_ignore_urls'};
102		my $logformat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"\|%h %l %u %t \"%r\" %>s %b\|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b";
103
104		if (defined $ENV{'logformat'}) {
105		$logformat = $ENV{'logformat'};
106		}
107
108		my @log_fields = ();
109		my @log_format = ();
110		if ((defined $ENV{'http_fields'}) and (defined $ENV{'http_format'})) {
111		@log_fields = split(" ", $ENV{'http_fields'});
112		@log_format = split(" ", $ENV{'http_format'});
113		}
114
115		#
116		# Initialization etc.
117		#
118
119		my $byte_summary = 0;
120		my $failed_requests = 0;
121		my %field = ();
122		my %hacks =();
123		my %hack_success =();
124		my %needs_exam =();
125		my %ban_ip =();
126		my %robots =();
127		my $pattern = "";
128		my $flag = 0;
129		my $isahack = 0;
130		my $a5xx_resp = 0;
131		my $a4xx_resp = 0;
132		my $a3xx_resp = 0;
133		my $a2xx_resp = 0;
134		my $a1xx_resp = 0;
135		my $image_count = 0;
136		my $image_bytes = 0;
137		my $docs_count = 0;
138		my $docs_bytes = 0;
139		my $archive_count = 0;
140		my $archive_bytes = 0;
141		my $sound_count = 0;
142		my $sound_bytes = 0;
143		my $movie_count = 0;
144		my $movie_bytes = 0;
145		my $winexec_count = 0;
146		my $winexec_bytes = 0;
147		my $content_count = 0;
148		my $content_bytes = 0;
149		my $redirect_count = 0;
150		my $redirect_bytes = 0;
151		my $other_count = 0;
152		my $other_bytes = 0;
153		my $total_hack_count = 0;
154		my $wpad_count = 0;
155		my $wpad_bytes = 0;
156		my $src_count = 0;
157		my $src_bytes = 0;
158		my $logs_count = 0;
159		my $logs_bytes = 0;
160		my $images_count = 0;
161		my $images_bytes = 0;
162		my $fonts_count = 0;
163		my $fonts_bytes = 0;
164		my $config_count = 0;
165		my $config_bytes = 0;
166		my $xpcomext_count = 0;
167		my $xpcomext_bytes = 0;
168		my $mozext_count = 0;
169		my $mozext_bytes = 0;
170		my $proxy_count = 0;
171		my $proxy_bytes = 0;
172		my %proxy_host = ();
173		my $host = "";
174		my $notparsed = "";
175		my $notparsed_count =0;
176
177		######################
178		# file type comparisons are case-insensitive
179		my $image_types = '(\.bmp\|\.cdr\|\.emz\|\.gif\|\.ico\|\.jpeg\|\.jpg\|\.png\|\.svg\|\.sxd\|\.tif\|\.tiff\|\.wbmp\|\.wmf\|\.wmz\|\.xdm)';
180		my $content_types = '(';
181		$content_types = $content_types.'\/server-status\|\/server-info';
182		$content_types = $content_types.'\|\.htm\|\.html\|\.jhtml\|\.phtml\|\.shtml\|\/\.?';
183		$content_types = $content_types.'\|\.html\.[a-z]{2,3}(_[A-Z]{2,3})?';
184		$content_types = $content_types.'\|\.inc\|\.php\|\.php3\|\.asmx\|\.asp\|\.pl\|\.wml';
185		$content_types = $content_types.'\|^\/mailman\/.*';
186		$content_types = $content_types.'\|\/sqwebmail.*';
187		$content_types = $content_types.'\|^\/announce\|^\/scrape'; # BitTorrent tracker mod_bt
188		$content_types = $content_types.'\|\.torrent';
189		$content_types = $content_types.'\|\.css\|\.js\|\.cgi';
190		$content_types = $content_types.'\|\.fla\|\.swf\|\.rdf';
191		$content_types = $content_types.'\|\.class\|\.jsp\|\.jar\|\.java';
192		$content_types = $content_types.'\|COPYRIGHT\|README\|FAQ\|INSTALL\|\.txt)';
193		my $docs_types = '(\.asc\|\.bib\|\.djvu\|\.doc\|\.dot\|\.dtd\|\.dvi\|\.gnumeric\|\.mcd\|\.mso\|\.pdf\|\.pps\|\.ppt\|\.ps\|\.rtf\|\.sxi\|\.tex\|\.text\|\.tm\|\.xls\|\.xml)';
194		my $archive_types = '(\.ace\|\.bz2\|\.cab\|\.deb\|\.dsc\|\.ed2k\|\.gz\|\.hqx\|\.md5\|\.rar\|\.rpm\|\.sig\|\.sign\|\.tar\|\.tbz2\|\.tgz\|\.vl2\|\.z\|\.zip)';
195		my $sound_types = '(\.au\|\.aud\|\.mid\|\.mp3\|\.ogg\|\.pls\|\.ram\|\.raw\|\.rm\|\.wav\|\.wma\|\.wmv\|\.xsm)';
196		my $movie_types = '(\.asf\|\.ass\|\.avi\|\.idx\|\.mid\|\.mpg\|\.mpeg\|\.mov\|\.qt\|\.psb\|\.srt\|\.ssa\|\.smi\|\.sub)';
197		my $winexec_types = '(\.bat\|\.com\|\.exe\|\.dll)';
198		my $wpad_files = '(wpad\.dat\|wspad\.dat\|proxy\.pac)';
199		my $program_src = '(';
200		$program_src = $program_src.'\.bas\|\.c\|\.cpp\|\.diff\|\.f\|\.h\|\.init\|\.m\|\.mo\|\.pas\|\.patch\|\.po\|\.pot\|\.py\|\.sh\|\.spec';
201		$program_src = $program_src.'\|Makefile\|Makefile_c\|Makefile_f77)';
202		my $images_types = '(\.bin\|\.cue\|\.img\|\.iso\|\.run)';
203		my $logs_types = '(\.log\|_log\|-log\|\.logs\|\.out\|\.wyniki)';
204		my $fonts_types = '(\.aft\|\.ttf)';
205		my $config_types = '(\.cfg\|\.conf\|\.config\|\.ini\|\.properties)';
206		my $xpcomext_types = '(\.xpt)';
207		my $mozext_types = '(\.xul)';
208
209		# HTTP Status codes from HTTP/Status.pm, to avoid loading package
210		# that may or may not exist. We only need those >=400, but all
211		# are included for potential future use.
212		my %StatusCode = (
213		100 => 'Continue',
214		101 => 'Switching Protocols',
215		102 => 'Processing', # WebDAV
216		200 => 'OK',
217		201 => 'Created',
218		202 => 'Accepted',
219		203 => 'Non-Authoritative Information',
220		204 => 'No Content',
221		205 => 'Reset Content',
222		206 => 'Partial Content',
223		207 => 'Multi-Status', # WebDAV
224		300 => 'Multiple Choices',
225		301 => 'Moved Permanently',
226		302 => 'Found',
227		303 => 'See Other',
228		304 => 'Not Modified',
229		305 => 'Use Proxy',
230		307 => 'Temporary Redirect',
231		400 => 'Bad Request',
232		401 => 'Unauthorized',
233		402 => 'Payment Required',
234		403 => 'Forbidden',
235		404 => 'Not Found',
236		405 => 'Method Not Allowed',
237		406 => 'Not Acceptable',
238		407 => 'Proxy Authentication Required',
239		408 => 'Request Timeout',
240		409 => 'Conflict',
241		410 => 'Gone',
242		411 => 'Length Required',
243		412 => 'Precondition Failed',
244		413 => 'Request Entity Too Large',
245		414 => 'Request-URI Too Large',
246		415 => 'Unsupported Media Type',
247		416 => 'Request Range Not Satisfiable',
248		417 => 'Expectation Failed',
249		422 => 'Unprocessable Entity', # WebDAV
250		423 => 'Locked', # WebDAV
251		424 => 'Failed Dependency', # WebDAV
252		500 => 'Internal Server Error',
253		501 => 'Not Implemented',
254		502 => 'Bad Gateway',
255		503 => 'Service Unavailable',
256		504 => 'Gateway Timeout',
257		505 => 'HTTP Version Not Supported',
258		507 => 'Insufficient Storage', # WebDAV
259		);
260
261		#
262		# what to look for as an attack USE LOWER CASE!!!!!!
263		#
264		my @exploits = (
265		'null',
266		<<<<<<< http
267		'/\.\./\.\./\.\./',
268		'../../config.sys',
269		'/../../../autoexec.bat',
270		'/../../windows/user.dat',
271		=======
272		'/\.\./\.\./\.\./',
273		'\.\./\.\./config.sys',
274		'/\.\./\.\./\.\./autoexec.bat',
275		'/\.\./\.\./windows/user.dat',
276		>>>>>>> 1.31
277		'\\\x02\\\xb1',
278		'\\\x04\\\x01',
279		'\\\x05\\\x01',
280		'\\\x90\\\x02\\\xb1\\\x02\\\xb1',
281		'\\\x90\\\x90\\\x90\\\x90',
282		'\\\xff\\\xff\\\xff\\\xff',
283		'\\\xe1\\\xcd\\\x80',
284		'\\\xff\xe0\\\xe8\\\xf8\\\xff\\\xff\\\xff-m',
285		'\\\xc7f\\\x0c',
286		'\\\x84o\\\x01',
287		'\\\x81',
288		'\\\xff\\\xe0\\\xe8',
289		'\/c\+dir',
290		'\/c\+dir\+c',
291		'\.htpasswd',
292		'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
293		'author.exe',
294		'boot.ini',
295		'cmd.exe',
296		'c%20dir%20c',
297		'default.ida',
298		'fp30reg.dll',
299		'httpodbc.dll',
300		'nsiislog.dll',
301		'passwd$',
302		'root.exe',
303		'shtml.exe',
304		'win.ini',
305		'xxxxxxxxxxxxxxxxxxxxxx',
306		);
307
308		#
309		# Define some useful RE paterns
310		#
311
312		my %re_pattern = (
313		space => '(.*)',
314		brace => '\[(.*)\]',
315		quote => '\"(.*)\"');
316
317		#
318		# Build the regex to parse the line
319		#
320
321		for (my $i = 0; $i < @log_format; $i++) {
322		$pattern = $pattern.$re_pattern{$log_format[$i]}.'\\s';
323		}
324
325		# this is easier than coding last element logic in the loop
326		chop($pattern);
327		chop($pattern);
328
329		# The following are used to build up pattern matching strings for
330		# the log format used in the access_log files.
331		my @parse_string = ();
332		my @parse_field = ();
333		my $parse_index = 0;
334		my $parse_subindex = 0;
335		$parse_string[$parse_index] = "";
336		$parse_field[$parse_index] = ();
337		if ($pattern) {
338		# accommodate usage of HTTP_FIELDS and HTTP_FORMAT
339		$parse_string[0] = $pattern;
340		$parse_field[0] = [@log_fields];
341		$parse_index++;
342		}
343
344		$parse_string[$parse_index] = "";
345		$parse_field[$parse_index] = ();
346		my $end_loop = 1;
347		$logformat =~ s/%[\d,!]*/%/g;
348		while ($end_loop) {
349
350		if ($logformat =~ /\G%h/gc) {
351		$parse_string[$parse_index] .= "(\\S*?)";
352		$parse_field[$parse_index][$parse_subindex++] = "client_ip";
353		} elsif ($logformat =~ /\G%l/gc) {
354		$parse_string[$parse_index] .= "(\\S*?)";
355		$parse_field[$parse_index][$parse_subindex++] = "ident";
356		} elsif ($logformat =~ /\G%u/gc) {
357		$parse_string[$parse_index] .= "(\\S*?)";
358		$parse_field[$parse_index][$parse_subindex++] = "userid";
359		} elsif ($logformat =~ /\G%t/gc) {
360		$parse_string[$parse_index] .= "(\\[.*\\])";
361		$parse_field[$parse_index][$parse_subindex++] = "timestamp";
362		} elsif ($logformat =~ /\G%r/gc) {
363		$parse_string[$parse_index] .= "(.*)";
364		$parse_field[$parse_index][$parse_subindex++] = "request";
365		} elsif ($logformat =~ /\G%>?s/gc) {
366		$parse_string[$parse_index] .= "(\\d{3})";
367		$parse_field[$parse_index][$parse_subindex++] = "http_rc";
368		} elsif ($logformat =~ /\G%b/gc) {
369		# "transfered" is misspelled, but not corrected because this string
370		# comes from the configuration file, and would create a compatibility
371		# issue
372		$parse_field[$parse_index][$parse_subindex++] = "bytes_transfered";
373		$parse_string[$parse_index] .= "(-\|\\d*)";
374		} elsif ($logformat =~ /\G%{Referer}i/gci) {
375		$parse_string[$parse_index] .= "(.*)";
376		$parse_field[$parse_index][$parse_subindex++] = "referrer";
377		} elsif ($logformat =~ /\G%{User-Agent}i/gci) {
378		$parse_string[$parse_index] .= "(.*)";
379		$parse_field[$parse_index][$parse_subindex++] = "agent";
380		} elsif ($logformat =~ /\G%({.*?})./gc) {
381		$parse_string[$parse_index] .= "(.*?)";
382		$parse_field[$parse_index][$parse_subindex++] = "not_used";
383		} elsif ($logformat =~ /\G\\|/gc) {
384		$parse_index++;
385		$parse_subindex = 0;
386		$parse_string[$parse_index] = "";
387		$parse_field[$parse_index] = ();
388		# perl 5.6 does not detect end of string properly in next elsif block,
389		# so we test it explicitly here
390		} elsif ($logformat =~ /\G$/gc) {
391		$end_loop = 0;
392		} elsif ((my $filler) = ($logformat =~ /\G([^%\\|]*)/gc)) {
393		$parse_string[$parse_index] .= $filler;
394		# perl 5.6 loses track of match position, so we force it. Perl 5.8
395		# and later does it correctly, so it was fixed in 5.7 development.
396		if ($] < 5.007) {pos($logformat) += length($filler);}
397		} else {
398		$end_loop = 0;
399		}
400		}
401
402
403		################# print "RE pattern = $pattern \n";
404
405		#
406		# Process log file on stdin
407		#
408
409		while (my $line = <STDIN>) {
410		chomp($line);
411
412		################## print "Line = $line \n";
413
414		#
415		# parse the line per the input spec
416		#
417		my @parsed_line;
418		for $parse_index (0..$#parse_string) {
419		if (@parsed_line = $line =~ /$parse_string[$parse_index]/) {
420		@log_fields = @{$parse_field[$parse_index]};
421		last;
422		}
423		}
424
425		if (not @parsed_line) {
426		$notparsed_count++;
427		if ($notparsed_count <= 10) {
428		$notparsed = $notparsed . " " . $line . "\n";
429		}
430		next;
431		}
432
433		# hash the results so we can identify the fields
434		#
435		for my $i (0..$#log_fields) {
436		# print "$i $log_fields[$i] $parsed_line[$i] \n";
437		$field{$log_fields[$i]} = $parsed_line[$i];
438		}
439
440		##
441		## Do the default stuff
442		##
443
444		#
445		# Break up the request into method, url and protocol
446		#
447
448		($field{method},$field{url},$field{protocol}) = split(/ +/,$field{"request"});
449		if (! $field{url}) {
450		$field{url}='null';
451		}
452		$field{lc_url} = lc $field{url};
453
454		#
455		# Bytes sent Summary
456		# Apache uses "-" to represent 0 bytes transferred
457		#
458
459		if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0};
460		$byte_summary += $field{bytes_transfered};
461
462		#
463		# loop to check for typical exploit attempts
464		#
465
466		$isahack = 0;
467		for (my $i = 0; $i < @exploits; $i++) {
468		# print "$i $exploits[$i] $field{lc_url} \n";
469		if ($field{lc_url} =~ /$exploits[$i]/i) {
470		$hacks{$field{client_ip}}{$exploits[$i]}++;
471		$total_hack_count += 1;
472		$ban_ip{$field{client_ip}} = " ";
473		if ($field{http_rc} < 400) {
474		$hack_success{$field{url}} = $field{http_rc};
475		}
476		$isahack = 1;
477		}
478		}
479
480		#
481		# Count types and bytes
482		#
483		# this is only printed if detail > 4 but it also looks
484		# for 'strange' stuff so it needs to run always
485		#
486
487		($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"});
488
489		if ($field{base_url} =~ /$image_types$/oi) {
490		$image_count += 1;
491		$image_bytes += $field{bytes_transfered};
492		} elsif ($field{base_url} =~ /$docs_types$/oi) {
493		$docs_count += 1;
494		$docs_bytes += $field{bytes_transfered};
495		} elsif ($field{base_url} =~ /$archive_types$/oi) {
496		$archive_count += 1;
497		$archive_bytes += $field{bytes_transfered};
498		} elsif ($field{base_url} =~ /$sound_types$/oi) {
499		$sound_count += 1;
500		$sound_bytes += $field{bytes_transfered};
501		} elsif ($field{base_url} =~ /$movie_types$/oi) {
502		$movie_count += 1;
503		$movie_bytes += $field{bytes_transfered};
504		} elsif ($field{base_url} =~ /$winexec_types$/oi) {
505		$winexec_count += 1;
506		$winexec_bytes += $field{bytes_transfered};
507		} elsif ($field{base_url} =~ /$content_types$/oi) {
508		$content_count += 1;
509		$content_bytes += $field{bytes_transfered};
510		} elsif ($field{base_url} =~ /$wpad_files$/oi) {
511		$wpad_count += 1;
512		$wpad_bytes += $field{bytes_transfered};
513		} elsif ($field{base_url} =~ /$program_src$/oi) {
514		$src_count += 1;
515		$src_bytes += $field{bytes_transfered};
516		} elsif ($field{base_url} =~ /$images_types$/oi) {
517		$images_count += 1;
518		$images_bytes += $field{bytes_transfered};
519		} elsif ($field{base_url} =~ /$logs_types$/oi) {
520		$logs_count += 1;
521		$logs_bytes += $field{bytes_transfered};
522		} elsif ($field{base_url} =~ /$fonts_types$/oi) {
523		$fonts_count += 1;
524		$fonts_bytes += $field{bytes_transfered};
525		} elsif ($field{base_url} =~ /$config_types$/oi) {
526		$config_count += 1;
527		$config_bytes += $field{bytes_transfered};
528		} elsif ($field{base_url} =~ /$xpcomext_types$/oi) {
529		$xpcomext_count += 1;
530		$xpcomext_bytes += $field{bytes_transfered};
531		} elsif ($field{base_url} =~ /$mozext_types$/oi) {
532		$mozext_count += 1;
533		$mozext_bytes += $field{bytes_transfered};
534		} elsif ($field{http_rc} =~ /3\d\d/) {
535		$redirect_count += 1;
536		$redirect_bytes += $field{bytes_transfered};
537		} elsif ($field{method} =~ /CONNECT/) {
538		$proxy_count += 1;
539		$proxy_bytes += $field{bytes_transfered};
540		$proxy_host{"$field{client_ip} -> $field{base_url}"}++;
541		} else {
542		$other_count += 1;
543		$other_bytes += $field{bytes_transfered};
544		}
545		if ( ($field{http_rc} >= 400) &&
546		!((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/)) ) {
547		my $fmt_url = $field{url};
548		if (length($field{url}) > 60) {
549		$fmt_url = substr($field{url},0,42) . " ... " .
550		substr($field{url},-15,15);
551		}
552		$needs_exam{$field{http_rc}}{$fmt_url}++;
553		}
554
555		##
556		## Do the > 4 stuff
557		##
558		#
559		# Response Summary
560		#
561
562		if ($field{http_rc} > 499 ) {
563		$a5xx_resp += 1;
564		} elsif ($field{http_rc} > 399 ) {
565		$a4xx_resp += 1;
566		} elsif($field{http_rc} > 299 ) {
567		$a3xx_resp += 1;
568		} elsif($field{http_rc} > 199 ) {
569		$a2xx_resp += 1;
570		} else {
571		$a1xx_resp += 1;
572		}
573
574		#
575		# Count the robots who actually ask for the robots.txt file
576		#
577
578		if ($field{lc_url} =~ /^\/robots.txt$/) {
579		if (defined $field{agent}) {
580		$robots{$field{agent}} +=1;
581		}
582		}
583
584		} ## End of while loop
585
586		#############################################
587		## output the results
588		##
589
590		if ($detail >4) {
591		printf "%.2f MB transferred " , $byte_summary/(1024*1024);
592		print "in ";
593		print my $resp_total = ($a1xx_resp + $a2xx_resp + $a3xx_resp + $a4xx_resp + $a5xx_resp);
594		print " responses ";
595		print " (1xx $a1xx_resp, 2xx $a2xx_resp, 3xx $a3xx_resp,";
596		print " 4xx $a4xx_resp, 5xx $a5xx_resp) \n";
597		my $lr = length($resp_total);
598		if ($image_count > 0) { printf " %d Images (%.2f MB),\n" , $lr, $image_count, $image_bytes/(10241024); }
599		if ($docs_count > 0) { printf " %d Documents (%.2f MB),\n" , $lr, $docs_count, $docs_bytes/(10241024); }
600		if ($archive_count > 0) { printf " %d Archives (%.2f MB),\n" , $lr, $archive_count, $archive_bytes/(10241024); }
601		if ($sound_count > 0) { printf " %d Sound files (%.2f MB),\n" , $lr, $sound_count, $sound_bytes/(10241024); }
602		if ($movie_count > 0) { printf " %d Movies files (%.2f MB),\n" , $lr, $movie_count, $movie_bytes/(10241024); }
603		if ($winexec_count > 0) { printf " %d Windows executable files (%.2f MB),\n" , $lr, $winexec_count, $winexec_bytes/(10241024); }
604		if ($content_count > 0) { printf " %d Content pages (%.2f MB),\n" , $lr, $content_count, $content_bytes/(10241024); }
605		if ($redirect_count > 0) { printf " %d Redirects (%.2f MB),\n" , $lr, $redirect_count, $redirect_bytes/(10241024); }
606		if ($wpad_count > 0) { printf " %d Proxy Configuration Files (%.2f MB),\n" , $lr, $wpad_count, $wpad_bytes/(10241024); }
607		if ($src_count > 0) { printf " %d Program source files (%.2f MB),\n" , $lr, $src_count, $src_bytes/(10241024); }
608		if ($images_count > 0) { printf " %d CD Images (%.2f MB),\n" , $lr, $images_count, $images_bytes/(10241024); }
609		if ($logs_count > 0) { printf " %d Various Logs (%.2f MB),\n" , $lr, $logs_count, $logs_bytes/(10241024); }
610		if ($fonts_count > 0) { printf " %d Fonts (%.2f MB),\n" , $lr, $fonts_count, $fonts_bytes/(10241024); }
611		if ($config_count > 0) { printf " %d Configs (%.2f MB),\n" , $lr, $config_count, $config_bytes/(10241024); }
612		if ($xpcomext_count > 0) { printf " %d XPCOM Type Libraries (%.2f MB),\n" , $lr, $xpcomext_count, $xpcomext_bytes/(10241024); }
613		if ($mozext_count > 0) { printf " %d Mozilla extensions (%.2f MB),\n" , $lr, $mozext_count, $mozext_bytes/(10241024); }
614		if ($proxy_count > 0) { printf " %d mod_proxy requests (%.2f MB),\n" , $lr, $proxy_count, $proxy_bytes/(10241024); }
615		if ($other_count > 0) { printf " %d Other (%.2f MB) \n" , $lr, $other_count, $other_bytes/(10241024); }
616		}
617
618		#
619		# List attempted exploits
620		#
621
622		if (($detail >4) and $total_hack_count) {
623		print "\nAttempts to use known hacks by ".(keys %hacks).
624		" hosts were logged $total_hack_count time(s) from:\n";
625		my $order = TotalCountOrder(%hacks);
626		foreach my $i (sort $order keys %hacks) {
627		my $hacks_per_ip = 0;
628		foreach my $j ( keys %{$hacks{$i}} ) {
629		$hacks_per_ip += $hacks{$i}{$j};
630		}
631		print " $i: $hacks_per_ip Time(s)\n";
632		if ($detail > 9) {
633		foreach my $j ( keys %{$hacks{$i}} ) {
634		print " $j $hacks{$i}{$j} Time(s) \n";
635		}
636		} else {
637		print "\n";
638		}
639		}
640		}
641
642		if (keys %proxy_host) {
643		print "\nConnection attempts using mod_proxy:\n";
644		foreach $host (sort {$a cmp $b} keys %proxy_host) {
645		print " $host: $proxy_host{$host} Time(s)\n";
646		}
647		}
648		#
649		# List (wannabe) blackhat sites
650		#
651
652		$flag = 1;
653		foreach my $i (sort keys %ban_ip) {
654		if ($flag) {
655		print "\nA total of ".scalar(keys %ban_ip)." sites probed the server \n";
656		$flag = 0;
657		}
658		#if ($detail > 4) {
659		print " $i\n";
660		#}
661		}
662
663		#
664		# List possible successful probes
665		#
666
667		$flag = 1;
668		foreach my $i (keys %hack_success) {
669		if ($flag) {
670		print "\n!!!! ".scalar(keys %hack_success)." possible successful probes \n";
671		$flag = 0;
672		}
673		print " $i HTTP Response $hack_success{$i} \n";
674		}
675
676		#
677		# List error response codes
678		#
679
680		if (keys %needs_exam) {
681		print "\nRequests with error response codes\n";
682		# my $count = TotalCountOrder(%needs_exam);
683		for my $code (sort keys %needs_exam) {
684		if (not defined $StatusCode{$code}) {
685		$StatusCode{$code} = "$undefined$";
686		}
687		if( ($ENV{"http_rc_detail_rep-$code"} \|\| $detail) > $detail ) {
688		# only display summary for this code
689		my $t = 0;
690		my $u = 0;
691		foreach my $k ( keys %{$needs_exam{$code}}) {
692		$u += 1;
693		$t += $needs_exam{$code}{$k};
694		}
695		print " $code $StatusCode{$code} SUMMARY - $u URLs, total: $t Time(s)\n";
696		} else {
697		print " $code $StatusCode{$code}\n";
698		for my $url (sort keys %{$needs_exam{$code}}) {
699		print " $url: $needs_exam{$code}{$url} Time(s)\n";
700		}
701		}
702		}
703		}
704
705		#
706		# List robots that identified themselves
707		#
708
709		if ($detail > 4) {
710		$flag = 1;
711		foreach my $i (keys %robots) {
712		if ($flag) {
713		print "\nA total of ".scalar(keys %robots)." ROBOTS were logged \n";
714		$flag = 0;
715		}
716		if ($detail > 9) {
717		print " $i $robots{$i} Time(s) \n";
718		}
719		}
720		}
721
722		if ($notparsed) {
723		print "\nThis is a listing of log lines that were not parsed correctly.\n";
724		print "Perhaps the variable \$LogFormat in file conf/services/http.conf\n";
725		print "is not correct?\n\n";
726		if ($notparsed_count > 10) {
727		print "(Only the first ten are printed; there were a total of $notparsed_count)\n";
728		}
729		print $notparsed;
730		}
731
732		exit (0);
733
734		# vi: shiftwidth=3 tabstop=3 syntax=perl et
735

+0

-379

~~scripts/services/.#named.1.41~~ less more

0		##########################################################################
1		# $Id: named,v 1.41 2005/09/29 15:02:52 bjorn Exp $
2		##########################################################################
3		# $Log: named,v $
4		# Revision 1.41 2005/09/29 15:02:52 bjorn
5		# Filtering 'succeeded' by Ivana Varekova.
6		#
7		# Revision 1.40 2005/04/15 21:44:35 bjorn
8		# testing from anonymous
9		#
10		# Revision 1.39 2005/04/15 21:36:59 bjorn
11		# typo fixed in 'named' release during 2004
12		#
13		# Revision 1.38 2005/04/13 17:24:13 kirk
14		# Test change
15		#
16		# Revision 1.37 2005/02/24 17:08:04 kirk
17		# Applying consolidated patches from Mike Tremaine
18		#
19		# Revision 1.9 2005/02/21 19:09:52 mgt
20		# Bump to 5.2.8 removed some cvs logs -mgt
21		#
22		# Revision 1.8 2005/02/16 00:43:28 mgt
23		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
24		#
25		# Revision 1.7 2005/02/13 17:15:40 mgt
26		# perl -w corrections for uninit stuff -mgt
27		#
28		# Revision 1.6 2004/10/11 18:14:47 mgt
29		# update from Laurent -mgt
30		#
31		# Revision 1.41 2004/09/29 10:33:29 laurent Dufour <laurent.dufour@havas.com>
32		# Removed some ^ in regex to prevent message not being in start on line to be matched
33		# Added some check for error in named zone config file
34		# Added some check for message not being matched
35		#
36		# Revision 1.4 2004/07/29 19:33:29 mgt
37		# Chmod and removed perl call -mgt
38		#
39		# Revision 1.3 2004/07/10 01:54:35 mgt
40		# sync with kirk -mgt
41		#
42		#########################################################################
43
44		########################################################
45		# This was written and is maintained by:
46		# Kirk Bauer <kirk@kaybee.org>
47		#
48		# Please send all comments, suggestions, bug reports,
49		# etc, to kirk@kaybee.org.
50		########################################################
51
52		use Logwatch ':ip';
53
54
55		#$DoLookup = ValueOrDefault($ENV{'named_ip_lookup'}, 0);
56		$Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0);
57		$Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0);
58
59		# Avoid "Use of uninitialized value" warning messages.
60		sub ValueOrDefault {
61		my ($value, $default) = @_;
62		return ($value ? $value : $default);
63		}
64
65		if ( $Debug >= 5 ) {
66		print STDERR "\n\nDEBUG: Inside NAMED Filter \n\n";
67		$DebugCounter = 1;
68		}
69
70
71		while (defined($ThisLine = <STDIN>)) {
72		if ( $Debug >= 30 ) {
73		print STDERR "DEBUG($DebugCounter): $ThisLine";
74		$DebugCounter++;
75		}
76
77		if (
78		($ThisLine =~ /RR negative cache entry/) or
79		($ThisLine =~ /ns_....: .* NS points to CNAME/) or
80		($ThisLine =~ /accept: connection reset by peer/) or
81		($ThisLine =~ /Connection reset by peer/) or
82		# typo fixed in 2004 release
83		($ThisLine =~ /transfer(r)?ed serial/) or
84		($ThisLine =~ /There may be a name server already running/) or
85		($ThisLine =~ /exiting/) or
86		($ThisLine =~ /running/) or
87		($ThisLine =~ /NSTATS /) or
88		($ThisLine =~ /Cleaned cache of \d+ RRs/) or
89		($ThisLine =~ /USAGE \d+ \d+ CPU=\d+.*/) or
90		($ThisLine =~ /XSTATS /) or
91		($ThisLine =~ /Ready to answer queries/) or
92		($ThisLine =~ /Forwarding source address is/) or
93		($ThisLine =~ /bad referral/) or
94		($ThisLine =~ /prerequisite not satisfied/) or
95		($ThisLine =~ /(rcvd\|Sent) NOTIFY/) or
96		($ThisLine =~ /ns_resp: TCP truncated/) or
97		($ThisLine =~ /No possible A RRs/) or
98		($ThisLine =~ /points to a CNAME/) or
99		($ThisLine =~ /dangling CNAME pointer/) or
100		($ThisLine =~ /listening on/) or
101		($ThisLine =~ /unrelated additional info/) or
102		($ThisLine =~ /Response from unexpected source/) or
103		($ThisLine =~ /No root nameservers for class IN/) or
104		($ThisLine =~ /recvfrom: No route to host/) or
105		($ThisLine =~ /Connection refused/) or
106		($ThisLine =~ /lame server resolving/) or
107		($ThisLine =~ /transfer of/) or
108		($ThisLine =~ /using \d+ CPU/) or
109		($ThisLine =~ /loading configuration/) or
110		($ThisLine =~ /command channel listening/) or
111		($ThisLine =~ /no IPv6 interfaces found/) or
112		($ThisLine =~ /^running/) or
113		($ThisLine =~ /^exiting/) or
114		($ThisLine =~ /no longer listening/) or
115		($ThisLine =~ /the default for the .* option is now/) or
116		($ThisLine =~ /stopping command channel on [0-9.#]/) or
117		($ThisLine =~ /Malformed response from/) or
118		($ThisLine =~ /client .+#\d+: query:/) or
119		# Do we really want to ignore these?
120		#($ThisLine =~ /unknown logging category/) or
121		($ThisLine =~ /could not open entropy source/) or
122		($ThisLine =~ /\/etc\/rndc.key: file not found/) or
123		($ThisLine =~ /sending notifies/) or
124		# file syntax error get reported twice and are already caught below
125		($ThisLine =~ /loading master file/) or
126		($ThisLine =~ /^ succeeded$/)
127		) {
128		# Don't care about these...
129		} elsif (
130		($ThisLine =~ /starting\..*named/) or
131		($ThisLine =~ /starting BIND/) or
132		($ThisLine =~ /named startup succeeded/)
133		) {
134		$StartNamed++;
135		} elsif ( $ThisLine =~ /(reloading nameserver\|named reload succeeded)/ ) {
136		$ReloadNamed++;
137		} elsif (
138		($ThisLine =~ /shutting down/) or
139		($ThisLine =~ /named shutting down/ ) or
140		($ThisLine =~ /named shutdown succeeded/ )
141		) {
142		$ShutdownNamed++;
143		} elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) {
144		$DeniedZoneTransfers{$Host}{$Zone}++;
145		} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) {
146		$ZoneLoaded{"cache $Zone"}++;
147		} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.)\" . loaded/ ) ) {
148		$ZoneLoaded{"cache $Zone"}++;
149		} elsif ( ($Zone) = ( $ThisLine =~ /primary zone \"(.+)\" loaded/ ) ) {
150		$ZoneLoaded{$Zone}++;
151		} elsif ( ($Zone) = ( $ThisLine =~ /master zone \"(.+)\" .* loaded/ ) ) {
152		$ZoneLoaded{$Zone}++;
153		} elsif ( ($Zone) = ( $ThisLine =~ /secondary zone \"(.+)\" loaded/ ) ) {
154		$ZoneLoaded{"secondary $Zone"}++;
155		} elsif ( ($Zone) = ( $ThisLine =~ /slave zone \"(.+)\" .* loaded/ ) ) {
156		$ZoneLoaded{"secondary $Zone"}++;
157		} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\: loaded serial/ ) ) {
158		$ZoneLoaded{$Zone}++;
159		} elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on\|resolving) '(.+)' $in .+$:\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) {
160		$LameServer{"$Addr ($Server)"}++;
161		} elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) {
162		$ZoneRemoved{$Zone}++;
163		} elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) {
164		$ZoneReceivedNotify{$Zone}++;
165		} elsif ( ($Host) = ( $ThisLine =~ /([^ ]+) has CNAME and other data $invalid$/ ) ) {
166		push @CNAMEAndOther, $Host;
167		} elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /dns_master_load: ([^:]+):(\d+): ([^ ]+): (.+)$/ ) ) {
168		$ZoneFileErrors{$File}{"$Entry: $Error"}++;
169		} elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /warning: ([^:]+):(\d+): (.+)$/ ) ) {
170		$ZoneFileErrors{$File}{"file does not end with newline: $Error"}++;
171		} elsif ( ($Way,$Host) = ( $ThisLine =~ /([^ ]+): sendto$\[([^ ]+)\].+$: Network is unreachable/ ) ) {
172		$FullHost = LookupIP ($Host);
173		$NetworkUnreachable{$Way}{$FullHost}++;
174		} elsif ( ($Zone,$Message) = ( $ThisLine =~ /client [^\#]+#[^\:]+: updating zone '([^\:]+)': (.*)$/ ) ) {
175		$ZoneUpdates{$Zone}{$Message}++;
176		} elsif ( ($Host,$Zone) = ( $ThisLine =~ /approved AXFR from \[(.+)\]\..+ for \"(.+)\"/ ) ) {
177		$FullHost = LookupIP ($Host);
178		$AXFR{$Zone}{$FullHost}++;
179		} elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) {
180		$FullClient = LookupIP ($Client);
181		$DeniedTCPClient{$FullClient}++;
182		} elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query $cache$ denied/ ) ) {
183		$FullClient = LookupIP ($Client);
184		$DeniedQuery{$FullClient}++;
185		} elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update '(.*)' denied/)) {
186		$UpdateDenied{"$Rhost ($Ldom)"}++;
187		} elsif ( ($Zone) = ($ThisLine =~ /zone '([0-9a-zA-Z.-]+)' allows updates by IP address, which is insecure/)) {
188		$InsecUpdate{$Zone}++;
189		} elsif ( ($Zone) = ($ThisLine =~ /zone ([0-9a-zA-Z.\/-]+): journal rollforward failed: journal out of sync with zone/)) {
190		$JournalFail{$Zone}++;
191		} elsif ( ($Channel,$Reason) = ($ThisLine =~ /couldn't add command channel (.+#\d+): (.*)$/)) {
192		$ChannelAddFail{$Channel}{$Reason}++;
193		} elsif ( ($Zone,$Host,$Reason) = ($ThisLine =~ /zone ([^ ])\/IN: refresh: failure trying master ([^ ])#\d+: (.*)/) ) {
194		$MasterFailure{"$Zone from $Host"}{$Reason}++;
195		} elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) {
196		$NonAuthoritative{$Zone}++;
197		} else {
198		# Report any unmatched entries...
199		# remove PID from named messages
200		$ThisLine =~ s/(client [.0-9]+)\S+/$1/;
201		chomp($ThisLine);
202		$OtherList{$ThisLine}++;
203		}
204		}
205
206		#######################################
207
208		if ( ( $Detail >= 5 ) and ($StartNamed) ) {
209		print "Named started: $StartNamed Time(s)\n";
210		}
211
212		if ( ( $Detail >= 5 ) and ($ReloadNamed) ) {
213		print "Named reloaded: $ReloadNamed Time(s)\n";
214		}
215
216		if ( ( $Detail >= 5 ) and ($ShutdownNamed) ) {
217		print "Named shutdown: $ShutdownNamed Time(s)\n";
218		}
219
220		if ( ( $Detail >= 5 ) and (keys %ZoneLoaded) ) {
221		print "\nLoaded Zones:\n";
222		foreach $ThisOne (sort {$a cmp $b} keys %ZoneLoaded) {
223		print " $ThisOne: $ZoneLoaded{$ThisOne} Time(s)\n";
224		}
225		}
226
227		if ( ( $Detail >= 5 ) and (keys %ZoneReceivedNotify) ) {
228		print "\nZones receiving notify:\n";
229		foreach $ThisOne (sort {$a cmp $b} keys %ZoneReceivedNotify) {
230		print " $ThisOne: $ZoneReceivedNotify{$ThisOne} Time(s)\n";
231		}
232		}
233
234		if ( ($Detail >= 5) and (keys %ChannelAddFail) ) {
235		print "\nCan't add command channel:\n";
236		foreach $Channel (sort {$a cmp $b} keys %ChannelAddFail) {
237		print " $Channel:\n";
238		foreach $Reason (sort {$a cmp $b} keys %{$ChannelAddFail{$Channel}}) {
239		print " $Reason: $ChannelAddFail{$Channel}{$Reason} Time(s)\n";
240		}
241		}
242		}
243
244		if ( ($Detail >= 5) and (keys %MasterFailure) ) {
245		print "\nFailure trying to refresh zone:\n";
246		foreach $Zone (sort {$a cmp $b} keys %MasterFailure) {
247		print " $Zone:\n";
248		foreach $Reason (sort {$a cmp $b} keys %{$MasterFailure{$Zone}}) {
249		print " $Reason: $MasterFailure{$Zone}{$Reason}++ Time(s)\n";
250		}
251		}
252		}
253
254		if ( ( $Detail >= 5 ) and (keys %DeniedZoneTransfers) ) {
255		print "\nDenied Zone Transfers:\n";
256		foreach my $Host (keys %DeniedZoneTransfers) {
257		print " $Host: ";
258		foreach my $Zone (keys %{$DeniedZoneTransfers{$Host}}) {
259		print $DeniedZoneTransfers{$Host}{$Zone}. ' ';
260		}
261		print "\n";
262		}
263		}
264
265		if ( ( $Detail >= 5 ) and (keys %ZoneRemoved) ) {
266		print "\nRemoved Zones:\n";
267		foreach $ThisOne (sort {$a cmp $b} keys %ZoneRemoved) {
268		print " $ThisOne: $ZoneRemoved{$ThisOne} Time(s)\n";
269		}
270		}
271
272		if ( ( $Detail >= 5 ) and (keys %AXFR) ) {
273		print "\nZone Transfers:\n";
274		foreach $ThisOne (keys %AXFR) {
275		print " Zone: $ThisOne\n";
276		foreach $Temp (keys %{$AXFR{$ThisOne}}) {
277		print " by $Temp: $AXFR{$ThisOne}{$Temp} Time(s)\n";
278		}
279		}
280		}
281
282		if ( ( $Detail >= 5 ) and (keys %DeniedTCPClient) ) {
283		print "\nno more TCP clients warning:\n";
284		foreach $ThisOne (keys %DeniedTCPClient) {
285		print " from $ThisOne: $DeniedTCPClient{$ThisOne} Time(s)\n";
286		}
287		}
288
289		if ( ( $Detail >= 5 ) and (keys %DeniedQuery) ) {
290		print "\nQueries (cache) that were denied:\n";
291		foreach $ThisOne (keys %DeniedQuery) {
292		print " from $ThisOne: $DeniedQuery{$ThisOne} Time(s)\n";
293		}
294		}
295
296		if ( ( $Detail >= 10 ) and (@CNAMEAndOther) ) {
297		print "\nThese hosts have CNAME and other data (invalid):\n";
298		foreach $ThisOne (@CNAMEAndOther) {
299		print " $ThisOne\n";
300		}
301		}
302
303		if ( ( $Detail >= 5 ) and (keys %ZoneFileErrors) ) {
304		print "\nSyntax errors in zone files:\n";
305		for $File (keys %ZoneFileErrors) {
306		print " $File\n";
307		for $Error ( keys %{$ZoneFileErrors{$File}} ) {
308		print " \"$Error\" " . $ZoneFileErrors{$File}{$Error} . " Time(s)\n";
309		}
310		}
311		}
312
313		if ( ( $Detail >= 10 ) and (keys %LameServer) ) {
314		print "\nThese addresses had lame server references:\n";
315		foreach $ThisOne (keys %LameServer) {
316		print " $ThisOne: $LameServer{$ThisOne} Time(s)\n";
317		}
318		}
319
320		if ( ( $Detail >= 10 ) and (keys %NonAuthoritative) ) {
321		print "\nNon-authoritative answer from master for these zones:\n";
322		foreach $ThisOne (keys %NonAuthoritative) {
323		print " " . $ThisOne . ": " . $NonAuthoritative{$ThisOne} . " Time(s)\n";
324		}
325		}
326
327		if ( ( $Detail >= 10 ) and (keys %NetworkUnreachable) ) {
328		print "\nNetwork is unreachable for:\n";
329		foreach $ThisOne (sort {$a cmp $b} keys %NetworkUnreachable) {
330		print " $ThisOne:\n";
331		foreach $Host (sort {$a cmp $b} keys %{$NetworkUnreachable{$ThisOne}}) {
332		print " $Host: $NetworkUnreachable{$ThisOne}{$Host} Time(s)\n";
333		}
334		}
335		}
336
337		if ( ( $Detail >= 5 ) and (keys %ZoneUpdates) ) {
338		print "\nZone Updates:\n";
339		foreach $ThisOne (sort {$a cmp $b} keys %ZoneUpdates) {
340		print " $ThisOne:\n";
341		foreach $Message (sort {$a cmp $b} keys %{$ZoneUpdates{$ThisOne}}) {
342		print " $Message: $ZoneUpdates{$ThisOne}{$Message} Time(s)\n";
343		}
344		}
345		}
346
347		if ( keys %UpdateDenied ) {
348		print "\nZone update refused:\n";
349		foreach $ThisOne (sort {$a cmp $b} keys %UpdateDenied) {
350		print " $ThisOne: $UpdateDenied{$ThisOne} Time(s)\n";
351		}
352		}
353
354		if ( keys %InsecUpdate ) {
355		print "\nInsecure zones (dynamic update allowed by IP address):\n";
356		foreach $ThisOne (sort {$a cmp $b} keys %InsecUpdate) {
357		print " " . $ThisOne . ": " . $InsecUpdate{$ThisOne} . " Time(s)\n";
358		}
359		}
360
361		if ( keys %JournalFail ) {
362		print "\nJournall rollforward failed:\n";
363		foreach $ThisOne (sort {$a cmp $b} keys %JournalFail) {
364		print " " . $ThisOne . ": " . $JournalFail{$ThisOne} . " Time(s)\n";
365		}
366		}
367
368		if (keys %OtherList) {
369		print "\nUnmatched Entries\n";
370		foreach $line (sort {$a cmp $b} keys %OtherList) {
371		print " $line: $OtherList{$line} Time(s)\n";
372		}
373		}
374
375		exit(0);
376
377		# vi: shiftwidth=3 tabstop=3 syntax=perl et
378

+0

-1180

~~scripts/services/.#postfix.1.19~~ less more

0
1		##########################################################################
2		# $Id: postfix,v 1.19 2005/04/22 13:48:28 bjorn Exp $
3		##########################################################################
4		# $Log: postfix,v $
5		# Revision 1.19 2005/04/22 13:48:28 bjorn
6		# This patch catches (un)deliverable messages and many more, which were
7		# missing until now on mu new postfix-2.1.*, from Paweł Gołaszewski
8		#
9		# Revision 1.18 2005/04/17 23:12:28 bjorn
10		# Patches from Peter Bieringer and Willi Mann: ignoring more lines and
11		# some blank spaces
12		#
13		# Revision 1.17 2005/02/24 17:08:05 kirk
14		# Applying consolidated patches from Mike Tremaine
15		#
16		# Revision 1.7 2005/02/16 00:43:28 mgt
17		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
18		#
19		# Revision 1.6 2005/02/13 23:50:42 mgt
20		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
21		#
22		# Revision 1.5 2004/10/06 21:42:53 mgt
23		# patches from Pawel quien-sabe -mgt
24		#
25		# Revision 1.4 2004/07/29 19:33:29 mgt
26		# Chmod and removed perl call -mgt
27		#
28		# Revision 1.3 2004/07/10 01:54:35 mgt
29		# sync with kirk -mgt
30		#
31		# Revision 1.13 2004/06/23 15:01:17 kirk
32		# - Added more patches from blues@ds.pg.gda.pl
33		#
34		# Revision 1.12 2004/06/21 14:59:05 kirk
35		# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
36		#
37		# Thanks, as always!
38		#
39		# Revision 1.11 2004/06/21 13:42:02 kirk
40		# From: Matthew Wise <matt@oatsystems.com>
41		# This is more of a suggestion than a true patch submission. On a busy
42		# postfix server the messages sent by section is really long and not
43		# helpful. This patch finds and lists the top 10 senders by bumber of
44		# messages.
45		#
46		# Revision 1.10 2004/06/21 13:41:04 kirk
47		# Patch from rod@nayfield.com
48		#
49		# Revision 1.9.1 2004/02/22 16:44:01 rod
50		# Added patch from rod@nayfield.com
51		#
52		# Revision 1.9 2004/02/03 03:25:02 kirk
53		# Added patch from quien-sabe@metaorg.com
54		#
55		# Revision 1.8 2004/02/03 02:45:26 kirk
56		# Tons of patches, and new 'oidentd' and 'shaperd' filters from
57		# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
58		#
59		# Revision 1.7 2003/12/15 18:35:03 kirk
60		# Tons of patches from blues@ds.pg.gda.pl
61		#
62		# Revision 1.6 2003/12/15 18:09:23 kirk
63		# Added standard vi formatting commands at the bottom of all files.
64		# Applied many patches from blues@ds.pg.gda.pl
65		#
66		# Revision 1.5 2003/12/15 17:45:09 kirk
67		# Added clamAV update log filter from lars@spinn.dk
68		#
69		# Revision 1.4 2003/11/26 14:36:30 kirk
70		# Applied patch from blues@ds.pg.gda.pl
71		#
72		# Revision 1.3 2003/11/18 14:04:05 kirk
73		# More patches from blues@ds.pg.gda.pl
74		#
75		# Revision 1.2 2003/11/18 04:02:21 kirk
76		# Patch from blues@ds.pg.gda.pl
77		#
78		# Revision 1.1 2003/11/03 04:49:18 kirk
79		# Added postfix filter from Sven Conrad <sconrad@receptec.net>
80		#
81		# Revision 1.1 2002/03/29 15:32:14 kirk
82		# Added some filters found in RH's release
83		#
84		#
85		# Revision ??? 2000/07/12 Simon Liddington <sjl@zepler.org>
86		# converted from sendmail to postfix Sven Conrad <scon@gmx.net>
87		# added unknown users
88		# added relay denials
89		# todo:
90		# add authentication warnings
91		# add forward errors
92		# add returns after 4 hours
93		# ignores alias database building
94		# ignores daemon start messages
95		# ignores clone messages
96		# ignores all to= lines whatever follows stat=
97		#
98		#
99		# Revision 1.1 2003/03/21 21:10 sven
100		# Initial revision
101		#
102		# filters all postfix/<process> messages
103		#
104		##########################################################################
105
106		########################################################
107		# This was written and is maintained by:
108		# ??? Kenneth Porter <shiva@well.com> ???
109		# changed by Sven Conrad <scon@gmx.net>
110		#
111		# Please send all comments, suggestions, bug reports,
112		# etc, to ?? shiva@well.com.??
113		# Sven Conrad <scon@gmx.net>
114		#
115		########################################################
116
117		my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
118		my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
119
120		$MsgsSent = 0;
121		$BytesTransferred = 0;
122		$FourHourReturns = 0;
123		$ReturnedToSender = 0;
124		$ResentMessages = 0;
125		$RemovedFromQueue = 0;
126		$UnsupportedFamily = 0;
127		$TableChanged = 0;
128		$QueueSizeExceeded = 0;
129		$RejectedRBL = 0;
130		$ErrorRBL = 0;
131		$NoFreeSpace = 0;
132		$RejectClients = 0;
133		$RejectUnknownClients = 0;
134		$Undeliverable = 0;
135		$Deliverable = 0;
136
137		# The are reject\|reject_warning vars
138		my $UnknownUsers; #h
139		my $RelayDenied; #h
140		my $HeaderReject; #h
141		my $RejectSender; #h
142		my $RejectSenderHost; #h
143		my $RejectSenderReason; #h
144		my $RejectClientHost; #h
145		my $RejectClients; #h
146		my $RejectUnknownClient; #h
147		my $RejectUnknownClientHost; #h
148		my $RejectUnknownClients; #v
149		my $RejectRecip; #h
150		my $RejectAddress; #h
151		my $RejectRBL; #h
152		my $RejectedRBL; #v
153		my $HeloError; #h
154		my $SizeLimit; #h
155		my $NoFreeSpace; #h
156
157		# Now the rejectHashes
158		# vim regex: s/\$$.*$\#h/\%Reject_\1/
159		# and: s/\$$.*$\#v/\$Reject_\1/
160		# apply to above
161		my %Reject_UnknownUsers;
162		my %Reject_RelayDenied;
163		my %Reject_HeaderReject;
164		my %Reject_RejectSender;
165		my %Reject_RejectSenderHost;
166		my %Reject_RejectSenderReason;
167		my %Reject_RejectClientHost;
168		my %Reject_RejectClients;
169		my %Reject_RejectUnknownClient;
170		my %Reject_RejectUnknownClientHost;
171		my $Reject_RejectUnknownClients;
172		my %Reject_RejectRecip;
173		my %Reject_RejectAddress;
174		my %Reject_RejectRBL;
175		my $Reject_RejectedRBL;
176		my %Reject_HeloError;
177		my %Reject_SizeLimit;
178		my %Reject_NoFreeSpace;
179
180		# Now the reject_warning
181		# vim regex for above: s/Reject_/RejectWarning_/
182		my %RejectWarning_UnknownUsers;
183		my %RejectWarning_RelayDenied;
184		my %RejectWarning_HeaderReject;
185		my %RejectWarning_RejectSender;
186		my %RejectWarning_RejectSenderHost;
187		my %RejectWarning_RejectSenderReason;
188		my %RejectWarning_RejectClientHost;
189		my %RejectWarning_RejectClients;
190		my %RejectWarning_RejectUnknownClient;
191		my %RejectWarning_RejectUnknownClientHost;
192		my $RejectWarning_RejectUnknownClients;
193		my %RejectWarning_RejectRecip;
194		my %RejectWarning_RejectAddress;
195		my %RejectWarning_RejectRBL;
196		my $RejectWarning_RejectedRBL;
197		my %RejectWarning_HeloError;
198		my %RejectWarning_SizeLimit;
199		my %RejectWarning_NoFreeSpace;
200
201
202
203		while (defined($ThisLine = <STDIN>)) {
204		# Decide whether it's reject or reject_warning
205		my $UnknownUsers; #h
206		my $RelayDenied; #h
207		my $HeaderReject; #h
208		my $RejectSender; #h
209		my $RejectSenderHost; #h
210		my $RejectSenderReason; #h
211		my $RejectClientHost; #h
212		my $RejectClients; #h
213		my $RejectUnknownClient; #h
214		my $RejectUnknownClientHost; #h
215		my $RejectUnknownClients; #v
216		my $RejectRecip; #h
217		my $RejectAddress; #h
218		my $RejectRBL; #h
219		my $RejectedRBL; #v
220		my $HeloError; #h
221		my $SizeLimit; #h
222		my $NoFreeSpace; #h
223
224		if (
225		( $ThisLine =~ m/^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\])\s*$/ ) or
226		( $ThisLine =~ m/^[a-zA-Z0-9]+: message-id/ ) or
227		( $ThisLine =~ m/^[a-zA-Z0-9]+: skipped, still being delivered/ ) or
228		( $ThisLine =~ m/^[a-zA-Z0-9]+: to\=\<.>, relay\=., delay\=[0-9]+, status\=(sent\|deferred)/ ) or
229		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] said: 4[0-9][0-9]/ ) or
230		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] refused to talk to me: 4[0-9][0-9]/ ) or
231		( $ThisLine =~ m/^Deleted: \d message$/ ) or
232		( $ThisLine =~ m/^Peer certficate could not be verified$/ ) or #postfix typo
233		( $ThisLine =~ m/^Peer certificate could not be verified$/ ) or
234		( $ThisLine =~ m/^Peer verification:/ ) or
235		( $ThisLine =~ m/^SSL_accept error from/ ) or
236		( $ThisLine =~ m/^Verified: / ) or
237		( $ThisLine =~ m/^cert has expired/ ) or
238		( $ThisLine =~ m/^connect/ ) or
239		( $ThisLine =~ m/^daemon started$/ ) or
240		( $ThisLine =~ m/^daemon started -- version / ) or
241		( $ThisLine =~ m/^dict_eval_action:/ ) or
242		( $ThisLine =~ m/^disconnect/ ) or
243		( $ThisLine =~ m/^mynetworks:/ ) or
244		( $ThisLine =~ m/^name_mask:/ ) or
245		( $ThisLine =~ m/^reload configuration/ ) or
246		( $ThisLine =~ m/^setting up TLS connection (from\|to)/ ) or
247		( $ThisLine =~ m/^starting TLS engine$/ ) or
248		( $ThisLine =~ m/^terminating on signal 15$/ ) or
249		( $ThisLine =~ m/^warning: [a-zA-Z0-9]+: skipping further client input$/ ) or
250		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: address not listed for hostname/ ) or
251		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Host not found/ ) or
252		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Name or service not known/ ) or
253		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Temporary failure in name resolution/ ) or
254		( $ThisLine =~ m/^warning: Mail system is down -- accessing queue directly$/ ) or
255		( $ThisLine =~ m/^warning: SASL authentication failure: Password verification failed$/ ) or
256		( $ThisLine =~ m/^warning: SASL authentication failure: no secret in database$/ ) or
257		( $ThisLine =~ m/^warning: no MX host for .* has a valid A record$/ ) or
258		( $ThisLine =~ m/^warning: numeric domain name in resource data of MX record for .*$/ ) or
259		( $ThisLine =~ m/^warning: premature end-of-input from cleanup socket while reading input attribute name$/ ) or
260		( $ThisLine =~ m/^warning: uid=\d: Broken pipe$/ ) or
261		( $ThisLine =~ m/^verify error:num=/ ) or
262		( $ThisLine =~ m/hold: header Received:/ )
263		or ( $ThisLine =~ m/^statistics: max / )
264		or ( $ThisLine =~ m/: replace: header / )
265		or ( $ThisLine =~ m/: Greylisted for / ) # Greylisting has it's own statistics tool
266		or ( $ThisLine =~ m/certificate verification failed for/o ) # Perhaps a candidate for extended statistics
267		or ( $ThisLine =~ m/Server certificate could not be verified/o ) # Perhaps a candidate for extended statistics
268		or ( $ThisLine =~ m/certificate peer name verification failed/o ) # Perhaps a candidate for extended statistics
269		) {
270		# We don't care about these
271		} elsif ( ($Bytes) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=.size=([0-9]+).$/) ) {
272		$MsgsSent++;
273		$BytesTransferred += $Bytes;
274		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=-?[0-9]+, status\=bounced \(unknown user/)) {
275		# unknown user
276		$UnknownUsers{$User}++;
277		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=[0-9]+, status\=bounced \(user unknown/)) {
278		# unknown user ( alias to \|"exit 67" in aliases table )
279		$UnknownUsers{$User}++;
280		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>: User unknown in virtual mailbox table;/)) {
281		# unknown virtual user
282		$UnknownUsers{$User}++;
283		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? ., status\=bounced .: User unknown in virtual mailbox table/)) {
284		# another unknown user probably could combine with local unknown but again my perl is weak
285		$UnknownUsers{$User}++;
286		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>.*: User unknown in local recipient table/)) {
287		# and yet another unknown user probably
288		$UnknownUsers{$User}++;
289		} elsif (($Dest, $Relay, $Msg) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay=([^ ])., delay\=-?[0-9]+, status\=bounced \(([^)]*)/ )) {
290		# unknown user
291		# $Msg = " hello "
292		# print "bounce message from " . $Dest . " msg : " . $Relay . "\n";
293		if ($Relay =~ m/^(none\|local\|avcheck)/) {
294		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
295		$LocalBounce{$Temp}++;
296		} else {
297		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
298		$ForeignBounce{$Temp}++;
299		}
300		} elsif ( ($Relay,$Dest) = ($ThisLine =~ m/reject: RCPT from ([^ ]): 554 <([^ ])>.* Relay access denied.* to=([^ ]*)/) ) {
301		# print "reject: " . $ThisLine . "\n";
302		# print "Relay :" . $Relay . " to " . $Dest . "\n";
303		$Temp = "From " . $Relay . " to " . $Dest;
304		$RelayDenied{$Temp}++;
305		} elsif ( ($User,$From) = ($ThisLine =~ /^[a-zA-Z0-9]+: uid=([^ ]) from=\<([^ ])>/)) {
306		#Messages sent by user
307		$Temp = $From . " (uid=" . $User . "): ";
308		$SentBy{$Temp}++;
309		} elsif ( ($From) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=<([^ ]*)>, status=expired, returned to sender$/)) {
310		$ReturnedToSender++;
311		} elsif ( (undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: resent-message-id=<([^ ]*)>$/)) {
312		$ResentMessages++;
313		} elsif (
314		($Command,$Host) = ($ThisLine =~ /lost connection after ([^ ]) from ([^ ])$/) or
315		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: lost connection with ([^ ]) while (.)$/)
316		) {
317		# Make some better summary with hosts
318		$ConnectionLost{$Command}++;
319		} elsif (
320		($Command,$Host) = ($ThisLine =~ /timeout after ([^ ]) from ([^ ])$/) or
321		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: conversation with ([^ ]) timed out while (.)$/)
322		) {
323		# Make some better summary with hosts
324		$ConnectionLost{$Command}++;
325		} elsif ( ($Rejected,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
326		$HeaderReject{$Reason}{$Rejected}++;
327		} elsif ( ($Warning,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
328		$HeaderWarning{$Reason}{$Warning}++;
329		} elsif ( ($Warning,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]*>)?$/)) {
330		$HeaderWarning{"Unknown Reason"}{$Warning}++;
331		} elsif ( (undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=undeliverable $(.)$$/)) {
332		$Undeliverable++;
333		$UndeliverableMsg{$Reason}++;
334		} elsif ( (undef,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=deliverable $(.)$$/)) {
335		$Deliverable++;
336		#} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <([^ ]*)>: Sender address rejected: Domain not found;/)) {
337		# $RejectDomain{$Host}++;
338		# above two lines included in generic reject sender on next condition
339		} elsif ( ($Host,$Sender,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Sender address rejected: (.);/)) {
340		$RejectSender{$Reason}{$Host}{$Sender}++;
341		$RejectSenderHost{$Reason}{$Host}++;
342		$RejectSenderReason{$Reason}++;
343		} elsif ( ($Host) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <[^ ]\[[^ ]\]>: Client host rejected: Access denied;/)) {
344		$RejectClientHost{$Host}++;
345		$RejectClients++;
346		} elsif ( ($Host,$Sender,$Recip,$Helo) = ($ThisLine =~ /reject: RCPT from [^ ]\[([^ ])\]: [0-9]+ Client host rejected: cannot find your hostname, \[\d+\.\d+\.\d+\.\d+\]; from=<(.?)> to=<(.?)> proto=\S+ helo=<(.*)>/)) {
347		$RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip}++;
348		$RejectUnknownClientHost{"$Host helo=<$Helo>"}++;
349		$RejectUnknownClients++;
350		} elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Recipient address rejected: (.);/)) {
351		$Temp = "$Host : $Reason";
352		$RejectRecip{$Recip}{$Temp}++;
353		} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 <(.*)>: Sender address rejected: Access denied;/)) {
354		$RejectAddress{$Host}++;
355		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Client host )?\[[^ ]\] blocked using ([^ ]), reason: (.*);/)) {
356		$Temp = "$Host : $Reason";
357		$RejectRBL{$Site}{$Temp}++;
358		$RejectedRBL++;
359		} elsif ( ($Host,$Site) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Client host )?\[[^ ]\] blocked using ([^ ]);/)) {
360		$RejectRBL{$Site}{$Host}++;
361		$RejectedRBL++;
362		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /warning: ([^ ]): RBL lookup error: Name service error for \d+\.\d+\.\d+\.\d+\.([^ ]): (.*)$/)) {
363		$Temp = "$Host : $Reason";
364		$RBLError{$Site}{$Temp}++;
365		$ErrorRBL++;
366		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /discard: RCPT from ([^ ]\[[^ ]\]): ([^ ]): ([^;]);/)) {
367		$Discarded{$Site}{$Reason}++;
368		} elsif ( (undef,undef,$Error) = ($ThisLine =~ /warning: ([^ ]): hostname ([^ ]) verification failed: (.*)$/)) {
369		$HostnameVerification{$Error}++;
370		} elsif ( $ThisLine =~ /^[a-zA-Z0-9]+: removed\s*$/) {
371		$RemovedFromQueue++;
372		} elsif ( ($Host) = ($ThisLine =~ /^[a-zA-Z0-9]+: enabling PIX <CRLF>.<CRLF> workaround for ([^ ]\[[^ ]\])$/)) {
373		$PixWorkaround{$Host}++;
374		} elsif ( ($Message) = ($ThisLine =~ /warning: valid_hostname: (.*)$/)) {
375		$ValidHostname{$Message}++;
376		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (greeted me with my own hostname [^ ]*)$/)) {
377		$HeloError{$Error}{$Host}++;
378		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (replied to HELO\/EHLO with my own hostname [^ ]*)$/)) {
379		$HeloError{$Error}{$Host}++;
380		} elsif ( ($Host,$Error) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): \d+ <.>: (Helo command rejected: .);/)) {
381		$HeloError{$Error}{$Host}++;
382		} elsif ( ($Error,$Host) = ($ThisLine =~ /(bad size limit "$[^ ]$" in EHLO reply) from ([^ ]\[[^ ]*\])$/)) {
383		$HeloError{$Error}{$Host}++;
384		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: Illegal address syntax from ([^ ]\[[^ ]\]) in ([^ ]*) command:/)) {
385		$IllegalAddressSyntax{$Command}{$Host}++;
386		} elsif ( ($Error) = ($ThisLine =~ /warning: mailer loop: (.*)$/)) {
387		$MailerLoop{$Error}++;
388		} elsif ( ($Host) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]): SASL .* authentication failed/)) {
389		$SaslAuthenticationFail{$Host}++;
390		} elsif (
391		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), .* sasl_username=([^ ]*)$/) or
392		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), sasl_sender=([^ ]*)$/)
393		) {
394		chomp($User);
395		$SaslAuth{$Host}{$User}++;
396		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established from ([^ ]\[[^ ]\]):/)) {
397		$TLSconnectFrom{$Host}++;
398		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established to ([^ ]*):/)) {
399		$TLSconnectTo{$Host}++;
400		} elsif ( ($Cert) = ($ThisLine =~ /^Unverified: (.*)/)) {
401		$TLSunverified{$Cert}++;
402		} elsif ( ($Domain) = ($ThisLine =~ /warning: malformed domain name in resource data of MX record (.*)$/)) {
403		$MxError{$Domain}++;
404		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]) sent .* header instead of ([^ ]*) command: /)) {
405		$Error = "Sent message header instead of $Command command";
406		$SmtpConversationError{$Error}{$Host}++;
407		} elsif (
408		($ThisLine =~ m/warning: smtp_connect_addr: socket: Address family not supported by protocol/) or
409		($ThisLine =~ m/warning: smtp_addr_one: unknown address family \d for [^ ]*/)
410		) {
411		$UnsupportedFamily++;
412		} elsif (
413		($ThisLine =~ m/(lookup \|)table has changed -- exiting$/) or
414		($ThisLine =~ m/table ([^ ]*) has changed -- restarting$/)
415		) {
416		$TableChanged++;
417		} elsif (
418		($ThisLine =~ m/^fatal: [^ ]*$\d+$: Message file too big$/) or
419		($ThisLine =~ m/^warning: [a-zA-Z0-9]+: queue file size limit exceeded$/) or
420		($ThisLine =~ m/^warning: uid=\d+: File too large$/)
421		) {
422		$QueueSizeExceeded++;
423		} elsif ( ($Command,$Host) = ($ThisLine =~ /too many errors after ([^ ]) from ([^ ]\[[^ ]*\])$/)) {
424		$TooManyErrors{$Command}{$Host}++;
425		} elsif ( (undef,undef,$To) = ($ThisLine =~ /^reject: RCPT from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; from=<([^ ])> to=<([^ ])>$/)) {
426		$SizeLimit{"$From -> $To"}++;
427		} elsif ( ($Server) = ($ThisLine =~ /^NOQUEUE: reject: MAIL from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; proto=[^ ]* helo=<[^ ]*>$/)) {
428		$SizeLimit{"MAIL from $Server"}++;
429		} elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([a-zA-Z0-9\/]+)$/)) {
430		$DatabaseGeneration{$Source}++;
431		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [a-zA-Z0-9]+: write queue file: (.*)$/)) {
432		$QueueWriteError{$Reason}++;
433		} elsif ( ($Reason) = ($ThisLine =~ /^warning: open active [a-zA-Z0-9]+: (.*)$/)) {
434		$QueueWriteError{"open active: $Reason"}++;
435		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_corrupt: save corrupt file queue active id [a-zA-Z0-9]+: (.*)$/)) {
436		$QueueWriteError{"active corrupt: $Reason"}++;
437		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_done_3_generic: remove [a-zA-Z0-9]+ from active: (.*)$/)) {
438		$QueueWriteError{"remove active: $Reason"}++;
439		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [^ ]*\/[a-zA-Z0-9]+: (Error writing message file)$/)) {
440		$MessageWriteError{$Reason}++;
441		} elsif ( $ThisLine =~ /reject: RCPT from [^ ]\[[^ ]\]: \d+ Insufficient system storage; from=<.> to=<.>/) {
442		$NoFreeSpace++;
443		} elsif ( ($Process,$Status) = ($ThisLine =~ /^warning: process ([^ ]*) pid \d+ exit status (\d+)$/)) {
444		$ProcessExit{$Status}{$Process}++;
445		} elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ ]): (.)$/)) {
446		$ConfigError{$Option}{$Reason}++;
447		} elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) {
448		# keep this as the next to last condition
449		$UnknownWarnings{$Warn}++;
450		} else {
451		push @OtherList,$ThisLine;
452		}
453		}
454
455		##################################################################
456
457		if ($NoFreeSpace > 0) {
458		print "\nWARNING!!!\n";
459		print "Insufficient system storage error $NoFreeSpace Time(s)\n";
460		}
461
462		if ($MsgsSent > 0) {
463		print "\n\n$BytesTransferred bytes transferred";
464		print "\n$MsgsSent messages sent";
465		}
466
467		if ($FourHourReturns > 0) {
468		print "\n$FourHourReturns messages returned after 4 hours";
469		}
470
471		if ($Deliverable > 0) {
472		print "\n$Deliverable messages accepted as deliverable";
473		}
474
475		if ($Undeliverable > 0) {
476		print "\n$Undeliverable messages rejected as undeliverable";
477		}
478
479		if ($ReturnedToSender >0) {
480		print "\n$ReturnedToSender messages expired and returned to sender";
481		}
482
483		if ($ResentMessages > 0) {
484		print "\n$ResentMessages resent messages";
485		}
486
487		if ($RemovedFromQueue > 0) {
488		print "\n$RemovedFromQueue messages removed from queue";
489		}
490
491		if ($QueueSizeExceeded > 0) {
492		print "\n$QueueSizeExceeded messages exceeded queue or message file size limit and removed";
493		}
494
495		if ($TableChanged > 0) {
496		print "\n$TableChanged exited after table change detection";
497		}
498
499		if ($UnsupportedFamily > 0) {
500		print "\nUnknown address family $UnsupportedFamily Time(s)\n";
501		}
502
503		if (keys %ConfigError) {
504		print "\n\nWARNING!!!\n";
505		print "Configuration Errors:\n";
506		foreach $Option (sort {$a cmp $b} keys %ConfigError) {
507		print " Option: $Option\n";
508		foreach $Reason (sort {$a cmp $b} keys %{$ConfigError{$Option}} ) {
509		print " $Reason: $ConfigError{$Option}{$Reason} Time(s)\n";
510		}
511		}
512		}
513
514		if (keys %QueueWriteError) {
515		if ($Detail >= 5) {
516		print "\n\nError writing queue file:\n";
517		foreach $Reason (sort {$a cmp $b} keys %QueueWriteError) {
518		print " $Reason : $QueueWriteError{$Reason} Time(s)\n";
519		}
520		}
521		else {
522		$n=0;
523		foreach $Reason (keys %QueueWriteError) {
524		$n+=$QueueWriteError{$Reason};
525		}
526		print "\n\nError writing queue file: $n Time(s)";
527		}
528		}
529
530		if (keys %MessageWriteError) {
531		if ($Detail >= 5) {
532		print "\n\nError writing message file:\n";
533		foreach $Reason (sort {$a cmp $b} keys %MessageWriteError) {
534		print " $Reason : $MessageWriteError{$Reason} Time(s)\n";
535		}
536		}
537		else {
538		$n=0;
539		foreach $Reason (keys %MessageWriteError) {
540		$n+=$MessageWriteError{$Reason};
541		}
542		print "\n\nError writing message file: $n Time(s)";
543		}
544		}
545
546		if (keys %DatabaseGeneration) {
547		if ($Detail >= 5) {
548		print "\n\nDatabase files are not up-to-date (propably rehash is needed):\n";
549		foreach $Source (sort {$a cmp $b} keys %DatabaseGeneration) {
550		print " $Source : $DatabaseGeneration{$Source} Time(s)\n";
551		}
552		}
553		else {
554		$n=0;
555		$fn=scalar(keys %DatabaseGeneration);
556		foreach $Source (keys %DatabaseGeneration) {
557		$n+=$DatabaseGeneration{$Source};
558		}
559		print "\n\nDatabase files are not up-to-date (propably rehash is needed): $fn File(s), $n Time(s)";
560		}
561		}
562
563		if (keys %PixWorkaround) {
564		if ($Detail >= 5) {
565		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for:\n";
566		foreach $Host (sort {$a cmp $b} keys %PixWorkaround) {
567		print " $Host : $PixWorkaround{$Host} Time(s)\n";
568		}
569		}
570		else {
571		$n=0;
572		$hn=scalar(keys %PixWorkaround);
573		foreach $Host (keys %PixWorkaround) {
574		$n+=$PixWorkaround{$Host};
575		}
576		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for: $hn Host(s), $n Time(s)";
577		}
578		}
579
580		if (($Detail >=5) and (keys %SentBy)) {
581		print "\n\nTop ten senders:\n";
582		foreach $ThisSender (sort {$a cmp $b} keys %SentBy) {
583		$ThisNumber = $SentBy{$ThisSender};
584		push(@{$ThisIsNumber{$ThisNumber}}, $ThisSender);
585		}
586		my $ListRank = 10;
587		foreach $SenderRank (sort {$b <=> $a} keys %ThisIsNumber) {
588		last unless ($ListRank > 0);
589		print " $SenderRank messages sent by:\n";
590		foreach $ThisSender (@{$ThisIsNumber{$SenderRank}}) {
591		last unless ($ListRank > 0);
592		$ListRank--;
593		print" $ThisSender\n";
594		}
595		}
596		}
597
598		if (keys %UnknownUsers) {
599		if ($Detail >= 10) {
600		print "\n\nUnknown users:\n";
601		foreach $ThisOne (sort {$a cmp $b} keys %UnknownUsers) {
602		print " $ThisOne : $UnknownUsers{$ThisOne} Time(s)\n";
603		}
604		}
605		else {
606		$n=0;
607		$un=scalar(keys %UnknownUsers);
608		foreach $ThisOne (keys %UnknownUsers) {
609		$n+=$UnknownUsers{$ThisOne};
610		}
611		print "\n\nUnknown users: $un, $n Time(s)";
612		}
613		}
614
615		if (keys %SaslAuthenticationFail) {
616		if ($Detail >= 5) {
617		print "\n\nSASL Authentication failed from:\n";
618		foreach $Host (sort {$a cmp $b} keys %SaslAuthenticationFail) {
619		print " $Host : $SaslAuthenticationFail{$Host} Time(s)\n";
620		}
621		}
622		else {
623		$n=0;
624		$hn=scalar(keys %SaslAuthenticationFail);
625		foreach $Host (keys %SaslAuthenticationFail) {
626		$n+=$SaslAuthenticationFail{$Host};
627		}
628		print "\n\nSASL Authentication failed from: $hn Host(s), $n Time(s)";
629		}
630		}
631
632		if (keys %SaslAuth) {
633		if ($Detail >= 5) {
634		print "\n\nSASL Authenticated messages from:\n";
635		foreach $Host (sort {$a cmp $b} keys %SaslAuth) {
636		if ($Detail >= 10) {
637		print " $Host:\n";
638		foreach $User (sort {$a cmp $b} keys %{$SaslAuth{$Host}} ) {
639		print " sasluser $User : $SaslAuth{$Host}{$User} Times(s)\n";
640		}
641		}
642		else {
643		$n=0;
644		foreach $User (keys %{$SaslAuth{$Host}} ) {
645		$n+=$SaslAuth{$Host}{$User};
646		}
647		print " $Host: $n Time(s)\n";
648		}
649		}
650		}
651		else {
652		$n=0;
653		$hn=scalar(keys %SaslAuth);
654		foreach $Host (keys %SaslAuth) {
655		foreach $User (keys %{$SaslAuth{$Host}} ) {
656		$n+=$SaslAuth{$Host}{$User};
657		}
658		}
659		print "\n\nSASL Authenticated messages from: $hn Host(s), $n Time(s)";
660		}
661		}
662
663		if (keys %TLSconnectFrom) {
664		if ($Detail >= 5) {
665		print "\n\nTLS Connections from:\n";
666		foreach $Host (sort {$a cmp $b} keys %TLSconnectFrom) {
667		print " $Host : $TLSconnectFrom{$Host} Time(s)\n";
668		}
669		}
670		else {
671		$n=0;
672		$hn=scalar(keys %TLSconnectFrom);
673		foreach $Host (keys %TLSconnectFrom) {
674		$n+=$TLSconnectFrom{$Host};
675		}
676		print "\n\nTLS Connections from: $hn Host(s), $n Time(s)";
677		}
678		}
679
680		if (keys %TLSconnectTo) {
681		if ($Detail >= 5) {
682		print "\n\nTLS Connections to:\n";
683		foreach $Host (sort {$a cmp $b} keys %TLSconnectTo) {
684		print " $Host : $TLSconnectTo{$Host} Time(s)\n";
685		}
686		}
687		else {
688		$n=0;
689		$hn=scalar(keys %TLSconnectTo);
690		foreach $Host (keys %TLSconnectTo) {
691		$n=$TLSconnectTo{$Host};
692		}
693		print "\n\nTLS Connections to: $hn Host(s), $n Time(s)";
694		}
695		}
696
697		if (keys %TLSunverified) {
698		if ($Detail >= 5) {
699		print "\n\nUnverified TLS certificates:\n";
700		foreach $Cert (sort {$a cmp $b} keys %TLSunverified) {
701		print " $Cert : $TLSunverified{$Cert} Time(s)\n";
702		}
703		}
704		else {
705		$n=0;
706		$cn=scalar(keys %TLSunverified);
707		foreach $Cert (keys %TLSunverified) {
708		$n+=$TLSunverified{$Cert};
709		}
710		print "\n\nUnverified TLS certificates: $cn, $n Time(s)";
711		}
712		}
713
714		if (keys %RelayDenied) {
715		if ($Detail >= 5) {
716		print "\n\nRelaying denied:\n";
717		foreach $ThisOne (sort {$a cmp $b} keys %RelayDenied) {
718		print " $ThisOne : $RelayDenied{$ThisOne} Time(s)\n";
719		}
720		}
721		else {
722		$n=0;
723		foreach $ThisOne (keys %RelayDenied) {
724		$n+=$RelayDenied{$ThisOne};
725		}
726		print "\n\nRelaying denied: $n Time(s)";
727		}
728		}
729
730		if (keys %SizeLimit) {
731		if ($Detail >= 5) {
732		print "\n\nMessage size exceeds fixed limit:\n";
733		foreach $Message (sort {$a cmp $b} keys %SizeLimit) {
734		print " $Message: $SizeLimit{$Message} Time(s)\n";
735		}
736		}
737		else {
738		$n=0;
739		$mn=scalar(keys %SizeLimit);
740		foreach $Message (keys %SizeLimit) {
741		$n+=$SizeLimit{$Message};
742		}
743		print "\n\nMessage size exceeds fixed limit: $mn Message(s), $n Time(s)";
744		}
745		}
746
747		if (keys %LocalBounce) {
748		if ($Detail >= 5) {
749		print "\n\nLocal Bounce:\n";
750		foreach $ThisOne (sort {$a cmp $b} keys %LocalBounce) {
751		print " $ThisOne : $LocalBounce{$ThisOne} Time(s)\n";
752		}
753		}
754		else {
755		$n=0;
756		$bn=scalar(keys %LocalBounce);
757		foreach $ThisOne (keys %LocalBounce) {
758		$n+=$LocalBounce{$ThisOne};
759		}
760		print "\n\nLocal Bounces: $bn, $n Time(s)";
761		}
762		}
763
764		if (keys %ForeignBounce) {
765		if ($Detail >= 5) {
766		print "\n\nForeign Bounce:\n";
767		foreach $ThisOne (sort {$a cmp $b} keys %ForeignBounce) {
768		print " $ThisOne : $ForeignBounce{$ThisOne} Time(s)\n";
769		}
770		}
771		else {
772		$n=0;
773		$bn=scalar(keys %ForeignBounce);
774		foreach $ThisOne (keys %ForeignBounce) {
775		$n+=$ForeignBounce{$ThisOne};
776		}
777		print "\n\nForeign Bounce: $bn, $n Time(s)";
778		}
779		}
780
781		if (keys %HeaderReject) {
782		if ($Detail >= 10) {
783		print "\n\nHeader content reject:\n";
784		foreach $Reason (sort {$a cmp $b} keys %HeaderReject) {
785		print " $Reason:";
786		foreach $Rejected (sort {$a cmp $b} keys %{$HeaderReject{$Reason}} ) {
787		print " $Rejected : $HeaderReject{$Reason}{$Rejected} Time(s)\n";
788		}
789		}
790		}
791		else {
792		$n=0;
793		$rn=scalar(keys %HeaderReject);
794		foreach $Reason (keys %HeaderReject) {
795		foreach $Rejected (keys %{$HeaderReject{$Reason}} ) {
796		$n+=$HeaderReject{$Reason}{$Rejected};
797		}
798		}
799		print "\n\nHeader content rejected: $rn Reason(s), $n Time(s)";
800		}
801		}
802
803		if (keys %HeaderWarning) {
804		if ($Detail >= 10) {
805		print "\n\nHeader content warning (but passed):\n";
806		foreach $Reason (sort {$a cmp $b} keys %HeaderWarning) {
807		print " $Reason:";
808		foreach $Warning (sort {$a cmp $b} keys %{$HeaderWarning{$Reason}} ) {
809		print " $Warning : $HeaderWarning{$Reason}{$Warning} Time(s)\n";
810		}
811		}
812		}
813		else {
814		$n=0;
815		$rn=scalar(keys %HeaderWarning);
816		foreach $Reason (keys %HeaderWarning) {
817		foreach $Warning (keys %{$HeaderWarning{$Reason}} ) {
818		$n+=$HeaderWarning{$Reason}{$Warning};
819		}
820		}
821		print "\n\nHeader content warning (but passed): $rn Reason(s), $n Time(s)";
822		}
823		}
824
825		if ($RejectClients > 0) {
826		if ($Detail >= 5) {
827		print "\n\nClient hosts rejected $RejectClients Time(s)\n";
828		foreach $Host (sort {$a cmp $b} keys %RejectClientHost) {
829		print " $Host $RejectClientHost{$Host} Time(s)\n";
830		}
831		}
832		else {
833		$n=0;
834		foreach $Host (keys %RejectClientHost) {
835		$n++;
836		}
837		print "\n\nClient hosts rejected $RejectClients Time(s): $n Host(s)";
838		}
839		}
840
841		if ($RejectUnknownClients > 0) {
842		if ($Detail >= 10) {
843		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
844		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClient) {
845		print " $Host\n";
846		foreach $Helo (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}}) {
847		print " helo=<$Helo>\n";
848		foreach $Sender (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}}) {
849		foreach $Recip (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}{$Sender}}) {
850		print " $Sender -> $Recip $RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip} Time(s)\n";
851		}
852		}
853		}
854		}
855		}
856		elsif ($Detail >= 5) {
857		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
858		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClientHost) {
859		print " $Host $RejectUnknownClientHost{$Host} Time(s)\n";
860		}
861		}
862		else {
863		$n=0;
864		foreach $Host (keys %RejectUnknownClientHost) {
865		$n++;
866		}
867		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s): $n Host(s)";
868		}
869		}
870
871		if (($Detail >= 10) and (keys %UndeliverableMsg)) {
872		print "\n\nUndeliverable messages rejected:\n";
873		foreach $Reason (sort {$a cmp $b} keys %UndeliverableMsg) {
874		print " $Reason: $UndeliverableMsg{$Reason} Time(s)\n";
875		}
876		}
877
878		if (keys %RejectSender) {
879		print "\n\nMessages rejected:\n";
880		foreach $Reason (sort {$a cmp $b} keys %RejectSender) {
881		if ($Detail >= 5) {
882		print " $Reason $RejectSenderReason{$Reason} Time(s)\n";
883		foreach $Host (sort {$a cmp $b} keys %{$RejectSender{$Reason}} ) {
884		print " $Host $RejectSenderHost{$Reason}{$Host} Time(s)\n";
885		if ($Detail >= 10) {
886		foreach $Sender (sort {$a cmp $b} keys %{$RejectSender{$Reason}{$Host}}) {
887		print " $Sender : $RejectSender{$Reason}{$Host}{$Sender} Time(s)\n";
888		}
889		}
890		}
891		}
892		else {
893		$n=0;
894		$hn=scalar(keys %{$RejectSender{$Reason}});
895		print " $Reason: $hn Host(s), $RejectSenderReason{$Reason} Time(s)\n";
896		}
897		}
898		}
899
900		if (keys %RejectRecip) {
901		if ($Detail >= 5) {
902		print "\n\nMessages rejected to recipient:\n";
903		foreach $Recip (sort {$a cmp $b} keys %RejectRecip) {
904		print " $Recip:\n";
905		foreach $Host (sort {$a cmp $b} keys %{$RejectRecip{$Recip}} ) {
906		print " $Host : $RejectRecip{$Recip}{$Host} Time(s)\n";
907		}
908		}
909		}
910		else {
911		$n=0;
912		$rn=scalar(keys %RejectRecip);
913		foreach $Recip (keys %RejectRecip) {
914		foreach $Host (keys %{$RejectRecip{$Recip}} ) {
915		$n+=$RejectRecip{$Recip}{$Host};
916		}
917		}
918		print "\n\nMessages rejected to: $rn Recipient(s), $n Time(s)";
919		}
920		}
921
922		if (keys %RejectAddress) {
923		if ($Detail >= 5) {
924		print "\n\nRejected sender address from:\n";
925		foreach $Host (sort {$a cmp $b} keys %RejectAddress) {
926		print " $Host : $RejectAddress{$Host} Time(s)\n";
927		}
928		}
929		else {
930		$n=0;
931		$hn=scalar(keys %RejectAddress);
932		foreach $Host (keys %RejectAddress) {
933		$n+=$RejectAddress{$Host};
934		}
935		print "\n\nRejected sender address from: $hn Host(s), $n Time(s)";
936		}
937		}
938
939		if (keys %RejectRBL) {
940		print "\n\nMessages rejected using Anti-Spam site $RejectedRBL Time(s)\n";
941		foreach $Site (sort {$a cmp $b} keys %RejectRBL) {
942		$count = 0;
943		# okay there is probably a more efficient way to get this total
944		# than walking the container again, but my perl is weak
945		# and I want to know which list are working the best so I can
946		# put them at the top of the checking order in my configuration
947		foreach $Host ( keys %{$RejectRBL{$Site}} ) {
948		$count = $count + $RejectRBL{$Site}{$Host};
949		}
950		if ($Detail >= 5) {
951		print " $Site identified $count spam messages:\n";
952		foreach $Host (sort {$a cmp $b} keys %{$RejectRBL{$Site}} ) {
953		print " $Host : $RejectRBL{$Site}{$Host} Time(s)\n";
954		}
955		}
956		else {
957		print " $Site identified $count spam messages.\n";
958		}
959		}
960		}
961
962		if (keys %RBLError) {
963		if ($Detail >= 5) {
964		print "\n\nRBL lookup errors $ErrorRBL Time(s)\n";
965		foreach $Site (sort {$a cmp $b} keys %RBLError) {
966		print " $Site\n";
967		if ($Detail >= 10) {
968		foreach $Error (sort {$a cmp $b} keys %{$RBLError{$Site}} ) {
969		print " $Error : $RBLError{$Site}{$Error} Time(s)\n";
970		}
971		}
972		}
973		}
974		else {
975		$n=0;
976		$hn=scalar(keys %RBLError);
977		print "\n\nRBL lookup errors for $hn Host(s), $ErrorRBL Time(s)";
978		}
979		}
980
981		if (keys %Discarded) {
982		if ($Detail >= 5) {
983		print "\n\nDiscarded messages:\n";
984		foreach $Recipient (sort {$a cmp $b} keys %Discarded) {
985		print " $Recipient\n";
986		foreach $Reason (sort {$a cmp $b} keys %{$Discarded{$Recipient}} ) {
987		print " $Reason : $Discarded{$Recipient}{$Reason} Time(s)\n";
988		}
989		}
990		}
991		else {
992		$n=0;
993		$rn=scalar(keys %Discarded);
994		foreach $Recipient (keys %Discarded) {
995		foreach $Reason (keys %{$Discarded{$Recipient}} ) {
996		$n+=$Discarded{$Recipient}{$Reason};
997		}
998		}
999		print "\n\nDiscarded messages to: $rn Recipient(s), $n Time(s)";
1000		}
1001		}
1002
1003		if (keys %AuthWarns) {
1004		print "\n\nAuthentication warnings:\n";
1005		foreach $ThisOne (sort {$a cmp $b} keys %AuthWarns) {
1006		print " $ThisOne : $AuthWarns{$ThisOne} Time(s)\n";
1007		}
1008		}
1009
1010		if (keys %ForwardErrors) {
1011		print "\n\nForwarding errors:\n";
1012		foreach $ThisOne (sort {$a cmp $b} keys %ForwardErrors) {
1013		print " $ThisOne : $ForwardErrors{$ThisOne} Time(s)\n";
1014		}
1015		}
1016
1017		if (($Detail >= 10) and (keys %SmtpConversationError)) {
1018		print "\n\nSMTP commands dialog errors:\n";
1019		foreach $Error (sort {$a cmp $b} keys %SmtpConversationError) {
1020		print " $Error:\n";
1021		foreach $Host (sort {$a cmp $b} keys %{$SmtpConversationError{$Error}} ) {
1022		print " $Host : $SmtpConversationError{$Error}{$Host} Time(s)\n";
1023		}
1024		}
1025		}
1026
1027		if (keys %TooManyErrors) {
1028		if ($Detail >= 5) {
1029		print "\n\nToo many errors in SMTP commands dialog:\n";
1030		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1031		print " After command $Command:\n";
1032		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1033		print " $Host : $TooManyErrors{$Command}{$Host} Time(s)\n";
1034		}
1035		}
1036		}
1037		else {
1038		$n=0;
1039		$cn=scalar(keys %TooManyErrors);
1040		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1041		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1042		$n+=$TooManyErrors{$Command}{$Host};
1043		}
1044		}
1045		print "\n\nToo many errors in SMTP commands dialog: $cn Command(s), $n Time(s)";
1046		}
1047		}
1048
1049		if (keys %ConnectionLost) {
1050		print "\n\nConnections lost:\n";
1051		foreach $ThisOne (sort {$a cmp $b} keys %ConnectionLost) {
1052		print " Connection lost while $ThisOne : $ConnectionLost{$ThisOne} Time(s)\n";
1053		}
1054		}
1055
1056		if (keys %MxError) {
1057		if ($Detail >= 10) {
1058		print "\n\nMalformed domain name in resource data of MX record:\n";
1059		foreach $Domain (sort {$a cmp $b} keys %MxError) {
1060		print " $Domain : $MxError{$Domain} Time(s)\n";
1061		}
1062		}
1063		else {
1064		$n=0;
1065		$dn=scalar(keys %MxError);
1066		foreach $Domain (keys %MxError) {
1067		$n+=$MxError{$Domain};
1068		}
1069		print "\n\nMalformed domain name in resource data of MX record: $dn Domain(s), $n Time(s)";
1070		}
1071		}
1072
1073		if (%IllegalAddressSyntax) {
1074		print "\n\nIllegal address syntax:\n";
1075		foreach $Command (sort {$a cmp $b} keys %IllegalAddressSyntax) {
1076		if ($Detail >= 5) {
1077		print " In command $Command from:\n";
1078		foreach $Host (sort {$a cmp $b} keys %{$IllegalAddressSyntax{$Command}} ) {
1079		print " $Host : $IllegalAddressSyntax{$Command}{$Host} Time(s)\n";
1080		}
1081		}
1082		else {
1083		$n=0;
1084		$hn=scalar(keys %{$IllegalAddressSyntax{$Command}});
1085		foreach $Host (keys %{$IllegalAddressSyntax{$Command}}) {
1086		$n+=$IllegalAddressSyntax{$Command}{$Host};
1087		}
1088		print " In command $Command from: $hn Host(s), $n Time(s)\n";
1089		}
1090		}
1091		}
1092
1093		if (keys %HostnameVerification) {
1094		if ($Detail >= 2) {
1095		print "\n\nHostname verification errors:\n";
1096		foreach $Error (sort {$a cmp $b} keys %HostnameVerification) {
1097		print " $Error : $HostnameVerification{$Error} Time(s)\n";
1098		}
1099		}
1100		else{
1101		$n=0;
1102		$en=scalar(keys %HostnameVerification);
1103		foreach $Error (keys %HostnameVerification) {
1104		$n+=$HostnameVerification{$Error};
1105		}
1106		print "\n\nHostname verification errors: $en Error(s), $n Time(s)";
1107		}
1108		}
1109
1110		if (keys %MailerLoop) {
1111		print "\n\nMailer Loop:\n";
1112		foreach $Error (sort {$a cmp $b} keys %MailerLoop) {
1113		print " $Error : $MailerLoop{$Error} Time(s)\n";
1114		}
1115		}
1116
1117		if (keys %ValidHostname) {
1118		if ($Detail >= 2) {
1119		print "\n\nHostname validation errors:\n";
1120		foreach $Message (sort {$a cmp $b} keys %ValidHostname) {
1121		print " $Message : $ValidHostname{$Message} Time(s)\n";
1122		}
1123		}
1124		else{
1125		$n=0;
1126		$mn=scalar(keys %ValidHostname);
1127		foreach $Message (keys %ValidHostname) {
1128		$n+=$ValidHostname{$Message};
1129		}
1130		print "\n\nHostname validation errors: $mn Message(s), $n Time(s)";
1131		}
1132		}
1133
1134		if (keys %HeloError) {
1135		print "\n\nErrors in HELO/EHLO conversation:\n";
1136		foreach $Error (sort {$a cmp $b} keys %HeloError) {
1137		if ($Detail >= 5) {
1138		print " $Error:\n";
1139		foreach $Host (sort {$a cmp $b} keys %{$HeloError{$Error}} ) {
1140		print " $Host : $HeloError{$Error}{$Host} Time(s)\n";
1141		}
1142		}
1143		else {
1144		$n=0;
1145		$hn=scalar(keys %{$HeloError{$Error}});
1146		foreach $Host (keys %{$HeloError{$Error}} ) {
1147		$n+=$HeloError{$Error}{$Host};
1148		}
1149		print " $Error: from $hn Host(s), $n Time(s)\n";
1150		}
1151		}
1152		}
1153
1154		if (keys %ProcessExit) {
1155		print "\n\nProcess exited:\n";
1156		foreach $Status (sort {$a cmp $b} keys %ProcessExit) {
1157		print " Exit status $Status:\n";
1158		foreach $Process (sort {$a cmp $b} keys %{$ProcessExit{$Status}} ) {
1159		print " $Process: $ProcessExit{$Status}{$Process} Time(s)\n";
1160		}
1161		}
1162		}
1163
1164		if (keys %UnknownWarnings) {
1165		print "\n\nUnrecognized warning:\n";
1166		foreach $ThisOne (sort {$a cmp $b} keys %UnknownWarnings) {
1167		print " $ThisOne : $UnknownWarnings{$ThisOne} Time(s)\n";
1168		}
1169		}
1170
1171		if ($#OtherList >= 0) {
1172		print "\n\nUnmatched Entries\n\n";
1173		print @OtherList;
1174		}
1175
1176		exit(0);
1177
1178		# vi: shiftwidth=3 tabstop=3 syntax=perl et
1179

+0

-1183

~~scripts/services/.#postfix.1.20~~ less more

0
1		##########################################################################
2		# $Id: postfix,v 1.20 2005/07/25 22:26:28 bjorn Exp $
3		##########################################################################
4		# $Log: postfix,v $
5		# Revision 1.20 2005/07/25 22:26:28 bjorn
6		# Added "Sender address" to "554 Service unavailable" regexp, by Who Knows
7		#
8		# Revision 1.19 2005/04/22 13:48:28 bjorn
9		# This patch catches (un)deliverable messages and many more, which were
10		# missing until now on mu new postfix-2.1.*, from Paweł Gołaszewski
11		#
12		# Revision 1.18 2005/04/17 23:12:28 bjorn
13		# Patches from Peter Bieringer and Willi Mann: ignoring more lines and
14		# some blank spaces
15		#
16		# Revision 1.17 2005/02/24 17:08:05 kirk
17		# Applying consolidated patches from Mike Tremaine
18		#
19		# Revision 1.7 2005/02/16 00:43:28 mgt
20		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
21		#
22		# Revision 1.6 2005/02/13 23:50:42 mgt
23		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
24		#
25		# Revision 1.5 2004/10/06 21:42:53 mgt
26		# patches from Pawel quien-sabe -mgt
27		#
28		# Revision 1.4 2004/07/29 19:33:29 mgt
29		# Chmod and removed perl call -mgt
30		#
31		# Revision 1.3 2004/07/10 01:54:35 mgt
32		# sync with kirk -mgt
33		#
34		# Revision 1.13 2004/06/23 15:01:17 kirk
35		# - Added more patches from blues@ds.pg.gda.pl
36		#
37		# Revision 1.12 2004/06/21 14:59:05 kirk
38		# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
39		#
40		# Thanks, as always!
41		#
42		# Revision 1.11 2004/06/21 13:42:02 kirk
43		# From: Matthew Wise <matt@oatsystems.com>
44		# This is more of a suggestion than a true patch submission. On a busy
45		# postfix server the messages sent by section is really long and not
46		# helpful. This patch finds and lists the top 10 senders by bumber of
47		# messages.
48		#
49		# Revision 1.10 2004/06/21 13:41:04 kirk
50		# Patch from rod@nayfield.com
51		#
52		# Revision 1.9.1 2004/02/22 16:44:01 rod
53		# Added patch from rod@nayfield.com
54		#
55		# Revision 1.9 2004/02/03 03:25:02 kirk
56		# Added patch from quien-sabe@metaorg.com
57		#
58		# Revision 1.8 2004/02/03 02:45:26 kirk
59		# Tons of patches, and new 'oidentd' and 'shaperd' filters from
60		# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
61		#
62		# Revision 1.7 2003/12/15 18:35:03 kirk
63		# Tons of patches from blues@ds.pg.gda.pl
64		#
65		# Revision 1.6 2003/12/15 18:09:23 kirk
66		# Added standard vi formatting commands at the bottom of all files.
67		# Applied many patches from blues@ds.pg.gda.pl
68		#
69		# Revision 1.5 2003/12/15 17:45:09 kirk
70		# Added clamAV update log filter from lars@spinn.dk
71		#
72		# Revision 1.4 2003/11/26 14:36:30 kirk
73		# Applied patch from blues@ds.pg.gda.pl
74		#
75		# Revision 1.3 2003/11/18 14:04:05 kirk
76		# More patches from blues@ds.pg.gda.pl
77		#
78		# Revision 1.2 2003/11/18 04:02:21 kirk
79		# Patch from blues@ds.pg.gda.pl
80		#
81		# Revision 1.1 2003/11/03 04:49:18 kirk
82		# Added postfix filter from Sven Conrad <sconrad@receptec.net>
83		#
84		# Revision 1.1 2002/03/29 15:32:14 kirk
85		# Added some filters found in RH's release
86		#
87		#
88		# Revision ??? 2000/07/12 Simon Liddington <sjl@zepler.org>
89		# converted from sendmail to postfix Sven Conrad <scon@gmx.net>
90		# added unknown users
91		# added relay denials
92		# todo:
93		# add authentication warnings
94		# add forward errors
95		# add returns after 4 hours
96		# ignores alias database building
97		# ignores daemon start messages
98		# ignores clone messages
99		# ignores all to= lines whatever follows stat=
100		#
101		#
102		# Revision 1.1 2003/03/21 21:10 sven
103		# Initial revision
104		#
105		# filters all postfix/<process> messages
106		#
107		##########################################################################
108
109		########################################################
110		# This was written and is maintained by:
111		# ??? Kenneth Porter <shiva@well.com> ???
112		# changed by Sven Conrad <scon@gmx.net>
113		#
114		# Please send all comments, suggestions, bug reports,
115		# etc, to ?? shiva@well.com.??
116		# Sven Conrad <scon@gmx.net>
117		#
118		########################################################
119
120		my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
121		my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
122
123		$MsgsSent = 0;
124		$BytesTransferred = 0;
125		$FourHourReturns = 0;
126		$ReturnedToSender = 0;
127		$ResentMessages = 0;
128		$RemovedFromQueue = 0;
129		$UnsupportedFamily = 0;
130		$TableChanged = 0;
131		$QueueSizeExceeded = 0;
132		$RejectedRBL = 0;
133		$ErrorRBL = 0;
134		$NoFreeSpace = 0;
135		$RejectClients = 0;
136		$RejectUnknownClients = 0;
137		$Undeliverable = 0;
138		$Deliverable = 0;
139
140		# The are reject\|reject_warning vars
141		my $UnknownUsers; #h
142		my $RelayDenied; #h
143		my $HeaderReject; #h
144		my $RejectSender; #h
145		my $RejectSenderHost; #h
146		my $RejectSenderReason; #h
147		my $RejectClientHost; #h
148		my $RejectClients; #h
149		my $RejectUnknownClient; #h
150		my $RejectUnknownClientHost; #h
151		my $RejectUnknownClients; #v
152		my $RejectRecip; #h
153		my $RejectAddress; #h
154		my $RejectRBL; #h
155		my $RejectedRBL; #v
156		my $HeloError; #h
157		my $SizeLimit; #h
158		my $NoFreeSpace; #h
159
160		# Now the rejectHashes
161		# vim regex: s/\$$.*$\#h/\%Reject_\1/
162		# and: s/\$$.*$\#v/\$Reject_\1/
163		# apply to above
164		my %Reject_UnknownUsers;
165		my %Reject_RelayDenied;
166		my %Reject_HeaderReject;
167		my %Reject_RejectSender;
168		my %Reject_RejectSenderHost;
169		my %Reject_RejectSenderReason;
170		my %Reject_RejectClientHost;
171		my %Reject_RejectClients;
172		my %Reject_RejectUnknownClient;
173		my %Reject_RejectUnknownClientHost;
174		my $Reject_RejectUnknownClients;
175		my %Reject_RejectRecip;
176		my %Reject_RejectAddress;
177		my %Reject_RejectRBL;
178		my $Reject_RejectedRBL;
179		my %Reject_HeloError;
180		my %Reject_SizeLimit;
181		my %Reject_NoFreeSpace;
182
183		# Now the reject_warning
184		# vim regex for above: s/Reject_/RejectWarning_/
185		my %RejectWarning_UnknownUsers;
186		my %RejectWarning_RelayDenied;
187		my %RejectWarning_HeaderReject;
188		my %RejectWarning_RejectSender;
189		my %RejectWarning_RejectSenderHost;
190		my %RejectWarning_RejectSenderReason;
191		my %RejectWarning_RejectClientHost;
192		my %RejectWarning_RejectClients;
193		my %RejectWarning_RejectUnknownClient;
194		my %RejectWarning_RejectUnknownClientHost;
195		my $RejectWarning_RejectUnknownClients;
196		my %RejectWarning_RejectRecip;
197		my %RejectWarning_RejectAddress;
198		my %RejectWarning_RejectRBL;
199		my $RejectWarning_RejectedRBL;
200		my %RejectWarning_HeloError;
201		my %RejectWarning_SizeLimit;
202		my %RejectWarning_NoFreeSpace;
203
204
205
206		while (defined($ThisLine = <STDIN>)) {
207		# Decide whether it's reject or reject_warning
208		my $UnknownUsers; #h
209		my $RelayDenied; #h
210		my $HeaderReject; #h
211		my $RejectSender; #h
212		my $RejectSenderHost; #h
213		my $RejectSenderReason; #h
214		my $RejectClientHost; #h
215		my $RejectClients; #h
216		my $RejectUnknownClient; #h
217		my $RejectUnknownClientHost; #h
218		my $RejectUnknownClients; #v
219		my $RejectRecip; #h
220		my $RejectAddress; #h
221		my $RejectRBL; #h
222		my $RejectedRBL; #v
223		my $HeloError; #h
224		my $SizeLimit; #h
225		my $NoFreeSpace; #h
226
227		if (
228		( $ThisLine =~ m/^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\])\s*$/ ) or
229		( $ThisLine =~ m/^[a-zA-Z0-9]+: message-id/ ) or
230		( $ThisLine =~ m/^[a-zA-Z0-9]+: skipped, still being delivered/ ) or
231		( $ThisLine =~ m/^[a-zA-Z0-9]+: to\=\<.>, relay\=., delay\=[0-9]+, status\=(sent\|deferred)/ ) or
232		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] said: 4[0-9][0-9]/ ) or
233		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] refused to talk to me: 4[0-9][0-9]/ ) or
234		( $ThisLine =~ m/^Deleted: \d message$/ ) or
235		( $ThisLine =~ m/^Peer certficate could not be verified$/ ) or #postfix typo
236		( $ThisLine =~ m/^Peer certificate could not be verified$/ ) or
237		( $ThisLine =~ m/^Peer verification:/ ) or
238		( $ThisLine =~ m/^SSL_accept error from/ ) or
239		( $ThisLine =~ m/^Verified: / ) or
240		( $ThisLine =~ m/^cert has expired/ ) or
241		( $ThisLine =~ m/^connect/ ) or
242		( $ThisLine =~ m/^daemon started$/ ) or
243		( $ThisLine =~ m/^daemon started -- version / ) or
244		( $ThisLine =~ m/^dict_eval_action:/ ) or
245		( $ThisLine =~ m/^disconnect/ ) or
246		( $ThisLine =~ m/^mynetworks:/ ) or
247		( $ThisLine =~ m/^name_mask:/ ) or
248		( $ThisLine =~ m/^reload configuration/ ) or
249		( $ThisLine =~ m/^setting up TLS connection (from\|to)/ ) or
250		( $ThisLine =~ m/^starting TLS engine$/ ) or
251		( $ThisLine =~ m/^terminating on signal 15$/ ) or
252		( $ThisLine =~ m/^warning: [a-zA-Z0-9]+: skipping further client input$/ ) or
253		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: address not listed for hostname/ ) or
254		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Host not found/ ) or
255		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Name or service not known/ ) or
256		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Temporary failure in name resolution/ ) or
257		( $ThisLine =~ m/^warning: Mail system is down -- accessing queue directly$/ ) or
258		( $ThisLine =~ m/^warning: SASL authentication failure: Password verification failed$/ ) or
259		( $ThisLine =~ m/^warning: SASL authentication failure: no secret in database$/ ) or
260		( $ThisLine =~ m/^warning: no MX host for .* has a valid A record$/ ) or
261		( $ThisLine =~ m/^warning: numeric domain name in resource data of MX record for .*$/ ) or
262		( $ThisLine =~ m/^warning: premature end-of-input from cleanup socket while reading input attribute name$/ ) or
263		( $ThisLine =~ m/^warning: uid=\d: Broken pipe$/ ) or
264		( $ThisLine =~ m/^verify error:num=/ ) or
265		( $ThisLine =~ m/hold: header Received:/ )
266		or ( $ThisLine =~ m/^statistics: max / )
267		or ( $ThisLine =~ m/: replace: header / )
268		or ( $ThisLine =~ m/: Greylisted for / ) # Greylisting has it's own statistics tool
269		or ( $ThisLine =~ m/certificate verification failed for/o ) # Perhaps a candidate for extended statistics
270		or ( $ThisLine =~ m/Server certificate could not be verified/o ) # Perhaps a candidate for extended statistics
271		or ( $ThisLine =~ m/certificate peer name verification failed/o ) # Perhaps a candidate for extended statistics
272		) {
273		# We don't care about these
274		} elsif ( ($Bytes) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=.size=([0-9]+).$/) ) {
275		$MsgsSent++;
276		$BytesTransferred += $Bytes;
277		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=-?[0-9]+, status\=bounced \(unknown user/)) {
278		# unknown user
279		$UnknownUsers{$User}++;
280		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=[0-9]+, status\=bounced \(user unknown/)) {
281		# unknown user ( alias to \|"exit 67" in aliases table )
282		$UnknownUsers{$User}++;
283		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>: User unknown in virtual mailbox table;/)) {
284		# unknown virtual user
285		$UnknownUsers{$User}++;
286		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? ., status\=bounced .: User unknown in virtual mailbox table/)) {
287		# another unknown user probably could combine with local unknown but again my perl is weak
288		$UnknownUsers{$User}++;
289		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>.*: User unknown in local recipient table/)) {
290		# and yet another unknown user probably
291		$UnknownUsers{$User}++;
292		} elsif (($Dest, $Relay, $Msg) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay=([^ ])., delay\=-?[0-9]+, status\=bounced \(([^)]*)/ )) {
293		# unknown user
294		# $Msg = " hello "
295		# print "bounce message from " . $Dest . " msg : " . $Relay . "\n";
296		if ($Relay =~ m/^(none\|local\|avcheck)/) {
297		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
298		$LocalBounce{$Temp}++;
299		} else {
300		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
301		$ForeignBounce{$Temp}++;
302		}
303		} elsif ( ($Relay,$Dest) = ($ThisLine =~ m/reject: RCPT from ([^ ]): 554 <([^ ])>.* Relay access denied.* to=([^ ]*)/) ) {
304		# print "reject: " . $ThisLine . "\n";
305		# print "Relay :" . $Relay . " to " . $Dest . "\n";
306		$Temp = "From " . $Relay . " to " . $Dest;
307		$RelayDenied{$Temp}++;
308		} elsif ( ($User,$From) = ($ThisLine =~ /^[a-zA-Z0-9]+: uid=([^ ]) from=\<([^ ])>/)) {
309		#Messages sent by user
310		$Temp = $From . " (uid=" . $User . "): ";
311		$SentBy{$Temp}++;
312		} elsif ( ($From) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=<([^ ]*)>, status=expired, returned to sender$/)) {
313		$ReturnedToSender++;
314		} elsif ( (undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: resent-message-id=<([^ ]*)>$/)) {
315		$ResentMessages++;
316		} elsif (
317		($Command,$Host) = ($ThisLine =~ /lost connection after ([^ ]) from ([^ ])$/) or
318		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: lost connection with ([^ ]) while (.)$/)
319		) {
320		# Make some better summary with hosts
321		$ConnectionLost{$Command}++;
322		} elsif (
323		($Command,$Host) = ($ThisLine =~ /timeout after ([^ ]) from ([^ ])$/) or
324		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: conversation with ([^ ]) timed out while (.)$/)
325		) {
326		# Make some better summary with hosts
327		$ConnectionLost{$Command}++;
328		} elsif ( ($Rejected,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
329		$HeaderReject{$Reason}{$Rejected}++;
330		} elsif ( ($Warning,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
331		$HeaderWarning{$Reason}{$Warning}++;
332		} elsif ( ($Warning,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]*>)?$/)) {
333		$HeaderWarning{"Unknown Reason"}{$Warning}++;
334		} elsif ( (undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=undeliverable $(.)$$/)) {
335		$Undeliverable++;
336		$UndeliverableMsg{$Reason}++;
337		} elsif ( (undef,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=deliverable $(.)$$/)) {
338		$Deliverable++;
339		#} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <([^ ]*)>: Sender address rejected: Domain not found;/)) {
340		# $RejectDomain{$Host}++;
341		# above two lines included in generic reject sender on next condition
342		} elsif ( ($Host,$Sender,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Sender address rejected: (.);/)) {
343		$RejectSender{$Reason}{$Host}{$Sender}++;
344		$RejectSenderHost{$Reason}{$Host}++;
345		$RejectSenderReason{$Reason}++;
346		} elsif ( ($Host) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <[^ ]\[[^ ]\]>: Client host rejected: Access denied;/)) {
347		$RejectClientHost{$Host}++;
348		$RejectClients++;
349		} elsif ( ($Host,$Sender,$Recip,$Helo) = ($ThisLine =~ /reject: RCPT from [^ ]\[([^ ])\]: [0-9]+ Client host rejected: cannot find your hostname, \[\d+\.\d+\.\d+\.\d+\]; from=<(.?)> to=<(.?)> proto=\S+ helo=<(.*)>/)) {
350		$RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip}++;
351		$RejectUnknownClientHost{"$Host helo=<$Helo>"}++;
352		$RejectUnknownClients++;
353		} elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Recipient address rejected: (.);/)) {
354		$Temp = "$Host : $Reason";
355		$RejectRecip{$Recip}{$Temp}++;
356		} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 <(.*)>: Sender address rejected: Access denied;/)) {
357		$RejectAddress{$Host}++;
358		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Client host )?\[[^ ]\] blocked using ([^ ]), reason: (.*);/)) {
359		$Temp = "$Host : $Reason";
360		$RejectRBL{$Site}{$Temp}++;
361		$RejectedRBL++;
362		} elsif ( ($Host,$Site) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Sender address \|Client host )?\[[^ ]\] blocked using ([^ ]);/)) {
363		$RejectRBL{$Site}{$Host}++;
364		$RejectedRBL++;
365		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /warning: ([^ ]): RBL lookup error: Name service error for \d+\.\d+\.\d+\.\d+\.([^ ]): (.*)$/)) {
366		$Temp = "$Host : $Reason";
367		$RBLError{$Site}{$Temp}++;
368		$ErrorRBL++;
369		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /discard: RCPT from ([^ ]\[[^ ]\]): ([^ ]): ([^;]);/)) {
370		$Discarded{$Site}{$Reason}++;
371		} elsif ( (undef,undef,$Error) = ($ThisLine =~ /warning: ([^ ]): hostname ([^ ]) verification failed: (.*)$/)) {
372		$HostnameVerification{$Error}++;
373		} elsif ( $ThisLine =~ /^[a-zA-Z0-9]+: removed\s*$/) {
374		$RemovedFromQueue++;
375		} elsif ( ($Host) = ($ThisLine =~ /^[a-zA-Z0-9]+: enabling PIX <CRLF>.<CRLF> workaround for ([^ ]\[[^ ]\])$/)) {
376		$PixWorkaround{$Host}++;
377		} elsif ( ($Message) = ($ThisLine =~ /warning: valid_hostname: (.*)$/)) {
378		$ValidHostname{$Message}++;
379		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (greeted me with my own hostname [^ ]*)$/)) {
380		$HeloError{$Error}{$Host}++;
381		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (replied to HELO\/EHLO with my own hostname [^ ]*)$/)) {
382		$HeloError{$Error}{$Host}++;
383		} elsif ( ($Host,$Error) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): \d+ <.>: (Helo command rejected: .);/)) {
384		$HeloError{$Error}{$Host}++;
385		} elsif ( ($Error,$Host) = ($ThisLine =~ /(bad size limit "$[^ ]$" in EHLO reply) from ([^ ]\[[^ ]*\])$/)) {
386		$HeloError{$Error}{$Host}++;
387		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: Illegal address syntax from ([^ ]\[[^ ]\]) in ([^ ]*) command:/)) {
388		$IllegalAddressSyntax{$Command}{$Host}++;
389		} elsif ( ($Error) = ($ThisLine =~ /warning: mailer loop: (.*)$/)) {
390		$MailerLoop{$Error}++;
391		} elsif ( ($Host) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]): SASL .* authentication failed/)) {
392		$SaslAuthenticationFail{$Host}++;
393		} elsif (
394		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), .* sasl_username=([^ ]*)$/) or
395		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), sasl_sender=([^ ]*)$/)
396		) {
397		chomp($User);
398		$SaslAuth{$Host}{$User}++;
399		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established from ([^ ]\[[^ ]\]):/)) {
400		$TLSconnectFrom{$Host}++;
401		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established to ([^ ]*):/)) {
402		$TLSconnectTo{$Host}++;
403		} elsif ( ($Cert) = ($ThisLine =~ /^Unverified: (.*)/)) {
404		$TLSunverified{$Cert}++;
405		} elsif ( ($Domain) = ($ThisLine =~ /warning: malformed domain name in resource data of MX record (.*)$/)) {
406		$MxError{$Domain}++;
407		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]) sent .* header instead of ([^ ]*) command: /)) {
408		$Error = "Sent message header instead of $Command command";
409		$SmtpConversationError{$Error}{$Host}++;
410		} elsif (
411		($ThisLine =~ m/warning: smtp_connect_addr: socket: Address family not supported by protocol/) or
412		($ThisLine =~ m/warning: smtp_addr_one: unknown address family \d for [^ ]*/)
413		) {
414		$UnsupportedFamily++;
415		} elsif (
416		($ThisLine =~ m/(lookup \|)table has changed -- exiting$/) or
417		($ThisLine =~ m/table ([^ ]*) has changed -- restarting$/)
418		) {
419		$TableChanged++;
420		} elsif (
421		($ThisLine =~ m/^fatal: [^ ]*$\d+$: Message file too big$/) or
422		($ThisLine =~ m/^warning: [a-zA-Z0-9]+: queue file size limit exceeded$/) or
423		($ThisLine =~ m/^warning: uid=\d+: File too large$/)
424		) {
425		$QueueSizeExceeded++;
426		} elsif ( ($Command,$Host) = ($ThisLine =~ /too many errors after ([^ ]) from ([^ ]\[[^ ]*\])$/)) {
427		$TooManyErrors{$Command}{$Host}++;
428		} elsif ( (undef,undef,$To) = ($ThisLine =~ /^reject: RCPT from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; from=<([^ ])> to=<([^ ])>$/)) {
429		$SizeLimit{"$From -> $To"}++;
430		} elsif ( ($Server) = ($ThisLine =~ /^NOQUEUE: reject: MAIL from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; proto=[^ ]* helo=<[^ ]*>$/)) {
431		$SizeLimit{"MAIL from $Server"}++;
432		} elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([a-zA-Z0-9\/]+)$/)) {
433		$DatabaseGeneration{$Source}++;
434		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [a-zA-Z0-9]+: write queue file: (.*)$/)) {
435		$QueueWriteError{$Reason}++;
436		} elsif ( ($Reason) = ($ThisLine =~ /^warning: open active [a-zA-Z0-9]+: (.*)$/)) {
437		$QueueWriteError{"open active: $Reason"}++;
438		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_corrupt: save corrupt file queue active id [a-zA-Z0-9]+: (.*)$/)) {
439		$QueueWriteError{"active corrupt: $Reason"}++;
440		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_done_3_generic: remove [a-zA-Z0-9]+ from active: (.*)$/)) {
441		$QueueWriteError{"remove active: $Reason"}++;
442		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [^ ]*\/[a-zA-Z0-9]+: (Error writing message file)$/)) {
443		$MessageWriteError{$Reason}++;
444		} elsif ( $ThisLine =~ /reject: RCPT from [^ ]\[[^ ]\]: \d+ Insufficient system storage; from=<.> to=<.>/) {
445		$NoFreeSpace++;
446		} elsif ( ($Process,$Status) = ($ThisLine =~ /^warning: process ([^ ]*) pid \d+ exit status (\d+)$/)) {
447		$ProcessExit{$Status}{$Process}++;
448		} elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ ]): (.)$/)) {
449		$ConfigError{$Option}{$Reason}++;
450		} elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) {
451		# keep this as the next to last condition
452		$UnknownWarnings{$Warn}++;
453		} else {
454		push @OtherList,$ThisLine;
455		}
456		}
457
458		##################################################################
459
460		if ($NoFreeSpace > 0) {
461		print "\nWARNING!!!\n";
462		print "Insufficient system storage error $NoFreeSpace Time(s)\n";
463		}
464
465		if ($MsgsSent > 0) {
466		print "\n\n$BytesTransferred bytes transferred";
467		print "\n$MsgsSent messages sent";
468		}
469
470		if ($FourHourReturns > 0) {
471		print "\n$FourHourReturns messages returned after 4 hours";
472		}
473
474		if ($Deliverable > 0) {
475		print "\n$Deliverable messages accepted as deliverable";
476		}
477
478		if ($Undeliverable > 0) {
479		print "\n$Undeliverable messages rejected as undeliverable";
480		}
481
482		if ($ReturnedToSender >0) {
483		print "\n$ReturnedToSender messages expired and returned to sender";
484		}
485
486		if ($ResentMessages > 0) {
487		print "\n$ResentMessages resent messages";
488		}
489
490		if ($RemovedFromQueue > 0) {
491		print "\n$RemovedFromQueue messages removed from queue";
492		}
493
494		if ($QueueSizeExceeded > 0) {
495		print "\n$QueueSizeExceeded messages exceeded queue or message file size limit and removed";
496		}
497
498		if ($TableChanged > 0) {
499		print "\n$TableChanged exited after table change detection";
500		}
501
502		if ($UnsupportedFamily > 0) {
503		print "\nUnknown address family $UnsupportedFamily Time(s)\n";
504		}
505
506		if (keys %ConfigError) {
507		print "\n\nWARNING!!!\n";
508		print "Configuration Errors:\n";
509		foreach $Option (sort {$a cmp $b} keys %ConfigError) {
510		print " Option: $Option\n";
511		foreach $Reason (sort {$a cmp $b} keys %{$ConfigError{$Option}} ) {
512		print " $Reason: $ConfigError{$Option}{$Reason} Time(s)\n";
513		}
514		}
515		}
516
517		if (keys %QueueWriteError) {
518		if ($Detail >= 5) {
519		print "\n\nError writing queue file:\n";
520		foreach $Reason (sort {$a cmp $b} keys %QueueWriteError) {
521		print " $Reason : $QueueWriteError{$Reason} Time(s)\n";
522		}
523		}
524		else {
525		$n=0;
526		foreach $Reason (keys %QueueWriteError) {
527		$n+=$QueueWriteError{$Reason};
528		}
529		print "\n\nError writing queue file: $n Time(s)";
530		}
531		}
532
533		if (keys %MessageWriteError) {
534		if ($Detail >= 5) {
535		print "\n\nError writing message file:\n";
536		foreach $Reason (sort {$a cmp $b} keys %MessageWriteError) {
537		print " $Reason : $MessageWriteError{$Reason} Time(s)\n";
538		}
539		}
540		else {
541		$n=0;
542		foreach $Reason (keys %MessageWriteError) {
543		$n+=$MessageWriteError{$Reason};
544		}
545		print "\n\nError writing message file: $n Time(s)";
546		}
547		}
548
549		if (keys %DatabaseGeneration) {
550		if ($Detail >= 5) {
551		print "\n\nDatabase files are not up-to-date (propably rehash is needed):\n";
552		foreach $Source (sort {$a cmp $b} keys %DatabaseGeneration) {
553		print " $Source : $DatabaseGeneration{$Source} Time(s)\n";
554		}
555		}
556		else {
557		$n=0;
558		$fn=scalar(keys %DatabaseGeneration);
559		foreach $Source (keys %DatabaseGeneration) {
560		$n+=$DatabaseGeneration{$Source};
561		}
562		print "\n\nDatabase files are not up-to-date (propably rehash is needed): $fn File(s), $n Time(s)";
563		}
564		}
565
566		if (keys %PixWorkaround) {
567		if ($Detail >= 5) {
568		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for:\n";
569		foreach $Host (sort {$a cmp $b} keys %PixWorkaround) {
570		print " $Host : $PixWorkaround{$Host} Time(s)\n";
571		}
572		}
573		else {
574		$n=0;
575		$hn=scalar(keys %PixWorkaround);
576		foreach $Host (keys %PixWorkaround) {
577		$n+=$PixWorkaround{$Host};
578		}
579		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for: $hn Host(s), $n Time(s)";
580		}
581		}
582
583		if (($Detail >=5) and (keys %SentBy)) {
584		print "\n\nTop ten senders:\n";
585		foreach $ThisSender (sort {$a cmp $b} keys %SentBy) {
586		$ThisNumber = $SentBy{$ThisSender};
587		push(@{$ThisIsNumber{$ThisNumber}}, $ThisSender);
588		}
589		my $ListRank = 10;
590		foreach $SenderRank (sort {$b <=> $a} keys %ThisIsNumber) {
591		last unless ($ListRank > 0);
592		print " $SenderRank messages sent by:\n";
593		foreach $ThisSender (@{$ThisIsNumber{$SenderRank}}) {
594		last unless ($ListRank > 0);
595		$ListRank--;
596		print" $ThisSender\n";
597		}
598		}
599		}
600
601		if (keys %UnknownUsers) {
602		if ($Detail >= 10) {
603		print "\n\nUnknown users:\n";
604		foreach $ThisOne (sort {$a cmp $b} keys %UnknownUsers) {
605		print " $ThisOne : $UnknownUsers{$ThisOne} Time(s)\n";
606		}
607		}
608		else {
609		$n=0;
610		$un=scalar(keys %UnknownUsers);
611		foreach $ThisOne (keys %UnknownUsers) {
612		$n+=$UnknownUsers{$ThisOne};
613		}
614		print "\n\nUnknown users: $un, $n Time(s)";
615		}
616		}
617
618		if (keys %SaslAuthenticationFail) {
619		if ($Detail >= 5) {
620		print "\n\nSASL Authentication failed from:\n";
621		foreach $Host (sort {$a cmp $b} keys %SaslAuthenticationFail) {
622		print " $Host : $SaslAuthenticationFail{$Host} Time(s)\n";
623		}
624		}
625		else {
626		$n=0;
627		$hn=scalar(keys %SaslAuthenticationFail);
628		foreach $Host (keys %SaslAuthenticationFail) {
629		$n+=$SaslAuthenticationFail{$Host};
630		}
631		print "\n\nSASL Authentication failed from: $hn Host(s), $n Time(s)";
632		}
633		}
634
635		if (keys %SaslAuth) {
636		if ($Detail >= 5) {
637		print "\n\nSASL Authenticated messages from:\n";
638		foreach $Host (sort {$a cmp $b} keys %SaslAuth) {
639		if ($Detail >= 10) {
640		print " $Host:\n";
641		foreach $User (sort {$a cmp $b} keys %{$SaslAuth{$Host}} ) {
642		print " sasluser $User : $SaslAuth{$Host}{$User} Times(s)\n";
643		}
644		}
645		else {
646		$n=0;
647		foreach $User (keys %{$SaslAuth{$Host}} ) {
648		$n+=$SaslAuth{$Host}{$User};
649		}
650		print " $Host: $n Time(s)\n";
651		}
652		}
653		}
654		else {
655		$n=0;
656		$hn=scalar(keys %SaslAuth);
657		foreach $Host (keys %SaslAuth) {
658		foreach $User (keys %{$SaslAuth{$Host}} ) {
659		$n+=$SaslAuth{$Host}{$User};
660		}
661		}
662		print "\n\nSASL Authenticated messages from: $hn Host(s), $n Time(s)";
663		}
664		}
665
666		if (keys %TLSconnectFrom) {
667		if ($Detail >= 5) {
668		print "\n\nTLS Connections from:\n";
669		foreach $Host (sort {$a cmp $b} keys %TLSconnectFrom) {
670		print " $Host : $TLSconnectFrom{$Host} Time(s)\n";
671		}
672		}
673		else {
674		$n=0;
675		$hn=scalar(keys %TLSconnectFrom);
676		foreach $Host (keys %TLSconnectFrom) {
677		$n+=$TLSconnectFrom{$Host};
678		}
679		print "\n\nTLS Connections from: $hn Host(s), $n Time(s)";
680		}
681		}
682
683		if (keys %TLSconnectTo) {
684		if ($Detail >= 5) {
685		print "\n\nTLS Connections to:\n";
686		foreach $Host (sort {$a cmp $b} keys %TLSconnectTo) {
687		print " $Host : $TLSconnectTo{$Host} Time(s)\n";
688		}
689		}
690		else {
691		$n=0;
692		$hn=scalar(keys %TLSconnectTo);
693		foreach $Host (keys %TLSconnectTo) {
694		$n=$TLSconnectTo{$Host};
695		}
696		print "\n\nTLS Connections to: $hn Host(s), $n Time(s)";
697		}
698		}
699
700		if (keys %TLSunverified) {
701		if ($Detail >= 5) {
702		print "\n\nUnverified TLS certificates:\n";
703		foreach $Cert (sort {$a cmp $b} keys %TLSunverified) {
704		print " $Cert : $TLSunverified{$Cert} Time(s)\n";
705		}
706		}
707		else {
708		$n=0;
709		$cn=scalar(keys %TLSunverified);
710		foreach $Cert (keys %TLSunverified) {
711		$n+=$TLSunverified{$Cert};
712		}
713		print "\n\nUnverified TLS certificates: $cn, $n Time(s)";
714		}
715		}
716
717		if (keys %RelayDenied) {
718		if ($Detail >= 5) {
719		print "\n\nRelaying denied:\n";
720		foreach $ThisOne (sort {$a cmp $b} keys %RelayDenied) {
721		print " $ThisOne : $RelayDenied{$ThisOne} Time(s)\n";
722		}
723		}
724		else {
725		$n=0;
726		foreach $ThisOne (keys %RelayDenied) {
727		$n+=$RelayDenied{$ThisOne};
728		}
729		print "\n\nRelaying denied: $n Time(s)";
730		}
731		}
732
733		if (keys %SizeLimit) {
734		if ($Detail >= 5) {
735		print "\n\nMessage size exceeds fixed limit:\n";
736		foreach $Message (sort {$a cmp $b} keys %SizeLimit) {
737		print " $Message: $SizeLimit{$Message} Time(s)\n";
738		}
739		}
740		else {
741		$n=0;
742		$mn=scalar(keys %SizeLimit);
743		foreach $Message (keys %SizeLimit) {
744		$n+=$SizeLimit{$Message};
745		}
746		print "\n\nMessage size exceeds fixed limit: $mn Message(s), $n Time(s)";
747		}
748		}
749
750		if (keys %LocalBounce) {
751		if ($Detail >= 5) {
752		print "\n\nLocal Bounce:\n";
753		foreach $ThisOne (sort {$a cmp $b} keys %LocalBounce) {
754		print " $ThisOne : $LocalBounce{$ThisOne} Time(s)\n";
755		}
756		}
757		else {
758		$n=0;
759		$bn=scalar(keys %LocalBounce);
760		foreach $ThisOne (keys %LocalBounce) {
761		$n+=$LocalBounce{$ThisOne};
762		}
763		print "\n\nLocal Bounces: $bn, $n Time(s)";
764		}
765		}
766
767		if (keys %ForeignBounce) {
768		if ($Detail >= 5) {
769		print "\n\nForeign Bounce:\n";
770		foreach $ThisOne (sort {$a cmp $b} keys %ForeignBounce) {
771		print " $ThisOne : $ForeignBounce{$ThisOne} Time(s)\n";
772		}
773		}
774		else {
775		$n=0;
776		$bn=scalar(keys %ForeignBounce);
777		foreach $ThisOne (keys %ForeignBounce) {
778		$n+=$ForeignBounce{$ThisOne};
779		}
780		print "\n\nForeign Bounce: $bn, $n Time(s)";
781		}
782		}
783
784		if (keys %HeaderReject) {
785		if ($Detail >= 10) {
786		print "\n\nHeader content reject:\n";
787		foreach $Reason (sort {$a cmp $b} keys %HeaderReject) {
788		print " $Reason:";
789		foreach $Rejected (sort {$a cmp $b} keys %{$HeaderReject{$Reason}} ) {
790		print " $Rejected : $HeaderReject{$Reason}{$Rejected} Time(s)\n";
791		}
792		}
793		}
794		else {
795		$n=0;
796		$rn=scalar(keys %HeaderReject);
797		foreach $Reason (keys %HeaderReject) {
798		foreach $Rejected (keys %{$HeaderReject{$Reason}} ) {
799		$n+=$HeaderReject{$Reason}{$Rejected};
800		}
801		}
802		print "\n\nHeader content rejected: $rn Reason(s), $n Time(s)";
803		}
804		}
805
806		if (keys %HeaderWarning) {
807		if ($Detail >= 10) {
808		print "\n\nHeader content warning (but passed):\n";
809		foreach $Reason (sort {$a cmp $b} keys %HeaderWarning) {
810		print " $Reason:";
811		foreach $Warning (sort {$a cmp $b} keys %{$HeaderWarning{$Reason}} ) {
812		print " $Warning : $HeaderWarning{$Reason}{$Warning} Time(s)\n";
813		}
814		}
815		}
816		else {
817		$n=0;
818		$rn=scalar(keys %HeaderWarning);
819		foreach $Reason (keys %HeaderWarning) {
820		foreach $Warning (keys %{$HeaderWarning{$Reason}} ) {
821		$n+=$HeaderWarning{$Reason}{$Warning};
822		}
823		}
824		print "\n\nHeader content warning (but passed): $rn Reason(s), $n Time(s)";
825		}
826		}
827
828		if ($RejectClients > 0) {
829		if ($Detail >= 5) {
830		print "\n\nClient hosts rejected $RejectClients Time(s)\n";
831		foreach $Host (sort {$a cmp $b} keys %RejectClientHost) {
832		print " $Host $RejectClientHost{$Host} Time(s)\n";
833		}
834		}
835		else {
836		$n=0;
837		foreach $Host (keys %RejectClientHost) {
838		$n++;
839		}
840		print "\n\nClient hosts rejected $RejectClients Time(s): $n Host(s)";
841		}
842		}
843
844		if ($RejectUnknownClients > 0) {
845		if ($Detail >= 10) {
846		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
847		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClient) {
848		print " $Host\n";
849		foreach $Helo (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}}) {
850		print " helo=<$Helo>\n";
851		foreach $Sender (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}}) {
852		foreach $Recip (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}{$Sender}}) {
853		print " $Sender -> $Recip $RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip} Time(s)\n";
854		}
855		}
856		}
857		}
858		}
859		elsif ($Detail >= 5) {
860		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
861		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClientHost) {
862		print " $Host $RejectUnknownClientHost{$Host} Time(s)\n";
863		}
864		}
865		else {
866		$n=0;
867		foreach $Host (keys %RejectUnknownClientHost) {
868		$n++;
869		}
870		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s): $n Host(s)";
871		}
872		}
873
874		if (($Detail >= 10) and (keys %UndeliverableMsg)) {
875		print "\n\nUndeliverable messages rejected:\n";
876		foreach $Reason (sort {$a cmp $b} keys %UndeliverableMsg) {
877		print " $Reason: $UndeliverableMsg{$Reason} Time(s)\n";
878		}
879		}
880
881		if (keys %RejectSender) {
882		print "\n\nMessages rejected:\n";
883		foreach $Reason (sort {$a cmp $b} keys %RejectSender) {
884		if ($Detail >= 5) {
885		print " $Reason $RejectSenderReason{$Reason} Time(s)\n";
886		foreach $Host (sort {$a cmp $b} keys %{$RejectSender{$Reason}} ) {
887		print " $Host $RejectSenderHost{$Reason}{$Host} Time(s)\n";
888		if ($Detail >= 10) {
889		foreach $Sender (sort {$a cmp $b} keys %{$RejectSender{$Reason}{$Host}}) {
890		print " $Sender : $RejectSender{$Reason}{$Host}{$Sender} Time(s)\n";
891		}
892		}
893		}
894		}
895		else {
896		$n=0;
897		$hn=scalar(keys %{$RejectSender{$Reason}});
898		print " $Reason: $hn Host(s), $RejectSenderReason{$Reason} Time(s)\n";
899		}
900		}
901		}
902
903		if (keys %RejectRecip) {
904		if ($Detail >= 5) {
905		print "\n\nMessages rejected to recipient:\n";
906		foreach $Recip (sort {$a cmp $b} keys %RejectRecip) {
907		print " $Recip:\n";
908		foreach $Host (sort {$a cmp $b} keys %{$RejectRecip{$Recip}} ) {
909		print " $Host : $RejectRecip{$Recip}{$Host} Time(s)\n";
910		}
911		}
912		}
913		else {
914		$n=0;
915		$rn=scalar(keys %RejectRecip);
916		foreach $Recip (keys %RejectRecip) {
917		foreach $Host (keys %{$RejectRecip{$Recip}} ) {
918		$n+=$RejectRecip{$Recip}{$Host};
919		}
920		}
921		print "\n\nMessages rejected to: $rn Recipient(s), $n Time(s)";
922		}
923		}
924
925		if (keys %RejectAddress) {
926		if ($Detail >= 5) {
927		print "\n\nRejected sender address from:\n";
928		foreach $Host (sort {$a cmp $b} keys %RejectAddress) {
929		print " $Host : $RejectAddress{$Host} Time(s)\n";
930		}
931		}
932		else {
933		$n=0;
934		$hn=scalar(keys %RejectAddress);
935		foreach $Host (keys %RejectAddress) {
936		$n+=$RejectAddress{$Host};
937		}
938		print "\n\nRejected sender address from: $hn Host(s), $n Time(s)";
939		}
940		}
941
942		if (keys %RejectRBL) {
943		print "\n\nMessages rejected using Anti-Spam site $RejectedRBL Time(s)\n";
944		foreach $Site (sort {$a cmp $b} keys %RejectRBL) {
945		$count = 0;
946		# okay there is probably a more efficient way to get this total
947		# than walking the container again, but my perl is weak
948		# and I want to know which list are working the best so I can
949		# put them at the top of the checking order in my configuration
950		foreach $Host ( keys %{$RejectRBL{$Site}} ) {
951		$count = $count + $RejectRBL{$Site}{$Host};
952		}
953		if ($Detail >= 5) {
954		print " $Site identified $count spam messages:\n";
955		foreach $Host (sort {$a cmp $b} keys %{$RejectRBL{$Site}} ) {
956		print " $Host : $RejectRBL{$Site}{$Host} Time(s)\n";
957		}
958		}
959		else {
960		print " $Site identified $count spam messages.\n";
961		}
962		}
963		}
964
965		if (keys %RBLError) {
966		if ($Detail >= 5) {
967		print "\n\nRBL lookup errors $ErrorRBL Time(s)\n";
968		foreach $Site (sort {$a cmp $b} keys %RBLError) {
969		print " $Site\n";
970		if ($Detail >= 10) {
971		foreach $Error (sort {$a cmp $b} keys %{$RBLError{$Site}} ) {
972		print " $Error : $RBLError{$Site}{$Error} Time(s)\n";
973		}
974		}
975		}
976		}
977		else {
978		$n=0;
979		$hn=scalar(keys %RBLError);
980		print "\n\nRBL lookup errors for $hn Host(s), $ErrorRBL Time(s)";
981		}
982		}
983
984		if (keys %Discarded) {
985		if ($Detail >= 5) {
986		print "\n\nDiscarded messages:\n";
987		foreach $Recipient (sort {$a cmp $b} keys %Discarded) {
988		print " $Recipient\n";
989		foreach $Reason (sort {$a cmp $b} keys %{$Discarded{$Recipient}} ) {
990		print " $Reason : $Discarded{$Recipient}{$Reason} Time(s)\n";
991		}
992		}
993		}
994		else {
995		$n=0;
996		$rn=scalar(keys %Discarded);
997		foreach $Recipient (keys %Discarded) {
998		foreach $Reason (keys %{$Discarded{$Recipient}} ) {
999		$n+=$Discarded{$Recipient}{$Reason};
1000		}
1001		}
1002		print "\n\nDiscarded messages to: $rn Recipient(s), $n Time(s)";
1003		}
1004		}
1005
1006		if (keys %AuthWarns) {
1007		print "\n\nAuthentication warnings:\n";
1008		foreach $ThisOne (sort {$a cmp $b} keys %AuthWarns) {
1009		print " $ThisOne : $AuthWarns{$ThisOne} Time(s)\n";
1010		}
1011		}
1012
1013		if (keys %ForwardErrors) {
1014		print "\n\nForwarding errors:\n";
1015		foreach $ThisOne (sort {$a cmp $b} keys %ForwardErrors) {
1016		print " $ThisOne : $ForwardErrors{$ThisOne} Time(s)\n";
1017		}
1018		}
1019
1020		if (($Detail >= 10) and (keys %SmtpConversationError)) {
1021		print "\n\nSMTP commands dialog errors:\n";
1022		foreach $Error (sort {$a cmp $b} keys %SmtpConversationError) {
1023		print " $Error:\n";
1024		foreach $Host (sort {$a cmp $b} keys %{$SmtpConversationError{$Error}} ) {
1025		print " $Host : $SmtpConversationError{$Error}{$Host} Time(s)\n";
1026		}
1027		}
1028		}
1029
1030		if (keys %TooManyErrors) {
1031		if ($Detail >= 5) {
1032		print "\n\nToo many errors in SMTP commands dialog:\n";
1033		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1034		print " After command $Command:\n";
1035		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1036		print " $Host : $TooManyErrors{$Command}{$Host} Time(s)\n";
1037		}
1038		}
1039		}
1040		else {
1041		$n=0;
1042		$cn=scalar(keys %TooManyErrors);
1043		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1044		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1045		$n+=$TooManyErrors{$Command}{$Host};
1046		}
1047		}
1048		print "\n\nToo many errors in SMTP commands dialog: $cn Command(s), $n Time(s)";
1049		}
1050		}
1051
1052		if (keys %ConnectionLost) {
1053		print "\n\nConnections lost:\n";
1054		foreach $ThisOne (sort {$a cmp $b} keys %ConnectionLost) {
1055		print " Connection lost while $ThisOne : $ConnectionLost{$ThisOne} Time(s)\n";
1056		}
1057		}
1058
1059		if (keys %MxError) {
1060		if ($Detail >= 10) {
1061		print "\n\nMalformed domain name in resource data of MX record:\n";
1062		foreach $Domain (sort {$a cmp $b} keys %MxError) {
1063		print " $Domain : $MxError{$Domain} Time(s)\n";
1064		}
1065		}
1066		else {
1067		$n=0;
1068		$dn=scalar(keys %MxError);
1069		foreach $Domain (keys %MxError) {
1070		$n+=$MxError{$Domain};
1071		}
1072		print "\n\nMalformed domain name in resource data of MX record: $dn Domain(s), $n Time(s)";
1073		}
1074		}
1075
1076		if (%IllegalAddressSyntax) {
1077		print "\n\nIllegal address syntax:\n";
1078		foreach $Command (sort {$a cmp $b} keys %IllegalAddressSyntax) {
1079		if ($Detail >= 5) {
1080		print " In command $Command from:\n";
1081		foreach $Host (sort {$a cmp $b} keys %{$IllegalAddressSyntax{$Command}} ) {
1082		print " $Host : $IllegalAddressSyntax{$Command}{$Host} Time(s)\n";
1083		}
1084		}
1085		else {
1086		$n=0;
1087		$hn=scalar(keys %{$IllegalAddressSyntax{$Command}});
1088		foreach $Host (keys %{$IllegalAddressSyntax{$Command}}) {
1089		$n+=$IllegalAddressSyntax{$Command}{$Host};
1090		}
1091		print " In command $Command from: $hn Host(s), $n Time(s)\n";
1092		}
1093		}
1094		}
1095
1096		if (keys %HostnameVerification) {
1097		if ($Detail >= 2) {
1098		print "\n\nHostname verification errors:\n";
1099		foreach $Error (sort {$a cmp $b} keys %HostnameVerification) {
1100		print " $Error : $HostnameVerification{$Error} Time(s)\n";
1101		}
1102		}
1103		else{
1104		$n=0;
1105		$en=scalar(keys %HostnameVerification);
1106		foreach $Error (keys %HostnameVerification) {
1107		$n+=$HostnameVerification{$Error};
1108		}
1109		print "\n\nHostname verification errors: $en Error(s), $n Time(s)";
1110		}
1111		}
1112
1113		if (keys %MailerLoop) {
1114		print "\n\nMailer Loop:\n";
1115		foreach $Error (sort {$a cmp $b} keys %MailerLoop) {
1116		print " $Error : $MailerLoop{$Error} Time(s)\n";
1117		}
1118		}
1119
1120		if (keys %ValidHostname) {
1121		if ($Detail >= 2) {
1122		print "\n\nHostname validation errors:\n";
1123		foreach $Message (sort {$a cmp $b} keys %ValidHostname) {
1124		print " $Message : $ValidHostname{$Message} Time(s)\n";
1125		}
1126		}
1127		else{
1128		$n=0;
1129		$mn=scalar(keys %ValidHostname);
1130		foreach $Message (keys %ValidHostname) {
1131		$n+=$ValidHostname{$Message};
1132		}
1133		print "\n\nHostname validation errors: $mn Message(s), $n Time(s)";
1134		}
1135		}
1136
1137		if (keys %HeloError) {
1138		print "\n\nErrors in HELO/EHLO conversation:\n";
1139		foreach $Error (sort {$a cmp $b} keys %HeloError) {
1140		if ($Detail >= 5) {
1141		print " $Error:\n";
1142		foreach $Host (sort {$a cmp $b} keys %{$HeloError{$Error}} ) {
1143		print " $Host : $HeloError{$Error}{$Host} Time(s)\n";
1144		}
1145		}
1146		else {
1147		$n=0;
1148		$hn=scalar(keys %{$HeloError{$Error}});
1149		foreach $Host (keys %{$HeloError{$Error}} ) {
1150		$n+=$HeloError{$Error}{$Host};
1151		}
1152		print " $Error: from $hn Host(s), $n Time(s)\n";
1153		}
1154		}
1155		}
1156
1157		if (keys %ProcessExit) {
1158		print "\n\nProcess exited:\n";
1159		foreach $Status (sort {$a cmp $b} keys %ProcessExit) {
1160		print " Exit status $Status:\n";
1161		foreach $Process (sort {$a cmp $b} keys %{$ProcessExit{$Status}} ) {
1162		print " $Process: $ProcessExit{$Status}{$Process} Time(s)\n";
1163		}
1164		}
1165		}
1166
1167		if (keys %UnknownWarnings) {
1168		print "\n\nUnrecognized warning:\n";
1169		foreach $ThisOne (sort {$a cmp $b} keys %UnknownWarnings) {
1170		print " $ThisOne : $UnknownWarnings{$ThisOne} Time(s)\n";
1171		}
1172		}
1173
1174		if ($#OtherList >= 0) {
1175		print "\n\nUnmatched Entries\n\n";
1176		print @OtherList;
1177		}
1178
1179		exit(0);
1180
1181		# vi: shiftwidth=3 tabstop=3 syntax=perl et
1182

+0

-1186

~~scripts/services/.#postfix.1.21~~ less more

0
1		##########################################################################
2		# $Id: postfix,v 1.21 2005/08/23 23:54:38 mike Exp $
3		##########################################################################
4		# $Log: postfix,v $
5		# Revision 1.21 2005/08/23 23:54:38 mike
6		# Fixed typo propably from Roland Hermans -mgt
7		#
8		# Revision 1.20 2005/07/25 22:26:28 bjorn
9		# Added "Sender address" to "554 Service unavailable" regexp, by Who Knows
10		#
11		# Revision 1.19 2005/04/22 13:48:28 bjorn
12		# This patch catches (un)deliverable messages and many more, which were
13		# missing until now on mu new postfix-2.1.*, from Paweł Gołaszewski
14		#
15		# Revision 1.18 2005/04/17 23:12:28 bjorn
16		# Patches from Peter Bieringer and Willi Mann: ignoring more lines and
17		# some blank spaces
18		#
19		# Revision 1.17 2005/02/24 17:08:05 kirk
20		# Applying consolidated patches from Mike Tremaine
21		#
22		# Revision 1.7 2005/02/16 00:43:28 mgt
23		# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
24		#
25		# Revision 1.6 2005/02/13 23:50:42 mgt
26		# Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt
27		#
28		# Revision 1.5 2004/10/06 21:42:53 mgt
29		# patches from Pawel quien-sabe -mgt
30		#
31		# Revision 1.4 2004/07/29 19:33:29 mgt
32		# Chmod and removed perl call -mgt
33		#
34		# Revision 1.3 2004/07/10 01:54:35 mgt
35		# sync with kirk -mgt
36		#
37		# Revision 1.13 2004/06/23 15:01:17 kirk
38		# - Added more patches from blues@ds.pg.gda.pl
39		#
40		# Revision 1.12 2004/06/21 14:59:05 kirk
41		# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
42		#
43		# Thanks, as always!
44		#
45		# Revision 1.11 2004/06/21 13:42:02 kirk
46		# From: Matthew Wise <matt@oatsystems.com>
47		# This is more of a suggestion than a true patch submission. On a busy
48		# postfix server the messages sent by section is really long and not
49		# helpful. This patch finds and lists the top 10 senders by bumber of
50		# messages.
51		#
52		# Revision 1.10 2004/06/21 13:41:04 kirk
53		# Patch from rod@nayfield.com
54		#
55		# Revision 1.9.1 2004/02/22 16:44:01 rod
56		# Added patch from rod@nayfield.com
57		#
58		# Revision 1.9 2004/02/03 03:25:02 kirk
59		# Added patch from quien-sabe@metaorg.com
60		#
61		# Revision 1.8 2004/02/03 02:45:26 kirk
62		# Tons of patches, and new 'oidentd' and 'shaperd' filters from
63		# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
64		#
65		# Revision 1.7 2003/12/15 18:35:03 kirk
66		# Tons of patches from blues@ds.pg.gda.pl
67		#
68		# Revision 1.6 2003/12/15 18:09:23 kirk
69		# Added standard vi formatting commands at the bottom of all files.
70		# Applied many patches from blues@ds.pg.gda.pl
71		#
72		# Revision 1.5 2003/12/15 17:45:09 kirk
73		# Added clamAV update log filter from lars@spinn.dk
74		#
75		# Revision 1.4 2003/11/26 14:36:30 kirk
76		# Applied patch from blues@ds.pg.gda.pl
77		#
78		# Revision 1.3 2003/11/18 14:04:05 kirk
79		# More patches from blues@ds.pg.gda.pl
80		#
81		# Revision 1.2 2003/11/18 04:02:21 kirk
82		# Patch from blues@ds.pg.gda.pl
83		#
84		# Revision 1.1 2003/11/03 04:49:18 kirk
85		# Added postfix filter from Sven Conrad <sconrad@receptec.net>
86		#
87		# Revision 1.1 2002/03/29 15:32:14 kirk
88		# Added some filters found in RH's release
89		#
90		#
91		# Revision ??? 2000/07/12 Simon Liddington <sjl@zepler.org>
92		# converted from sendmail to postfix Sven Conrad <scon@gmx.net>
93		# added unknown users
94		# added relay denials
95		# todo:
96		# add authentication warnings
97		# add forward errors
98		# add returns after 4 hours
99		# ignores alias database building
100		# ignores daemon start messages
101		# ignores clone messages
102		# ignores all to= lines whatever follows stat=
103		#
104		#
105		# Revision 1.1 2003/03/21 21:10 sven
106		# Initial revision
107		#
108		# filters all postfix/<process> messages
109		#
110		##########################################################################
111
112		########################################################
113		# This was written and is maintained by:
114		# ??? Kenneth Porter <shiva@well.com> ???
115		# changed by Sven Conrad <scon@gmx.net>
116		#
117		# Please send all comments, suggestions, bug reports,
118		# etc, to ?? shiva@well.com.??
119		# Sven Conrad <scon@gmx.net>
120		#
121		########################################################
122
123		my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
124		my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
125
126		$MsgsSent = 0;
127		$BytesTransferred = 0;
128		$FourHourReturns = 0;
129		$ReturnedToSender = 0;
130		$ResentMessages = 0;
131		$RemovedFromQueue = 0;
132		$UnsupportedFamily = 0;
133		$TableChanged = 0;
134		$QueueSizeExceeded = 0;
135		$RejectedRBL = 0;
136		$ErrorRBL = 0;
137		$NoFreeSpace = 0;
138		$RejectClients = 0;
139		$RejectUnknownClients = 0;
140		$Undeliverable = 0;
141		$Deliverable = 0;
142
143		# The are reject\|reject_warning vars
144		my $UnknownUsers; #h
145		my $RelayDenied; #h
146		my $HeaderReject; #h
147		my $RejectSender; #h
148		my $RejectSenderHost; #h
149		my $RejectSenderReason; #h
150		my $RejectClientHost; #h
151		my $RejectClients; #h
152		my $RejectUnknownClient; #h
153		my $RejectUnknownClientHost; #h
154		my $RejectUnknownClients; #v
155		my $RejectRecip; #h
156		my $RejectAddress; #h
157		my $RejectRBL; #h
158		my $RejectedRBL; #v
159		my $HeloError; #h
160		my $SizeLimit; #h
161		my $NoFreeSpace; #h
162
163		# Now the rejectHashes
164		# vim regex: s/\$$.*$\#h/\%Reject_\1/
165		# and: s/\$$.*$\#v/\$Reject_\1/
166		# apply to above
167		my %Reject_UnknownUsers;
168		my %Reject_RelayDenied;
169		my %Reject_HeaderReject;
170		my %Reject_RejectSender;
171		my %Reject_RejectSenderHost;
172		my %Reject_RejectSenderReason;
173		my %Reject_RejectClientHost;
174		my %Reject_RejectClients;
175		my %Reject_RejectUnknownClient;
176		my %Reject_RejectUnknownClientHost;
177		my $Reject_RejectUnknownClients;
178		my %Reject_RejectRecip;
179		my %Reject_RejectAddress;
180		my %Reject_RejectRBL;
181		my $Reject_RejectedRBL;
182		my %Reject_HeloError;
183		my %Reject_SizeLimit;
184		my %Reject_NoFreeSpace;
185
186		# Now the reject_warning
187		# vim regex for above: s/Reject_/RejectWarning_/
188		my %RejectWarning_UnknownUsers;
189		my %RejectWarning_RelayDenied;
190		my %RejectWarning_HeaderReject;
191		my %RejectWarning_RejectSender;
192		my %RejectWarning_RejectSenderHost;
193		my %RejectWarning_RejectSenderReason;
194		my %RejectWarning_RejectClientHost;
195		my %RejectWarning_RejectClients;
196		my %RejectWarning_RejectUnknownClient;
197		my %RejectWarning_RejectUnknownClientHost;
198		my $RejectWarning_RejectUnknownClients;
199		my %RejectWarning_RejectRecip;
200		my %RejectWarning_RejectAddress;
201		my %RejectWarning_RejectRBL;
202		my $RejectWarning_RejectedRBL;
203		my %RejectWarning_HeloError;
204		my %RejectWarning_SizeLimit;
205		my %RejectWarning_NoFreeSpace;
206
207
208
209		while (defined($ThisLine = <STDIN>)) {
210		# Decide whether it's reject or reject_warning
211		my $UnknownUsers; #h
212		my $RelayDenied; #h
213		my $HeaderReject; #h
214		my $RejectSender; #h
215		my $RejectSenderHost; #h
216		my $RejectSenderReason; #h
217		my $RejectClientHost; #h
218		my $RejectClients; #h
219		my $RejectUnknownClient; #h
220		my $RejectUnknownClientHost; #h
221		my $RejectUnknownClients; #v
222		my $RejectRecip; #h
223		my $RejectAddress; #h
224		my $RejectRBL; #h
225		my $RejectedRBL; #v
226		my $HeloError; #h
227		my $SizeLimit; #h
228		my $NoFreeSpace; #h
229
230		if (
231		( $ThisLine =~ m/^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\])\s*$/ ) or
232		( $ThisLine =~ m/^[a-zA-Z0-9]+: message-id/ ) or
233		( $ThisLine =~ m/^[a-zA-Z0-9]+: skipped, still being delivered/ ) or
234		( $ThisLine =~ m/^[a-zA-Z0-9]+: to\=\<.>, relay\=., delay\=[0-9]+, status\=(sent\|deferred)/ ) or
235		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] said: 4[0-9][0-9]/ ) or
236		( $ThisLine =~ m/^[a-zA-Z0-9]+: host [^ ]\[[^ ]\] refused to talk to me: 4[0-9][0-9]/ ) or
237		( $ThisLine =~ m/^Deleted: \d message$/ ) or
238		( $ThisLine =~ m/^Peer certficate could not be verified$/ ) or #postfix typo
239		( $ThisLine =~ m/^Peer certificate could not be verified$/ ) or
240		( $ThisLine =~ m/^Peer verification:/ ) or
241		( $ThisLine =~ m/^SSL_accept error from/ ) or
242		( $ThisLine =~ m/^Verified: / ) or
243		( $ThisLine =~ m/^cert has expired/ ) or
244		( $ThisLine =~ m/^connect/ ) or
245		( $ThisLine =~ m/^daemon started$/ ) or
246		( $ThisLine =~ m/^daemon started -- version / ) or
247		( $ThisLine =~ m/^dict_eval_action:/ ) or
248		( $ThisLine =~ m/^disconnect/ ) or
249		( $ThisLine =~ m/^mynetworks:/ ) or
250		( $ThisLine =~ m/^name_mask:/ ) or
251		( $ThisLine =~ m/^reload configuration/ ) or
252		( $ThisLine =~ m/^setting up TLS connection (from\|to)/ ) or
253		( $ThisLine =~ m/^starting TLS engine$/ ) or
254		( $ThisLine =~ m/^terminating on signal 15$/ ) or
255		( $ThisLine =~ m/^warning: [a-zA-Z0-9]+: skipping further client input$/ ) or
256		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: address not listed for hostname/ ) or
257		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Host not found/ ) or
258		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Name or service not known/ ) or
259		( $ThisLine =~ m/^warning: (?:smtpd_peer_init: )?[\.0-9]+: hostname .* verification failed: Temporary failure in name resolution/ ) or
260		( $ThisLine =~ m/^warning: Mail system is down -- accessing queue directly$/ ) or
261		( $ThisLine =~ m/^warning: SASL authentication failure: Password verification failed$/ ) or
262		( $ThisLine =~ m/^warning: SASL authentication failure: no secret in database$/ ) or
263		( $ThisLine =~ m/^warning: no MX host for .* has a valid A record$/ ) or
264		( $ThisLine =~ m/^warning: numeric domain name in resource data of MX record for .*$/ ) or
265		( $ThisLine =~ m/^warning: premature end-of-input from cleanup socket while reading input attribute name$/ ) or
266		( $ThisLine =~ m/^warning: uid=\d: Broken pipe$/ ) or
267		( $ThisLine =~ m/^verify error:num=/ ) or
268		( $ThisLine =~ m/hold: header Received:/ )
269		or ( $ThisLine =~ m/^statistics: max / )
270		or ( $ThisLine =~ m/: replace: header / )
271		or ( $ThisLine =~ m/: Greylisted for / ) # Greylisting has it's own statistics tool
272		or ( $ThisLine =~ m/certificate verification failed for/o ) # Perhaps a candidate for extended statistics
273		or ( $ThisLine =~ m/Server certificate could not be verified/o ) # Perhaps a candidate for extended statistics
274		or ( $ThisLine =~ m/certificate peer name verification failed/o ) # Perhaps a candidate for extended statistics
275		) {
276		# We don't care about these
277		} elsif ( ($Bytes) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=.size=([0-9]+).$/) ) {
278		$MsgsSent++;
279		$BytesTransferred += $Bytes;
280		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=-?[0-9]+, status\=bounced \(unknown user/)) {
281		# unknown user
282		$UnknownUsers{$User}++;
283		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay\=local, delay\=[0-9]+, status\=bounced \(user unknown/)) {
284		# unknown user ( alias to \|"exit 67" in aliases table )
285		$UnknownUsers{$User}++;
286		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>: User unknown in virtual mailbox table;/)) {
287		# unknown virtual user
288		$UnknownUsers{$User}++;
289		} elsif (($User) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? ., status\=bounced .: User unknown in virtual mailbox table/)) {
290		# another unknown user probably could combine with local unknown but again my perl is weak
291		$UnknownUsers{$User}++;
292		} elsif ((undef,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: RCPT from ([^ ]): [0-9]+ <([^ ])>.*: User unknown in local recipient table/)) {
293		# and yet another unknown user probably
294		$UnknownUsers{$User}++;
295		} elsif (($Dest, $Relay, $Msg) = ($ThisLine =~ /^[a-zA-Z0-9]+: to\=\<([^ ])>,(?: orig_to\=\<(?:[^ ])>,)? relay=([^ ])., delay\=-?[0-9]+, status\=bounced \(([^)]*)/ )) {
296		# unknown user
297		# $Msg = " hello "
298		# print "bounce message from " . $Dest . " msg : " . $Relay . "\n";
299		if ($Relay =~ m/^(none\|local\|avcheck)/) {
300		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
301		$LocalBounce{$Temp}++;
302		} else {
303		$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
304		$ForeignBounce{$Temp}++;
305		}
306		} elsif ( ($Relay,$Dest) = ($ThisLine =~ m/reject: RCPT from ([^ ]): 554 <([^ ])>.* Relay access denied.* to=([^ ]*)/) ) {
307		# print "reject: " . $ThisLine . "\n";
308		# print "Relay :" . $Relay . " to " . $Dest . "\n";
309		$Temp = "From " . $Relay . " to " . $Dest;
310		$RelayDenied{$Temp}++;
311		} elsif ( ($User,$From) = ($ThisLine =~ /^[a-zA-Z0-9]+: uid=([^ ]) from=\<([^ ])>/)) {
312		#Messages sent by user
313		$Temp = $From . " (uid=" . $User . "): ";
314		$SentBy{$Temp}++;
315		} elsif ( ($From) = ($ThisLine =~ /^[a-zA-Z0-9]+: from=<([^ ]*)>, status=expired, returned to sender$/)) {
316		$ReturnedToSender++;
317		} elsif ( (undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: resent-message-id=<([^ ]*)>$/)) {
318		$ResentMessages++;
319		} elsif (
320		($Command,$Host) = ($ThisLine =~ /lost connection after ([^ ]) from ([^ ])$/) or
321		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: lost connection with ([^ ]) while (.)$/)
322		) {
323		# Make some better summary with hosts
324		$ConnectionLost{$Command}++;
325		} elsif (
326		($Command,$Host) = ($ThisLine =~ /timeout after ([^ ]) from ([^ ])$/) or
327		($Host,$Command) = ($ThisLine =~ /^[a-zA-Z0-9]+: conversation with ([^ ]) timed out while (.)$/)
328		) {
329		# Make some better summary with hosts
330		$ConnectionLost{$Command}++;
331		} elsif ( ($Rejected,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: reject: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
332		$HeaderReject{$Reason}{$Rejected}++;
333		} elsif ( ($Warning,undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]>)?: (.)$/)) {
334		$HeaderWarning{$Reason}{$Warning}++;
335		} elsif ( ($Warning,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: warning: header (.); from=<([^ ])> to=<([^ ])>( proto=[^ ] helo=<[^ ]*>)?$/)) {
336		$HeaderWarning{"Unknown Reason"}{$Warning}++;
337		} elsif ( (undef,undef,undef,$Reason) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=undeliverable $(.)$$/)) {
338		$Undeliverable++;
339		$UndeliverableMsg{$Reason}++;
340		} elsif ( (undef,undef,undef,undef) = ($ThisLine =~ /^[a-zA-Z0-9]+: to=<([^ ])>,( orig_to=<[^ ]>,)? relay=([^ ]), delay=\d+, status=deliverable $(.)$$/)) {
341		$Deliverable++;
342		#} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <([^ ]*)>: Sender address rejected: Domain not found;/)) {
343		# $RejectDomain{$Host}++;
344		# above two lines included in generic reject sender on next condition
345		} elsif ( ($Host,$Sender,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Sender address rejected: (.);/)) {
346		$RejectSender{$Reason}{$Host}{$Sender}++;
347		$RejectSenderHost{$Reason}{$Host}++;
348		$RejectSenderReason{$Reason}++;
349		} elsif ( ($Host) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <[^ ]\[[^ ]\]>: Client host rejected: Access denied;/)) {
350		$RejectClientHost{$Host}++;
351		$RejectClients++;
352		} elsif ( ($Host,$Sender,$Recip,$Helo) = ($ThisLine =~ /reject: RCPT from [^ ]\[([^ ])\]: [0-9]+ Client host rejected: cannot find your hostname, \[\d+\.\d+\.\d+\.\d+\]; from=<(.?)> to=<(.?)> proto=\S+ helo=<(.*)>/)) {
353		$RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip}++;
354		$RejectUnknownClientHost{"$Host helo=<$Helo>"}++;
355		$RejectUnknownClients++;
356		} elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): [0-9]+ <(.)>: Recipient address rejected: (.);/)) {
357		$Temp = "$Host : $Reason";
358		$RejectRecip{$Recip}{$Temp}++;
359		} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 <(.*)>: Sender address rejected: Access denied;/)) {
360		$RejectAddress{$Host}++;
361		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Client host )?\[[^ ]\] blocked using ([^ ]), reason: (.*);/)) {
362		$Temp = "$Host : $Reason";
363		$RejectRBL{$Site}{$Temp}++;
364		$RejectedRBL++;
365		} elsif ( ($Host,$Site) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): 554 Service unavailable; (?:Sender address \|Client host )?\[[^ ]\] blocked using ([^ ]);/)) {
366		$RejectRBL{$Site}{$Host}++;
367		$RejectedRBL++;
368		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /warning: ([^ ]): RBL lookup error: Name service error for \d+\.\d+\.\d+\.\d+\.([^ ]): (.*)$/)) {
369		$Temp = "$Host : $Reason";
370		$RBLError{$Site}{$Temp}++;
371		$ErrorRBL++;
372		} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /discard: RCPT from ([^ ]\[[^ ]\]): ([^ ]): ([^;]);/)) {
373		$Discarded{$Site}{$Reason}++;
374		} elsif ( (undef,undef,$Error) = ($ThisLine =~ /warning: ([^ ]): hostname ([^ ]) verification failed: (.*)$/)) {
375		$HostnameVerification{$Error}++;
376		} elsif ( $ThisLine =~ /^[a-zA-Z0-9]+: removed\s*$/) {
377		$RemovedFromQueue++;
378		} elsif ( ($Host) = ($ThisLine =~ /^[a-zA-Z0-9]+: enabling PIX <CRLF>.<CRLF> workaround for ([^ ]\[[^ ]\])$/)) {
379		$PixWorkaround{$Host}++;
380		} elsif ( ($Message) = ($ThisLine =~ /warning: valid_hostname: (.*)$/)) {
381		$ValidHostname{$Message}++;
382		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (greeted me with my own hostname [^ ]*)$/)) {
383		$HeloError{$Error}{$Host}++;
384		} elsif ( ($Host,$Error) = ($ThisLine =~ /warning: host ([^ ]\[[^ ]\]) (replied to HELO\/EHLO with my own hostname [^ ]*)$/)) {
385		$HeloError{$Error}{$Host}++;
386		} elsif ( ($Host,$Error) = ($ThisLine =~ /reject: RCPT from ([^ ]\[[^ ]\]): \d+ <.>: (Helo command rejected: .);/)) {
387		$HeloError{$Error}{$Host}++;
388		} elsif ( ($Error,$Host) = ($ThisLine =~ /(bad size limit "$[^ ]$" in EHLO reply) from ([^ ]\[[^ ]*\])$/)) {
389		$HeloError{$Error}{$Host}++;
390		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: Illegal address syntax from ([^ ]\[[^ ]\]) in ([^ ]*) command:/)) {
391		$IllegalAddressSyntax{$Command}{$Host}++;
392		} elsif ( ($Error) = ($ThisLine =~ /warning: mailer loop: (.*)$/)) {
393		$MailerLoop{$Error}++;
394		} elsif ( ($Host) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]): SASL .* authentication failed/)) {
395		$SaslAuthenticationFail{$Host}++;
396		} elsif (
397		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), .* sasl_username=([^ ]*)$/) or
398		($Host,$User) = ($ThisLine =~ /^[a-zA-Z0-9]+: client=([^ ]\[[^ ]\]), sasl_sender=([^ ]*)$/)
399		) {
400		chomp($User);
401		$SaslAuth{$Host}{$User}++;
402		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established from ([^ ]\[[^ ]\]):/)) {
403		$TLSconnectFrom{$Host}++;
404		} elsif ( ($Host) = ($ThisLine =~ /TLS connection established to ([^ ]*):/)) {
405		$TLSconnectTo{$Host}++;
406		} elsif ( ($Cert) = ($ThisLine =~ /^Unverified: (.*)/)) {
407		$TLSunverified{$Cert}++;
408		} elsif ( ($Domain) = ($ThisLine =~ /warning: malformed domain name in resource data of MX record (.*)$/)) {
409		$MxError{$Domain}++;
410		} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]) sent .* header instead of ([^ ]*) command: /)) {
411		$Error = "Sent message header instead of $Command command";
412		$SmtpConversationError{$Error}{$Host}++;
413		} elsif (
414		($ThisLine =~ m/warning: smtp_connect_addr: socket: Address family not supported by protocol/) or
415		($ThisLine =~ m/warning: smtp_addr_one: unknown address family \d for [^ ]*/)
416		) {
417		$UnsupportedFamily++;
418		} elsif (
419		($ThisLine =~ m/(lookup \|)table has changed -- exiting$/) or
420		($ThisLine =~ m/table ([^ ]*) has changed -- restarting$/)
421		) {
422		$TableChanged++;
423		} elsif (
424		($ThisLine =~ m/^fatal: [^ ]*$\d+$: Message file too big$/) or
425		($ThisLine =~ m/^warning: [a-zA-Z0-9]+: queue file size limit exceeded$/) or
426		($ThisLine =~ m/^warning: uid=\d+: File too large$/)
427		) {
428		$QueueSizeExceeded++;
429		} elsif ( ($Command,$Host) = ($ThisLine =~ /too many errors after ([^ ]) from ([^ ]\[[^ ]*\])$/)) {
430		$TooManyErrors{$Command}{$Host}++;
431		} elsif ( (undef,undef,$To) = ($ThisLine =~ /^reject: RCPT from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; from=<([^ ])> to=<([^ ])>$/)) {
432		$SizeLimit{"$From -> $To"}++;
433		} elsif ( ($Server) = ($ThisLine =~ /^NOQUEUE: reject: MAIL from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; proto=[^ ]* helo=<[^ ]*>$/)) {
434		$SizeLimit{"MAIL from $Server"}++;
435		} elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([a-zA-Z0-9\/]+)$/)) {
436		$DatabaseGeneration{$Source}++;
437		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [a-zA-Z0-9]+: write queue file: (.*)$/)) {
438		$QueueWriteError{$Reason}++;
439		} elsif ( ($Reason) = ($ThisLine =~ /^warning: open active [a-zA-Z0-9]+: (.*)$/)) {
440		$QueueWriteError{"open active: $Reason"}++;
441		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_corrupt: save corrupt file queue active id [a-zA-Z0-9]+: (.*)$/)) {
442		$QueueWriteError{"active corrupt: $Reason"}++;
443		} elsif ( ($Reason) = ($ThisLine =~ /^warning: qmgr_active_done_3_generic: remove [a-zA-Z0-9]+ from active: (.*)$/)) {
444		$QueueWriteError{"remove active: $Reason"}++;
445		} elsif ( ($Reason) = ($ThisLine =~ /^warning: [^ ]*\/[a-zA-Z0-9]+: (Error writing message file)$/)) {
446		$MessageWriteError{$Reason}++;
447		} elsif ( $ThisLine =~ /reject: RCPT from [^ ]\[[^ ]\]: \d+ Insufficient system storage; from=<.> to=<.>/) {
448		$NoFreeSpace++;
449		} elsif ( ($Process,$Status) = ($ThisLine =~ /^warning: process ([^ ]*) pid \d+ exit status (\d+)$/)) {
450		$ProcessExit{$Status}{$Process}++;
451		} elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ ]): (.)$/)) {
452		$ConfigError{$Option}{$Reason}++;
453		} elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) {
454		# keep this as the next to last condition
455		$UnknownWarnings{$Warn}++;
456		} else {
457		push @OtherList,$ThisLine;
458		}
459		}
460
461		##################################################################
462
463		if ($NoFreeSpace > 0) {
464		print "\nWARNING!!!\n";
465		print "Insufficient system storage error $NoFreeSpace Time(s)\n";
466		}
467
468		if ($MsgsSent > 0) {
469		print "\n\n$BytesTransferred bytes transferred";
470		print "\n$MsgsSent messages sent";
471		}
472
473		if ($FourHourReturns > 0) {
474		print "\n$FourHourReturns messages returned after 4 hours";
475		}
476
477		if ($Deliverable > 0) {
478		print "\n$Deliverable messages accepted as deliverable";
479		}
480
481		if ($Undeliverable > 0) {
482		print "\n$Undeliverable messages rejected as undeliverable";
483		}
484
485		if ($ReturnedToSender >0) {
486		print "\n$ReturnedToSender messages expired and returned to sender";
487		}
488
489		if ($ResentMessages > 0) {
490		print "\n$ResentMessages resent messages";
491		}
492
493		if ($RemovedFromQueue > 0) {
494		print "\n$RemovedFromQueue messages removed from queue";
495		}
496
497		if ($QueueSizeExceeded > 0) {
498		print "\n$QueueSizeExceeded messages exceeded queue or message file size limit and removed";
499		}
500
501		if ($TableChanged > 0) {
502		print "\n$TableChanged exited after table change detection";
503		}
504
505		if ($UnsupportedFamily > 0) {
506		print "\nUnknown address family $UnsupportedFamily Time(s)\n";
507		}
508
509		if (keys %ConfigError) {
510		print "\n\nWARNING!!!\n";
511		print "Configuration Errors:\n";
512		foreach $Option (sort {$a cmp $b} keys %ConfigError) {
513		print " Option: $Option\n";
514		foreach $Reason (sort {$a cmp $b} keys %{$ConfigError{$Option}} ) {
515		print " $Reason: $ConfigError{$Option}{$Reason} Time(s)\n";
516		}
517		}
518		}
519
520		if (keys %QueueWriteError) {
521		if ($Detail >= 5) {
522		print "\n\nError writing queue file:\n";
523		foreach $Reason (sort {$a cmp $b} keys %QueueWriteError) {
524		print " $Reason : $QueueWriteError{$Reason} Time(s)\n";
525		}
526		}
527		else {
528		$n=0;
529		foreach $Reason (keys %QueueWriteError) {
530		$n+=$QueueWriteError{$Reason};
531		}
532		print "\n\nError writing queue file: $n Time(s)";
533		}
534		}
535
536		if (keys %MessageWriteError) {
537		if ($Detail >= 5) {
538		print "\n\nError writing message file:\n";
539		foreach $Reason (sort {$a cmp $b} keys %MessageWriteError) {
540		print " $Reason : $MessageWriteError{$Reason} Time(s)\n";
541		}
542		}
543		else {
544		$n=0;
545		foreach $Reason (keys %MessageWriteError) {
546		$n+=$MessageWriteError{$Reason};
547		}
548		print "\n\nError writing message file: $n Time(s)";
549		}
550		}
551
552		if (keys %DatabaseGeneration) {
553		if ($Detail >= 5) {
554		print "\n\nDatabase files are not up-to-date (probably rehash is needed):\n";
555		foreach $Source (sort {$a cmp $b} keys %DatabaseGeneration) {
556		print " $Source : $DatabaseGeneration{$Source} Time(s)\n";
557		}
558		}
559		else {
560		$n=0;
561		$fn=scalar(keys %DatabaseGeneration);
562		foreach $Source (keys %DatabaseGeneration) {
563		$n+=$DatabaseGeneration{$Source};
564		}
565		print "\n\nDatabase files are not up-to-date (probably rehash is needed): $fn File(s), $n Time(s)";
566		}
567		}
568
569		if (keys %PixWorkaround) {
570		if ($Detail >= 5) {
571		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for:\n";
572		foreach $Host (sort {$a cmp $b} keys %PixWorkaround) {
573		print " $Host : $PixWorkaround{$Host} Time(s)\n";
574		}
575		}
576		else {
577		$n=0;
578		$hn=scalar(keys %PixWorkaround);
579		foreach $Host (keys %PixWorkaround) {
580		$n+=$PixWorkaround{$Host};
581		}
582		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for: $hn Host(s), $n Time(s)";
583		}
584		}
585
586		if (($Detail >=5) and (keys %SentBy)) {
587		print "\n\nTop ten senders:\n";
588		foreach $ThisSender (sort {$a cmp $b} keys %SentBy) {
589		$ThisNumber = $SentBy{$ThisSender};
590		push(@{$ThisIsNumber{$ThisNumber}}, $ThisSender);
591		}
592		my $ListRank = 10;
593		foreach $SenderRank (sort {$b <=> $a} keys %ThisIsNumber) {
594		last unless ($ListRank > 0);
595		print " $SenderRank messages sent by:\n";
596		foreach $ThisSender (@{$ThisIsNumber{$SenderRank}}) {
597		last unless ($ListRank > 0);
598		$ListRank--;
599		print" $ThisSender\n";
600		}
601		}
602		}
603
604		if (keys %UnknownUsers) {
605		if ($Detail >= 10) {
606		print "\n\nUnknown users:\n";
607		foreach $ThisOne (sort {$a cmp $b} keys %UnknownUsers) {
608		print " $ThisOne : $UnknownUsers{$ThisOne} Time(s)\n";
609		}
610		}
611		else {
612		$n=0;
613		$un=scalar(keys %UnknownUsers);
614		foreach $ThisOne (keys %UnknownUsers) {
615		$n+=$UnknownUsers{$ThisOne};
616		}
617		print "\n\nUnknown users: $un, $n Time(s)";
618		}
619		}
620
621		if (keys %SaslAuthenticationFail) {
622		if ($Detail >= 5) {
623		print "\n\nSASL Authentication failed from:\n";
624		foreach $Host (sort {$a cmp $b} keys %SaslAuthenticationFail) {
625		print " $Host : $SaslAuthenticationFail{$Host} Time(s)\n";
626		}
627		}
628		else {
629		$n=0;
630		$hn=scalar(keys %SaslAuthenticationFail);
631		foreach $Host (keys %SaslAuthenticationFail) {
632		$n+=$SaslAuthenticationFail{$Host};
633		}
634		print "\n\nSASL Authentication failed from: $hn Host(s), $n Time(s)";
635		}
636		}
637
638		if (keys %SaslAuth) {
639		if ($Detail >= 5) {
640		print "\n\nSASL Authenticated messages from:\n";
641		foreach $Host (sort {$a cmp $b} keys %SaslAuth) {
642		if ($Detail >= 10) {
643		print " $Host:\n";
644		foreach $User (sort {$a cmp $b} keys %{$SaslAuth{$Host}} ) {
645		print " sasluser $User : $SaslAuth{$Host}{$User} Times(s)\n";
646		}
647		}
648		else {
649		$n=0;
650		foreach $User (keys %{$SaslAuth{$Host}} ) {
651		$n+=$SaslAuth{$Host}{$User};
652		}
653		print " $Host: $n Time(s)\n";
654		}
655		}
656		}
657		else {
658		$n=0;
659		$hn=scalar(keys %SaslAuth);
660		foreach $Host (keys %SaslAuth) {
661		foreach $User (keys %{$SaslAuth{$Host}} ) {
662		$n+=$SaslAuth{$Host}{$User};
663		}
664		}
665		print "\n\nSASL Authenticated messages from: $hn Host(s), $n Time(s)";
666		}
667		}
668
669		if (keys %TLSconnectFrom) {
670		if ($Detail >= 5) {
671		print "\n\nTLS Connections from:\n";
672		foreach $Host (sort {$a cmp $b} keys %TLSconnectFrom) {
673		print " $Host : $TLSconnectFrom{$Host} Time(s)\n";
674		}
675		}
676		else {
677		$n=0;
678		$hn=scalar(keys %TLSconnectFrom);
679		foreach $Host (keys %TLSconnectFrom) {
680		$n+=$TLSconnectFrom{$Host};
681		}
682		print "\n\nTLS Connections from: $hn Host(s), $n Time(s)";
683		}
684		}
685
686		if (keys %TLSconnectTo) {
687		if ($Detail >= 5) {
688		print "\n\nTLS Connections to:\n";
689		foreach $Host (sort {$a cmp $b} keys %TLSconnectTo) {
690		print " $Host : $TLSconnectTo{$Host} Time(s)\n";
691		}
692		}
693		else {
694		$n=0;
695		$hn=scalar(keys %TLSconnectTo);
696		foreach $Host (keys %TLSconnectTo) {
697		$n=$TLSconnectTo{$Host};
698		}
699		print "\n\nTLS Connections to: $hn Host(s), $n Time(s)";
700		}
701		}
702
703		if (keys %TLSunverified) {
704		if ($Detail >= 5) {
705		print "\n\nUnverified TLS certificates:\n";
706		foreach $Cert (sort {$a cmp $b} keys %TLSunverified) {
707		print " $Cert : $TLSunverified{$Cert} Time(s)\n";
708		}
709		}
710		else {
711		$n=0;
712		$cn=scalar(keys %TLSunverified);
713		foreach $Cert (keys %TLSunverified) {
714		$n+=$TLSunverified{$Cert};
715		}
716		print "\n\nUnverified TLS certificates: $cn, $n Time(s)";
717		}
718		}
719
720		if (keys %RelayDenied) {
721		if ($Detail >= 5) {
722		print "\n\nRelaying denied:\n";
723		foreach $ThisOne (sort {$a cmp $b} keys %RelayDenied) {
724		print " $ThisOne : $RelayDenied{$ThisOne} Time(s)\n";
725		}
726		}
727		else {
728		$n=0;
729		foreach $ThisOne (keys %RelayDenied) {
730		$n+=$RelayDenied{$ThisOne};
731		}
732		print "\n\nRelaying denied: $n Time(s)";
733		}
734		}
735
736		if (keys %SizeLimit) {
737		if ($Detail >= 5) {
738		print "\n\nMessage size exceeds fixed limit:\n";
739		foreach $Message (sort {$a cmp $b} keys %SizeLimit) {
740		print " $Message: $SizeLimit{$Message} Time(s)\n";
741		}
742		}
743		else {
744		$n=0;
745		$mn=scalar(keys %SizeLimit);
746		foreach $Message (keys %SizeLimit) {
747		$n+=$SizeLimit{$Message};
748		}
749		print "\n\nMessage size exceeds fixed limit: $mn Message(s), $n Time(s)";
750		}
751		}
752
753		if (keys %LocalBounce) {
754		if ($Detail >= 5) {
755		print "\n\nLocal Bounce:\n";
756		foreach $ThisOne (sort {$a cmp $b} keys %LocalBounce) {
757		print " $ThisOne : $LocalBounce{$ThisOne} Time(s)\n";
758		}
759		}
760		else {
761		$n=0;
762		$bn=scalar(keys %LocalBounce);
763		foreach $ThisOne (keys %LocalBounce) {
764		$n+=$LocalBounce{$ThisOne};
765		}
766		print "\n\nLocal Bounces: $bn, $n Time(s)";
767		}
768		}
769
770		if (keys %ForeignBounce) {
771		if ($Detail >= 5) {
772		print "\n\nForeign Bounce:\n";
773		foreach $ThisOne (sort {$a cmp $b} keys %ForeignBounce) {
774		print " $ThisOne : $ForeignBounce{$ThisOne} Time(s)\n";
775		}
776		}
777		else {
778		$n=0;
779		$bn=scalar(keys %ForeignBounce);
780		foreach $ThisOne (keys %ForeignBounce) {
781		$n+=$ForeignBounce{$ThisOne};
782		}
783		print "\n\nForeign Bounce: $bn, $n Time(s)";
784		}
785		}
786
787		if (keys %HeaderReject) {
788		if ($Detail >= 10) {
789		print "\n\nHeader content reject:\n";
790		foreach $Reason (sort {$a cmp $b} keys %HeaderReject) {
791		print " $Reason:";
792		foreach $Rejected (sort {$a cmp $b} keys %{$HeaderReject{$Reason}} ) {
793		print " $Rejected : $HeaderReject{$Reason}{$Rejected} Time(s)\n";
794		}
795		}
796		}
797		else {
798		$n=0;
799		$rn=scalar(keys %HeaderReject);
800		foreach $Reason (keys %HeaderReject) {
801		foreach $Rejected (keys %{$HeaderReject{$Reason}} ) {
802		$n+=$HeaderReject{$Reason}{$Rejected};
803		}
804		}
805		print "\n\nHeader content rejected: $rn Reason(s), $n Time(s)";
806		}
807		}
808
809		if (keys %HeaderWarning) {
810		if ($Detail >= 10) {
811		print "\n\nHeader content warning (but passed):\n";
812		foreach $Reason (sort {$a cmp $b} keys %HeaderWarning) {
813		print " $Reason:";
814		foreach $Warning (sort {$a cmp $b} keys %{$HeaderWarning{$Reason}} ) {
815		print " $Warning : $HeaderWarning{$Reason}{$Warning} Time(s)\n";
816		}
817		}
818		}
819		else {
820		$n=0;
821		$rn=scalar(keys %HeaderWarning);
822		foreach $Reason (keys %HeaderWarning) {
823		foreach $Warning (keys %{$HeaderWarning{$Reason}} ) {
824		$n+=$HeaderWarning{$Reason}{$Warning};
825		}
826		}
827		print "\n\nHeader content warning (but passed): $rn Reason(s), $n Time(s)";
828		}
829		}
830
831		if ($RejectClients > 0) {
832		if ($Detail >= 5) {
833		print "\n\nClient hosts rejected $RejectClients Time(s)\n";
834		foreach $Host (sort {$a cmp $b} keys %RejectClientHost) {
835		print " $Host $RejectClientHost{$Host} Time(s)\n";
836		}
837		}
838		else {
839		$n=0;
840		foreach $Host (keys %RejectClientHost) {
841		$n++;
842		}
843		print "\n\nClient hosts rejected $RejectClients Time(s): $n Host(s)";
844		}
845		}
846
847		if ($RejectUnknownClients > 0) {
848		if ($Detail >= 10) {
849		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
850		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClient) {
851		print " $Host\n";
852		foreach $Helo (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}}) {
853		print " helo=<$Helo>\n";
854		foreach $Sender (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}}) {
855		foreach $Recip (sort {$a cmp $b} keys %{$RejectUnknownClient{$Host}{$Helo}{$Sender}}) {
856		print " $Sender -> $Recip $RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip} Time(s)\n";
857		}
858		}
859		}
860		}
861		}
862		elsif ($Detail >= 5) {
863		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s)\n";
864		foreach $Host (sort {$a cmp $b} keys %RejectUnknownClientHost) {
865		print " $Host $RejectUnknownClientHost{$Host} Time(s)\n";
866		}
867		}
868		else {
869		$n=0;
870		foreach $Host (keys %RejectUnknownClientHost) {
871		$n++;
872		}
873		print "\n\nUnknown client hosts rejected $RejectUnknownClients Time(s): $n Host(s)";
874		}
875		}
876
877		if (($Detail >= 10) and (keys %UndeliverableMsg)) {
878		print "\n\nUndeliverable messages rejected:\n";
879		foreach $Reason (sort {$a cmp $b} keys %UndeliverableMsg) {
880		print " $Reason: $UndeliverableMsg{$Reason} Time(s)\n";
881		}
882		}
883
884		if (keys %RejectSender) {
885		print "\n\nMessages rejected:\n";
886		foreach $Reason (sort {$a cmp $b} keys %RejectSender) {
887		if ($Detail >= 5) {
888		print " $Reason $RejectSenderReason{$Reason} Time(s)\n";
889		foreach $Host (sort {$a cmp $b} keys %{$RejectSender{$Reason}} ) {
890		print " $Host $RejectSenderHost{$Reason}{$Host} Time(s)\n";
891		if ($Detail >= 10) {
892		foreach $Sender (sort {$a cmp $b} keys %{$RejectSender{$Reason}{$Host}}) {
893		print " $Sender : $RejectSender{$Reason}{$Host}{$Sender} Time(s)\n";
894		}
895		}
896		}
897		}
898		else {
899		$n=0;
900		$hn=scalar(keys %{$RejectSender{$Reason}});
901		print " $Reason: $hn Host(s), $RejectSenderReason{$Reason} Time(s)\n";
902		}
903		}
904		}
905
906		if (keys %RejectRecip) {
907		if ($Detail >= 5) {
908		print "\n\nMessages rejected to recipient:\n";
909		foreach $Recip (sort {$a cmp $b} keys %RejectRecip) {
910		print " $Recip:\n";
911		foreach $Host (sort {$a cmp $b} keys %{$RejectRecip{$Recip}} ) {
912		print " $Host : $RejectRecip{$Recip}{$Host} Time(s)\n";
913		}
914		}
915		}
916		else {
917		$n=0;
918		$rn=scalar(keys %RejectRecip);
919		foreach $Recip (keys %RejectRecip) {
920		foreach $Host (keys %{$RejectRecip{$Recip}} ) {
921		$n+=$RejectRecip{$Recip}{$Host};
922		}
923		}
924		print "\n\nMessages rejected to: $rn Recipient(s), $n Time(s)";
925		}
926		}
927
928		if (keys %RejectAddress) {
929		if ($Detail >= 5) {
930		print "\n\nRejected sender address from:\n";
931		foreach $Host (sort {$a cmp $b} keys %RejectAddress) {
932		print " $Host : $RejectAddress{$Host} Time(s)\n";
933		}
934		}
935		else {
936		$n=0;
937		$hn=scalar(keys %RejectAddress);
938		foreach $Host (keys %RejectAddress) {
939		$n+=$RejectAddress{$Host};
940		}
941		print "\n\nRejected sender address from: $hn Host(s), $n Time(s)";
942		}
943		}
944
945		if (keys %RejectRBL) {
946		print "\n\nMessages rejected using Anti-Spam site $RejectedRBL Time(s)\n";
947		foreach $Site (sort {$a cmp $b} keys %RejectRBL) {
948		$count = 0;
949		# okay there is probably a more efficient way to get this total
950		# than walking the container again, but my perl is weak
951		# and I want to know which list are working the best so I can
952		# put them at the top of the checking order in my configuration
953		foreach $Host ( keys %{$RejectRBL{$Site}} ) {
954		$count = $count + $RejectRBL{$Site}{$Host};
955		}
956		if ($Detail >= 5) {
957		print " $Site identified $count spam messages:\n";
958		foreach $Host (sort {$a cmp $b} keys %{$RejectRBL{$Site}} ) {
959		print " $Host : $RejectRBL{$Site}{$Host} Time(s)\n";
960		}
961		}
962		else {
963		print " $Site identified $count spam messages.\n";
964		}
965		}
966		}
967
968		if (keys %RBLError) {
969		if ($Detail >= 5) {
970		print "\n\nRBL lookup errors $ErrorRBL Time(s)\n";
971		foreach $Site (sort {$a cmp $b} keys %RBLError) {
972		print " $Site\n";
973		if ($Detail >= 10) {
974		foreach $Error (sort {$a cmp $b} keys %{$RBLError{$Site}} ) {
975		print " $Error : $RBLError{$Site}{$Error} Time(s)\n";
976		}
977		}
978		}
979		}
980		else {
981		$n=0;
982		$hn=scalar(keys %RBLError);
983		print "\n\nRBL lookup errors for $hn Host(s), $ErrorRBL Time(s)";
984		}
985		}
986
987		if (keys %Discarded) {
988		if ($Detail >= 5) {
989		print "\n\nDiscarded messages:\n";
990		foreach $Recipient (sort {$a cmp $b} keys %Discarded) {
991		print " $Recipient\n";
992		foreach $Reason (sort {$a cmp $b} keys %{$Discarded{$Recipient}} ) {
993		print " $Reason : $Discarded{$Recipient}{$Reason} Time(s)\n";
994		}
995		}
996		}
997		else {
998		$n=0;
999		$rn=scalar(keys %Discarded);
1000		foreach $Recipient (keys %Discarded) {
1001		foreach $Reason (keys %{$Discarded{$Recipient}} ) {
1002		$n+=$Discarded{$Recipient}{$Reason};
1003		}
1004		}
1005		print "\n\nDiscarded messages to: $rn Recipient(s), $n Time(s)";
1006		}
1007		}
1008
1009		if (keys %AuthWarns) {
1010		print "\n\nAuthentication warnings:\n";
1011		foreach $ThisOne (sort {$a cmp $b} keys %AuthWarns) {
1012		print " $ThisOne : $AuthWarns{$ThisOne} Time(s)\n";
1013		}
1014		}
1015
1016		if (keys %ForwardErrors) {
1017		print "\n\nForwarding errors:\n";
1018		foreach $ThisOne (sort {$a cmp $b} keys %ForwardErrors) {
1019		print " $ThisOne : $ForwardErrors{$ThisOne} Time(s)\n";
1020		}
1021		}
1022
1023		if (($Detail >= 10) and (keys %SmtpConversationError)) {
1024		print "\n\nSMTP commands dialog errors:\n";
1025		foreach $Error (sort {$a cmp $b} keys %SmtpConversationError) {
1026		print " $Error:\n";
1027		foreach $Host (sort {$a cmp $b} keys %{$SmtpConversationError{$Error}} ) {
1028		print " $Host : $SmtpConversationError{$Error}{$Host} Time(s)\n";
1029		}
1030		}
1031		}
1032
1033		if (keys %TooManyErrors) {
1034		if ($Detail >= 5) {
1035		print "\n\nToo many errors in SMTP commands dialog:\n";
1036		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1037		print " After command $Command:\n";
1038		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1039		print " $Host : $TooManyErrors{$Command}{$Host} Time(s)\n";
1040		}
1041		}
1042		}
1043		else {
1044		$n=0;
1045		$cn=scalar(keys %TooManyErrors);
1046		foreach $Command(sort {$a cmp $b} keys %TooManyErrors) {
1047		foreach $Host (sort {$a cmp $b} keys %{$TooManyErrors{$Command}} ) {
1048		$n+=$TooManyErrors{$Command}{$Host};
1049		}
1050		}
1051		print "\n\nToo many errors in SMTP commands dialog: $cn Command(s), $n Time(s)";
1052		}
1053		}
1054
1055		if (keys %ConnectionLost) {
1056		print "\n\nConnections lost:\n";
1057		foreach $ThisOne (sort {$a cmp $b} keys %ConnectionLost) {
1058		print " Connection lost while $ThisOne : $ConnectionLost{$ThisOne} Time(s)\n";
1059		}
1060		}
1061
1062		if (keys %MxError) {
1063		if ($Detail >= 10) {
1064		print "\n\nMalformed domain name in resource data of MX record:\n";
1065		foreach $Domain (sort {$a cmp $b} keys %MxError) {
1066		print " $Domain : $MxError{$Domain} Time(s)\n";
1067		}
1068		}
1069		else {
1070		$n=0;
1071		$dn=scalar(keys %MxError);
1072		foreach $Domain (keys %MxError) {
1073		$n+=$MxError{$Domain};
1074		}
1075		print "\n\nMalformed domain name in resource data of MX record: $dn Domain(s), $n Time(s)";
1076		}
1077		}
1078
1079		if (%IllegalAddressSyntax) {
1080		print "\n\nIllegal address syntax:\n";
1081		foreach $Command (sort {$a cmp $b} keys %IllegalAddressSyntax) {
1082		if ($Detail >= 5) {
1083		print " In command $Command from:\n";
1084		foreach $Host (sort {$a cmp $b} keys %{$IllegalAddressSyntax{$Command}} ) {
1085		print " $Host : $IllegalAddressSyntax{$Command}{$Host} Time(s)\n";
1086		}
1087		}
1088		else {
1089		$n=0;
1090		$hn=scalar(keys %{$IllegalAddressSyntax{$Command}});
1091		foreach $Host (keys %{$IllegalAddressSyntax{$Command}}) {
1092		$n+=$IllegalAddressSyntax{$Command}{$Host};
1093		}
1094		print " In command $Command from: $hn Host(s), $n Time(s)\n";
1095		}
1096		}
1097		}
1098
1099		if (keys %HostnameVerification) {
1100		if ($Detail >= 2) {
1101		print "\n\nHostname verification errors:\n";
1102		foreach $Error (sort {$a cmp $b} keys %HostnameVerification) {
1103		print " $Error : $HostnameVerification{$Error} Time(s)\n";
1104		}
1105		}
1106		else{
1107		$n=0;
1108		$en=scalar(keys %HostnameVerification);
1109		foreach $Error (keys %HostnameVerification) {
1110		$n+=$HostnameVerification{$Error};
1111		}
1112		print "\n\nHostname verification errors: $en Error(s), $n Time(s)";
1113		}
1114		}
1115
1116		if (keys %MailerLoop) {
1117		print "\n\nMailer Loop:\n";
1118		foreach $Error (sort {$a cmp $b} keys %MailerLoop) {
1119		print " $Error : $MailerLoop{$Error} Time(s)\n";
1120		}
1121		}
1122
1123		if (keys %ValidHostname) {
1124		if ($Detail >= 2) {
1125		print "\n\nHostname validation errors:\n";
1126		foreach $Message (sort {$a cmp $b} keys %ValidHostname) {
1127		print " $Message : $ValidHostname{$Message} Time(s)\n";
1128		}
1129		}
1130		else{
1131		$n=0;
1132		$mn=scalar(keys %ValidHostname);
1133		foreach $Message (keys %ValidHostname) {
1134		$n+=$ValidHostname{$Message};
1135		}
1136		print "\n\nHostname validation errors: $mn Message(s), $n Time(s)";
1137		}
1138		}
1139
1140		if (keys %HeloError) {
1141		print "\n\nErrors in HELO/EHLO conversation:\n";
1142		foreach $Error (sort {$a cmp $b} keys %HeloError) {
1143		if ($Detail >= 5) {
1144		print " $Error:\n";
1145		foreach $Host (sort {$a cmp $b} keys %{$HeloError{$Error}} ) {
1146		print " $Host : $HeloError{$Error}{$Host} Time(s)\n";
1147		}
1148		}
1149		else {
1150		$n=0;
1151		$hn=scalar(keys %{$HeloError{$Error}});
1152		foreach $Host (keys %{$HeloError{$Error}} ) {
1153		$n+=$HeloError{$Error}{$Host};
1154		}
1155		print " $Error: from $hn Host(s), $n Time(s)\n";
1156		}
1157		}
1158		}
1159
1160		if (keys %ProcessExit) {
1161		print "\n\nProcess exited:\n";
1162		foreach $Status (sort {$a cmp $b} keys %ProcessExit) {
1163		print " Exit status $Status:\n";
1164		foreach $Process (sort {$a cmp $b} keys %{$ProcessExit{$Status}} ) {
1165		print " $Process: $ProcessExit{$Status}{$Process} Time(s)\n";
1166		}
1167		}
1168		}
1169
1170		if (keys %UnknownWarnings) {
1171		print "\n\nUnrecognized warning:\n";
1172		foreach $ThisOne (sort {$a cmp $b} keys %UnknownWarnings) {
1173		print " $ThisOne : $UnknownWarnings{$ThisOne} Time(s)\n";
1174		}
1175		}
1176
1177		if ($#OtherList >= 0) {
1178		print "\n\nUnmatched Entries\n\n";
1179		print @OtherList;
1180		}
1181
1182		exit(0);
1183
1184		# vi: shiftwidth=3 tabstop=3 syntax=perl et
1185

+0

-249

~~scripts/services/.#smartd.1.16~~ less more

0
1		##########################################################################
2		# $Id: smartd,v 1.16 2006/03/29 16:06:46 bjorn Exp $
3		##########################################################################
4
5		use strict;
6
7		my ($Device, $Msg, $Test);
8		my %ParamChanges = ();
9		my %TempChanges = ();
10		my %Pendsectors = ();
11		my %NumPendsectors = ();
12		my %Offsectors = ();
13		my %NumOffsectors = ();
14		my %Warnings = ();
15		my %UnableToReg = ();
16		my $ShutdownFailed = 0;
17		my $StartupFailed = 0;
18		my %NotInDatabase = ();
19		my %CantMonitor = ();
20		my %SelfTest = ();
21		my %Failed = ();
22		my @OtherList = ();
23
24		my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
25		my $IgnoreUnmatched = $ENV{'smartd_ignore_unmatched'} \|\| 0;
26
27		while (defined(my $ThisLine = <STDIN>)) {
28		chomp($ThisLine);
29		if ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), No such device(?: or address)?, open failed/ )) {
30		# ignore
31		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), is SMART capable. Adding to "monitor" list./ )) {
32		# ignore
33		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), found in smartd database./ )) {
34		# ignore
35		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), not found in smartd database./ )) {
36		# ignore
37		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), opened/)) {
38		# ignore
39		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), appears to lack SMART*/ )) {
40		# ignore
41		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), enabled autosave $cleared GLTSD bit$\./ )) {
42		# ignore
43		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), enabled SMART Attribute Autosave/ )) {
44		# ignore
45		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), enabled SMART Automatic Offline Testing/ )) {
46		# ignore
47		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), Self-Test Log error count increased from \d+ to \d+/ )) {
48		# ignore
49		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), new Self-Test Log error at hour timestamp \d+/ )) {
50		# ignore
51		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), same Attribute has different ID numbers:/ )) {
52		# ignore
53		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Num Test_Description Status Remaining LifeTime/ )) {
54		# ignore
55		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^# [0-9]+ Short offline Completed:/ )) {
56		# ignore
57		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^# [0-9]+ Extended offline Completed:/ )) {
58		# ignore
59		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^# [0-9]+ Offline Fatal or unknown error/ )) {
60		# ignore
61		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), not capable of SMART self-check/ )) {
62		# ignore
63		} elsif ( $ThisLine =~ /^file \/var\/run\/smartd.pid written containing PID [0-9]+/ ) {
64		# ignore
65		} elsif ( ($Device,$Msg) = ($ThisLine =~ /^ *$/ )) {
66		# ignore empty lines
67		} elsif ( ($ThisLine =~ /^smartd version/)
68		\|\| ($ThisLine =~ /^Home page/)
69		\|\| ($ThisLine =~ /configuration file/i)
70		\|\| ($ThisLine =~ /\[trip Temperature is \d+ Celsius\]/)
71		\|\| ($ThisLine =~ /^Monitoring/)
72		\|\| ($ThisLine =~ /smartd received signal 15: Terminated/)
73		\|\| ($ThisLine =~ /smartd is exiting $exit status 0$/)
74		\|\| ($ThisLine =~ /smartd has fork/)
75		\|\| ($ThisLine =~ /smartd startup succeeded/)
76		\|\| ($ThisLine =~ /Unable to register device (.*) $no Directive -d removable$. Exiting/)
77		\|\| ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./) )
78		{
79		# ignore
80
81		# } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), (.*)$/)) {
82		# $ParamChanges{$Device}{$Msg}++;
83		} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), not found in smartd database./ )) {
84		$NotInDatabase{$Device}++;
85		} elsif ( my ($Device,$AttribType,$Code,$Name,undef,undef,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+) changed from ([0-9]+) (\[Raw [0-9]+\] )?to ([0-9]+)/)) {
86		push (@{$ParamChanges{$Device}{"$AttribType: $Name ($Code)"}}, $NewVal);
87		# smartd reports temperature changes this way only for SCSI disks
88		} elsif ( my ($Device,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), initial Temperature is (\d+) Celsius/)) {
89		push @{$TempChanges{$Device}},$NewVal;
90		} elsif ( my ($Device,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), Temperature changed -?\d+ Celsius to (\d+) Celsius/)) {
91		push @{$TempChanges{$Device}},$NewVal;
92		} elsif ( my ($Device, $Num) = ($ThisLine =~ /^Device: ([^,]+), (\d+) Currently unreadable $pending$ sectors/) ) {
93		$Pendsectors{$Device}++;
94		$NumPendsectors{$Device} = $Num;
95		} elsif ( my ($Device, $Num) = ($ThisLine =~ /^Device: ([^,]+), (\d+) Offline uncorrectable sectors/) ) {
96		$Offsectors{$Device}++;
97		$NumOffsectors{$Device} = $Num;
98		} elsif ( my ($Device,$TestType) = ($ThisLine =~ /^Device: ([^,]+), starting scheduled (Short\|Long) Self-Test/) ) {
99		$SelfTest{$Device}{$TestType}++;
100		} elsif ( my ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) {
101		$Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++;
102		} elsif ( ( $ThisLine =~ /warning/i ) ) {
103		$Warnings{$ThisLine}++;
104		} elsif ( my ($Device, $Text) = ( $ThisLine =~ /^Device: ([^,]+), (can't monitor.*)$/i ) ) {
105		$CantMonitor{$Device}{$Text}++;
106		} elsif ( ($ThisLine =~ /smartd startup failed/ ) ) {
107		$StartupFailed++;
108		} elsif ( ($ThisLine =~ /smartd shutdown failed/ ) ) {
109		$ShutdownFailed++;
110		} elsif ( my ($Device) = ($ThisLine =~ /Unable to register SCSI device (.*) at line 1 of file \/etc\/smartd.conf/) ) {
111		$UnableToReg{$Device}++
112		} else {
113		# Report any unmatched entries...
114		push @OtherList,"$ThisLine\n";
115		}
116
117		}
118
119		if (keys %NotInDatabase) {
120		print "\n";
121		foreach my $Device (sort keys %NotInDatabase) {
122		print "$Device not in smartd database.\n";
123		}
124
125		}
126
127		if (keys %CantMonitor) {
128		foreach my $Device (sort keys %ParamChanges) {
129		print "\n$Device :\n";
130		foreach my $Line (sort keys %{$CantMonitor{$Device}}) {
131		print " $Line - " . $CantMonitor{$Device}{$Line} . " Time(s)\n";
132		}
133		}
134		}
135
136		if (keys %ParamChanges) {
137		foreach my $Device (sort keys %ParamChanges) {
138		print "\n$Device :\n";
139		foreach my $Msg (sort keys %{$ParamChanges{$Device}}) {
140		print " $Msg changed to ";
141		my $count=0;
142		foreach (@{$ParamChanges{$Device}{$Msg}}) {
143		# print 12 values to each line
144		if ($count % 12 == 0) {
145		print "\n ";
146		}
147		print "$_, ";
148		$count++;
149		}
150		print "\n";
151		}
152		}
153		}
154
155		if (keys %TempChanges) {
156		print "Temperature Changes\n==================\n";
157		my (@min,@max);
158		foreach my $Device (sort keys %TempChanges) {
159		if($Detail < 10) {
160		my @sorttemp = sort @{$TempChanges{$Device}};
161		push @min, $sorttemp[0];
162		push @max, $sorttemp[$#sorttemp];
163		} elsif($Detail < 20) {
164		my @sorttemp = sort @{$TempChanges{$Device}};
165		print "$Device : $sorttemp[0] - $sorttemp[$#sorttemp]\n";
166		} else {
167		print "$Device : ";
168		print join ", ",@{$TempChanges{$Device}};
169		print "\n";
170		}
171		}
172		if($Detail < 10) {
173		my @sorttemp = sort @min;
174		my $mint = $sorttemp[0];
175		my @sorttemp = sort @max;
176		my $maxt = $sorttemp[$#sorttemp];
177		print "All devices: $mint - $maxt\n";
178		}
179		}
180
181		if (keys %Pendsectors){
182		print "\nCurrently unreadable (pending) sectors detected:\n";
183		foreach my $Device (sort keys %Pendsectors) {
184		print "\t" . $Device . " - " . $Pendsectors{$Device} . " Time(s)\n";
185		print "\t" . $NumPendsectors{$Device} . " unreadable sectors detected\n";
186		}
187
188		}
189
190		if (keys %Offsectors){
191		print "\nOffline uncorrectable sectors detected:\n";
192		foreach my $Device (sort keys %Offsectors) {
193		print "\t" . $Device . " - " . $Offsectors{$Device} . " Time(s)\n";
194		print "\t" . $NumOffsectors{$Device} . " offline uncorrectable sectors detected\n";
195		}
196
197		}
198
199		if (keys %Failed) {
200		foreach my $Device (sort keys %Failed) {
201		print "\n$Device :\n";
202		foreach my $Msg (sort keys %{$Failed{$Device}}) {
203		print " Failed $Msg " . $Failed{$Device}{$Msg} . " Time(s)\n";
204		}
205		}
206		}
207
208		if (keys %SelfTest) {
209		foreach my $Device (sort keys %SelfTest) {
210		print "\n$Device :\n";
211		foreach my $Type (sort keys %{$SelfTest{$Device}}) {
212		print " started scheduled $Type self-test " . $SelfTest{$Device}{$Type} . " Time(s)\n";
213		}
214		}
215		}
216
217		if ( (keys %Warnings) ) {
218		print "\nWarnings:\n";
219		foreach my $Line (sort {$Warnings{$b} <=> $Warnings{$a}} keys %Warnings) {
220		print "\t" . $Line . " - ". $Warnings{$Line} . " Time(s)\n";
221		}
222		}
223
224		if ($StartupFailed) {
225		print "\n Smartd startup failed: " . $StartupFailed . " Time(s)\n";
226		}
227
228		if ($ShutdownFailed) {
229		print "\n Smartd shutdown failed: " . $ShutdownFailed . " Time(s)\n";
230		}
231
232		if ( (keys %UnableToReg) ) {
233		print "\n Wrong configuration for devices:\n";
234		foreach my $Device (sort keys %UnableToReg) {
235		print " " . $Device .": ". $UnableToReg{$Device} . " Time(s)\n";
236		}
237		}
238
239
240		if (($#OtherList >= 0) and (not $IgnoreUnmatched)){
241		print "\nUnmatched Entries\n";
242		print @OtherList;
243		}
244
245		exit(0);
246
247		# vi: shiftwidth=3 tabstop=3 syntax=perl et
248

+11

-7

scripts/services/afpd less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

27	27	( $ThisLine =~ /^PAM$.*$: Authentication failure/ ) or
28	28	( $ThisLine =~ /^data_sendfile/ ) or
29	29	( $ThisLine =~ /^FTP no transfer timeout, disconnected\./ ) or
30		( $ThisLine =~ /^FTP login timed out, disconnected\./ ) or
31		( $ThisLine =~ /done/ ) or
32		( $ThisLine =~ /server_child/ ) or
33		( $ThisLine =~ /session from/ ) or
34		( $ThisLine =~ /ASIP session/ ) or
	30	( $ThisLine =~ /^FTP login timed out, disconnected\./ ) or
	31	( $ThisLine =~ /done/ ) or
	32	( $ThisLine =~ /server_child/ ) or
	33	( $ThisLine =~ /session from/ ) or
	34	( $ThisLine =~ /ASIP session/ ) or
35	35	( $ThisLine =~ /logout/ )
36	36	) {
37	37	# We don't care about these

60	60	exit(0);
61	61
62	62	# vi: shiftwidth=3 tabstop=3 syntax=perl et
63
	63	# Local Variables:
	64	# mode: perl
	65	# perl-indent-level: 3
	66	# indent-tabs-mode: nil
	67	# End:

+38

-19

scripts/services/amavis less more

37	37	# Jim O'Halloran <jim@kendle.com.au>
38	38	#
39	39	# Please send all comments, suggestions, bug reports,
40		# etc, to logwatch-devel@logwatch.org and jim@kendle.com.au.
	40	# etc, to logwatch-devel@lists.sourceforge.net and jim@kendle.com.au.
41	41	##########################################################################
42	42
43	43	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

67	67	$NextLine =~ s/^$[\d-]+$ \.\.\.//;
68	68	$ThisLine .= $NextLine;
69	69	}
70
71		if ( ($ThisLine =~ /^do_ascii/)
72		or ($ThisLine =~ /^Found av scanner/)
	70
	71	if ( ($ThisLine =~ /^do_ascii/)
	72	or ($ThisLine =~ /^Found av scanner/)
73	73	or ($ThisLine =~ /^Found myself/)
74	74	or ($ThisLine =~ /^Module/)
75	75	or ($ThisLine =~ /^TIMING/)

87	87	or ($ThisLine =~ /^LMTP/)
88	88	or ($ThisLine =~ /^.* code[ \t]+(NOT)? loaded/)
89	89	or ($ThisLine =~ /^tempdir being removed/)
	90	or ($ThisLine =~ /^(?:Found\|Internal\|No) decoder for/)
90	91	or ($ThisLine =~ /^Found primary av scanner/)
91		or ($ThisLine =~ /^Found \$[\S]+[\s]+at/)
92		or ($ThisLine =~ /^No \$[\S]+,[\s]+not using it/)
	92	or ($ThisLine =~ /^Found \$[\S]+[\s]+at/)
	93	or ($ThisLine =~ /^No \$[\S]+,[\s]+not using it/)
93	94	or ($ThisLine =~ /^Found secondary av scanner/)
94		or ($ThisLine =~ /^Using internal av scanner code/)
	95	or ($ThisLine =~ /^Using (?:primary \|secondary )?internal av scanner code/)
95	96	or ($ThisLine =~ /^mail_via_smtp/)
96	97	or ($ThisLine =~ /^local delivery: /)
97	98	or ($ThisLine =~ /^cached [a-zA-Z0-9]+ /)

101	102	or ($ThisLine =~ /^Requesting (a \|)process rundown after [0-9]+ tasks/)
102	103	or ($ThisLine =~ /^NOTICE: Not sending DSN, spam level [0-9.]+ exceeds DSN cutoff level/)
103	104	or ($ThisLine =~ /skip local delivery$[0-9]$: <> -> <(spam\|bad-header\|banned\|virus)-quarantine>*/)
104		or ($ThisLine =~ /config files read: .*amavisd.conf/)
105		or ($ThisLine =~ /mangling by .* $[0-9]$ done, new size: [0-9], orig [0-9] bytes/)
106		or ($ThisLine =~ /mangling by: [0-9], <.*>/)
107		or ($ThisLine =~ /mangling YES: [0-9] $orig: [0-9]$, discl_allowed=., <.> -> <.*>/)
108		or ($ThisLine =~ /^starting. amavisd at/) ) {
	105	or ($ThisLine =~ /config files read: .*amavisd.conf/)
	106	or ($ThisLine =~ /mangling by .* $[0-9]$ done, new size: [0-9], orig [0-9] bytes/)
	107	or ($ThisLine =~ /mangling by: [0-9], <.*>/)
	108	or ($ThisLine =~ /mangling YES: [0-9] $orig: [0-9]$, discl_allowed=., <.> -> <.*>/)
	109	or ($ThisLine =~ /^initializing Mail::SpamAssassin/)
	110	or ($ThisLine =~ /^SpamAssassin debug facilities/)
	111	or ($ThisLine =~ /^SpamAssassin loaded plugins/)
	112	or ($ThisLine =~ /^logging initialized,/)
	113	or ($ThisLine =~ /^extra modules loaded/)
	114	or ($ThisLine =~ /^INFO: no optional modules/)
	115	or ($ThisLine =~ /^INFO: SA version/)
	116	or ($ThisLine =~ /NOT loaded$/)
	117	or ($ThisLine =~ /^(?:Local-out\|AM.PDP-in) proto code loaded/)
	118	or ($ThisLine =~ /^\.\.\./)
	119	or ($ThisLine =~ /^Creating db in/)
	120	or ($ThisLine =~ /^dkim: (?:VALID\|FAILED)/)
	121	or ($ThisLine =~ /^Open relay\?/)
	122	or ($ThisLine =~ /^user=.*, EUID/)
	123	or ($ThisLine =~ /^starting. \S*amavisd at/) ) {
109	124	# We don't care about these
110	125	} elsif ($ThisLine =~ /^Passed( CLEAN)?, /) {
111	126	$CleanMsgs++;

115	130
116	131	if ($Detail >= 10) {
117	132	$Banned{$FileName}{$From}++;
118		}; # if
	133	}; # if
119	134
120	135	} elsif (($Virus, $FromIP, $From) = ( $ThisLine =~ /^(?:Virus found - quarantined\|INFECTED\|Blocked INFECTED) $([^$]+)\)\, (?:\[([^\]])\] )[$\<]([^\>$]*)[\)\>]/ )) {
121	136

164	179	$Spamtypes{$Towards}++;
165	180	}; # if
166	181
167		if ($Detail >= 10) {
	182	if ($Detail >= 10) {
168	183	$Spams{$Towards}{"<>"}++;
169	184	}; # if
170	185

224	239	} else {
225	240	# Report any unmatched entries...
226	241	chomp($ThisLine);
227		$OtherList{$ThisLine}++;
	242	$OtherList{$ThisLine}++;
228	243	} # else
229	244	} # while
230	245

234	249
235	250	if ($CleanMsgs > 0) {
236	251	print "\n$CleanMsgs messages checked and passed.\n";
237		}; # if
	252	}; # if
238	253
239	254	if ($InfectedMsgs > 0) {
240	255	print "$InfectedMsgs virus infected messages were found.\n";

249	264	}; # if
250	265
251	266	if ($BadHeaders > 0) {
252		print "$BadHeaders messages with bad headers were found.\n";
	267	print "$BadHeaders messages with bad headers were found.\n";
253	268	}; # if
254	269
255	270	if ($IntentionallyDrop > 0) {

289	304	$OutString .= " $From $Viruses{$Virus}{$From} Time(s)\n";
290	305	}; # foreach
291	306	print " $Virus: $VirCount Times(s) From:\n$OutString\n";
292		}; # if
	307	}; # if
293	308	}; # foreach
294	309
295	310	}; # if

357	372	exit(0);
358	373
359	374	# vi: shiftwidth=3 tabstop=3 syntax=perl et
360
	375	# Local Variables:
	376	# mode: perl
	377	# perl-indent-level: 3
	378	# indent-tabs-mode: nil
	379	# End:

+6

-2

scripts/services/arpwatch less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

36	36	exit(0);
37	37
38	38	# vi: shiftwidth=3 tabstop=3 syntax=perl et
39
	39	# Local Variables:
	40	# mode: perl
	41	# perl-indent-level: 3
	42	# indent-tabs-mode: nil
	43	# End:

+36

-22

scripts/services/audit less more

55	55	# Ron Kuris <swcafe@gmail.com>
56	56	#
57	57	# Please send all comments, suggestions, bug reports,
58		# etc, to logwatch-devel@logwatch.org
	58	# etc, to logwatch-devel@lists.sourceforge.net
59	59	########################################################
60	60
61	61	########################################################

71	71	## Logwatch project reserves the right to not accept such
72	72	## contributions. If you have made significant
73	73	## contributions to this script and want to claim
74		## copyright please contact logwatch-devel@logwatch.org.
	74	## copyright please contact logwatch-devel@lists.sourceforge.net.
75	75	#########################################################
76	76
77	77	use strict;

92	92	my %InvalidContext = ();
93	93	my %BugLog = ();
94	94	my $UELimit = 10;
95		my $ThisLine;
	95	my $ThisLine;
96	96	my %Warning = ();
97	97
98	98	print STDERR "\n\nDEBUG: Inside audit filter\n\n" if ( $Debug >= 5 );
99	99
100	100	while ($ThisLine = <STDIN>) {
101	101	chomp($ThisLine);
102		if (( $ThisLine =~ /initializing netlink socket $disabled$/) or
	102	# Remove timestamp if present
	103	$ThisLine =~ s/^\[\s\d+\.\d+\]\s//;
	104	if (( $ThisLine =~ /initializing netlink socket $disabled$/) or
103	105	( $ThisLine =~ /audit_pid=[0-9]* old=[0-9](?: by auid=[0-9])?/) or
104		( $ThisLine =~ /(arch=[0-9]+ )?syscall=[0-9]+ (success=(no\|yes) )?exit=[0-9-]+( a[0-3]=[0-9a-f]+)* items=[0-9]+ pid=[0-9]+ (loginuid=[0-9-]+ )?(auid=[0-9]+ )?uid=[0-9]+ gid=[0-9]+ euid=[0-9]+ suid=[0-9]+ fsuid=[0-9]+ egid=[0-9]+ sgid=[0-9]+ fsgid=[0-9]+/) or
	106	( $ThisLine =~ /(arch=[0-9]+ )?syscall=[0-9]+ (success=(no\|yes) )?exit=[0-9-]+( a[0-3]=[0-9a-f]+)* items=[0-9]+ (ppid=[0-9]+ )?pid=[0-9]+ (loginuid=[0-9-]+ )?(auid=[0-9]+ )?uid=[0-9]+ gid=[0-9]+ euid=[0-9]+ suid=[0-9]+ fsuid=[0-9]+ egid=[0-9]+ sgid=[0-9]+ fsgid=[0-9]+/) or
105	107	( $ThisLine =~ /Audit daemon rotating log files/) or
106	108	( $ThisLine =~ /audit_backlog_limit=[0-9]* old=[0-9](?: by auid=[0-9])?/) or
107	109	( $ThisLine =~ /SELinux: unrecognized netlink message type=[0-9]+ for sclass=[0-9]+/) or

114	116	( $ThisLine =~ /audit$[0-9.]+:[0-9]+$: (selinux=[0-9]+\|auid=[0-9]+\|prom=[0-9]+\|old_prom=[0-9]+\|dev=[^ ]+\| )+$/) or
115	117	( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ][0-9]+[ ]\|[ ]*)[0-9]+ [0-9]+ $NOTLB$/) or
116	118	( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or
117		( $ThisLine =~ /audit$[0-9.]:[0-9]$: bool=.* val=.* old_val=.* auid=[0-9]*/)
118		) {
	119	( $ThisLine =~ /audit$[0-9.]:[0-9]$: bool=.* val=.* old_val=.* auid=[0-9]*/) or
	120	( $ThisLine =~ /type=[0-9]+ audit$[0-9.]:[0-9]$: audit_enabled=[0-9]* old=[0-9]* auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.:s0 res=[0-9]/) or
	121	( $ThisLine =~ /type=[0-9]+ audit$[0-9.]:[0-9]$: auid=[0-9]* ses=[0-9]* subj=system_u:system_r:.:s0 op=. key=.* list=[0-9]* res=[0-9]*/) or
	122	( $ThisLine =~ /type=[0-9]+ audit$[0-9.]:[0-9]$: cwd=".*"/) or
	123	( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
	124	( $ThisLine =~ /item=[0-9] name="\S" inode=[0-9]+ dev=\S mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/)
	125	) {
119	126	# Ignore these entries
120	127	} elsif ( $ThisLine =~ /audit$[0-9]{10}.[0-9]{3}:[0-9]$: initialized$/) {
121	128	$NumberOfInits++;
122	129	} elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) {
123	130	$NumberOfDStartsPid++;
124	131	} elsif ( $ThisLine =~ /Init complete, auditd [0-9,.]+ listening for events/) {
125		$NumberOfDStarts++;
	132	$NumberOfDStarts++;
126	133	} elsif ( $ThisLine =~ /The audit daemon is exiting./) {
127	134	$NumberOfDStops++;
128	135	} elsif ( $ThisLine =~ /audit_lost=[0-9]+ audit_backlog=[0-9]+ audit_rate_limit=[0-9]+ audit_backlog_limit=[0-9]+$/) {

131	138	$NumberOfDdStarts++;
132	139	} elsif ( $ThisLine =~ /auditd shutdown succeeded/) {
133	140	$NumberOfDdStops++;
134		} elsif (( $ThisLine =~ /netlink socket too busy/) or
135		( $ThisLine =~ /Error sending signal_info request $Invalid argument$/) or
	141	} elsif (( $ThisLine =~ /netlink socket too busy/) or
	142	( $ThisLine =~ /Error sending signal_info request $Invalid argument$/) or
136	143	( $ThisLine =~ /major=[0-9]+ name_count=[0-9]+: freeing multiple contexts $[1-2]$/)) {
137	144	$ThisLine =~ s/audit$:[0-9]+$: //;
138	145	$BugLog{$ThisLine}++;
139		} elsif (( $ThisLine =~ /Audit daemon is low on disk space for logging/) or
140		( $ThisLine =~ /Audit daemon is suspending logging due to low disk space./)) {
141		$Warning{$ThisLine}++;
	146	} elsif (( $ThisLine =~ /Audit daemon is low on disk space for logging/) or
	147	( $ThisLine =~ /Audit daemon is suspending logging due to low disk space./)) {
	148	$Warning{$ThisLine}++;
142	149	} elsif ( $Detail > 9 ) {
143	150	if ( $ThisLine =~ /avc:\sdenied\s{\s([^}]+).scontext=(\S+)\stcontext=(\S+)\stclass=(\S+)/ ) {
144	151	$denials{$2.' '.$3.' ('.$1.$4 . ')'}++;

148	155	$InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++;
149	156	} elsif ($ThisLine =~ /security_sid_mls_copy:\sinvalid context\s(\S+)/) {
150	157	$InvalidContext{"context: ".$1}++;
151		} else {
	158	} else {
152	159	$othercount++;
153	160	$ThisLine =~ s/^\s*//;
154	161	if ($othercount < $UELimit+1) {

177	184	} elsif ( $ThisLine =~ /avc:\sgranted\s{\s[^}]+.scontext=([^:]+):[^:]+:\S+\stcontext=([^:]+):[^:]+:\S+\stclass=(\S+)/ ) {
178	185	$grants{$1.' '.$2.' ('.$3 . ')'}++;
179	186	} elsif ($ThisLine =~ /security_compute_sid:\sinvalid context\s(\S+)\sfor\sscontext=(\S+)\stcontext=\S+\stclass=(\S+)/ ) {
180		$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
	187	$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
181	188	} elsif ($ThisLine =~ /security_sid_mls_copy:\sinvalid context\s(\S+)/) {
182		$InvalidContext{"context: ".$1}++;
	189	$InvalidContext{"context: ".$1}++;
183	190	} else {
184	191	$othercount++;
185	192	$ThisLine =~ s/^\s*//;

216	223	print " $key: ". $InvalidContext{$key} . " times\n";
217	224	}
218	225	}
219
220
221
222		if ($NumberOfDStarts+$NumberOfDStartsPid) {
	226
	227
	228
	229	if ($Detail and $NumberOfDStarts+$NumberOfDStartsPid) {
223	230	print "\n Number of audit daemon starts: ",$NumberOfDStarts+$NumberOfDStartsPid," \n";
224	231	}
225	232

227	234	print " starts with pid change: $NumberOfDStartsPid \n"
228	235	}
229	236
230		if ($NumberOfDStops) {
	237	if ($Detail and $NumberOfDStops) {
231	238	print "\n Number of audit daemon stops: $NumberOfDStops \n";
232	239	}
233	240

246	253	print "\n Number of auditd daemon stops: $NumberOfDdStops \n";
247	254	}
248	255	}
249
	256
250	257	if ( %BugLog) {
251	258	print "\n* Logs which could mean a bug *\n";
252	259	foreach my $Entry (keys %BugLog) {

265	272	}
266	273
267	274	exit(0);
	275
	276	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	277	# Local Variables:
	278	# mode: perl
	279	# perl-indent-level: 3
	280	# indent-tabs-mode: nil
	281	# End:

+21

-7

scripts/services/automount less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

34	34	($ThisLine =~ /^expired .*$/) or
35	35	($ThisLine =~ /^lookup$ldap$: got answer, but no first entry for /) or
36	36	($ThisLine =~ /^>>.mount: .$/) or
37		($ThisLine =~ /lookup_read_master: lookup$nisplus$: couldn't locat nis\+ table auto.master/) or
38		($ThisLine =~ /create_(tcp\|udp)_client: hostname lookup failed: (No such process\|Operation not permitted)/) or
	37	($ThisLine =~ /lookup_read_master: lookup$nisplus$: couldn't locate? nis\+ table auto.master/) or
	38	($ThisLine =~ /create_(tcp\|udp)_client: hostname lookup failed: (No such process\|Operation not permitted)/) or
39	39	($ThisLine =~ /lookup_mount: exports lookup failed for .*directory/) or
40	40	($ThisLine =~ /master_do_mount: failed to startup mount/)
41	41	) {

52	52	elsif ($ThisLine =~ /^mount$nfs$: entry (.*) lookup failure$/) {
53	53	$Failed{$1}{'nfsl'}++;
54	54	}
55		elsif (( $ThisLine =~ /^mount$generic$: failed to mount .* on (.*)$/)
	55	elsif (( $ThisLine =~ /^mount$generic$: failed to mount .* on (.*)$/)
56	56	or ( $ThisLine =~ /^handle_mounts: mount on (.*) failed!/)
57	57	) {
58	58	$Failed{$1}{'mnt'}++;

72	72	}
73	73	elsif ( ($ThisMount) = ($ThisLine =~ /^shutting down, path = (.*)$/) ) {
74	74	$StartStop{$ThisMount}{'stop'}++;
	75	}
	76	elsif ( ($Key) = ( $ThisLine =~ /^key "(.*)" not found in map source$s$\.$/) ) {
	77	$KeyNotFound{$Key}++;
75	78	}
76	79	else {
77	80	# Report any unmatched entries...

105	108	}
106	109	}
107	110
	111	if ( ($Detail >= 5) and (keys %KeyNotFound) ) {
	112	print "\nKeys not found:\n";
	113	foreach $Key (keys %KeyNotFound) {
	114	print " $Key: $KeyNotFound{$Key} Time(s)\n";
	115	}
	116	}
	117
108	118	if ( ($Detail >= 10) and (keys %StartStop) ) {
109	119	print "\nStatistics:\n";
110	120	print " Total number of mount attempts: $MountAttempts\n";

120	130	foreach $ThisOne (keys %OtherList) {
121	131	print "$ThisOne: $OtherList{$ThisOne} Time(s)\n";
122	132	}
123		}
124
	133	}
	134
125	135	exit(0);
126	136
127	137	# vi: shiftwidth=3 tabstop=3 syntax=perl et
128
	138	# Local Variables:
	139	# mode: perl
	140	# perl-indent-level: 3
	141	# indent-tabs-mode: nil
	142	# End:

+6

-2

scripts/services/autorpm less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	#Mon Sep 23 16:40:26 EDT 2002 - Uninstalled XXX

65	65	exit 0;
66	66
67	67	# vi: shiftwidth=3 tabstop=3 syntax=perl et
68
	68	# Local Variables:
	69	# mode: perl
	70	# perl-indent-level: 3
	71	# indent-tabs-mode: nil
	72	# End:

+9

-5

scripts/services/barracuda less more

22	22	## Logwatch project reserves the right to not accept such
23	23	## contributions. If you have made significant
24	24	## contributions to this script and want to claim
25		## copyright please contact logwatch-devel@logwatch.org.
	25	## copyright please contact logwatch-devel@lists.sourceforge.net.
26	26	#########################################################
27	27
28	28	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

120	120	{
121	121	if ( ($address, $id, $start_time, $end_time, $type, $info) = ($ThisLine =~ /([^\s]+)\s([^\s]+)\s(\d+)\s(\d+)\s(RECV\|SCAN\|SEND)\s(.*)$/) )
122	122	{
123		($ip) = ($address =~ /\[(.*)\]/);
	123	($ip) = ($address =~ /\[(.*)\]/);
124	124	$time = ($end_time - $start_time);
125	125	if ( $type =~ /RECV/ )
126	126	{

204	204	} else {
205	205	push @OtherList,$ThisLine;
206	206	}
207		} elsif ( $ThisLine =~ /\s[RECV\|SCAN\|SEND]\s/) {
	207	} elsif ( $ThisLine =~ /\s(RECV\|SCAN\|SEND)\s/) {
208	208	push @OtherList,$ThisLine;
209	209	}
210	210	}

326	326	print "\tMaximum : " . $score_max{$action} . "\n";
327	327	}
328	328	}
329
	329
330	330	exit(0);
331	331
332	332	# vi: shiftwidth=3 tabstop=3 syntax=perl et
333
	333	# Local Variables:
	334	# mode: perl
	335	# perl-indent-level: 3
	336	# indent-tabs-mode: nil
	337	# End:

+6

-2

scripts/services/bfd less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	$Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;

66	66	exit(0);
67	67
68	68	# vi: shiftwidth=3 tabstop=3 et
69
	69	# Local Variables:
	70	# mode: perl
	71	# perl-indent-level: 3
	72	# indent-tabs-mode: nil
	73	# End:

+12

-7

scripts/services/cisco less more

38	38	## Logwatch project reserves the right to not accept such
39	39	## contributions. If you have made significant
40	40	## contributions to this script and want to claim
41		## copyright please contact logwatch-devel@logwatch.org.
	41	## copyright please contact logwatch-devel@lists.sourceforge.net.
42	42	#########################################################
43	43
44	44	use Logwatch ':all';

71	71	($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
72	72
73	73	if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or
74		($ThisLine =~ /Copyright/ ) or
75		($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
76		($ThisLine =~ /IOS $tm$/ ) or
	74	($ThisLine =~ /Copyright/ ) or
	75	($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
	76	($ThisLine =~ /IOS $tm$/ ) or
77	77	($ThisLine =~ /Cisco IOS/ ) or
78	78	($ThisLine =~ /Technical Support/ ) or
79	79	($ThisLine =~ /self test passed/ ) or

123	123	} else {
124	124	$count = 0;
125	125	}
126
	126
127	127	$ACL{$accesslist} += $count;
128	128	$ACTION{$action} += $count;
129	129	$packets += $count;

167	167	} else {
168	168	$count = 0;
169	169	}
170
	170
171	171	$ACL{$accesslist} += $count;
172	172	$ACTION{$action} += $count;
173	173	$IPV6_packets += $count;

307	307	$Flapping{$host}{$interface}++;
308	308	}
309	309	elsif ( ($interface) = ($ThisLine =~ /LOGIN_FAIL:User (.*)/) ) {
310		$LoginFail{$host}{$interface}++;
	310	$LoginFail{$host}{$interface}++;
311	311	}
312	312	elsif ( ($interface) = ($ThisLine =~ /RSHPORTATTEMPT: (.*)/) ) {
313	313	$RSHELLFail{$host}{$interface}++;

1253	1253	exit(0);
1254	1254
1255	1255	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	1256	# Local Variables:
	1257	# mode: perl
	1258	# perl-indent-level: 3
	1259	# indent-tabs-mode: nil
	1260	# End:

+1180

-0

scripts/services/citadel less more

	0	###########################################################################
	1	# $Id: citadel,v 1.3 2011/06/30 13:05:28 general Exp $
	2	###########################################################################
	3
	4	###########################################################################
	5	# This was written and is maintained by:
	6	# Stefan Jakobs <logwatch at localside.net>
	7	#
	8	# Please send all comments, suggestions, bug reports,
	9	# etc, to logwatch at localside.net.
	10	###########################################################################
	11	# Copyright (c) 2011 Stefan Jakobs
	12	# Covered under the included MIT/X-Consortium License:
	13	# http://www.opensource.org/licenses/mit-license.php
	14	# Permission is hereby granted, free of charge, to any person obtaining a
	15	# copy of this software and associated documentation files (the "Software"),
	16	# to deal in the Software without restriction, including without limitation
	17	# the rights to use, copy, modify, merge, publish, distribute, sublicense,
	18	# and/or sell copies of the Software, and to permit persons to whom the
	19	# Software is furnished to do so, subject to the following conditions:
	20	#
	21	# The above copyright notice and this permission notice shall be included
	22	# in all copies or substantial portions of the Software.
	23	#
	24	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	25	# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	26	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	27	# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
	28	# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
	29	# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	30	# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	31	###########################################################################
	32
	33	#use warnings;
	34	use strict;
	35
	36	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	37	my $Version = "0.1-20110109";
	38
	39	# initialize logwatch variables
	40	my $ThisLine = "";
	41	my %OtherList = ();
	42
	43	# initialize variables which save the stats
	44	my ($Starts,%Stops,$Reloads);
	45	my (%Warnings);
	46	my (%RSSfeeds);
	47	my (%SMTPclientRelay, %SMTPclientStats, %SMTPclientCMDS);
	48	my (%SMTPclientDelivery, %SMTPclientBounce, %SMTPclientConnect);
	49	my ($SMTPclient_queuerun, $SMTPclient_messages, $SMTPclientBounces) = (0, 0, 0);
	50	my (%SMTPserverStats, %SMTPserverRelay, %SMTPserverCMDS);
	51	my (%SMTPserverHELO, %SMTPserverRCPT, %SMTPserverFROM);
	52	my (%SMTPServerEval, %SMTPserverAuth, %SMTPSSLError);
	53	my ($SMTPserverNumRCPTs) = (0);
	54	my ($serv_extnotify_queuerun) = (0);
	55	my (%Threads);
	56	my (%IMAPCmds, %IMAPexpunge, %IMAPUserLogin);
	57	my ($IMAPCompletedCmds, $IMAPCmdDuration) = (0, 0);
	58	my (%Ctdlcmds, %CtdlCleanup, %Ctdlqp_encode, %CtdlValRcpt, %CtdlMsgCorrupted);
	59	my (%CtdlReplChecks, %CtdlAddContact, %CtdlFileOp);
	60	my ($CtdlMsgDeleted) = (0);
	61	my (@CtdlLogDeleted);
	62	my ($NetProcessingTime, $NetProcessingCount) = (0, 0);
	63	my (%NetStarts, %NetNodes, %NetProc, %NetNoConnect);
	64	my (%WebClientEngine, %WebClientHost, %WebLoginFailure, %WebUserLogin);
	65	my ($SieveMsgID, $SieveName, $SieveStarts);
	66	my (%SieveMsg, %SieveExecute, %SieveProcFor);
	67	my (%POPCmds, %POPClientConnects, %POPErrors);
	68	my ($POPCompletedCmds, $POPClientStarted, $POPClientEnded) = (0, 0, 0);
	69	my (%POPDauth);
	70	my (%SessionStarted);
	71
	72	### Parse the lines ###
	73
	74	while (defined($ThisLine = <STDIN>)) {
	75	chomp($ThisLine);
	76
	77	# ignore general messages
	78	if ( ($ThisLine =~ /^-- db checkpoint --$/) \|\|
	79	($ThisLine =~ /^$/) \|\|
	80	($ThisLine =~ /^This program is distributed under the terms/) \|\|
	81	($ThisLine =~ /^Copyright $C$ [-\d]+ by the Citadel/) \|\|
	82	($ThisLine =~ /^<.*> \d+ new of \d+ total messages$/) \|\|
	83	($ThisLine =~ /^(?:TDAP_)?AdjRefCount msg \d+/)
	84	) {
	85	# ignore these lines
	86	}
	87
	88	### Start, Stop, Reload ###
	89	elsif ($ThisLine =~ /^\\\* Citadel server engine/) {
	90	$Starts++;
	91	}
	92
	93	#TD: citserver: Exiting with status 15
	94	elsif ($ThisLine =~ /^citserver: Exiting with status (\d+)$/) {
	95	$Stops{$1}++;
	96	}
	97
	98
	99	### Thread processing ###
	100	elsif ($ThisLine =~ /^(?:Thread\|Created a new thread\|Garbage Collection for thread)/) {
	101
	102	#TD: Created a new thread "SMTP Send" (0x40504950).
	103	if ($ThisLine =~ /Created a new thread "(.+)" $([x0-9a-fA-F]+)$/) {
	104	$Threads{"created"}{$1}{$2}++;
	105	}
	106
	107	#TD: Thread "SMTP Send" (0x40504950) exited.
	108	#TD: Thread "RSS Client" (0x40605950) exited.
	109	elsif ($ThisLine =~ /^Thread "(.+)" $([x0-9a-fA-F]+)$ exited/) {
	110	$Threads{"exited"}{$1}{$2}++;
	111	}
	112
	113	#TD: Garbage Collection for thread "RSS Client" (0x40605950).
	114	elsif ($ThisLine =~ /^Garbage Collection for thread "(.+)" $([x0-9a-fA-F]+)$/) {
	115	$Threads{"garbage collection"}{$1}{$2}++;
	116	}
	117
	118	else {
	119	# Report any unmatched entries...
	120	chomp($ThisLine);
	121	$OtherList{$ThisLine}++;
	122	}
	123	}
	124
	125	### Sessions ###
	126	elsif ( ($ThisLine =~ /^\[[ \d]+\] Session ended/) \|\|
	127	($ThisLine =~ /^Client disconnected: ending session\.$/) \|\|
	128	($ThisLine =~ /^New client socket \d+$/) \|\|
	129	($ThisLine =~ /^Terminated \d+ idle sessions$/)
	130	) {
	131	# ignore these lines
	132	}
	133	#TD: Session (IMAPS) started from myhost (192.168.36.150)
	134	#TD: Session (citadel-TCP) started from localhost.localdomain (127.0.0.1).
	135	#TD: Session (LMTP) started via local socket UID:101.
	136	elsif ($ThisLine =~ /^Session $([\w-]+)$ started (?:from (\S+) $([\da-fA-F.:]+)$\|via (local socket) (UID:-?\d+))/) {
	137	$SessionStarted{$1}{"$2$4 [$3$5]"}++;
	138	}
	139
	140
	141	### RSS feed processing ###
	142	elsif ( ($ThisLine =~ /^\S+ has already been seen/) \|\|
	143	($ThisLine =~ /^RSS: XML Status \[$null$\]/) \|\|
	144	($ThisLine =~ /^RSS: This is an (?:RSS\|RDF) feed/) \|\|
	145	($ThisLine =~ /^RSS: saving item/) \|\|
	146	($ThisLine =~ /^rssclient (?:started\|ended)/)
	147	) {
	148	# ignore these lines
	149	}
	150
	151	#TD: Fetching RSS feed <http://www.heise.de/open/news/news.rdf>
	152	elsif ($ThisLine =~ /Fetching RSS feed <(\S+)>/) {
	153	$RSSfeeds{$1}++;
	154	}
	155
	156	### serv_something processing ###
	157	elsif ($ThisLine =~ /^serv_extnotify: queue run completed/)
	158	{
	159	# ignore these lines
	160	}
	161
	162	elsif ($ThisLine =~ /^serv_extnotify: processing notify queue/) {
	163	$serv_extnotify_queuerun++;
	164	}
	165
	166
	167	### SMTP Client ###
	168	elsif ( ($ThisLine =~ /^SMTP client: processing outbound queue/) \|\|
	169	($ThisLine =~ /^SMTP client: smtp_do_procmsg$\d+$$/) \|\|
	170	($ThisLine =~ /^SMTP client: Trying <.*>$/) \|\|
	171	($ThisLine =~ /^SMTP client: Attempting delivery to /) \|\|
	172	($ThisLine =~ /^SMTP client: connected!/) \|\|
	173	($ThisLine =~ /Number of MX hosts for /) \|\|
	174	($ThisLine =~ /^<?\d{3} \w/) \|\|
	175	($ThisLine =~ /^smtp_do_bounce called$/) \|\|
	176	($ThisLine =~ /^key=<(?:msgid\|submitted)?> addr=<.> status=\d+ dsn=<.>$/) \|\|
	177	($ThisLine =~ /^Done processing bounces$/)
	178	) {
	179	# ignore these lines
	180	}
	181
	182	#TD: SMTP client: connecting to localhost : 25 ...
	183	elsif ($ThisLine =~ /^SMTP client: connecting to (\S+) : (\d+)/) {
	184	$SMTPclientConnect{"$1:$2"}++;
	185	}
	186
	187	#TD: >EHLO valaskjalf.localside.net
	188	#TD: >MAIL FROM:<stefan@localside.net>
	189	#TD: >QUIT
	190	elsif ($ThisLine =~ /^>([A-Z ]+)(?::<(.+)>)?/) {
	191	$SMTPclientCMDS{$1}{$2}++;
	192	}
	193
	194	#TD: SMTP client: delivery to <useraddr> @ <gmail.com> (user) succeeded
	195	elsif ($ThisLine =~ /SMTP client: delivery to <(.)> @ <(.)> $.*$ (\w+)$/) {
	196	$SMTPclientDelivery{$3}{$2}{$1}++;
	197	}
	198
	199	#TD: 108319: to=<stephencoxmail@gmail.com>, relay=localhost, stat=2.0.0 Ok, id=10168-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2901498D0082
	200	elsif ($ThisLine =~ /^\d+: to=<(.)>, relay=(\S), stat=([\d\.]{3,5}.*?),/) {
	201	if ($2 != "") { $SMTPclientRelay{$2}{$1}++; }
	202	$SMTPclientStats{$3}++;
	203	}
	204
	205	#TD: key=<bounceto> addr=<Stefan@valaskjalf> status=0 dsn=<>
	206	elsif ($ThisLine =~ /^key=<bounceto> addr=<(.)> status=(\d+) dsn=<(.)>$/) {
	207	$SMTPclientBounce{$1}{"$2: $3"}++;
	208	}
	209
	210	#TD: num_bounces = 0
	211	elsif ($ThisLine =~ /^num_bounces = (\d+)$/) {
	212	$SMTPclientBounces += $1;
	213	}
	214
	215	elsif ($ThisLine =~ /^SMTP client: queue run completed; \d+ messages processed/) {
	216	$SMTPclient_queuerun++;
	217	$SMTPclient_messages++;
	218	}
	219
	220	### SMTP Server ###
	221	elsif ( ($ThisLine =~ /^Directory key is <.*>$/) \|\|
	222	($ThisLine =~ /is being forwarded to/) \|\|
	223	($ThisLine =~ /^[:\[] get \S*\]?$/) \|\|
	224	($ThisLine =~ /^<\d{3}[ -]\w+/) \|\|
	225	($ThisLine =~ /^SSL\/TLS using /) \|\|
	226	($ThisLine =~ /Ending SSL\/TLS$/) \|\|
	227	($ThisLine =~ /^(?:Performing\|Finished) SMTP cleanup hook$/) \|\|
	228	($ThisLine =~ /^sending \d+ [A-Z]+ for the room/) # this belongs to validate_recipients()
	229	) {
	230	# ignore these lines
	231	}
	232
	233	elsif ($ThisLine =~ /^SMTP server:/) {
	234
	235	#TD: SMTP server: LHLO vs243073.vserver.de
	236	if ($ThisLine =~ /^SMTP server: (?:LHLO\|HELO\|EHLO) (\S+)/) {
	237	$SMTPserverHELO{$1}++;
	238	}
	239
	240	#TD: SMTP server: RCPT TO:<room_spamassassin-user@localside.net>
	241	elsif ($ThisLine =~ /^SMTP server: RCPT TO:<(.+)>$/) {
	242	$SMTPserverRCPT{$1}++;
	243	}
	244
	245	#TD: SMTP server: MAIL FROM:<users@spamassassin.apache.org> SIZE=2982 BODY=7BIT
	246	elsif ($ThisLine =~ /^SMTP server: MAIL FROM:<(.+)> SIZE=(\d+)(?: BODY=(.*))?$/) {
	247	my $body = "no BODY";
	248	if ($3 != "") { $body = $3; }
	249	$SMTPserverFROM{$1}{$body}{$2}++;
	250	}
	251
	252	#TD: SMTP server: DATA
	253	elsif ($ThisLine =~ /^SMTP server: (DATA\|QUIT\|STARTTLS\|AUTH PLAIN)/) {
	254	$SMTPserverCMDS{$1}++;
	255	}
	256
	257	else {
	258	# Report any unmatched entries...
	259	chomp($ThisLine);
	260	$OtherList{$ThisLine}++;
	261	}
	262	}
	263
	264	#TD: SMTP authenticated Stefan
	265	elsif ($ThisLine =~ /^SMTP authenticated (.*)$/) {
	266	$SMTPserverAuth{$1}++;
	267	}
	268
	269	#TD: 108347: from=<postfix@postfix.org>, nrcpts=1, relay= [], stat=250 Message accepted
	270	elsif ($ThisLine =~ /^\d+: from=<(.)>, nrcpts=(\d+), relay=(.) \[(\S)\], stat=(\d{3}.)\.$/) {
	271	$SMTPserverNumRCPTs += $2;
	272	if ($4 != "") { $SMTPserverRelay{"$4 ($3)"}{$1}++; }
	273	$SMTPserverStats{$5}++;
	274	}
	275
	276	#TD: Evaluating recipient #0: stefan@localside.net
	277	elsif ($ThisLine =~ /^Evaluating recipient #\d+: (\S+)$/) {
	278	$SMTPServerEval{$1}++;
	279	}
	280
	281	#TD: SSL_read got error 5
	282	elsif ($ThisLine =~ /^SSL_(\S+) got error (\d+)$/) {
	283	$SMTPSSLError{$1}{$2}++;
	284	}
	285
	286	### IMAP processing ###
	287	elsif ( ($ThisLine =~ /^\(That translates to/) \|\|
	288	($ThisLine =~ /^imap_do_expunge called/) \|\|
	289	($ThisLine =~ /^Section is: \[$empty$\]/) \|\|
	290	($ThisLine =~ /^[\w ]+ already exists\.$/) \|\|
	291	($ThisLine =~ /^(?:before\| after) update:/) \|\|
	292	($ThisLine =~ /^(?:Performing\|Finished) IMAP cleanup hook$/) \|\|
	293	($ThisLine =~ /^Converting CRLF to LF$/)
	294	) {
	295	# ignore these lines
	296	}
	297
	298	elsif ($ThisLine =~ /^IMAP/) {
	299
	300	if ( ($ThisLine =~ /^IMAP: <plain_auth>$/)
	301	) {
	302	# ignore these lines
	303	}
	304	# improve: IMAPCmdDuration per Command.
	305	#TD: IMAP command completed in 0.1437 seconds
	306	elsif ($ThisLine =~ /^IMAP command completed in (\d+\.\d+) seconds/)
	307	{
	308	$IMAPCompletedCmds++;
	309	$IMAPCmdDuration += $1;
	310	}
	311
	312	#TD: IMAP: 10117 NOOP
	313	#TD: IMAP: 10120 LIST "" "Server Level/%"
	314	#TD: IMAP: a003 LOGOUT
	315	elsif ($ThisLine =~ /^IMAP: a?\d+ ([A-Z ]+)/) {
	316	$IMAPCmds{$1}++;
	317	}
	318
	319	#TD: IMAP: LOGIN...
	320	elsif ($ThisLine =~ /^IMAP: (LOGIN)/) {
	321	$IMAPCmds{$1}++;
	322	}
	323
	324	else {
	325	# Report any unmatched entries...
	326	chomp($ThisLine);
	327	$OtherList{$ThisLine}++;
	328	}
	329	}
	330
	331	#TD: <Stefan> logged in
	332	elsif ($ThisLine =~ /<(.+)> logged in$/) {
	333	$IMAPUserLogin{$1}++;
	334	}
	335
	336	#TD: Expunged 0 messages from <SpamAssassin-user>
	337	elsif ($ThisLine =~ /^Expunged (\d+) messages from <(.+)>/) {
	338	if ($1 > 0) { $IMAPexpunge{$2} += $1; }
	339	}
	340
	341	### Citadel internal processing ###
	342	elsif ( ($ThisLine =~ /^Selected room/) \|\|
	343	($ThisLine =~ /^Performing before-save hooks$/) \|\|
	344	($ThisLine =~ /^Saving to disk$/) \|\|
	345	($ThisLine =~ /^Creating MetaData record$/) \|\|
	346	($ThisLine =~ /^Storing pointers$/) \|\|
	347	($ThisLine =~ /^Updating user$/) \|\|
	348	($ThisLine =~ /^\d+ unique messages to be merged$/) \|\|
	349	($ThisLine =~ /^Performing room hooks for <.+>$/) \|\|
	350	($ThisLine =~ /^Performing after-save hooks$/) \|\|
	351	($ThisLine =~ /^Wordbreaking message \d+/) \|\|
	352	($ThisLine =~ /^Purge use table: /) \|\|
	353	($ThisLine =~ /^Purge (?:euid\|EUID) index: /) \|\|
	354	($ThisLine =~ /^Changed to <.*>$/) \|\|
	355	($ThisLine =~ /^do_fulltext_indexing/) \|\|
	356	($ThisLine =~ /^Indexed \d+ of \d+ messages/) \|\|
	357	($ThisLine =~ /^ft_index_message (?:adding\|removing) msg/) \|\|
	358	($ThisLine =~ /^fixed_output(?:_pre\|_post)? (?:part\|type)/) \|\|
	359	($ThisLine =~ /^Skipping part \d+/) \|\|
	360	($ThisLine =~ /^Indexing message \d+ \[\d+ tokens\]/) \|\|
	361	($ThisLine =~ /^Indexing message #\d+ <.*>/) \|\|
	362	($ThisLine =~ /^Flush(?:ing\|ed) index cache to disk/) \|\|
	363	($ThisLine =~ /^Delivering to room <.*>$/) \|\|
	364	($ThisLine =~ /^Returning to original room/) \|\|
	365	($ThisLine =~ /^User \d+ maps to/) \|\|
	366	($ThisLine =~ /^Auto-purger: (?:starting\|finished)/) \|\|
	367	($ThisLine =~ /^Delivering private local mail to <.*>$/) \|\|
	368	($ThisLine =~ /^Final selection: /) \|\|
	369	($ThisLine =~ /^Processed \d+ message reference count adjustments/) \|\|
	370	($ThisLine =~ /^Generating delivery instructions$/)
	371	) {
	372	# ignore these lines
	373	}
	374
	375	#TD: validate_recipients()
	376	#TD: local: 1 <Stefan>
	377	#TD: room: 0 <>
	378	#TD: inet: 0 <>
	379	#TD: ignet: 0 <>
	380	#TD: error: -1 <No recipient specified>
	381	elsif ($ThisLine =~ /^(validate_recipients)$/) {
	382	$Ctdlcmds{$1}++;
	383	}
	384
	385	elsif ($ThisLine =~ /^\s{1,2}(local\|room\|inet\|ignet\|error): -?(\d+) <(.*)>$/) {
	386	if ($2 > 0) { $CtdlValRcpt{$1}{$3} += $2; }
	387	}
	388
	389	#TD: Deleting message <103425>
	390	elsif ($ThisLine =~ /Deleting message <(\d+)>$/) {
	391	$CtdlMsgDeleted++;
	392	}
	393	#TD: 7 message(s) deleted.
	394	elsif ($ThisLine =~ /(\d+) message$s$ deleted\.$/) { # This belongs to CtdlDeleteMessages
	395	if ($1 > 0) { $CtdlMsgDeleted += $1; }
	396	}
	397
	398	#TD: Expired 147 messages.
	399	#TD: Expired 0 rooms.
	400	#TD: Purged 0 visits.
	401	elsif ($ThisLine =~ /^(Expired\|Purged) (\d+) (messages\|rooms\|visits\|users\|entries from the EUID index\|stale OpenID associations\|entries from the use table)/) {
	402	$CtdlCleanup{$1}{$3} += $2;
	403	}
	404
	405	#TD: Deleting log: /var/lib/citadel/data/log.0000004270
	406	elsif ($ThisLine =~ /Deleting log: (.*)$/) {
	407	push(@CtdlLogDeleted, $1);
	408	}
	409
	410	#TD: PurgeMessages() called
	411	elsif ($ThisLine =~ /(Purge(?:Messages\|Rooms\|Users)) called$/) {
	412	$Ctdlcmds{$1}++;
	413	}
	414
	415	#TD: qp_encode_email_addrs: [postfix-users@postfix.org]
	416	elsif ($ThisLine =~ /qp_encode_email_addrs: \[(.+)\]$/) {
	417	$Ctdlqp_encode{$1}++;
	418	}
	419
	420	#TD: Message 0 appears to be corrupted
	421	elsif ($ThisLine =~ /Message (\d+) appears to be corrupted/) {
	422	$CtdlMsgCorrupted{$1}++;
	423	}
	424
	425	#TD: Performing replication checks in <0000000007.Contacts>
	426	elsif ($ThisLine =~ /Performing replication checks in <(\d+)\.(.+)>$/) {
	427	$CtdlReplChecks{$1}{$2}++;
	428	}
	429
	430	#TD: Adding contact: "Full Name" <user@example.com>
	431	elsif ($ThisLine =~ /Adding contact: (.*)$/) {
	432	$CtdlAddContact{$1}++;
	433	}
	434
	435	elsif ($ThisLine =~ /^Ctdl/) {
	436
	437	if ($ThisLine =~ /^$/)
	438	{
	439	# ignore these lines
	440	}
	441
	442	# ToDo: This can be done better
	443	#TD: CtdlFetchMessage(108265, 1)
	444	#TD: CtdlOutputPreLoadedMsg(TheMessage=not null, 1, 0, 0, 1
	445	#TD: CtdlDeleteMessages(SpamAssassin-user, 1 msgs, )
	446	elsif ($ThisLine =~ /^Ctdl(\w+)\(/) {
	447	$Ctdlcmds{$1}++;
	448	}
	449
	450	}
	451
	452	#TD: chmod(/srv/citadel/data//cdb.03, 0600) returned 0
	453	#TD: chown(/var/lib/citadel/data//cdb.08, CTDLUID, -1) returned 0
	454	elsif ($ThisLine =~ /^(chown\|chmod)$(.*), [A-Z0-9]+(?:, -?\d+)?$ returned (\d+)/) {
	455	$CtdlFileOp{$1}{$2}++;
	456	}
	457
	458	### IGnet Networking ###
	459	elsif ( ($ThisLine =~ /^network: (?:running\|loading) outbound queue$/) \|\|
	460	($ThisLine =~ /^network: nothing in inbound queue/) \|\|
	461	($ThisLine =~ /^network: queue run completed/) \|\|
	462	($ThisLine =~ /^>[0-9]{3} \w+ (?:Citadel\|as network)/) \|\|
	463	($ThisLine =~ /^nttlist=</)
	464	) {
	465	# ignore these lines
	466	}
	467
	468	#TD: Networking started for <0000000007.Mail>
	469	elsif ($ThisLine =~ /^Networking started for <(.+)>$/) {
	470	$NetStarts{$1}++;
	471	}
	472
	473	#TD: Network full processing in 1021 seconds.
	474	elsif ($ThisLine =~ /^Network full processing in (\d+) seconds/) {
	475	$NetProcessingCount++;
	476	$NetProcessingTime += $1;
	477	}
	478
	479	#TD: Network node <valaskjalf> logged in from example.com [10.0.0.1]
	480	elsif ($ThisLine =~ /^Network node <(.+)> logged in from (.*)/) {
	481	$NetNodes{"Logins from"}{$1}{$2}++;
	482	}
	483
	484	#TD: Connecting to <valaskjalf> at example.com:504
	485	elsif ($ThisLine =~ /^Connecting to <(.+)> at (.*)/) {
	486	$NetNodes{"Connects to"}{$1}{$2}++;
	487	}
	488
	489	#TD: Sent 0 octets to <valaskjalf>
	490	elsif ($ThisLine =~ /^Sent (\d+) octets to <(.+)>/) {
	491	$NetNodes{"Sent"}{"Octets from"}{$2} += $1;
	492	}
	493
	494	#TD: Can't connect to example.com:504: Connection timed out
	495	elsif ($ThisLine =~ /^Can't connect to (.+): (.+)$/) {
	496	$NetNoConnect{"Can't connect to"}{$1}{$2}++;
	497	}
	498
	499	#TD: Can't get example.com host entry: Connection timed out
	500	elsif ($ThisLine =~ /^Can't get (.+) host entry: (.+)$/) {
	501	$NetNoConnect{"Can't get host entry"}{$1}{$2}++;
	502	}
	503
	504	#TD: network: processing 0 bytes from /var/spool/citadel/network/spoolin//genux.0e73.012a
	505	elsif ($ThisLine =~ /^network: processing (\d+) bytes from \/\S+\/spool\/citadel\/network\/(\S+)\/(\w+)\.[\.0-9a-f]{9}$/) {
	506	$NetProc{$2}{$3} += $1
	507	}
	508
	509	### web access ###
	510	elsif ( ($ThisLine =~ /^New client socket \d+/) \|\|
	511	($ThisLine =~ /^Closing socket -?\d+/) \|\|
	512	($ThisLine =~ /^Checking whether [0-9a-fA-F:.]+ is a local or public client/) \|\|
	513	($ThisLine =~ /^\.\.\. yes it is/) \|\|
	514	($ThisLine =~ /^Looking up hostname '/) \|\|
	515	($ThisLine =~ /^Client \d\/\d\/[\d.]+ $.*$/) \|\|
	516	($ThisLine =~ /^<password command hidden from log>$/) \|\|
	517	($ThisLine =~ /^cmd_user$\S+$$/) \|\|
	518	($ThisLine =~ /^username: /) \|\|
	519	($ThisLine =~ /^Setting chosen part: <[\.\d]+>$/) \|\|
	520	# ToDo: these are commands from webcit, count them ??
	521	($ThisLine =~ /^(?:ICAL\|INFO\|MSGP\|QUIT\|GOTO\|MSGS\|MSG\d\|EUID\|MESG\|CHEK\|READ\|OPEN\|SEEN\|NOOP\|DLAT\|RDIR\|MOVE\|OIMG\|NDOP\|NETP\|GTSN\|LKR[AN]\|LFLR\|RWHO\|CLOS\|UCLS\|SLRP\|TIME\|NUOP\|RINF)/) \|\|
	522	($ThisLine =~ /^Done with RemoveContext/) \|\|
	523	($ThisLine =~ /^RemoveContext session/) \|\|
	524	($ThisLine =~ /^Purging session \d+/) \|\|
	525	($ThisLine =~ /^Searching for EUID/) \|\|
	526	($ThisLine =~ /^returning msgnum = -?\d+/)
	527	) {
	528	# ignore these lines
	529	}
	530
	531	elsif ($ThisLine =~ /^IDEN \d\\|\d\\|\d+\\|(.)\\|(.)/) {
	532	$WebClientEngine{$1}++;
	533	$WebClientHost{$2}++;
	534	}
	535
	536	#TD: Bad password specified for <Stefan>
	537	elsif ($ThisLine =~ /^Bad password specified for <(.*)>$/) {
	538	$WebLoginFailure{$1}++;
	539	}
	540
	541	#TD: USER stefan
	542	elsif ($ThisLine =~ /^USER (\S+)$/) {
	543	$WebUserLogin{$1}++;
	544	}
	545
	546	### XMPP ###
	547	elsif ( ($ThisLine =~ /^xmpp_queue_event/)
	548	) {
	549	# ignore these lines
	550	}
	551
	552	### Sieve processing ###
	553	elsif ( ($ThisLine =~ /^Calling sieve2_execute/) \|\|
	554	($ThisLine =~ /^ctdl_getscript is using script/) \|\|
	555	($ThisLine =~ /^ctdl_getheaders was called$/) \|\|
	556	($ThisLine =~ /^<.*> queued for Sieve processing$/)
	557	) {
	558	# ignore these lines
	559	}
	560
	561	#TD: Begin Sieve processing
	562	elsif ($ThisLine =~ /^Begin Sieve processing$/) {
	563	$SieveStarts++;
	564	}
	565
	566	#TD: Rules found. Performing Sieve processing for <0000000007.Mail>
	567	elsif ($ThisLine =~ /^Rules found. Performing Sieve processing for <(\d+)\.(\S+)>$/ ) {
	568	$SieveProcFor{$1}{$2}++
	569	}
	570
	571	#TD: sieve2_execute() returned 11: Sieve Error: header could not be parsed
	572	elsif ($ThisLine =~ /^sieve2_execute returned \d+: (.+)$/) {
	573	$SieveExecute{$1}++;
	574	}
	575
	576	#TD: Performing sieve processing on msg <108269>
	577	elsif ($ThisLine =~ /^Performing sieve processing on msg <(\d+)>$/) {
	578	$SieveMsgID = $1;
	579	}
	580
	581	#TD: Completed sieve processing on msg <108269>
	582	elsif ($ThisLine =~ /^Completed sieve processing on msg <\d+>$/) {
	583	undef $SieveMsgID;
	584	}
	585
	586	elsif ($ThisLine =~ /^Sieve: /) {
	587
	588	if ( ($ThisLine =~ /^Sieve: Prepending a new headerlist and header struct$/) \|\|
	589	($ThisLine =~ /^Sieve: (?:Begin\|body:\|header:) (?:NAME\|TEXT\|WRAP)/) \|\|
	590	($ThisLine =~ /^Sieve: (?:body: body )?WRAP: /) \|\|
	591	($ThisLine =~ /^Sieve: Entering name and body into header struct/) \|\|
	592	($ThisLine =~ /^Sieve: Prepending a new headerlist and header struct/) \|\|
	593	($ThisLine =~ /^Sieve: starting into libsieve_eval$/) \|\|
	594	($ThisLine =~ /^Sieve: the commandlist type is \[\d+\]$/) \|\|
	595	($ThisLine =~ /^Sieve: top of the eval loop$/) \|\|
	596	($ThisLine =~ /^Sieve: Doing a header comparison$/) \|\|
	597	($ThisLine =~ /^Sieve: Header parse error, returning null$/) \|\|
	598	($ThisLine =~ /^Sieve: Relation is \[\d+\]$/) \|\|
	599	($ThisLine =~ /^Sieve: the commandlist is null$/) \|\|
	600	($ThisLine =~ /^Sieve: Eat some whitespace and return COLON, forget TEXT$/) \|\|
	601	($ThisLine =~ /^Sieve: Doing a fileinto$/) \|\|
	602	($ThisLine =~ /^Sieve: Testing \[Yes\] \[\d+\] \[NO\]/)
	603	) {
	604	# ignore these lines
	605	}
	606
	607	#TD: Sieve: NAME: Content-type
	608	elsif ($ThisLine =~ /^Sieve: NAME: (\S+)/) {
	609	$SieveName = $1;
	610	}
	611	#TD: Sieve: TEXT: WebCit 7.85
	612	elsif ($ThisLine =~ /^Sieve: TEXT: (.*)$/) {
	613	$SieveMsg{$SieveMsgID}{"Items"}{$SieveName} = $1;
	614	}
	615	#TD: Sieve: Asking for header [X-Spam-Flag]
	616	elsif ($ThisLine =~ /^Sieve: Asking for header \[(\S+)\]$/) {
	617	$SieveMsg{$SieveMsgID}{"Checks"}{$1}++;
	618	}
	619	#TD: Sieve: test HEADER comparing [room_Citadel@uncensored.citadel.org] with [stefan.jakobs@gmx.de]
	620	elsif ($ThisLine =~ /^Sieve: test HEADER comparing (\[.+\]) with (\[.+\])$/) {
	621	$SieveMsg{$SieveMsgID}{"Header tests"}{$1} = $2;
	622	}
	623	#TD: Sieve: Header parse error on line 56: syntax error, unexpected NAME, expecting COLON
	624	elsif ($ThisLine =~ /^Sieve: Header parse error on (.+)$/) {
	625	$SieveMsg{$SieveMsgID}{"Header parse error"}{$1}++;
	626	}
	627
	628	else {
	629	# Report any unmatched entries...
	630	chomp($ThisLine);
	631	$OtherList{$ThisLine}++;
	632	}
	633	}
	634
	635	#TD: Action is FILEINTO, destination is <Citadel Support>
	636	elsif ($ThisLine =~ /^Action is ([A-Z]+), destination is <(.+)>$/) {
	637	$SieveMsg{$SieveMsgID}{"Action"}{$1} = $2;
	638	}
	639
	640	#TD: keep is 0 -- deleting message from inbox
	641	elsif ($ThisLine =~ /^keep is 0 -- deleting message from (.*)/) {
	642	$SieveMsg{$SieveMsgID}{"deleting from"}{$1}++;
	643	}
	644
	645	### POP3 server ###
	646	elsif ( ($ThisLine =~ /^$/)
	647	) {
	648	# ignore these lines
	649	}
	650
	651	#TD: POP3 authenticated stefan
	652	elsif ($ThisLine =~ /^POP3 authenticated (.+)$/) {
	653	$POPDauth{$1}++;
	654	}
	655
	656	### POP3 client ###
	657	elsif ( ($ThisLine =~ /^>\d+ \d+$/) \|\|
	658	($ThisLine =~ /^>\+OK(?: \d+\| POP server ready\| mailbox)?/) \|\|
	659	($ThisLine =~ /^>\.$/) \|\|
	660	($ThisLine =~ /^Converting message/) \|\|
	661	($ThisLine =~ /^Converted to <\S*>/) \|\|
	662	($ThisLine =~ /^POP3: .* <password>$/) \|\|
	663	($ThisLine =~ /^Could not connect:/) \|\|
	664	($ThisLine =~ /^Connected!$/)
	665	) {
	666	# ignore these lines
	667	}
	668
	669	#TD: pop3client started
	670	elsif ($ThisLine =~ /^pop3client started$/) {
	671	$POPClientStarted++;
	672	}
	673
	674	#TD: pop3client started
	675	elsif ($ThisLine =~ /^pop3client ended$/) {
	676	$POPClientEnded++;
	677	}
	678
	679	#TD: Connecting to <pop3.web.de>
	680	elsif ($ThisLine =~ /^Connecting to <(\S+)>$/) {
	681	$POPClientConnects{$1}++;
	682	}
	683
	684	elsif ($ThisLine =~ /^<([A-Z]+)/) {
	685	$POPCompletedCmds++;
	686	$POPCmds{$1}++;
	687	}
	688
	689	elsif ($ThisLine =~ /^>-ERR (.*)$/) {
	690	$POPErrors{$1}++;
	691	}
	692
	693
	694	else {
	695	# Report any unmatched entries...
	696	chomp($ThisLine);
	697	$OtherList{$ThisLine}++;
	698	}
	699
	700	}
	701
	702	### generate the output ###
	703
	704	# \t = 8 chars
	705	# %-56s: %5i Time(s)
	706
	707	if ($Starts) {
	708	printf "\n%-47s: %5i Time(s)", "Citadel started", $Starts;
	709	}
	710
	711	if (keys %Stops) {
	712	print "\nCitadel exited with:";
	713	foreach my $status (sort {$a > $b} keys %Stops) {
	714	printf "\n Status %2i\t\t\t\t\t: %5i Time(s)", $status, $Stops{$status};
	715	}
	716	}
	717
	718	if ($Reloads) {
	719	printf "\nCitadel reloaded:\t\t%5i Time(s)", $Reloads;
	720	}
	721	if ($Starts or keys %Stops or $Reloads) { print "\n"; }
	722
	723	if (keys %Threads) {
	724	print "\nTHREADS:";
	725	print "\n--------";
	726	foreach my $action (sort {$a cmp $b} keys %Threads) {
	727	printf "\n %s", $action;
	728	foreach my $thread (sort {$a cmp $b} keys %{$Threads{$action}}) {
	729	printf "\n %-50s", $thread;
	730	my $sum = 0;
	731	foreach my $nr (sort {$a cmp $b} keys %{$Threads{$action}{$thread}}) {
	732	if ($Detail >= 10) {
	733	printf "\n\t%-40s: %5i Time(s)", $nr, $Threads{$action}{$thread}{$nr};
	734	} else { $sum += $Threads{$action}{$thread}{$nr} };
	735	}
	736	if ($Detail < 10 ) {
	737	printf ": %5i Time(s)", $sum;
	738	}
	739	}
	740	}
	741	print "\n\n";
	742	}
	743
	744	if (keys %RSSfeeds) {
	745	print " RSS feeds fetched:\n";
	746	foreach my $feed (sort {$a cmp $b} keys %RSSfeeds) {
	747	printf "\t%-48s: %5i Time(s)\n", $feed, $RSSfeeds{$feed};
	748	}
	749	print "\n";
	750	}
	751
	752	if (keys %SessionStarted) {
	753	print "SESSIONS:\n";
	754	print "---------\n";
	755	foreach my $session (sort {$a cmp $b} keys %SessionStarted) {
	756	printf " %-11s started from:\n", $session;
	757	foreach my $addr (sort {$a cmp $b} keys %{$SessionStarted{$session}}) {
	758	printf " %-50s: %5i Time(s)\n", $addr, $SessionStarted{$session}{$addr};
	759	# foreach my $nr (sort {$a cmp $b} keys %{$Threads{$action}{$thread}}) {
	760	# printf "\t\t%-40s: %5i Time(s)\n", $nr, $Threads{$action}{$thread}{$nr};
	761	# }
	762	}
	763	}
	764	print "\n";
	765	}
	766
	767	if (keys %SMTPserverHELO or keys %SMTPServerEval) {
	768	print "SMPT server:\n";
	769	print "------------\n";
	770	print " Connects from:\n";
	771	foreach my $helo (sort {$a cmp $b} keys %SMTPserverHELO) {
	772	printf "\t%-48s: %5i Time(s)\n", $helo, $SMTPserverHELO{$helo};
	773	}
	774	print " Messages from: \n";
	775	foreach my $from (sort {$a cmp $b} keys %SMTPserverFROM) {
	776	my $sum = 0;
	777	if ($Detail > 0) { printf "\t%s\n", $from; }
	778	foreach my $code (sort {$a cmp $b} keys %{$SMTPserverFROM{$from}}) {
	779	if ($Detail > 0) { printf "\t %s\n", $code; }
	780	foreach my $size (sort {$a cmp $b} keys %{$SMTPserverFROM{$from}{$code}}) {
	781	if ($Detail > 0) {
	782	printf "\t\t%-40i: %5i Time(s)\n", $size, $SMTPserverFROM{$from}{$code}{$size};
	783	} else {
	784	$sum += $SMTPserverFROM{$from}{$code}{$size};
	785	}
	786	}
	787	}
	788	if ($Detail == 0) { printf "\t%-48s: %5i Time(s)\n", $from, $sum; }
	789	}
	790	print " Recipients to: \n";
	791	foreach my $rcpt (sort {$a cmp $b} keys %SMTPserverRCPT) {
	792	printf "\t%-48s: %5i Time(s)\n", $rcpt, $SMTPserverRCPT{$rcpt};
	793	}
	794	print " Other Commands:\n";
	795	foreach my $cmd (sort {$a cmp $b} keys %SMTPserverCMDS) {
	796	printf "\t%-48s: %5i Time(s)\n", $cmd, $SMTPserverCMDS{$cmd};
	797	}
	798	print "\n";
	799	printf " %-53s: %5i\n", "Number of recipients in total", $SMTPserverNumRCPTs;
	800	print "\n";
	801	if (keys %SMTPserverRelay) {
	802	print " Messages relayed:\n";
	803	foreach my $relay (sort {$a cmp $b} keys %SMTPserverRelay) {
	804	printf " %-50s\n", $relay;
	805	foreach my $rcpt (sort {$a cmp $b} keys %{$SMTPserverRelay{$relay}}) {
	806	printf "\t%-48s: %5i\n", $rcpt, $SMTPserverRelay{$relay}{$rcpt};
	807	}
	808	}
	809	}
	810	if (keys %SMTPserverStats) {
	811	print " Message status:\n";
	812	foreach my $stat (sort {$a cmp $b} keys %SMTPserverStats) {
	813	printf "\t%-48s: %5i Time(s)\n", $stat, $SMTPserverStats{$stat};
	814	}
	815	}
	816	if (keys %SMTPServerEval) {
	817	print " Recipient verification:\n";
	818	foreach my $rcpt (sort {$a cmp $b} keys %SMTPServerEval) {
	819	printf "\t%-48s: %5i Time(s)\n", $rcpt, $SMTPServerEval{$rcpt};
	820	}
	821	}
	822	if (keys %SMTPserverAuth) {
	823	print " User authenticated:\n";
	824	foreach my $user (sort {$a cmp $b} keys %SMTPserverAuth) {
	825	printf "\t%-48s: %5i Time(s)\n", $user, $SMTPserverAuth{$user};
	826	}
	827	}
	828	if (keys %SMTPSSLError) {
	829	print " SSL Errors:\n";
	830	foreach my $state (sort {$a cmp $b} keys %SMTPSSLError) {
	831	printf "\t%-48s\n", $state;
	832	foreach my $nr (sort {$a cmp $b} keys %{$SMTPSSLError{$state}}) {
	833	printf "\t %-45s: %5i Time(s)\n", $nr, $SMTPSSLError{$state}{$nr};
	834	}
	835	}
	836	}
	837	print "\n";
	838	}
	839
	840	if ($SMTPclient_queuerun or $SMTPclient_messages or
	841	keys %SMTPclientCMDS or keys %SMTPclientDelivery) {
	842	print "SMTP client:\n";
	843	print "------------\n";
	844	printf " %-53s: %5i\n", "queue runs", $SMTPclient_queuerun;
	845	printf " %-53s: %5i\n", "messages processed", $SMTPclient_messages;
	846	print "\n";
	847	print " Client connected to:\n";
	848	foreach my $host (sort {$a cmp $b} keys %SMTPclientConnect) {
	849	printf " %-50s: %5i Time(s)\n", $host, $SMTPclientConnect{$host};
	850	}
	851	if (keys %SMTPclientDelivery) {
	852	print " Message delivery:\n";
	853	foreach my $status (sort {$a cmp $b} keys %SMTPclientDelivery) {
	854	printf " %-50s: %5i Time(s)\n", $status, scalar keys %{$SMTPclientDelivery{$status}};
	855	foreach my $domain (sort {$a cmp $b} keys %{$SMTPclientDelivery{$status}}) {
	856	printf "\t%-48s: %5i Time(s)\n", $domain, scalar keys %{$SMTPclientDelivery{$status}{$domain}};
	857	foreach my $user (sort {$a cmp $b} keys %{$SMTPclientDelivery{$status}{$domain}}) {
	858	printf "\t %-46s: %5i Time(s)\n", $user, $SMTPclientDelivery{$status}{$domain}{$user};
	859	}
	860	}
	861	}
	862	}
	863	print " Commands send:\n";
	864	foreach my $cmd (sort {$a cmp $b} keys %SMTPclientCMDS) {
	865	printf " %-50s: %5i\n", $cmd, scalar keys %{$SMTPclientCMDS{$cmd}};
	866	foreach my $addr (sort {$a cmp $b} keys %{$SMTPclientCMDS{$cmd}}) {
	867	if ($addr != "") { printf "\t%-48s: %5i\n"; $addr, $SMTPclientCMDS{$cmd}{$addr}; }
	868	}
	869	}
	870	if (keys %SMTPclientRelay) {
	871	print " Messages relayed:\n";
	872	foreach my $relay (sort {$a cmp $b} keys %SMTPclientRelay) {
	873	printf " %-50s\n", $relay;
	874	foreach my $rcpt (sort {$a cmp $b} keys %{$SMTPclientRelay{$relay}}) {
	875	printf "\t%-48s: %5i\n", $rcpt, $SMTPclientRelay{$relay}{$rcpt};
	876	}
	877	}
	878	}
	879	if (keys %SMTPclientStats) {
	880	print " Message status:\n";
	881	foreach my $stat (sort {$a cmp $b} keys %SMTPclientStats) {
	882	printf "\t%-48s: %5i Time(s)\n", $stat, $SMTPclientStats{$stat};
	883	}
	884	}
	885	if ($SMTPclientBounces) {
	886	printf " %-53s: %5i\n", "Messaged bounced", $SMTPclientBounces;
	887	foreach my $bounce (sort {$a cmp $b} keys %SMTPclientBounce) {
	888	printf " %-50s: %5i Time(s)\n", $bounce, scalar keys %{$SMTPclientBounce{$bounce}};
	889	foreach my $status (sort {$a cmp $b} keys %{$SMTPclientBounce{$bounce}}) {
	890	printf "\t%-48s: %5i Time(s)\n", $status, $SMTPclientBounce{$bounce}{$status};
	891	}
	892	}
	893	}
	894	print "\n";
	895	}
	896
	897	if (keys %IMAPCmds or keys %IMAPexpunge or keys %IMAPUserLogin) {
	898	print "IMAP processing:\n";
	899	print "----------------\n";
	900	if (keys %IMAPUserLogin) {
	901	print "Users logged in:\n";
	902	foreach my $user (sort {$a cmp $b} keys %IMAPUserLogin) {
	903	printf "\t%-48s: %5i Time(s)\n", $user, $IMAPUserLogin{$user};
	904	}
	905	}
	906	if ($IMAPCompletedCmds > 0) {
	907	printf " %-53s: %5i\n", "IMAP commands processed", $IMAPCompletedCmds;
	908	foreach my $cmd (sort {$a cmp $b} keys %IMAPCmds) {
	909	printf "\t%-48s: %5i Time(s)\n", $cmd, $IMAPCmds{$cmd};
	910	}
	911	printf " %-53s: %5.3f sec\n", "avg time per IMAP command", $IMAPCmdDuration/$IMAPCompletedCmds;
	912	}
	913	if (keys %IMAPexpunge) {
	914	printf "\n Messages expunged from:\n";
	915	foreach my $msg (sort {$a cmp $b} keys %IMAPexpunge) {
	916	printf "\t%-48s: %5i Time(s)\n", $msg, $IMAPexpunge{$msg};
	917	}
	918	}
	919	print "\n";
	920	}
	921
	922	if (keys %POPDauth) {
	923	print "POP3 Server:\n";
	924	print "------------\n";
	925	print " Users authenticated:\n";
	926	foreach my $user (sort {$a cmp $b} keys %POPDauth) {
	927	printf "\t%-48s: %5i Time(s)\n", $user, $POPDauth{$user};
	928	}
	929	print "\n";
	930	}
	931
	932	if (keys %POPCmds or keys %POPErrors) {
	933	print "POP3 client:\n";
	934	print "------------\n";
	935	printf " %-53s: %5i Time(s)\n", "POP3 client started", $POPClientStarted;
	936	printf " %-53s: %5i Time(s)\n", "POP3 client ended", $POPClientEnded;
	937	print " POP3 client connected to\n";
	938	foreach my $addr (sort {$a cmp $b} keys %POPClientConnects) {
	939	printf "\t%-48s: %5i Time(s)\n", $addr, $POPClientConnects{$addr};
	940	}
	941	printf " %-53s: %5i\n", "POP commands processed", $POPCompletedCmds;
	942	foreach my $cmd (sort {$a cmp $b} keys %POPCmds) {
	943	printf "\t%-48s: %5i Time(s)\n", $cmd, $POPCmds{$cmd};
	944	}
	945	if (keys %POPErrors) {
	946	print " Errors:\n";
	947	foreach my $err (sort {$a cmp $b} keys %POPErrors) {
	948	printf "\t%-48s: %5i Time(s)\n", $err, $POPErrors{$err};
	949	}
	950	}
	951	print "\n";
	952	}
	953
	954	if (keys %Ctdlcmds or keys %CtdlMsgCorrupted or keys %CtdlReplChecks or
	955	keys %CtdlAddContact or %CtdlFileOp) {
	956	print "Citadel internal messages:\n";
	957	print "--------------------------\n";
	958	foreach my $cleanup (sort {$a cmp $b} keys %CtdlCleanup) {
	959	print "\n $cleanup:";
	960	foreach my $item (sort {$a cmp $b} keys %{$CtdlCleanup{$cleanup}}) {
	961	printf "\n\t%-48s: %5i", $item, $CtdlCleanup{$cleanup}{$item};
	962	}
	963	}
	964	if ($CtdlMsgDeleted) {
	965	printf "\n %-53s: %5i", "Messages deleted", $CtdlMsgDeleted;
	966	}
	967	if (@CtdlLogDeleted) {
	968	printf "\n %-53s: %5i", "Logs deleted", scalar @CtdlLogDeleted;
	969	foreach my $log (sort {$a cmp $b} @CtdlLogDeleted) {
	970	print "\n\t$log";
	971	}
	972	}
	973	if (keys %CtdlCleanup or $CtdlMsgDeleted or @CtdlLogDeleted) { print "\n"; }
	974	if (keys %Ctdlcmds) {
	975	print "\n Commands processed:\n";
	976	foreach my $cmd (sort {$a cmp $b} keys %Ctdlcmds) {
	977	printf " %-50s: %5i Time(s)\n", $cmd, $Ctdlcmds{$cmd};
	978	}
	979	}
	980	if (keys %CtdlFileOp) {
	981	print "\n File operations:";
	982	foreach my $op (sort {$a cmp $b} keys %CtdlFileOp) {
	983	if ($Detail > 5) {
	984	print "\n $op on:";
	985	} else {
	986	printf "\n %s on %5i %-35s", $op, scalar keys %{$CtdlFileOp{$op}}, "files";
	987	}
	988	my $sum = 0;
	989	foreach my $file (sort {$a cmp $b} keys %{$CtdlFileOp{$op}}) {
	990	if ($Detail > 5) {
	991	printf "\n\t%-48s: %5i", $file, $CtdlFileOp{$op}{$file};
	992	} else { $sum += $CtdlFileOp{$op}{$file} };
	993	}
	994	if ($Detail <= 5) {
	995	printf ": %5i Time(s)", $sum;
	996	}
	997	}
	998	print "\n";
	999	}
	1000	if (keys %CtdlMsgCorrupted) {
	1001	print " Corrupted messages:\n";
	1002	foreach my $msg (sort {$a cmp $b} keys %CtdlMsgCorrupted) {
	1003	printf "\t%-48s: %5i\n", $msg, $CtdlMsgCorrupted{$msg};
	1004	}
	1005	}
	1006	if (keys %Ctdlqp_encode) {
	1007	printf "\n %-54s", "qp_encode addresses";
	1008	my $sum = 0;
	1009	foreach my $addr (sort {$a cmp $b} keys %Ctdlqp_encode) {
	1010	if ($Detail >= 10) {
	1011	printf "\n %-50s: %5i Time(s)\n", $addr, $Ctdlqp_encode{$addr};
	1012	} else { $sum += $Ctdlqp_encode{$addr}; }
	1013	}
	1014	if ($Detail < 10) { printf ": %5i Time(s)\n", $sum; }
	1015	}
	1016	if (keys %CtdlValRcpt) {
	1017	print "\n Recipients validated:\n";
	1018	foreach my $dest (sort {$a cmp $b} keys %CtdlValRcpt) {
	1019	printf " %-50s: %5i Time(s)\n", $dest, scalar keys %{$CtdlValRcpt{$dest}};
	1020	foreach my $rcpt (sort {$a cmp $b} keys %{$CtdlValRcpt{$dest}}) {
	1021	printf "\t%-48s: %5i Time(s)\n", $rcpt, $CtdlValRcpt{$dest}{$rcpt};
	1022	}
	1023	}
	1024	}
	1025	if (keys %CtdlReplChecks) {
	1026	print "\n Replication checks:\n";
	1027	foreach my $user (sort {$a cmp $b} keys %CtdlReplChecks) {
	1028	printf " %s\n", $user;
	1029	foreach my $mbox (sort {$a cmp $b} keys %{$CtdlReplChecks{$user}}) {
	1030	printf "\t%-48s: %5i Time(s)\n", $mbox, $CtdlReplChecks{$user}{$mbox};
	1031	}
	1032	}
	1033	}
	1034	if (keys %CtdlAddContact) {
	1035	print "\n Contacts added:\n";
	1036	foreach my $contact (sort {$a cmp $b} keys %CtdlAddContact) {
	1037	printf " %-50s: %5i Time(s)\n", $contact , $CtdlAddContact{$contact};
	1038	}
	1039	}
	1040	if ($serv_extnotify_queuerun) {
	1041	printf "\n %-53s: %5i\n", "serv extnotify queue run", $serv_extnotify_queuerun;
	1042	}
	1043	print "\n";
	1044	}
	1045
	1046	if ($NetProcessingTime or $NetProcessingCount or keys %NetNodes or
	1047	keys %NetProc or keys %NetNoConnect) {
	1048	print "Network processing\n";
	1049	print "------------------\n";
	1050	if ($NetProcessingTime or $NetProcessingCount) {
	1051	printf " %-53s: %5i\n", "Full processings completed", $NetProcessingCount;
	1052	printf " Full processing took %5.3f sec\n\n", $NetProcessingTime;
	1053	}
	1054	if (keys %NetStarts) {
	1055	print " Networking started for:\n";
	1056	foreach my $net (sort {$a cmp $b} keys %NetStarts) {
	1057	printf "\t%-48s: %5i Time(s)\n", $net, $NetStarts{$net};
	1058	}
	1059	}
	1060	if (keys %NetNodes) {
	1061	print "\n";
	1062	foreach my $cat (sort {$a cmp $b} keys %NetNodes) {
	1063	print " $cat:\n";
	1064	foreach my $node (sort {$a cmp $b} keys %{$NetNodes{$cat}}) {
	1065	printf " %-50s:\n", $node;
	1066	foreach my $host (sort {$a cmp $b} keys %{$NetNodes{$cat}{$node}}) {
	1067	printf "\t%-48s: %5i Time(s)\n", $host, $NetNodes{$cat}{$node}{$host};
	1068	}
	1069	}
	1070	}
	1071	}
	1072	if (keys %NetProc) {
	1073	print " Processing:\n";
	1074	foreach my $dir (sort {$a cmp $b} keys %NetProc) {
	1075	print " $dir:\n";
	1076	foreach my $file (sort {$a cmp $b} keys %{$NetProc{$dir}}) {
	1077	printf "\t%-48s: %-5i Byte(s)\n", $file, $NetProc{$dir}{$file};
	1078	}
	1079	}
	1080	}
	1081	if (keys %NetNoConnect) {
	1082	foreach my $what (sort {$a cmp $b} keys %NetNoConnect) {
	1083	print " $what:\n";
	1084	foreach my $host (sort {$a cmp $b} keys %{$NetNoConnect{$what}}) {
	1085	print " $host:\n";
	1086	foreach my $reason (sort {$a cmp $b} keys %{$NetNoConnect{$what}{$host}}) {
	1087	printf "\t%-48s: %-5i Time(s)\n", $reason, $NetNoConnect{$what}{$host}{$reason};
	1088	}
	1089	}
	1090	}
	1091	}
	1092	print "\n";
	1093	}
	1094
	1095	if (keys %WebClientHost or keys %WebClientEngine or keys %WebUserLogin) {
	1096	print "Webcit:\n";
	1097	print "-------\n";
	1098	if (keys %WebUserLogin) {
	1099	print " User logged in:\n";
	1100	foreach my $user (sort {$a cmp $b} keys %WebUserLogin) {
	1101	printf "\t%-48s: %5i Time(s)\n", $user, $WebUserLogin{$user};
	1102	}
	1103	}
	1104	if (keys %WebLoginFailure) {
	1105	print " Login failures:\n";
	1106	foreach my $user (sort {$a cmp $b} keys %WebLoginFailure) {
	1107	printf "\t%-48s: %5i Time(s)\n", $user, $WebLoginFailure{$user};
	1108	}
	1109	}
	1110	if (keys %WebClientHost) {
	1111	print " Connects from hosts:\n";
	1112	foreach my $host (sort {$a cmp $b} keys %WebClientHost) {
	1113	printf "\t%-48s: %5i Time(s)\n", $host, $WebClientHost{$host};
	1114	}
	1115	}
	1116	if (keys %WebClientEngine) {
	1117	printf " Connects with engines:\n";
	1118	foreach my $engine (sort {$a cmp $b} keys %WebClientEngine) {
	1119	printf "\t%-48s: %5i Time(s)\n", $engine, $WebClientEngine{$engine};
	1120	}
	1121	}
	1122	print "\n";
	1123	}
	1124
	1125
	1126	if (keys %SieveMsg or keys %SieveExecute or %SieveProcFor) {
	1127	print "Sieve processing:\n";
	1128	print "-----------------\n";
	1129	printf " %-53s: %5i Time(s)\n", "Sieve processing started", $SieveStarts;
	1130	printf " %-53s: %5i\n\n", "Messages processed", scalar keys %SieveMsg;
	1131	if (keys %SieveExecute) {
	1132	print " Sieve execute returned:\n";
	1133	foreach my $error (sort {$a cmp $b} keys %SieveExecute) {
	1134	printf "\t%-48s: %5i Time(s)\n", $error, $SieveExecute{$error};
	1135	}
	1136	}
	1137	if ($Detail > 5) {
	1138	if (keys %SieveProcFor) {
	1139	print " Sieve processed for user:\n";
	1140	foreach my $user (sort {$a cmp $b} keys %SieveProcFor) {
	1141	print " $user:";
	1142	my $val = 0;
	1143	foreach my $mbox (sort {$a cmp $b} keys %{$SieveProcFor{$user}}) {
	1144	if ($Detail >= 10) {
	1145	printf "\n\t%-48s: %5i Time(s)\n", $mbox, $SieveProcFor{$user}{$mbox};
	1146	} else {
	1147	$val = $SieveProcFor{$user}{$mbox} + $val;
	1148	}
	1149	}
	1150	if ($Detail < 10) { printf " with %5i room(s) \t\t\t: %5i Time(s)\n", scalar keys %{$SieveProcFor{$user}}, $val; }
	1151	}
	1152	}
	1153	foreach my $id (sort {$a cmp $b} keys %SieveMsg) {
	1154	printf " Message %8i:\n", $id;
	1155	foreach my $stage (sort {$a cmp $b} keys %{$SieveMsg{$id}}) {
	1156	if ($Detail >= 10 \|\| ($stage ne "Header tests" && $stage ne "Items") ) {
	1157	printf " %s:\n", $stage;
	1158	foreach my $item (sort {$a cmp $b} keys %{$SieveMsg{$id}{$stage}}) {
	1159	printf "\t%-48s: %s\n", $item, $SieveMsg{$id}{$stage}{$item};
	1160	}
	1161	}
	1162	}
	1163	}
	1164	}
	1165	print "\n";
	1166	}
	1167
	1168	if (keys %OtherList) {
	1169	print "\n** Unmatched entries **\n";
	1170	foreach my $Error (keys %OtherList) {
	1171	print " $Error : $OtherList{$Error} Time(s)\n";
	1172	}
	1173	}
	1174
	1175	### return without a failure ###
	1176	exit(0);
	1177
	1178	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	1179

+19

-8

scripts/services/clam-update less more

1	1	## $Id: clam-update,v 1.21 2009/02/20 17:15:19 mike Exp $
2	2	###########################################################################
3	3	# $Log: clam-update,v $
	4	# Revision 1.22 2010/05/09 20:15:19 stefan
	5	# fix: 'Received signal:' format changed
	6	#
4	7	# Revision 1.21 2009/02/20 17:15:19 mike
5	8	# Added filter for Timestamp set by freshclam, thanks Frantisek Hanzlik for pointing this out -mgt
6	9	#

39	42	# Originally written by: Lars Skjærlund <lars@skjaerlund.dk>
40	43	#
41	44	# Please send all comments, suggestions, bug reports,
42		# etc, to logwatch-devel@logwatch.org
	45	# etc, to logwatch-devel@lists.sourceforge.net
43	46	#########################################################################
44	47
45	48	########################################################

55	58	## Logwatch project reserves the right to not accept such
56	59	## contributions. If you have made significant
57	60	## contributions to this script and want to claim
58		## copyright please contact logwatch-devel@logwatch.org.
	61	## copyright please contact logwatch-devel@lists.sourceforge.net.
59	62	#########################################################
60	63
61	64	#########################################################################

75	78	#
76	79	# If no update attempt has been done, an alert will be output to inform
77	80	# you about this (which probably means that freshclam isn't running).
78		#
79		# If you have stopped using ClamAV and would like to get rid of the
	81	#
	82	# If you have stopped using ClamAV and would like to get rid of the
80	83	# alert, you should delete the logfile. If there's no logfile, no alerts
81	84	# will be output - but if Logwatch finds a logfile and no update attempts
82	85	# have been made for whatever timeperiod Logwatch is analyzing, an alert

114	117	# the following failure is also recorded with ERROR later on
115	118	($ThisLine =~ /^Giving up/) or
116	119	# SIGALRM, SIGUSR1, and SIGHIP signals
117		($ThisLine =~ /^Received signal \d*, wake up$/) or
118		($ThisLine =~ /^Received signal \d*, re-opening log file$/) or
	120	($ThisLine =~ /^Received signal \d*,? wake up$/) or
	121	($ThisLine =~ /^Received signal \d*,? re-opening log file$/) or
	122	# Newer versions use different syntax. Above two lines to be deleted.
	123	($ThisLine =~ /^Received signal: wake up$/) or
	124	($ThisLine =~ /^Received signal: re-opening log file$/) or
119	125	# temporary failure
120	126	($ThisLine =~ /^Trying again/) ) {
121	127	# Do nothing for the above statements
122		} elsif ($ThisLine =~ /^Received signal \d*, terminating$/) {
	128	} elsif ($ThisLine =~ /^Received signal \d*,? terminating$/) {
123	129	$InRange = 0;
124	130	$Status = "Last Status:\n Freshclam daemon was terminated, and is not currently running\n";
125	131	} elsif ((my $Temp) = ($ThisLine =~ /^freshclam daemon (.*)/)) {

137	143	} else {
138	144	$InRange = 0;
139	145	}
140		# $Version was already logged if necessary, so now we clear it
	146	# $Version was already logged if necessary, so now we clear it
141	147	$Version = "";
142	148	} elsif ($InRange) {
143	149	$Status = $Status . " " . $ThisLine;

209	215	exit(0);
210	216
211	217	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	218	# Local Variables:
	219	# mode: perl
	220	# perl-indent-level: 3
	221	# indent-tabs-mode: nil
	222	# End:

+103

-7

scripts/services/clamav less more

20	20	## Logwatch project reserves the right to not accept such
21	21	## contributions. If you have made significant
22	22	## contributions to this script and want to claim
23		## copyright please contact logwatch-devel@logwatch.org.
	23	## copyright please contact logwatch-devel@lists.sourceforge.net.
24	24	#########################################################
25	25
26		$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
	26	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| $ENV{'clamav_detail_level'} \|\| 0;
27	27	my $IgnoreUnmatched = $ENV{'clamav_ignoreunmatched'} \|\| 0;
28	28
29	29	while (defined($ThisLine = <STDIN>)) {
	30	#If LogTime = yes in clamd.conf then strip it
	31	$ThisLine =~ s/^... ... .. ..:..:.. .... \-\> //;
	32
30	33	if (( $ThisLine =~ /^Setting connection queue length to \d+/ ) or
31		( $ThisLine =~ /^clamd daemon/ ) or
32	34	( $ThisLine =~ /^Log file size limited to \d+ bytes\./ ) or
33	35	( $ThisLine =~ /^Exiting $clean$/ ) or
34	36	( $ThisLine =~ /^Self checking every \d+ seconds\./ ) or

49	51	( $ThisLine =~ /^Mail: Recursion level limit set to \d+/ ) or
50	52	( $ThisLine =~ /clamd shutdown\s+succeeded/ ) or
51	53	( $ThisLine =~ /clamd startup\s+succeeded/ ) or
	54	( $ThisLine =~ /Not loading PUA signatures/ ) or
	55	( $ThisLine =~ /^(?:LOCAL\|TCP): Setting connection queue length to/ ) or
	56	( $ThisLine =~ /MaxQueue set to: / ) or
	57	( $ThisLine =~ /^(?:LOCAL\|TCP): Removing stale socket file/ ) or
	58	( $ThisLine =~ /Listening daemon: PID: / ) or
52	59	( $ThisLine =~ /^No stats for Database check/ )) {
53	60	# We do not care about these.
54	61	} elsif (($Check) = ($ThisLine =~ /^SelfCheck: (.*?)\.?\s?\n/i)) {

60	67	$DatabaseViruses = $Viruses;
61	68	} elsif (($ThisLine =~ /Stopped at/)) {
62	69	$DaemonStop++;
63		} elsif (($ThisLine =~ /Daemon started/)) {
	70	} elsif (($ThisLine =~ /(?:Daemon started\|clamd daemon [\d.]{1,10})/)) {
64	71	$DaemonStart++;
	72	} elsif (($ThisLine =~ /\+\+\+ Started at (.*)/)) {
	73	$DaemonStartTime = $1;
	74	} elsif (($ThisLine =~ /LOCAL: Unix socket file ([^ \n]*)/)) {
	75	$SocketFile{$1}++;
	76	} elsif (($ThisLine =~ /TCP: Bound to address ([^ ]*) on port (\d+)/)) {
	77	$BoundToIP{$1}++;
	78	$BoundToPort{$1}=$2;
	79	} elsif (($ThisLine =~ /Limits: Global size limit set to (\d+) bytes/)) {
	80	$GSizeLimit{$1}++;
	81	} elsif (($ThisLine =~ /Limits: File size limit set to (\d+) bytes/)) {
	82	$FSizeLimit{$1}++;
	83	} elsif (($ThisLine =~ /Limits: Recursion level limit set to (\d+)/ )) {
	84	$RecursionLimit{$1}++;
	85	} elsif (($ThisLine =~ /Limits: Files limit set to (\d+)/ )) {
	86	$FilesLimit{$1}++;
	87	} elsif (($ThisLine =~ /Limits: Core-dump limit is (\d+)/ )) {
	88	$CoreLimit{$1}++;
	89	} elsif (($ThisLine =~ /lstat failed on: (\S+)/ )) {
	90	$lstatFail{$1}++;
65	91	} else {
66	92	push @OtherList,$ThisLine;
67	93	}

72	98	}
73	99
74	100	if (($DaemonStart) and ($Detail >= 5)) {
75		print "\nDaemon started: ". $DaemonStart." Time(s)\n";
	101	print "\nDaemon started: ". $DaemonStart." Time(s)";
	102	if ($DaemonStartTime ne '') {
	103	print " (most recently at $DaemonStartTime)";
	104	}
	105	print "\n";
76	106	}
77	107
78	108	if (keys %VirusList) {
79	109	print "\nViruses detected:\n";
80	110	foreach $Virus (sort {$a cmp $b} keys %VirusList) {
81		print ' ' . $Virus . ": ". $VirusList{$Virus} . " Time(s)\n";
	111	printf " %-50s %5i Time(s)\n", $Virus .":", $VirusList{$Virus};
82	112	}
83	113	}
84	114
85	115	if ((keys %SelfCheck) and ($Detail >=5)) {
86	116	print "\nDaemon check list:\n";
87	117	foreach $Check (sort {$a cmp $b} keys %SelfCheck) {
88		print ' ' . $Check . ": ". $SelfCheck{$Check} . " Time(s)\n";
	118	printf " %-50s %5i Time(s)\n", $Check .":", $SelfCheck{$Check};
89	119	}
90	120	}
91	121
92	122	if ($DatabaseReloads) {
93	123	print "\nVirus database reloaded $DatabaseReloads time(s) (last time with $DatabaseViruses viruses)\n";
	124	}
	125
	126	if ($Detail > 8) {
	127	if (keys %SocketFile) {
	128	print "\nBound to Unix socket:\n";
	129	foreach $Socket (keys %SocketFile) {
	130	print "\t$Socket\t$SocketFile{$Socket} Time(s)\n";
	131	}
	132	}
	133	if (keys %BoundToIP) {
	134	print "Bound to IP:Port:\n";
	135	foreach $IP (keys %BoundToIP) {
	136	print "\t$IP:$BoundToPort{$IP}\t\t\t$BoundToIP{$IP} Time(s)\n";
	137	}
	138	}
	139
	140	if (keys %GSizeLimit) {
	141	print "Global size limit:\t";
	142	foreach $limit (keys %GSizeLimit) {
	143	$limit = int $limit/1024/1024;
	144	print "$limit MB\t";
	145	}
	146	print "\n";
	147	}
	148	if (keys %FSizeLimit) {
	149	print "File size limit:\t";
	150	foreach $limit (keys %FSizeLimit) {
	151	$limit = int $limit/1024/1024;
	152	print "$limit MB\t";
	153	}
	154	print "\n";
	155	}
	156	if (keys %RecursionLimit) {
	157	print "Recursion level limit:\t";
	158	foreach $limit (keys %RecursionLimit) {
	159	print "$limit\t";
	160	}
	161	print "\n";
	162	}
	163	if (keys %FilesLimit) {
	164	print "Files limit:\t\t";
	165	foreach $limit (keys %FilesLimit) {
	166	print "$limit\t";
	167	}
	168	print "\n";
	169	}
	170	if (keys %CoreLimit) {
	171	print "Core size limit:\t";
	172	foreach $limit (keys %CoreLimit) {
	173	print "$limit\t";
	174	}
	175	print "\n";
	176	}
	177	}
	178
	179	if (keys %lstatFail) {
	180	print "\nlstat() failed on:\n";
	181	foreach $file (keys %lstatFail) {
	182	printf " %-50s %5i Time(s)\n", $file .":", $lstatFail{$file};
	183	}
94	184	}
95	185
96	186	if (($#OtherList >= 0) and (not $IgnoreUnmatched)){

99	189	}
100	190
101	191	exit(0);
	192
102	193	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	194	# Local Variables:
	195	# mode: perl
	196	# perl-indent-level: 3
	197	# indent-tabs-mode: nil
	198	# End:

+16

-7

scripts/services/clamav-milter less more

18	18	## Logwatch project reserves the right to not accept such
19	19	## contributions. If you have made significant
20	20	## contributions to this script and want to claim
21		## copyright please contact logwatch-devel@logwatch.org.
	21	## copyright please contact logwatch-devel@lists.sourceforge.net.
22	22	#########################################################
23	23
24	24	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

29	29	if (
30	30	( $ThisLine =~ /^clamav-milter (startup\|shutdown) succeeded$/ ) or
31	31	( $ThisLine =~ /^Database has changed, loading updated database/ ) or
32		( $ThisLine =~ /^Quarantined infected mail as/ ) or
	32	( $ThisLine =~ /^Quarantined infected mail as/ ) or
33	33	( $ThisLine =~ /^\w+ quarantined as/ ) or
34	34	( $ThisLine =~ /^ClamAv: mi_stop/ ) or
35	35	( $ThisLine =~ m#^\/tmp\/clamav-.* .* FOUND# ) or

45	45	# We do not care about these.
46	46	} elsif (($ThisLine =~ /clean message from/)) {
47	47	$CleanMessage++;
48		} elsif (($Virus) = ($ThisLine =~ /.*: (.+?) Intercepted virus/i )) {
49		$VirusList{$Virus}++;
	48	} elsif (($ThisLine =~ /.*: (.+?) Intercepted virus/i ) or
	49	($ThisLine =~ /Message from .* to .* infected by (.+)/)) {
	50	$VirusList{$1}++;
50	51	} elsif (($ChildLimit) = ($ThisLine =~ /hit max-children limit $(\d+ >= \d+)$: waiting for some to exit/)) {
51	52	$MaxChildrenLimit{$ChildLimit}++;
52	53	} elsif (($ThisLine =~ /^Stopping/)) {

57	58	$DatabaseReloads++;
58	59	$DatabaseViruses = $Viruses;
59	60	} else {
60		push @OtherList,$ThisLine;
	61	$OtherList{$ThisLine}++;
61	62	}
62	63	}
63	64

95	96	print " Total: $Total\n";
96	97	}
97	98
98		if (($#OtherList >= 0) and (not $IgnoreUnmatched)){
	99	if ((keys %OtherList) and (not $IgnoreUnmatched)){
99	100	print "\nUnmatched Entries\n";
100		print @OtherList;
	101	foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
	102	print "\n $line: $OtherList{$line} Time(s)";
	103	}
101	104	}
102	105
103	106	exit(0);
	107
104	108	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	109	# Local Variables:
	110	# mode: perl
	111	# perl-indent-level: 3
	112	# indent-tabs-mode: nil
	113	# End:

+47

-43

scripts/services/courier less more

17	17	###########################################################################
18	18	#
19	19	# Please don't change the formatting:
20		#
	20	#
21	21	# if (...) {
22	22	# ...
23	23	# }
24		#
25		# but
26		#
27		# (while\|foreach) ..
	24	#
	25	# but
	26	#
	27	# (while\|foreach) ..
28	28	# {
29	29	# ...
30	30	# }
31		#
	31	#
32	32
33	33	#######################################################
34	34	### Copyright 2003-2006 by Willi Mann <willi@wm1.at>

43	43	### Logwatch project reserves the right to not accept such
44	44	### contributions. If you have made significant
45	45	### contributions to this script and want to claim
46		### copyright please contact logwatch-devel@logwatch.org.
	46	### copyright please contact logwatch-devel@lists.sourceforge.net.
47	47	##########################################################
48	48
49	49	use strict;

109	109	}
110	110	}
111	111
112		sub recprint1
	112	sub recprint1
113	113	{
114	114	my $hash = shift;
115	115	my $depth = shift;

121	121	my $out = "";
122	122	my $inum = 0;
123	123	my $size = 0;
124
	124
125	125	my @prefar = @{$prefar} if defined $prefar;
126	126	my $pref = shift(@prefar);
127	127	$pref .= " " if defined $pref;
128	128	$pref = "" if not defined $pref;
129
	129
130	130	my @IPar = @{$IPar} if defined $IPar;
131	131	my $IP = shift(@IPar);
132	132

188	188	$out .= "$key1\n";
189	189	$out .= "-" x (length($key1))."\n";
190	190	}
191
	191
192	192	$out .= $lout;
193	193	$nmb += $lnmb;
194	194	$size += $lsize;

203	203
204	204	return ($out, $nmb, $size);
205	205	}
206
207		}
208
209		sub max
	206
	207	}
	208
	209	sub max
210	210	{
211	211	my $ret = shift;
212		foreach my $val (@_)
	212	foreach my $val (@_)
213	213	{
214	214	$ret = $val if $val > $ret;
215	215	}

217	217	}
218	218
219	219
220		sub maketbl1
	220	sub maketbl1
221	221	{
222	222	my $hash = shift;
223	223	my $sizehash = shift;

255	255	#for last line
256	256	$columnmax[1] = max $columnmax[1], length $inmb;
257	257	$columnmax[2] = max $columnmax[2], length $size;
258
	258
259	259	if (defined $tabletitle) {
260	260	$out .= "$tabletitle\n";
261	261	$out .= $uchar x length($tabletitle)."\n";

267	267	$out .= " \| " if defined $sizehash;
268	268	$out .= " " x ($columnmax[2] - length($tablecolumns->[2])).$tablecolumns->[2] if defined $sizehash;
269	269	$out .= "\n";
270
	270
271	271	#second line
272	272	$out .= "-" x $columnmax[0]. " \| ".
273	273	"-" x $columnmax[1];
274	274	$out .= " \| ". "-" x $columnmax[2] if defined $sizehash;
275	275	$out .= "\n";
276
	276
277	277	#tablebody
278		foreach my $key1 (sort keys %{$hash})
	278	foreach my $key1 (sort keys %{$hash})
279	279	{
280	280	my $nmb = $hash->{$key1};
281	281	#col1

288	288	$out .= $key1;
289	289	}
290	290	$out .= " \| ";
291
	291
292	292	#col2
293	293	$out .= " " x ($columnmax[1] - length($nmb)). $hash->{$key1};
294	294	if (defined $sizehash) {

325	325	return $TblReason;
326	326	}
327	327
328		sub nTimes
	328	sub nTimes
329	329	{
330	330	my $nmb = shift;
331	331	if ($nmb == 1) {

334	334	return "$nmb Times";
335	335	}
336	336	}
337
	337
338	338
339	339	if ( $Debug >= 5 ) {
340	340	print STDERR "\n\nDEBUG: Inside Courier Filter \n\n";

415	415	($ThisLine =~ /id=.?,from=<.?>,addr=<.?>,size=[0-9],status:.*/) ##courieresmtp
416	416	) {
417	417	# Don't care about these...
418		}
	418	}
419	419	# ESMTP, including all delivery
420	420	elsif ( $service =~ /^(courierd\|courieresmtpd\|courieresmtp\|courierlocal\|courieruucp\|courierfax\|courierdsn)$/ ){
421	421	#First the don't cares

445	445	if ( ($From) = ( $ThisLine =~ /^from=<([^<>]*?)>(:?,\|)/ )) {
446	446	$ThisLine = $';
447	447	}
448		if (( $To ) = ( $ThisLine =~ /^to=<([^<>]*?)>/ ) ) {
	448	if (( $To ) = ( $ThisLine =~ /^to=<([^<>]*?)>/ ) ) {
449	449	$ThisLine = $';
450	450	}
451	451	if (( $Msg ) = ( $ThisLine =~ /^msg=(.*)/ )) { }
452
	452
453	453	$ThisLine =~ s/^: //;
454
	454
455	455	#Extract it
456	456	my ($SMTPErrCode) = ($ThisLine =~ /^([0-9]{3})/);
457
	457
458	458	# next if already seen
459	459	if($ThisLine =~ /^[0-9]{3} / and $LastSMTPErrCode == $SMTPErrCode) {
460	460	$LastSMTPErrCode = 0;
461	461	next;
462	462	}
463
	463
464	464	#next if already seen but not last line.
465	465	next if $LastSMTPErrCode == $SMTPErrCode and not defined $Msg;
466	466
467	467	my $Reason = $ThisLine;
468	468	$Reason = $Msg if defined $Msg;
469
	469
470	470	$ErrorMsgs{$Reason}{$Host}{$From \|\| "-"}{$To \|\| "-"}++ if not $Tables;
471	471	my $TblReason = MakeTblReason($Reason) if $Tables;
472	472	$ErrorTbl{$TblReason}{$Host}++ if $Tables;
473
	473
474	474	$LastSMTPErrCode = $SMTPErrCode;
475	475
476		#zero it if done
	476	#zero it if done
477	477	$LastSMTPErrCode = 0 if $ThisLine =~ /^[0-9]{3} / or defined $Msg;
478
479		} elsif ( ($From, $To, $Size) = ( $ThisLine =~
	478
	479	} elsif ( ($From, $To, $Size) = ( $ThisLine =~
480	480	/^id=.?,from=<(.?)>,addr=<(.?)>,size=([0-9]),success: .*/ ) ) { ##courieresmtp, courierlocal
481	481	#example line:
482	482	#id=00081D7A.3E9E0B39.000036E4,from=<u@ttt.at>,addr=<aa@aa.at>,size=35861,success: delivered: ff.ff.at [111.111.111.111]

487	487	$DeSuTbl{$To}++;
488	488	$DeSuTblSz{$To} += $Size;
489	489
490		} elsif ( ($ID, $From, $To, my $status) = ( $ThisLine =~
	490	} elsif ( ($ID, $From, $To, my $status) = ( $ThisLine =~
491	491	/^id=(.),from=<(.?)>,addr=<(.*?)>,status: (deferred\|failure)/ ) ) { ##courieresmtp
492	492	#example lines: deferred, failed delivery attempts
493	493	#id=00081D03.3E850D34.000076BD,from=<oo@oo.at>,addr=<uu@uu.at>,status: deferred
494	494	#id=00081D7B.3E9167E7.00002B27,from=<bb@bb.at>,addr=<rr@rr.at>,status: failure
495
	495
496	496	my $Reason = $FailRe{$ID}{$From}{$To};
497	497	if ($Reason eq "") {
498	498	$Reason = "-";

564	564
565	565	$Login{$proto}{$User}{$Host}++;
566	566	} elsif (
567		( ( $User, $Host, $Size) = ( $ThisLine =~
	567	( ( $User, $Host, $Size) = ( $ThisLine =~
568	568	/^LOGOUT, user=(.?), ip=\[(.?)\], (?:port=\[\d+\], )?(?:top\|headers)=[0-9], (?:retr\|body)=([0-9])/ ) ) \|\|
569		( ( $User, $Host, $Size, $Size2) = ( $ThisLine =~
	569	( ( $User, $Host, $Size, $Size2) = ( $ThisLine =~
570	570	/^DISCONNECTED, user=(.?), ip=\[(.?)\], headers=([0-9]?), body=([0-9])/ ) )
571	571	) { ###pop3login, imaplogin, courierpop3login, pop3d, imapd
572	572	#example line
573	573	#LOGOUT, user=xy, ip=[::ffff:192.168.0.24], top=0, retr=0
574	574	#DISCONNECTED, user=zz@uu.ch, ip=[::ffff:192.168.0.1], headers=0, body=1100
575
	575
576	576	$Size += $Size2 if defined $Size2;
577
	577
578	578	$Logout{$proto}{$User}{$Host}++;
579	579	$Logout2{$proto}{$User}++;
580	580	$LogoutSize{$proto}{$User}{$Host} += $Size;

589	589	}
590	590	} else {
591	591	# Report any unmatched entries...
592
	592
593	593	PushUnmatched $service, $ThisLine;
594	594	}
595	595	$LastLine = $ThisLine;

729	729
730	730
731	731	# vi: shiftwidth=3 tabstop=3 syntax=perl et
732
	732	# Local Variables:
	733	# mode: perl
	734	# perl-indent-level: 3
	735	# indent-tabs-mode: nil
	736	# End:

+25

-21

scripts/services/cron less more

107	107	## Logwatch project reserves the right to not accept such
108	108	## contributions. If you have made significant
109	109	## contributions to this script and want to claim
110		## copyright please contact logwatch-devel@logwatch.org.
	110	## copyright please contact logwatch-devel@lists.sourceforge.net.
111	111	#########################################################
112	112
113	113	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

119	119
120	120	while (defined($ThisLine = <STDIN>)) {
121	121	chomp($ThisLine);
122		if (
	122	if (
123	123	($ThisLine =~ /Updated timestamp for job/) or
124	124	($ThisLine =~ /INFO $pidfile fd = \d+$/) or
125	125	($ThisLine =~ /rsyncd/) or

131	131	($ThisLine =~ /logfile turned over/) or
132	132	($ThisLine =~ /ready to process filesystem events/) or # newsyslog on OpenBSD
133	133	($ThisLine =~ /loading (system\|user) tables/) or
134		($ThisLine =~ /loading table .*/) or
135		($ThisLine =~ /void Inotify::Remove$InotifyWatch\*$: removing watch failed/) or
	134	($ThisLine =~ /loading table .*/) or
	135	($ThisLine =~ /void Inotify::Remove$InotifyWatch\*$: removing watch failed/) or
136	136	($ThisLine =~ /error: $22$ Invalid argument/)
137	137	) {
138	138	# Ignore

141	141	($ThisLine =~ s/^\S+\s+\S+\s+..:..:..\s+\S+\s+\S+\[\d+\]:\s+$(\S+)$\s+//)
142	142	) {
143	143	$User = $1;
144
	144
145	145	if ($ThisLine =~ s/^CMD $(.+)$\s*$/$1/) {
146	146	$Runs->{$User}->{$ThisLine}++;
147	147	} elsif ($ThisLine =~ s/^CMD FINISH $(.+)$\s*$/$1/) {
148	148	$Runs->{$User}->{$ThisLine}++;
149		} elsif ($ThisLine =~ s/^CMD START $(.+)$\s*$/$1/) {
	149	} elsif ($ThisLine =~ s/^(END\|CMD START) $(.+)$\s*$/$1/) {
150	150	#Ignore for now, NetBSD users could get tricky with
151	151	#How many commands started vs finished -mgt
152	152	} elsif ($ThisLine =~ /ORPHAN $no passwd entry$/) {

175	175	} elsif ( ($Reason) = ($ThisLine =~ /^error $(.+)$$/) ) {
176	176	$Errors{$Reason}++;
177	177	} elsif ( ($FileName) = ($ThisLine =~ /BAD FILE MODE $(.+)$/) ) {
178		$BFMFile{$FileName}++;
	178	$BFMFile{$FileName}++;
179	179	} elsif ( ($FileName) = ($ThisLine =~ /WRONG FILE OWNER $(.+)$/) ) {
180	180	$WFO{$FileName}++;
181	181	} else {

192	192	($ThisLine =~ /.?: Job (.) (completed\|terminated)/) or
193	193	($ThisLine =~ /.*?: updating configuration from/) or
194	194	($ThisLine =~ /.*?: Exiting with code 0/) or
195		($ThisLine =~ /.*?: SIGTERM signal received/)
	195	($ThisLine =~ /.*?: SIGTERM signal received/)
196	196	) {
197	197	# Ignore
198	198	} elsif ( ($User) = ($ThisLine =~ /.?: editing ([^ ])'s fcrontab.*/)) {

226	226	$INCRONDSTDe{$Table}++;
227	227	} elsif (($ThisLine =~ /incrond/) && (($User) = ($ThisLine =~ /table for user (.*) destroyed, removing/))) {
228	228	$INCRONDUTDe{$User}++;
229		} elsif ( ($ThisLine =~ /incrond/) &&
	229	} elsif ( ($ThisLine =~ /incrond/) &&
230	230	( (($Error) = ($ThisLine =~ /(cannot create watch for (system table\|user) .*: $2$ No such file or directory)/)) \|\|
231		(($Error) = ($ThisLine =~ /(access denied on (.*) - events will be discarded silently)/)) \|\|
	231	(($Error) = ($ThisLine =~ /(access denied on (.*) - events will be discarded silently)/)) \|\|
232	232	(($Error) = ($ThisLine =~ /(unhandled exception occurred)/)) \|\|
233		(($Error) = ($ThisLine =~ /(cannot exec process.*)/))
	233	(($Error) = ($ThisLine =~ /(cannot exec process.*)/))
234	234	) ) {
235	235	$INCRONDErr{$Error}++;
236	236	} elsif ( ($ThisLine =~ /crond/) &&

240	240	} elsif (( ($Error) = ($ThisLine =~ /ERROR: (failed to change SELinux context)/)) or
241	241	(($Error) = ($ThisLine =~ /ERROR:(Could not set exec context to .* for .*)/))) {
242	242	$SELCONTErr{$Error}++;
243		} elsif ($ThisLine =~ /FAILED to authorize user with PAM $User not known to the underlying authentication module$/) {
244		$PAMAUTHErr++;
245		} elsif ( ($FileName,$Cause) = ($ThisLine =~ /ERROR chdir failed $(.)$: (.)/) ) {
246		$CHDIRErr{"$FileName,$Cause"}++;
247		} elsif ($ThisLine =~ /ERROR $failed to change user$/) {
248		$CHUSERHErr++;
	243	} elsif ($ThisLine =~ /FAILED to authorize user with PAM $User not known to the underlying authentication module$/) {
	244	$PAMAUTHErr++;
	245	} elsif ( ($FileName,$Cause) = ($ThisLine =~ /ERROR chdir failed $(.)$: (.)/) ) {
	246	$CHDIRErr{"$FileName,$Cause"}++;
	247	} elsif ($ThisLine =~ /ERROR $failed to change user$/) {
	248	$CHUSERHErr++;
249	249	} else {
250	250	# Report any unmatched entries...
251	251	push @OtherList, "$ThisLine\n";

335	335
336	336	if ($INCRONDSS) {
337	337	printf "\n service incrond started " . $INCRONDSS . ": time(s)\n";
338		}
	338	}
339	339
340	340	if ($INCRONDStS) {
341	341	printf "\n service incrond stoped " . $INCRONDStS . ": time(s)\n";

360	360	print " table for user " . $key . "changed " . $INCRONDUTCh{$key} . ": time(s)\n";
361	361	}
362	362	}
363
	363
364	364	if ((%INCRONDSTDe) \|\| (%INCRONDUTDe)) {
365	365	printf "\n destroyed tables \n";
366	366	for $key (keys %INCRONDSTDe) {

376	376	for $key (keys %CRONDErr) {
377	377	print " " . $key . ": " . $CRONDErr{$key} . " time(s)\n";
378	378	}
379		}
	379	}
380	380
381	381	if (%INCRONDErr) {
382	382	printf "\n incrond daemon errors \n";

416	416	exit(0);
417	417
418	418	# vi: shiftwidth=3 tabstop=3 syntax=perl et
419
	419	# Local Variables:
	420	# mode: perl
	421	# perl-indent-level: 3
	422	# indent-tabs-mode: nil
	423	# End:

+7

-2

scripts/services/denyhosts less more

22	22	## Logwatch project reserves the right to not accept such
23	23	## contributions. If you have made significant
24	24	## contributions to this script and want to claim
25		## copyright please contact logwatch-devel@logwatch.org.
	25	## copyright please contact logwatch-devel@lists.sourceforge.net.
26	26	#########################################################
27	27
28	28	my @Denies = ();

39	39
40	40	if (scalar(@Denies)) {
41	41	print "\n";
42		print "new denied hosts: ".join(",", @Denies);
	42	print "new denied hosts: \n ".join("\n ", @Denies);
43	43	print "\n";
44	44	}
45	45
46	46	exit(0);
47	47
48	48	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	49	# Local Variables:
	50	# mode: perl
	51	# perl-indent-level: 3
	52	# indent-tabs-mode: nil
	53	# End:

+75

-13

scripts/services/dhcpd less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
23	23
24	24	my %data;
	25
	26	my %clientrequest;
25	27
26	28	# This filter is very basic... much more could be done with it
27	29

45	47	($line =~ /^dhcpd startup .*succeeded/) or
46	48	($line =~ /^Sending on/) or
47	49	($line =~ /^Dynamic and static leases present for/) or
	50	# backup server pool balancing
	51	($line =~ /^balanc(?:ed\|ing) pool/) or
	52	# apparently these are normal with dynamic update and balancing
	53	#[TD] dhcpd: bind update on 192.168.148.197 from subnet148 rejected: ...
	54	($line =~ /rejected: incoming update is less critical than outgoing update/) or
	55	# Remove host declaration host_name or remove 10.0.0.199
48	56	($line =~ /^from the dynamic address pool for/) or
	57	($line =~ /^parse_option_buffer: option [\w-]+ $\d+$ larger than buffer/) or
	58	($line =~ /xid mismatch/) or
49	59	($line =~ /^BOOTREQUEST/) or
50	60	($line =~ /^DHCPACK/) or
51	61	($line =~ /^DHCPNAK/) or
52	62	($line =~ /^DHCPINFORM/) or
53		($line =~ /^DHCPDISCOVER/) or
	63	($line =~ /^DHCPDISCOVER from .* via \S+$/) or
54	64	($line =~ /^DHCPREQUEST/) or
55	65	($line =~ /^DHCPRELEASE/) or
56	66	($line =~ /^Abandoning IP address/) or
57	67	($line =~ /^Unable to add (forward\|reverse) map/) or
58	68	($line =~ /^Can\'t update (forward\|reverse) map/) or
59	69	($line =~ /^Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file/) or
	70	($line =~ /^Solicit message from/) or
	71	($line =~ /^Sending Advertise to/) or
60	72	($line =~ /^pool [0-9a-f]+ /)
61	73	) {
62	74	# Ignore these lines

85	97	($line =~ /^the README file./)
86	98	) {
87	99	# Do nothing
	100	} elsif (
	101	# If this DHCP server is authoritative for that subnet
	102	($line =~ /^please write an `authoritative;' directive either in the/) or
	103	($line =~ /^subnet declaration or in some scope that encloses the/) or
	104	($line =~ /^subnet declaration - for example, write it at the top/) or
	105	($line =~ /^of the dhcpd.conf file\./)
	106	) {
	107	# Do nothing
88	108
89	109	} elsif ($line =~ s/^exiting./DHCP server exiting./) {
90	110	$data{'Generic error'}{$line}++;

92	112	$data{'Generic error'}{$line}++;
93	113	} elsif ($line =~ s/^\\ Ignoring requests on ([a-z\d]+). If this is not what\s*$/Ignoring interface $1/) {
94	114	$data{'Config error'}{$line}++;
95		} elsif ($line =~ s/^No subnet declaration for ([a-z\d]+) ([()\d.]+).\s*$/No subnet declaration for $1 $2/) {
	115	} elsif ($line =~ s/^No subnet6? declaration for ([a-z\d]+) ([\d\.ia-fA-F:]+).\s*$/No subnet declaration for $1 $2/) {
	116	$data{'Config error'}{$line}++;
	117	} elsif ($line =~ /^If this DHCP server is authoritative for that subnet,$/) {
	118	$data{'Config error'}{'missing authoritative directive'}++;
	119	} elsif ($line =~ s/^WARNING: (Host declarations are global).\s+.*$/\1/) {
	120	$data{'Config error'}{$line}++;
	121	} elsif ($line =~ s/Not searching LDAP\s+.*$/No support for LDAP configured/) {
96	122	$data{'Config error'}{$line}++;
97	123	} elsif ($line =~ s/^DHCPOFFER on ([\d\.]+) to ([a-f\d:]+) via (\S+)\s*$/$1 -> $2 ($3)/) {
98	124	if ($Detail >= 5) {

102	128	if ($Detail >= 5) {
103	129	$data{'Addresses Leased'}{$line}++;
104	130	}
105		} elsif ($line =~ s/^DHCPDECLINE of ([\d\.]+) from ([\w:]+) $([^)]+)$ via (\S+)\s*$/$1 -> $2 [$3] ($4)/) {
	131	} elsif ($line =~ s/^DHCPOFFER on ([\d\.]+) to ("")(?: $([^)]+)$)? via (\S+)\s*$/$1 -> $2 [$3] ($4)/) {
	132	if ($Detail >= 5) {
	133	$data{'Warnings'}{$line}++;
	134	}
	135	} elsif ($line =~ s/^DHCPDECLINE of ([\d\.]+) from ([\w:]+) $([^)]+)$ via ([\d\.]+).*$/$1 -> $2 [$3] ($4)/) {
106	136	if ($Detail >= 5) {
107	137	$data{'Addresses Declined'}{$line}++;
108	138	}
109		} elsif ($line =~ s/^DHCPOFFER on ([\d\.]+) to ("") $([^)]+)$ via (\S+)\s*$/$1 -> $2 [$3] ($4)/) {
	139	} elsif ( ($line =~ s/^BOOTREPLY for ([\d\.]+) to ([a-zA-Z\d_-]+) $([a-f\d:]+)$ via (\S+)\s*$/$1 -> $3 [$2] ($4\/bootp)/)
	140	or ($line =~ s/^BOOTREPLY on ([\d\.]+) to ([a-f\d:]+) via (\S+)\s*$/$1 -> $2 [] ($3\/bootp)/) ) {
	141
	142	if ($Detail >= 5) {
	143	$data{'Addresses Leased'}{$line}++;
	144	}
	145	} elsif ($line =~ /^(Request\|Confirm\|Rebind\|Renew\|Release) message from ([0-9a-fA-F:]+)/) {
	146	$clientrequest{$2} = $1;
	147	} elsif ($line =~ s/^Sending Reply to ([0-9a-fA-F:]+) port \d+/$1 (IPv6)/) {
	148	my $clientrequest = $clientrequest{$1};
	149	undef($clientrequest{$1});
	150	if (($Detail >= 5) and ($clientrequest eq 'Request')) {
	151	$data{'Addresses Leased'}{$line}++;
	152	} elsif (($Detail >= 10) and ($clientrequest =~ /Rebind\|Renew/)) {
	153	$data{"Addresses $clientrequest"}{$line}++;
	154	}
	155	} elsif ($line =~ /^Client ([0-9a-fA-F:]+) releases address ([0-9a-fA-F:]+), which is not leased to it.$/) {
110	156	if ($Detail >= 5) {
111	157	$data{'Warnings'}{$line}++;
112	158	}
113		} elsif ( ($line =~ s/^BOOTREPLY for ([\d\.]+) to ([a-zA-Z\d_-]+) $([a-f\d:]+)$ via (\S+)\s*$/$1 -> $3 [$2] ($4\/bootp)/)
114		or ($line =~ s/^BOOTREPLY on ([\d\.]+) to ([a-f\d:]+) via (\S+)\s*$/$1 -> $2 [] ($3\/bootp)/) ) {
115
116		if ($Detail >= 5) {
117		$data{'Addresses Leased'}{$line}++;
	159	} elsif ($line =~ s/^Client ([0-9a-fA-F:]+) releases address ([0-9a-fA-F:]+)$/$1\n -> $2 (IPv6)/) {
	160	if ($Detail >= 5) {
	161	$data{'Addresses Released'}{$line}++;
118	162	}
119	163	} elsif ($line =~ s/^added reverse map from ([\d]+).([\d]+).([\d]+).([\d]+).in-addr.arpa. to ([a-zA-Z\d._-]+)\s*$/Add reverse $4.$3.$2.$1 -> $5/) {
120	164	if ($Detail >= 7) {

140	184	if ($Detail >= 7) {
141	185	$data{'DNS Mappings'}{$line}++;
142	186	}
143		} elsif ($line =~ s/^Remove host declaration ([a-zA-Z\d.]+) or remove ([\d.]+)\s*$/Host $2 ($1) has static and dynamic mappings, remove other./) {
	187	} elsif ($line =~ s/^Remove host declaration ([a-zA-Z\d.-]+) or remove ([\d.]+)\s*$/Host $2 ($1) has static and dynamic mappings, remove other/) {
144	188	if ($Detail >= 3) {
145	189	$data{'Warnings'}{$line}++;
146	190	}
	191	} elsif ($line =~ s/^uid lease ([\da-fA-F\.:]+) for client ([^ ]) is duplicate on ([^ ])/uid lease $1 for client $2 is duplicate/) {
	192	if ($Detail >= 3) {
	193	$data{'Duplicate lease'}{$line}++;
	194	}
	195	} elsif ($line =~ /^DHCPDISCOVER from .* via \S+: (.*): no free leases/) {
	196	$data{'No Free Leases'}{$1}++;
	197	} elsif ($line =~ /^DHCPDISCOVER from .* via (\S+): unknown network segment/) {
	198	$data{'Unknown Network Segments'}{$1}++;
	199	} elsif ($line =~ /^DHCPDISCOVER from .* via (\S+): load balance to peer/) {
	200	$data{'Load balance to peer'}{$1}++
	201	} elsif ($line =~ /^ICMP Echo Reply for ([\da-fA-F\.:]+) late or spurious/) {
	202	$data{'Late or spurious Echo Reply for'}{$1}++;
	203	} elsif ($line =~ /^ICMP Echo reply while lease ([\da-fA-F\.:]+) valid/) {
	204	$data{'Echo reply while lease valid'}{$1}++;
147	205	} else {
148	206	$data{'Unknown Entries'}{$line}++;
149	207	}
150	208	}
151	209
152	210	if (keys %data) {
153		foreach my $type (keys %data) {
	211	foreach my $type (sort keys %data) {
154	212	print "$type:\n";
155	213	foreach my $entry (sort {$a cmp $b} keys %{$data{$type}}) {
156	214	print " $entry: $data{$type}{$entry} Time(s)\n";

160	218	}
161	219
162	220	# vi: shiftwidth=3 tabstop=3 syntax=perl et
163
	221	# Local Variables:
	222	# mode: perl
	223	# perl-indent-level: 3
	224	# indent-tabs-mode: nil
	225	# End:

+9

-5

scripts/services/dnssec less more

10	10	#
11	11	#Redistribution and use in source and binary forms, with or without
12	12	#modification, are permitted provided that the following conditions are met:
13		#
	13	#
14	14	#* Redistributions of source code must retain the above copyright notice,
15	15	# this list of conditions and the following disclaimer.
16		#
	16	#
17	17	#* Redistributions in binary form must reproduce the above copyright
18	18	# notice, this list of conditions and the following disclaimer in the
19	19	# documentation and/or other materials provided with the distribution.
20		#
	20	#
21	21	#* Neither the name of Sparta, Inc nor the names of its contributors may
22	22	# be used to endorse or promote products derived from this software
23	23	# without specific prior written permission.
24		#
	24	#
25	25	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
26	26	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27	27	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

136	136	exit (0);
137	137
138	138	# vi: shiftwidth=3 tabstop=3 et
139
	139	# Local Variables:
	140	# mode: perl
	141	# perl-indent-level: 3
	142	# indent-tabs-mode: nil
	143	# End:

+224

-39

scripts/services/dovecot less more

0	0	########################################################
1		# $Id: dovecot,v 1.17 2009/06/02 14:48:06 mike Exp $
	1	# $Id: dovecot,v 1.18 2010/09/18 17:41:00 stefan Exp $
2	2	########################################################
3	3	# $Log: dovecot,v $
	4	# Revision 1.18 2010/09/18 17:41:00 stefan
	5	# ignore: ssl-build-param
	6	#
4	7	# Revision 1.17 2009/06/02 14:48:06 mike
5	8	# Removed some periods that were in the Fedora patch and broke the file -mgt
6	9	#

57	60	#
58	61	########################################################
59	62	# Please send all comments, suggestions, bug reports,
60		# etc, to logwatch-devel@logwatch.org
	63	# etc, to logwatch-devel@lists.sourceforge.net
61	64	########################################################
62	65	# The Dovecot script was written by:
63	66	# Patrick Vande Walle <patrick@isoc.lu>
64		# Based on previous work by
	67	# Based on previous work by
65	68	# Pawel Golaszewski <blues@gda.pl>
66	69	#
67	70	# TODO:
68	71	# - use printf features to align text in table
69		#
	72	#
70	73	########################################################
71	74
72	75	########################################################

82	85	## Logwatch project reserves the right to not accept such
83	86	## contributions. If you have made significant
84	87	## contributions to this script and want to claim
85		## copyright please contact logwatch-devel@logwatch.org.
	88	## copyright please contact logwatch-devel@lists.sourceforge.net.
86	89	#########################################################
87	90
88	91	my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
89		my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	92	my $Detail = $ENV{'dovecot_detail'} \|\| $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
90	93	my $IgnoreHost = $ENV{'dovecot_ignore_host'} \|\| "";
91	94
92	95	my $Restarts = 0;

95	98	if ( $Debug >= 5 ) {
96	99	print STDERR "\n\nDEBUG \n\n";
97	100	}
	101
	102	# Handle "dovecot: <svc>" and "dovecot: [ID yyyyy mail.info] <svc"
	103	my $dovecottag = qr/dovecot:(?:\s*\[[^]]+\])?/;
98	104
99	105	while (defined($ThisLine = <STDIN>)) {
100	106	# remove timestamp. We can't use *RemoveHeaders because we need the
101	107	# service name
102	108	$ThisLine =~ s/^\w{3} .\d \d\d:\d\d:\d\d [^ ]* //;
103		if ($ThisLine =~ /ssl-build-param: SSL parameters regeneration completed/) {
104		# We don't care about these
	109	if ( ($ThisLine =~ /(?:ssl-build-param\|ssl-params): SSL parameters regeneration completed/) or
	110	($ThisLine =~ /ssl-params: Generating SSL parameters/) or
	111	($ThisLine =~ /auth-worker/) or
	112	($ThisLine =~ /auth:.*: Connected to/) or
	113	($ThisLine =~ /Connection closed/) or
	114	($ThisLine =~ /IMAP.*: Connection closed bytes/) or
	115	($ThisLine =~ /IMAP.* failed with mbox file/) or
	116	($ThisLine =~ /discarded duplicate forward to/) or
	117	($ThisLine =~ /discarding vacation response/)
	118	)
	119	{
	120	# We don't care about these
105	121	} elsif ( $ThisLine =~ /Killed with signal /) {
106	122	$End++;
107		} elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* \|)starting up$/) {
	123	} elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* \|)starting up( $core dumps disabled$)?$/) {
108	124	$Restarts++;
109	125	$End = 0;
110	126	} elsif ( ($User, $Host) = ( $ThisLine =~ /^pop3-login: Login: (.?) \[(.)\]/ ) ) {

112	128	$Login{$User}{$Host}++;
113	129	$LoginPOP3{$User}++;
114	130	$ConnectionPOP3{$Host}++;
115		$Connection{$Host}++;
	131	$Connection{$Host}++;
116	132	}
117	133	} elsif ( ($User, $Host) = ( $ThisLine =~ /^imap-login: Login: (.?) \[(.)\]/ ) ) {
118	134	if ($Host !~ /$IgnoreHost/) {
119	135	$Login{$User}{$Host}++;
120	136	$LoginIMAP{$User}++;
121	137	$ConnectionIMAP{$Host}++;
122		$Connection{$Host}++;
123		}
	138	$Connection{$Host}++;
	139	}
	140	} elsif ( ($User, $Host) = ( $ThisLine =~ /managesieve-login: Login: user=\<(.?)\>.rip=(.*)\, lip=/ ) ) {
	141	if ($Host !~ /$IgnoreHost/) {
	142	$SieveLogin{$User}{$Host}++;
	143	$LoginSieve{$User}++;
	144	$ConnectionSieve{$Host}++;
	145	$Connection{$Host}++;
	146	}
	147
	148	# 'lda' for dovecot 2.0, 'deliver' for earlier versions
	149	} elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda\|deliver)$(.)$: msgid=.: saved mail to (\S+)/ ) ) {
	150	$Deliver{$User}{$Mailbox}++;
	151
	152	# For Sieve-based delivery
	153	} elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda$\|deliver\(\|lmtp\(\d+, )(.)$: (?:[^:]+: )?sieve: msgid=.: stored mail into mailbox '(\S+)'/ ) ) {
	154	$Deliver{$User}{$Mailbox}++;
	155
	156	# LMTP-based delivery
	157	} elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp$\d+, (.)$: [^:]+: msgid=.: saved mail to (\S+)/ ) ) {
	158	# dovecot: [ID 583609 mail.info] lmtp(12782, cloyce@headgear.org): jBt1EfjCMk3uMQAAm9eMBA: msgid=<4D32DB1F.3080707@c-dot.co.uk>: saved mail to INBOX
	159	$Deliver{$User}{$Mailbox}++;
	160
	161	# sieve forward
	162	} elsif (($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:lda\|deliver)$(.)$: sieve: msgid=. forwarded to \<(.*)\>/)) {
	163	$Forwarded{$User}{$Recip}++;
	164
	165	# sieve vacation
	166	} elsif (($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:lda\|deliver)$(.)$: sieve: msgid=. sent vacation response to \<(.*)\>/)) {
	167	$VacationResponse{$User}{$Recip}++;
	168
	169	} elsif (($User, $Recip) = ($ThisLine =~ /^$dovecottag (?:lda\|deliver)$(.)$: sieve: msgid=. discarded duplicate vacation response to \<(.*)\>/ )) {
	170	$VacationDup{$User}{$Recip}++;
	171
	172	} elsif ( $ThisLine =~ /^$dovecottag lmtp$.*$: Connect from/ ) {
	173	# dovecot: [ID 583609 mail.info] lmtp(12782): Connect from local: 1 Time(s)
	174	# IGNORE
	175
	176	} elsif ( $ThisLine =~ /^$dovecottag lmtp$.*$: Disconnect from/ ) {
	177	# dovecot: [ID 583609 mail.info] lmtp(12782): Disconnect from local: Client quit: 1 Time(s)
	178	# IGNORE
	179
124	180
125	181	# This is for Dovecot 1.0 series
126		} elsif ( ($User, $Host) = ( $ThisLine =~ /^dovecot: pop3-login: Login: user=\<(.?)\>.rip=(.*)\, lip=/ ) ) {
	182	} elsif ( ($User, $Host) = ( $ThisLine =~ /^$dovecottag pop3-login: Login: user=\<(.?)\>.rip=(.*)\, lip=/ ) ) {
127	183	if ($Host !~ /$IgnoreHost/) {
128	184	$Login{$User}{$Host}++;
129	185	$LoginPOP3{$User}++;
130	186	$ConnectionPOP3{$Host}++;
131	187	$Connection{$Host}++;
132	188	}
133		} elsif ( ($User, $Host) = ( $ThisLine =~ /^dovecot: imap-login: Login: user=\<(.?)\>.rip=(.*)\, lip=/) ) {
	189	} elsif ( ($User, $Host) = ( $ThisLine =~ /^$dovecottag imap-login: Login: user=\<(.?)\>.rip=(.*)\, lip=/) ) {
134	190	if ($Host !~ /$IgnoreHost/) {
135	191	$Login{$User}{$Host}++;
136	192	$LoginIMAP{$User}++;

138	194	$Connection{$Host}++;
139	195	}
140	196
141		} elsif ($ThisLine =~ /Disconnected \[/) {
	197	} elsif ($ThisLine =~ /Disconnected (\[\|top)/) {
142	198	$Disconnected{"no reason"}++;
143	199	} elsif (($Reason) = ($ThisLine =~ /Disconnected: (.*) \[/) ) {
	200	$Disconnected{$Reason}++;
	201	} elsif (($Reason) = ($ThisLine =~ /Disconnected: (.) (bytes\|top)=./) ) {
	202	$Disconnected{$Reason}++;
	203	} elsif (($Reason) = ($ThisLine =~ /Disconnected $(.*)$:/) ) {
144	204	$Disconnected{$Reason}++;
145	205	} elsif (($Reason, $Host) = ($ThisLine =~ /TLS initialization failed/) ) {
146	206	$TLSInitFail++;

148	208	$Aborted{$Host}++;
149	209	} elsif (($Reason) = ($ThisLine =~ /Aborted login $(.*)$:/)) {
150	210	$Aborted{$Reason}++;
	211	} elsif (($user, $rip, $lip) = ($ThisLine =~ /Maximum number of connections.* exceeded.* user=<([^>]+)>.*rip=([^,]+), lip=([^,]+)/)) {
	212	# dovecot: [ID 583609 mail.info] imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<cloyce@headgear.org>, method=CRAM-MD5, rip=102.225.17.52, lip=14.105.322.67, TLS
	213	$LimitExceeded{"max_userip_connections: $user from $rip to $lip"}++;
151	214
152	215	# This is for Dovecot 1.0 series
153	216	# Overly general matches in this section -mgt

156	219	$Disconnected{"Inactivity"}++;
157	220	} elsif ($ThisLine =~ /Disconnected in IDLE/) {
158	221	$Disconnected{"in IDLE"}++;
	222	} elsif ($ThisLine =~ /Disconnected in APPEND/) {
	223	$Disconnected{"in APPEND"}++;
159	224	} elsif (($ThisLine =~ /Disconnected$/) or
160	225	(($Reason) = ($ThisLine =~ /pop3-login: Disconnected: (.+)/)) or
161	226	(($Reason) = ($ThisLine =~ /imap-login: Disconnected: (.+)/)) ) {
162	227	$Disconnected{"no reason"}++;
163		} elsif ( (($Reason) = ($ThisLine =~ /POP3.+: Disconnected: (.+) top/)) or
164		(($Reason) = ($ThisLine =~ /pop3-login: Disconnected $(.+)$: /)) or
165		(($Reason) = ($ThisLine =~ /IMAP.+: Disconnected: (.+) bytes=/)) or
166		(($Reason) = ($ThisLine =~ /IMAP.+: Disconnected: (.+)/)) ) {
	228	} elsif ( (($Reason) = ($ThisLine =~ /POP3.+: Disconnected: (.+) top/)) or
	229	(($Reason) = ($ThisLine =~ /pop3-login: Disconnected $(.+)$: /)) or
	230	(($Reason) = ($ThisLine =~ /IMAP.+: Disconnected: (.+) bytes=/i)) or
	231	(($Reason) = ($ThisLine =~ /IMAP.+: Disconnected: (.+)/i)) ) {
167	232	$Disconnected{$Reason}++;
	233	} elsif (($Reason) = ($ThisLine =~ /(IMAP\|POP3).+: Connection closed (top\|bytes)=/i)) {
	234	$ConnectionCl{"no reason"}++;
	235	} elsif ( (($Reason) = ($ThisLine =~ /IMAP.+: Connection closed: (.*) bytes=/i)) or
	236	(($Reason) = ($ThisLine =~ /POP3.+: Connection closed: (.*) (top=\|bytes=)/i)) ) {
	237	$ConnectionCl{$Reason}++;
168	238	} elsif ($ThisLine =~ /(IMAP\|POP3).+: (Connection closed.*)/) {
169	239	$Disconnected{$2}++;
170		} elsif (($Reason) = ($ThisLine =~ /IMAP.+: Connection closed bytes=/)) {
171		$ConnectionCl{"no reason"}++;
172		} elsif ( (($Reason) = ($ThisLine =~ /IMAP.+: Connection closed: (.*) bytes=/)) or
173		(($Reason) = ($ThisLine =~ /POP3.+: Connection closed: (.*) (top=\|bytes=)/)) ) {
174		$ConnectionCl{$Reason}++;
175		} elsif ($ThisLine =~ /POP3.+: Connection closed top=.* retr=.* del=.* size=.*/) {
176		$ConnectionCl{"no reason"}++;
177		} elsif (($Error) = ($ThisLine =~ /child \d* $login$ returned error (.*)/)) {
178		# dovecot: child 23747 (login) returned error 89
179		$ChildErr{$Error}++;
	240	} elsif ($ThisLine =~ /POP3.+: Connection closed top=.* retr=.* del=.* size=.*/i) {
	241	$ConnectionCl{"no reason"}++;
	242	} elsif (($Error) = ($ThisLine =~ /child \d* (?:$login$ )?returned error (.*)/)) {
	243	# dovecot: child 23747 (login) returned error 89
	244	# dovecot: log: Error: service(auth): child 19654 returned error 89 (Fatal failure)
	245	$ChildErr{$Error}++;
	246	} elsif (($Name) = ($ThisLine =~ /$dovecottag IMAP$(.)$: .(.*) failed: Disk quota exceeded/i)) {
	247	# dovecot: IMAP(podracka): mkdir(/home/LF/KLINIKY/podracka/mail/.imap/saved-messages) failed: Disk quota exceeded
	248	$DiskQuotaExceed{$Name}++;
180	249	} else {
181	250	# Report any unmatched entries...
182	251	chomp($ThisLine);

191	260	}
192	261
193	262	if ( ( $Detail >=5 ) and $Restarts ) {
194		print "\nDovecot restarted $Restarts time(s).";
	263	print "\nDovecot restarted $Restarts time(s).\n";
195	264	}
196	265
197	266	if ( ( $Detail >= 5 ) and (keys %Connection)) {

199	268	"\n====================================".
200	269	"\n Host \| POP3 \| IMAP \| Total ".
201	270	"\n-------------------------------------- \| --------- \|--------- \| ---------";
202
	271
203	272	$TLSInitFail = 0;
204	273	foreach $Host (sort keys %Connection) {
205	274	$Total = $Connection{$Host};

221	290	$CountSpaceLength = 10 - $CountLength;
222	291	$IMAPLength = length("$IMAP");
223	292	$IMAPSpaceLength = 9 - $IMAPLength;
224		$TotalLenght = length("$Total");
225		$TotalSpaceLength = 10 - $TotalLenght;
	293	$TotalLength = length("$Total");
	294	$TotalSpaceLength = 10 - $TotalLength;
226	295	print "\n" ." " x $HostSpaceLength . $Host . " \|" . " " x $CountSpaceLength . $Conns .
227	296	" \|" . " " x $IMAPSpaceLength . $IMAP . " \|" . " " x $TotalSpaceLength . $Total;
228	297	$POP3Count += $Conns;

240	309	" \|" . " " x $totalSpaceLength . $TotalCount . "\n";
241	310	}
242	311
243		if ( ( $Detail >= 10 ) and (keys %Login)) {
	312	if ( ( $Detail >= 5 ) and (keys %Deliver)) {
	313	print "\n\nDovecot Deliveries:";
	314	$DeliverCount = 0;
	315	foreach my $User (sort keys %Deliver) {
	316	print "\n User $User:";
	317	$UserCount = 0;
	318	$NumMailboxes = 0;
	319	foreach $Mailbox (sort keys %{$Deliver{$User}}) {
	320	$NumMailboxes++;
	321	$MailboxCount = $Deliver{$User}{$Mailbox};
	322	print "\n To $Mailbox: $MailboxCount Time(s)" if ($Detail >= 10);
	323	$UserCount += $MailboxCount;
	324	}
	325	$DeliverCount += $UserCount;
	326	if ($Detail >= 10) {
	327	if ($NumMailboxes > 1) {
	328	print "\n Total: $UserCount Time(s)\n";
	329	} else {
	330	print "\n";
	331	}
	332	} elsif ($Detail >= 5) {
	333	print " $UserCount Time(s)";
	334	}
	335	}
	336	print "\nTotal: $DeliverCount successful deliveries";
	337	}
	338
	339	if (($Detail >= 10) and (keys %Forwarded)) {
	340	$TotalForwarded = 0;
	341
	342	print "\n\nDovecot LDA sieve forwards:";
	343	foreach $User (sort keys %Forwarded) {
	344	print "\n\n User $User";
	345	foreach my $Recip (sort keys %{$Forwarded{$User}}) {
	346	print "\n To $Recip: $Forwarded{$User}{$Recip} time(s)";
	347	$TotalForwarded += $Forwarded{$User}{$Recip};
	348	}
	349	}
	350	print "\n\n Total: $TotalForwarded Time(s)";
	351	}
	352
	353	if (($Detail >= 10) and (keys %VacationResponse)) {
	354	$TotalVacResp = 0;
	355	print "\n\nDovecot LDA sieve vacation responses:";
	356	foreach my $User (sort keys %VacationResponse) {
	357	print "\n\n User $User";
	358	foreach my $Recip (sort keys %{$VacationResponse{$User}}) {
	359	print "\n To $Recip: $VacationResponse{$User}{$Recip} time(s)";
	360	$TotalVacResp += $VacationResponse{$User}{$Recip};
	361	}
	362	}
	363	print "\n\n Total: $TotalVacResp Time(s)";
	364	}
	365
	366	if (($Detail >= 10) and (keys %VacationDup)) {
	367	$TotalVacDup = 0;
	368	print "\n\nDovecot LDA sieve duplicate vacation responses not sent:";
	369	foreach my $User (sort keys %VacationDup) {
	370	print "\n User $User";
	371	foreach my $Recip (sort keys %{$VacationDup{$User}}) {
	372	print "\n To $Recip: $VacationDup{$User}{$Recip} time(s)";
	373	$TotalVacDup += $VacationDup{$User}{$Recip};
	374	}
	375	}
	376	print "\n\n Total: $TotalVacDup Time(s)";
	377	}
	378
	379
	380	if ( ( $Detail >= 5 ) and (keys %Login)) {
244	381	print "\n\nDovecot IMAP and POP3 Successful Logins:";
245	382	$LoginCount = 0;
246		foreach my $User (keys %Login) {
247		print "\n\n User $User:";
248		if ($LoginPOP3{$User} > 0 \|\| $LoginIMAP{$User} > 0) {
	383	foreach my $User (sort keys %Login) {
	384	print "\n User $User:";
	385	if ( ($Detail >= 10) and ($LoginPOP3{$User} > 0 \|\| $LoginIMAP{$User} > 0) ) {
249	386	print " (";
250	387	if ($LoginPOP3{$User} > 0) { print "$LoginPOP3{$User} POP3"; };
251	388	if ($LoginPOP3{$User} > 0 && $LoginIMAP{$User} > 0) { print "/"; };

254	391	}
255	392	$UserCount = 0;
256	393	$NumHosts = 0;
257		foreach $Host (keys %{$Login{$User}}) {
	394	foreach $Host (sort keys %{$Login{$User}}) {
258	395	$NumHosts++;
259	396	$HostCount = $Login{$User}{$Host};
260	397	# Cleanly display IPv4 addresses
261	398	$Host=~ s/::ffff://;
	399	print "\n From $Host: $HostCount Time(s)" if ($Detail >= 10);
	400	$UserCount += $HostCount;
	401	}
	402	$LoginCount += $UserCount;
	403	if ($Detail >= 10) {
	404	if ($NumHosts > 1) {
	405	print "\n Total: $UserCount Time(s)\n";
	406	} else {
	407	print "\n";
	408	}
	409	} elsif ($Detail >= 5) {
	410	print " $UserCount Time(s)";
	411	}
	412	}
	413	print "\nTotal: $LoginCount successful logins";
	414	}
	415
	416	if ( ( $Detail >= 10 ) and (keys %SieveLogin)) {
	417	print "\n\nDovecot ManageSieve Successful Logins:";
	418	$LoginCount = 0;
	419	foreach my $User (sort keys %SieveLogin) {
	420	print "\n\n User $User:";
	421	$UserCount = 0;
	422	$NumHosts = 0;
	423	foreach $Host (sort keys %{$SieveLogin{$User}}) {
	424	$NumHosts++;
	425	$HostCount = $SieveLogin{$User}{$Host};
	426	# Cleanly display IPv4 addresses
	427	$Host=~ s/::ffff://;
262	428	print "\n From $Host: $HostCount Time(s)";
263	429	$UserCount += $HostCount;
264	430	}

267	433	print "\n Total: $UserCount Time(s)";
268	434	}
269	435	}
270		print "\n\nTotal: $LoginCount successful logins";
	436	print "\n\nTotal: $LoginCount successful ManageSieve logins";
	437	}
	438
	439	if (keys %LimitExceeded) {
	440	print "\n\nDovecot limits exceeded:";
	441	foreach my $Reason (sort keys %LimitExceeded) {
	442	print "\n $Reason: $LimitExceeded{$Reason} Time(s)";
	443	}
271	444	}
272	445
273	446	if (keys %Disconnected) {

302	475	print "\n\nTLS Initialization failed $TLSInitFail Time(s)";
303	476	}
304	477
	478	if (keys %DiskQuotaExceed) {
	479	print "\n\nDisk quota exceeded:";
	480	foreach my $Name (sort keys %DiskQuotaExceed) {
	481	print "\n disk quota for user '". $Name . "' exceeded: ". $DiskQuotaExceed{$Name} ." Time(s)";
	482	}
	483	}
	484
305	485	if (keys %OtherList) {
306	486	print "\n\nUnmatched Entries\n";
307	487	foreach $line (sort {$a cmp $b} keys %OtherList) {

313	493
314	494
315	495	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	496	# Local Variables:
	497	# mode: perl
	498	# perl-indent-level: 3
	499	# indent-tabs-mode: nil
	500	# End:

+11

-5

scripts/services/dpkg less more

35	35	## Logwatch project reserves the right to not accept such
36	36	## contributions. If you have made significant
37	37	## contributions to this script and want to claim
38		## copyright please contact logwatch-devel@logwatch.org.
	38	## copyright please contact logwatch-devel@lists.sourceforge.net.
39	39	#########################################################
40	40
41	41	use strict;

75	75	}
76	76	}
77	77
78		my @k = ( "Installed" , \@install,
	78	my @k = ( "Installed" , \@install,
79	79	"Reinstalled" , \@reinstall,
80		"Upgraded" , \@upgrade,
81		"Removed", \@remove,
82		"Purged", \@purge,
	80	"Upgraded" , \@upgrade,
	81	"Removed", \@remove,
	82	"Purged", \@purge,
83	83	"Configuration files", \@conffile,
84	84	"Unknown lines", \@unknown);
85	85

94	94
95	95	}
96	96	}
	97
97	98	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	99	# Local Variables:
	100	# mode: perl
	101	# perl-indent-level: 3
	102	# indent-tabs-mode: nil
	103	# End:

+20

-5

scripts/services/emerge less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	$Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;

50	50	($ThisLine =~ /Starting rsync with/i) or
51	51	($ThisLine =~ /Merging/) or
52	52	($ThisLine =~ /Unmerging./) or
	53	($ThisLine =~ /Resuming merge/) or
53	54	($ThisLine =~ /AUTOCLEAN/) or
54	55	($ThisLine =~ />>> emerge /) or
	56	($ThisLine =~ />>> depclean/) or
55	57	($ThisLine =~ /\\\* emerge /) or
56		($ThisLine =~ /Cleaning/) or
	58	($ThisLine =~ /Cleaning/) or
57	59	($ThisLine =~ /Updating world file/) or
58		($ThisLine =~ /Post-Build/)
	60	($ThisLine =~ /Post-Build/) or
	61	($ThisLine =~ /Starting retry \d+ of \d+ with/)
59	62	) {
60	63	# Don't care about these...
61		}
	64	}
62	65	elsif ( $ThisLine =~ s/emerge on: ([^ ]+) $2/$1 / ) {
63	66	$EmergeStarted++;
64	67	} elsif ( $ThisLine =~ s/Sync completed ([^ ]+) $2/$1 / ) {

71	74	$NumberOfPackageUnmerged++;
72	75	} elsif ( $ThisLine =~ s/^Dep Installed: ([^ ]+)/$1 / ) {
73	76	$PackageDepInstalled{$ThisLine}++;
	77	} elsif ( $ThisLine =~ /exiting unsuccessfully with status \'(\d)\'/ ) {
	78	$ExitUnsuccessfull{$1}++;
74	79	} else {
75	80	# Report any unmatched entries...
76	81	push @OtherList,$ThisLine;

110	115	print " ". $ThisOne;
111	116	}
112	117	}
	118	if (keys %ExitUnsuccessfull) {
	119	print "\nUnsuccessfull exit with:\n";
	120	foreach $ThisOne (keys %ExitUnsuccessfull) {
	121	print " Status $ThisOne : $ExitUnsuccessfull{$ThisOne} Time(s)\n";
	122	}
	123	}
113	124
114	125	if ($#OtherList >= 0) {
115	126	print "\nUnmatched Entries\n";

119	130	exit(0);
120	131
121	132	# vi: shiftwidth=3 tabstop=3 syntax=perl et
122
	133	# Local Variables:
	134	# mode: perl
	135	# perl-indent-level: 3
	136	# indent-tabs-mode: nil
	137	# End:

+17

-5

scripts/services/evtapplication less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	use URI::URL;

33	33	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
34	34
35	35	while (defined($ThisLine = <STDIN>)) {
36		#Parse
37		my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$Application,$UserName,$SIDType,$EventLogType,$ComputerName,$CategoryString,$DataString,$ExpandedString,$Extra) =
38		($ThisLine =~ /(\w+)\sMSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	36	my ($Criticality,$SourceName,$DateTime,$EventID,$Application,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra);
	37	#Determine format
	38	if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4
	39	#Parse
	40	($Criticality,$SourceName,$DateTime,$EventID,$Application,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	41	($ThisLine =~ /(\S+)\sMSWinEventLog\[(\d+)\]:(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	42	} elsif ($ThisLine =~ /MSWinEventLog\t/) { # Snare 3
	43	#Parse
	44	($Criticality,$SourceName,$DateTime,$EventID,$Application,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	45	($ThisLine =~ /MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	46	}
39	47	if (!defined($Hostname)) {
40	48	print STDERR "Cannot parse $ThisLine";
41	49	next;

113	121	exit(0);
114	122
115	123	# vi: shiftwidth=3 tabstop=3 syntax=perl et
116
	124	# Local Variables:
	125	# mode: perl
	126	# perl-indent-level: 3
	127	# indent-tabs-mode: nil
	128	# End:

+17

-5

scripts/services/evtsecurity less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
32	32
33	33	while (defined($ThisLine = <STDIN>)) {
34		#Parse
35		my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$ComputerName,$CategoryString,$DataString,$ExpandedString,$Extra) =
36		($ThisLine =~ /(\w+) MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t(\w+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t])\t([^\t])\t([^\t]*)/);
	34	my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra);
	35	#Determine format
	36	if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4
	37	#Parse
	38	($Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	39	($ThisLine =~ /MSWinEventLog\[(\d+)\]:(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	40	} elsif ($ThisLine =~ /MSWinEventLog\t/) { # Snare 3
	41	#Parse
	42	($Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	43	($ThisLine =~ /MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	44	}
37	45	if (!defined($Hostname)) {
38	46	print STDERR "Cannot parse $ThisLine";
39	47	next;

77	85	exit(0);
78	86
79	87	# vi: shiftwidth=3 tabstop=3 syntax=perl et
80
	88	# Local Variables:
	89	# mode: perl
	90	# perl-indent-level: 3
	91	# indent-tabs-mode: nil
	92	# End:

+17

-5

scripts/services/evtsystem less more

26	26	## Logwatch project reserves the right to not accept such
27	27	## contributions. If you have made significant
28	28	## contributions to this script and want to claim
29		## copyright please contact logwatch-devel@logwatch.org.
	29	## copyright please contact logwatch-devel@lists.sourceforge.net.
30	30	#########################################################
31	31
32	32	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
33	33
34	34	while (defined($ThisLine = <STDIN>)) {
35		#Parse
36		my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$ComputerName,$CategoryString,$DataString,$ExpandedString,$Extra) =
37		($ThisLine =~ /(\w+)\sMSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	35	my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra);
	36	#Determine format
	37	if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4
	38	#Parse
	39	($Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	40	($ThisLine =~ /MSWinEventLog\[(\d+)\]:(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	41	} elsif ($ThisLine =~ /MSWinEventLog\t/) { # Snare 3
	42	#Parse
	43	($Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) =
	44	($ThisLine =~ /MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t])\t?([^\t])\t?([^\t])\t?([^\t])/);
	45	}
38	46	if (!defined($Hostname)) {
39	47	print STDERR "Cannot parse $ThisLine";
40	48	next;

77	85	exit(0);
78	86
79	87	# vi: shiftwidth=3 tabstop=3 syntax=perl et
80
	88	# Local Variables:
	89	# mode: perl
	90	# perl-indent-level: 3
	91	# indent-tabs-mode: nil
	92	# End:

+23

-15

scripts/services/exim less more

0	0	##########################################################################
1		# $Id: exim,v 1.24 2009/06/02 14:50:37 mike Exp $
	1	# $Id: exim,v 1.25 2010/09/18 17:31:00 stefan Exp $
2	2	##########################################################################
3	3	# $Log: exim,v $
	4	# Revision 1.25 2010/09/18 17:31:00 stefan
	5	# removing unused variable $tz
	6	#
4	7	# Revision 1.24 2009/06/02 14:50:37 mike
5	8	# Patch from Fedora (Ivan Varekova) -mgt
6	9	#

43	46	# Dariusz Nierada <dnierada@kat.supermedia.pl>
44	47	########################################################
45	48	# Please send all comments, suggestions, bug reports,
46		# etc, to logwatch-devel@logwatch.org
	49	# etc, to logwatch-devel@lists.sourceforge.net
47	50	########################################################
48	51
49	52	########################################################

75	78	## Logwatch project reserves the right to not accept such
76	79	## contributions. If you have made significant
77	80	## contributions to this script and want to claim
78		## copyright please contact logwatch-devel@logwatch.org.
	81	## copyright please contact logwatch-devel@lists.sourceforge.net.
79	82	#########################################################
80	83
81	84	use Logwatch ':dates';
	85	use warnings;
82	86
83	87	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
84	88

239	243	elsif ( $ThisLine =~ /rejected [HE][EH]LO from\s/ ) {
240	244	# Typically due to underscores _ in the HELO line
241	245	# (a common protocol violation)
242		# Also can be due to odd escape sequences
	246	# Also can be due to odd escape sequences
243	247	# (never seen from a valid MX)
244	248	$Proto{$ThisLine}++;
245	249	}

265	269	$Lookup++;
266	270	push @LookupH, $ThisLine;
267	271	}
268		elsif ( $ThisLine =~ /^\d+\-\d+\-\d+\s\d+\:\d+\:\d+\s\w+\-\w+\-\w+\s/ ) { # inne wiadomosci przesylane przez EXIMA
	272	elsif ( $ThisLine =~ /^\d+\-\d+\-\d+\s\d+\:\d+\:\d+\s(\+\d+\s)?\w+\-\w+\-\w+\s/ ) { # inne wiadomosci przesylane przez EXIMA
269	273	# Collect Message ID specific notes...
270		($mdate,$mtime,$mid,$mrest) = ($ThisLine =~ /^(\d+\-\d+\-\d+)\s(\d+\:\d+\:\d+)\s(\w+\-\w+\-\w+)(.+)/);
	274	($mdate,$mtime,$mid,$mrest) = ($ThisLine =~ /^(\d+\-\d+\-\d+)\s(\d+\:\d+\:\d+)\s(?:\+\d+\s)?(\w+\-\w+\-\w+)(.+)/);
271	275	# Count of individual Message Lines, used for sort
272	276	$licze++; # Dodaje taki licznik aby potem przy wypisaniu posortowac po nim, bo wypisywal nie po kolei
273	277	$mmsg{$mid}{$licze.$mrest} = "$mdate $mtime";
274	278
275	279	}
276		else
	280	else
277	281	{
278	282	$OtherList{$ThisLine}++;
279	283	}

290	294	}
291	295
292	296	# Print server Stops/Starts
293		if ($Detail >= $LvlRestart) {
	297	if ($Detail >= $LvlRestarts) {
294	298	if (@Restart) {
295	299	print "\n--- Exim Restarted ---\n";
296	300	foreach $ThisOne (sort @Restart) {

299	303	}
300	304	}
301	305
302		if ($Detail >= $LvlRestart) {
	306	if ($Detail >= $LvlRuns) {
303	307	if (($StartQueue >0 ) or ($EndQueue > 0)) {
304	308	print "\n--- Queue Runners ---\n";
305	309	# Start Queue

342	346
343	347	if ( $Detail >= $LvlRelayLines ) {
344	348	print "--- Lines follow:\n\n";
345
	349
346	350	foreach $ThisOne (@GreylistH) {
347	351	print "$ThisOne\n";
348	352	}

354	358
355	359	if ( $Detail >= $LvlRelayLines ) {
356	360	print "--- Lines follow:\n\n";
357
	361
358	362	foreach $ThisOne (@RelayH) {
359	363	print "$ThisOne\n";
360	364	}

390	394	$cc = $1;
391	395	}
392	396	# There is probably a more graceful way to do this...
393		if (defined( $vir{$cc} )) {
	397	if (defined( $vir{$cc} )) {
394	398	# Assign current value to temporary (mid)
395	399	$mid = $vir{$cc};
396	400	}

467	471	}
468	472	else {
469	473	# If we picked up a malfunction but didn't collect it here,
470		# no need to make the user suffer with superfluous error
	474	# no need to make the user suffer with superfluous error
471	475	# messages.
472	476	#next;
473	477	print "Didn't Summarize: $ThisOne\n";

591	595	}
592	596	else {
593	597	# If we picked up a malfunction but didn't collect it here,
594		# no need to make the user suffer with superfluous error
	598	# no need to make the user suffer with superfluous error
595	599	# messages.
596	600	#next;
597	601	print "Didn't Summarize: $ThisOne\n";

709	713	exit(0);
710	714
711	715	# vi: shiftwidth=3 tabstop=3 syntax=perl et
712
	716	# Local Variables:
	717	# mode: perl
	718	# perl-indent-level: 3
	719	# indent-tabs-mode: nil
	720	# End:

+7

-3

scripts/services/eximstats less more

4	4	#
5	5	# Please send all comments, suggestions, bug reports,
6	6	# etc, to jeff.frost@frostconsultingllc.com and
7		# logwatch-devel@logwatch.org
	7	# logwatch-devel@lists.sourceforge.net
8	8	########################################################
9	9
10	10	########################################################

20	20	## Logwatch project reserves the right to not accept such
21	21	## contributions. If you have made significant
22	22	## contributions to this script and want to claim
23		## copyright please contact logwatch-devel@logwatch.org.
	23	## copyright please contact logwatch-devel@lists.sourceforge.net.
24	24	#########################################################
25	25
26	26	use Logwatch ':all';

54	54	exit(0);
55	55
56	56	# vi: shiftwidth=3 tabstop=3 syntax=perl et
57
	57	# Local Variables:
	58	# mode: perl
	59	# perl-indent-level: 3
	60	# indent-tabs-mode: nil
	61	# End:

+14

-9

scripts/services/extreme-networks less more

24	24	## Logwatch project reserves the right to not accept such
25	25	## contributions. If you have made significant
26	26	## contributions to this script and want to claim
27		## copyright please contact logwatch-devel@logwatch.org.
	27	## copyright please contact logwatch-devel@lists.sourceforge.net.
28	28	#########################################################
29	29
30	30	use Logwatch ':all';

55	55	($month,$day,$time,$host,$msg)=split(/ +/,$ThisLine,6);
56	56
57	57	if ( ($ThisLine =~ /traffic/ ) or
58		($ThisLine =~ /Copyright/ ) or
59		($ThisLine =~ /removed due to simultaneous rekey/ ) or
60		($ThisLine =~ /Responded to the first peer message/ ) or
61		($ThisLine =~ /NBR change/ ) or
	58	($ThisLine =~ /Copyright/ ) or
	59	($ThisLine =~ /removed due to simultaneous rekey/ ) or
	60	($ThisLine =~ /Responded to the first peer message/ ) or
	61	($ThisLine =~ /NBR change/ ) or
62	62	($ThisLine =~ /accept udp/ ) or
63	63	($ThisLine =~ /accept tcp/ ) or
64	64	($ThisLine =~ /accept icmp/ ) or

121	121	$UsersOut{$host}{$2}{$3}{"(all)"}++;
122	122	}
123	123	}
124		elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
	124	elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
125	125	if ( $Debug >= 5 ) {
126	126	print STDERR "DEBUG: Found -Failed login- line\n";
127	127	}
128	128	my $name = LookupIP($4);
129	129	$BadLogins{$host}{"$1/$2 from $name"}++;
130		}
131		elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
	130	}
	131	elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
132	132	my $name = LookupIP($2);
133	133	$Temp = "SSH from $name";
134	134	$BadLogins{$host}{$Temp}++;

265	265	print " " . $ThisOne . ":\n";
266	266	for (sort keys %{$IllegalUsers{$ThisOne}}) {
267	267	print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
268
	268
269	269	}
270	270	}
271	271	}

341	341	exit(0);
342	342
343	343	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	344	# Local Variables:
	345	# mode: perl
	346	# perl-indent-level: 3
	347	# indent-tabs-mode: nil
	348	# End:

+12

-4

scripts/services/fail2ban less more

15	15	#
16	16	# Revision 1.1 2006/05/30 19:04:26 bjorn
17	17	# Added fail2ban service, written by Yaroslav Halchenko.
18		#
	18	#
19	19	# Written by Yaroslav Halchenko <debian@onerussian.com> for fail2ban
20	20	#
21	21	##########################################################################

33	33	## Logwatch project reserves the right to not accept such
34	34	## contributions. If you have made significant
35	35	## contributions to this script and want to claim
36		## copyright please contact logwatch-devel@logwatch.org.
	36	## copyright please contact logwatch-devel@lists.sourceforge.net.
37	37	#########################################################
38	38
39	39	use strict;

65	65	if ( ($ThisLine =~ /..,... DEBUG: /) or
66	66	($ThisLine =~ /..,... \S\s: DEBUG /) or # syntax of 0.7.? fail2ban
67	67	($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running\|Exiting\|Enabled sections:)/) or
68		($ThisLine =~ /INFO.*Log rotation detected for/) or
	68	($ThisLine =~ /INFO\s+Log rotation detected for/) or
	69	($ThisLine =~ /INFO\s+Jail.+(?:stopped\|started\|uses poller)/) or
	70	($ThisLine =~ /INFO\s+Changed logging target to/) or
	71	($ThisLine =~ /INFO\s+Creating new jail/) or
69	72	($ThisLine =~ /..,... \S+\s*: INFO\s+(Set \|Socket\|Exiting\|Gamin\|Created\|Added\|Using)/) or # syntax of 0.7.? fail2ban
70	73	($ThisLine =~ /..,... WARNING: Verbose level is /) or
71	74	($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
72		)
	75	)
73	76	{
74	77	if ( $Debug >= 6 ) {
75	78	print STDERR "DEBUG($DebugCounter): line ignored\n";

169	172	exit(0);
170	173
171	174	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	175	# Local Variables:
	176	# mode: perl
	177	# perl-indent-level: 3
	178	# indent-tabs-mode: nil
	179	# End:

+115

-0

scripts/services/fetchmail less more

	0	##########################################################################
	1	# $Id: fetchmail $
	2	##########################################################################
	3
	4	########################################################
	5	# This was written and is maintained by:
	6	# Oron Peled <oron \@\ actcom.net.il>
	7	#
	8	########################################################
	9
	10	########################################################
	11	## Copyright (c) 2010 Oron Peled
	12	## Covered under the included MIT/X-Consortium License:
	13	## http://www.opensource.org/licenses/mit-license.php
	14	## All modifications and contributions by other persons to
	15	## this script are assumed to have been donated to the
	16	## Logwatch project and thus assume the above copyright
	17	## and licensing terms. If you want to make contributions
	18	## under your own copyright or a different license this
	19	## must be explicitly stated in the contribution an the
	20	## Logwatch project reserves the right to not accept such
	21	## contributions. If you have made significant
	22	## contributions to this script and want to claim
	23	## copyright please contact logwatch-devel@lists.sourceforge.net.
	24	#########################################################
	25
	26
	27	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	28
	29	my %no_mail;
	30	my %messages_for;
	31	my %auth_fail;
	32	my %conn_fail;
	33
	34	#Inits
	35
	36	while (defined($ThisLine = <STDIN>)) {
	37	chomp($ThisLine);
	38	$ThisLine =~ s/^[a-zA-Z0-9]+: //;
	39	if($ThisLine =~ s/^No mail for (\S+) at (\S+)//) {
	40	$no_mail{"${1} at ${2}"}++;
	41	} elsif($ThisLine =~ /^reading message /) {
	42	# ignore
	43	} elsif($ThisLine =~ s/^Query status=[23]//) {
	44	# ignore. Counted below (Authorization, Connection)
	45	} elsif($ThisLine =~ s/^Authorization failure on (\S+)//) {
	46	$auth_fail{"${1}"}++;
	47	} elsif($ThisLine =~ s/^\S+ connection to \S+ failed: .*//) {
	48	# ignore. Counted below
	49	} elsif($ThisLine =~ s/^connection to (\S+) \[[^]]+\] failed: (.*).//) {
	50	$conn_fail{"${1} -- ${2}"}++;
	51	} elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) {
	52	$messages_for{"${2} at ${3}"} += $1;
	53	} else {
	54	chomp($ThisLine);
	55	# Report any unmatched entries...
	56	$OtherList{$ThisLine}++;
	57	}
	58	}
	59
	60	if (keys %messages_for) {
	61	my $total;
	62	print "\nMessages\n";
	63	foreach my $who (sort keys %messages_for) {
	64	print " $who: $messages_for{$who}\n";
	65	$total += $messages_for{$who};
	66	}
	67	print " Total: $total\n";
	68	}
	69
	70	if (keys %conn_fail) {
	71	my $total;
	72	print "\nConnection failures\n";
	73	foreach my $who (sort keys %conn_fail) {
	74	print " $who: $conn_fail{$who} Time(s)\n";
	75	$total += $conn_fail{$who};
	76	}
	77	print " Total: $total\n";
	78	}
	79
	80	if (keys %auth_fail) {
	81	my $total;
	82	print "\nAuthorization failures\n";
	83	foreach my $who (sort keys %auth_fail) {
	84	print " $who: $auth_fail{$who} Time(s)\n";
	85	$total += $auth_fail{$who};
	86	}
	87	print " Total: $total\n";
	88	}
	89
	90	if (keys %no_mail) {
	91	my $total;
	92	print "\nNo Mail\n";
	93	foreach my $who (sort keys %no_mail) {
	94	print " $who: $no_mail{$who} Time(s)\n";
	95	$total += $no_mail{$who};
	96	}
	97	print " Total: $total\n";
	98	}
	99
	100	if (keys %OtherList) {
	101	print "\nUnmatched Entries\n";
	102	foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
	103	print " $line: $OtherList{$line} Time(s)\n";
	104	}
	105	}
	106
	107	exit(0);
	108
	109	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	110	# Local Variables:
	111	# mode: perl
	112	# perl-indent-level: 3
	113	# indent-tabs-mode: nil
	114	# End:

+6

-2

scripts/services/ftpd-messages less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

178	178	exit(0);
179	179
180	180	# vi: shiftwidth=3 tabstop=3 syntax=perl et
181
	181	# Local Variables:
	182	# mode: perl
	183	# perl-indent-level: 3
	184	# indent-tabs-mode: nil
	185	# End:

+10

-6

scripts/services/ftpd-xferlog less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use File::Basename qw(dirname);

47	47
48	48	while (defined($ThisLine = <STDIN>)) {
49	49	# Remove transfer time if it is there
50		if ( ($RemoteHost,$Size,$FileName,$Direction,$AccessMode,$UserName) =
	50	if ( ($RemoteHost,$Size,$FileName,$Direction,$AccessMode,$UserName) =
51	51	( $ThisLine =~ /^([^ ]+) (\d+) (.) . . (.) (.) (.) ftp . .*$/ ) ) {
52	52	if ($Detail < 15) {
53	53	$FileName = dirname($FileName);

59	59	$TotalBytesOut += $Size;
60	60	if ($Detail >= 15) {
61	61	$Temp = ' ' . $FileName . ' -> ' . $RemoteHost . ' (Email: ' . $UserName . ")\n";
62		}
	62	}
63	63	else {
64	64	$Temp = ' ' . $FileName . ' -> ' . $RemoteHost . "\n";
65	65	}

73	73	$TotalBytesIn += $Size;
74	74	if ($Detail >= 15) {
75	75	$Temp = ' ' . $RemoteHost . ' -> ' . $FileName . ' (User: ' . $UserName . ")\n";
76		}
	76	}
77	77	else {
78	78	$Temp = ' ' . $RemoteHost . ' -> ' . $FileName . "\n";
79	79	}

145	145	foreach (sort keys %FilesOut) {
146	146	print " $_: $FilesOut{$_} Time(s)\n";
147	147	}
148		}
	148	}
149	149
150	150	if ( (@GuestIn) and ($Detail >= 10) and ($FTPDetail > 0)) {
151	151	print "\nIncoming Guest FTP Transfers:\n";

185	185	exit(0);
186	186
187	187	# vi: shiftwidth=3 tabstop=3 syntax=perl et
188
	188	# Local Variables:
	189	# mode: perl
	190	# perl-indent-level: 3
	191	# indent-tabs-mode: nil
	192	# End:

+29

-25

scripts/services/http less more

116	116	# Logwatch project reserves the right to not accept such
117	117	# contributions. If you have made significant
118	118	# contributions to this script and want to claim
119		# copyright please contact logwatch-devel@logwatch.org.
	119	# copyright please contact logwatch-devel@lists.sourceforge.net.
120	120	########################################################
121	121
122	122	#use diagnostics;

140	140	if (defined $ENV{'logformat'}) {
141	141	$logformat = $ENV{'logformat'};
142	142	}
143
	143
144	144	my @log_fields = ();
145	145	my @log_format = ();
146	146	if ((defined $ENV{'http_fields'}) and (defined $ENV{'http_format'})) {

220	220	$content_types = $content_types.'\|\.html\.[a-z]{2,3}(_[A-Z]{2,3})?';
221	221	$content_types = $content_types.'\|\.inc\|\.php\|\.php3\|\.asmx\|\.asp\|\.pl\|\.wml';
222	222	$content_types = $content_types.'\|^\/mailman\/.*';
223		$content_types = $content_types.'\|\/sqwebmail.*';
	223	$content_types = $content_types.'\|\/sqwebmail.*';
224	224	$content_types = $content_types.'\|^\/announce\|^\/scrape'; # BitTorrent tracker mod_bt
225	225	$content_types = $content_types.'\|\.torrent';
226	226	$content_types = $content_types.'\|\.css\|\.js\|\.cgi';

407	407	} elsif ($logformat =~ /\G%{User-Agent}i/gci) {
408	408	$parse_string[$parse_index] .= "(.*)";
409	409	$parse_field[$parse_index][$parse_subindex++] = "agent";
410		} elsif ($logformat =~ /\G%({.*?})./gc) {
	410	} elsif ($logformat =~ /\G%({.*?})?./gc) {
411	411	$parse_string[$parse_index] .= "(.*?)";
412	412	$parse_field[$parse_index][$parse_subindex++] = "not_used";
413	413	} elsif ($logformat =~ /\G\\|/gc) {

438	438
439	439	while (my $line = <STDIN>) {
440	440	chomp($line);
441
	441
442	442	################## print "Line = $line \n";
443
	443
444	444	#
445	445	# parse the line per the input spec
446	446	#

451	451	last;
452	452	}
453	453	}
454
	454
455	455	if (not @parsed_line) {
456	456	$notparsed_count++;
457	457	if ($notparsed_count <= 10) {

459	459	}
460	460	next;
461	461	}
462
	462
463	463	# hash the results so we can identify the fields
464		#
	464	#
465	465	for my $i (0..$#log_fields) {
466	466	# print "$i $log_fields[$i] $parsed_line[$i] \n";
467	467	$field{$log_fields[$i]} = $parsed_line[$i];

469	469
470	470	##
471	471	## Do the default stuff
472		##
	472	##
473	473
474	474	#
475	475	# Break up the request into method, url and protocol

480	480	$field{url}='null';
481	481	}
482	482	$field{lc_url} = lc $field{url};
483
	483
484	484	#
485	485	# Bytes sent Summary
486	486	# Apache uses "-" to represent 0 bytes transferred
487	487	#
488
	488
489	489	if ($field{bytes_transfered} eq "-") {$field{bytes_transfered} = 0};
490	490	$byte_summary += $field{bytes_transfered};
491	491
492	492	#
493	493	# loop to check for typical exploit attempts
494	494	#
495
	495
496	496	if (!$ignore_error_hacks) {
497	497	for (my $i = 0; $i < @exploits; $i++) {
498	498	# print "$i $exploits[$i] $field{lc_url} \n";

506	506	}
507	507	}
508	508	}
509
	509
510	510	#
511	511	# Count types and bytes
512	512	#
513		# this is only printed if detail > 4 but it also looks
	513	# this is only printed if detail > 4 but it also looks
514	514	# for 'strange' stuff so it needs to run always
515	515	#
516	516
517	517	($field{base_url},$field{url_parms}) = split(/\?/,$field{"lc_url"});
518
	518
519	519	if ($field{base_url} =~ /$image_types$/oi) {
520	520	$image_count += 1;
521	521	$image_bytes += $field{bytes_transfered};

579	579	if (length($field{url}) > 60) {
580	580	$fmt_url = substr($field{url},0,42) . " ... " .
581	581	substr($field{url},-15,15);
582		}
	582	}
583	583	$needs_exam{$field{http_rc}}{$fmt_url}++;
584	584	}
585	585	if (defined $field{userid} && $field{userid} ne "-" &&

591	591
592	592	##
593	593	## Do the > 4 stuff
594		##
	594	##
595	595	#
596	596	# Response Summary
597	597	#
598
	598
599	599	if ($field{http_rc} > 499 ) {
600	600	$a5xx_resp += 1;
601	601	} elsif ($field{http_rc} > 399 ) {

611	611	#
612	612	# Count the robots who actually ask for the robots.txt file
613	613	#
614
	614
615	615	if ($field{lc_url} =~ /^\/robots.txt$/) {
616	616	if (defined $field{agent}) {
617	617	$robots{$field{agent}} +=1;
618	618	}
619	619	}
620
	620
621	621	} ## End of while loop
622	622
623	623	#############################################
624		## output the results
	624	## output the results
625	625	##
626	626
627	627	if ($detail >4) {

673	673	} else {
674	674	print "\n";
675	675	}
676		}
	676	}
677	677	}
678	678
679	679	if (keys %proxy_host) {

734	734	print " $code $StatusCode{$code} SUMMARY - $u URLs, total: $t Time(s)\n";
735	735	} else {
736	736	print " $code $StatusCode{$code}\n";
737		for my $url (sort keys %{$needs_exam{$code}}) {
	737	for my $url (sort { ($needs_exam{$code}{$b} <=> $needs_exam{$code}{$a}) or ($a cmp $b) } keys %{$needs_exam{$code}}) {
738	738	print " $url: $needs_exam{$code}{$url} Time(s)\n";
739	739	}
740	740	}

791	791	exit (0);
792	792
793	793	# vi: shiftwidth=3 tabstop=3 syntax=perl et
794
	794	# Local Variables:
	795	# mode: perl
	796	# perl-indent-level: 3
	797	# indent-tabs-mode: nil
	798	# End:

+145

-0

scripts/services/http-error less more

	0	#!/usr/bin/perl -w
	1	#
	2	# $Id$
	3	#
	4	# Logwatch service for http error logs
	5	# To be placed in
	6	# /etc/logwatch/scripts/http-error
	7	#
	8	# Processes all messages and summarizes them
	9	# Each message is given with a timestamp and RMS
	10	#
	11	########################################################
	12	##(C) 2006 by Jeremias Reith <jr@terragate.net>
	13	## Modified 2009 by Michael Baierl
	14	## Covered under the included MIT/X-Consortium License:
	15	## http://www.opensource.org/licenses/mit-license.php
	16	## All modifications and contributions by other persons to
	17	## this script are assumed to have been donated to the
	18	## Logwatch project and thus assume the above copyright
	19	## and licensing terms. If you want to make contributions
	20	## under your own copyright or a different license this
	21	## must be explicitly stated in the contribution an the
	22	## Logwatch project reserves the right to not accept such
	23	## contributions. If you have made significant
	24	## contributions to this script and want to claim
	25	## copyright please contact logwatch-devel@lists.sourceforge.net.
	26	#########################################################
	27
	28	use strict;
	29	use Logwatch ':dates';
	30	use Time::Local;
	31	use POSIX qw(strftime);
	32
	33	my $date_format = '... %b %d %H:%M:%S %Y';
	34	my $filter = TimeFilter($date_format);
	35	my $detail = exists $ENV{'LOGWATCH_DETAIL_LEVEL'} ? $ENV{'LOGWATCH_DETAIL_LEVEL'} : 0;
	36
	37	# we do not use any Date:: package (or strptime) as they are probably not available
	38	my %month2num = ( Jan => 0, Feb => 1, Mar => 2, Apr => 3,
	39	May => 4, Jun => 5, Jul => 6, Aug => 7,
	40	Sep => 8, Oct => 9, Nov => 10, Dec => 11 );
	41
	42	# array of message categories (we do not use a hash to keep the order)
	43	# first element: catorory name
	44	# second element: matching regexp ($1 should contain the message)
	45	# third element: anonymous hash ref (stores message counts)
	46	my @message_categories = (['Errors', qr/\[error\] (.*)$/o, {}],
	47	['Warnings', qr/\[warn\] (.*)$/o, {}],
	48	['Notices', qr/\[info\] (.*)$/o, {}]);
	49
	50	# skipping categories depending on detail level
	51	pop(@message_categories) if $detail < 10;
	52	pop(@message_categories) if $detail < 5;
	53
	54	# counting messages
	55	while(<>) {
	56	my $line = $_;
	57	# skipping messages that are not within the requested range
	58	next unless $line =~ /^\[($filter)\]/o;
	59	# skip PHP messages (have a separate script)
	60	next if $line =~ / PHP (Warning\|Fatal error\|Notice):/o;
	61	$1 =~ /(\w+) (\w+) (\d+) (\d+):(\d+):(\d+) (\d+)/;
	62	my $time;
	63
	64	{
	65	# timelocal is quite chatty
	66	local $SIG{'__WARN__'} = sub {};
	67	$time = timelocal($6, $5, $4, $3, $month2num{$2}, $7-1900);
	68	}
	69
	70	foreach my $cur_cat (@message_categories) {
	71	if($line =~ /$cur_cat->[1]/) {
	72	my $msgs = $cur_cat->[2];
	73	$msgs->{$1} = {count => '0',
	74	first_occurrence => $time,
	75	sum => 0,
	76	sqrsum => 0} unless exists $msgs->{$1};
	77	$msgs->{$1}->{'count'}++;
	78	# summing up timestamps and squares of timestamps
	79	# in order to calculate the rms
	80	# using first occurrence of message as offset in calculation to
	81	# prevent an integer overflow
	82	$msgs->{$1}->{'sum'} += $time - $msgs->{$1}->{'first_occurrence'};
	83	$msgs->{$1}->{'sqrsum'} += ($time - $msgs->{$1}->{'first_occurrence'}) ** 2;
	84	last;
	85	}
	86	}
	87	}
	88
	89
	90	# generating summary
	91	foreach my $cur_cat (@message_categories) {
	92	# skipping non-requested message types
	93	next unless keys %{$cur_cat->[2]};
	94	my ($name, undef, $msgs) = @{$cur_cat};
	95	print $name, ":\n";
	96	my $last_count = 0;
	97
	98	# sorting messages by count
	99	my @sorted_msgs = sort { $msgs->{$b}->{'count'} <=> $msgs->{$a}->{'count'} } keys %{$msgs};
	100
	101	foreach my $msg (@sorted_msgs) {
	102	# grouping messages by number of occurrence
	103	print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count == $msgs->{$msg}->{'count'};
	104	my $rms = 0;
	105
	106
	107	# printing timestamp
	108	print '[';
	109
	110	if($msgs->{$msg}->{'count'} > 1) {
	111	# calculating rms
	112	$rms = int(sqrt(
	113	($msgs->{$msg}->{'count'} *
	114	$msgs->{$msg}->{'sqrsum'} -
	115	$msgs->{$msg}->{'sum'}) /
	116	($msgs->{$msg}->{'count'} *
	117	($msgs->{$msg}->{'count'} - 1))));
	118
	119	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}+int($rms/2)));
	120
	121	print ' +/-';
	122
	123	# printing rms
	124	if($rms > 86400) {
	125	print int($rms/86400) , ' day(s)';
	126	} elsif($rms > 3600) {
	127	print int($rms/3600) , ' hour(s)';
	128	} elsif($rms > 60) {
	129	print int($rms/60) , ' minute(s)';
	130	} else {
	131	print $rms, ' seconds';
	132	}
	133	} else {
	134	# we have got this message a single time
	135	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}));
	136	}
	137
	138	print '] ', $msg, "\n";
	139	$last_count = $msgs->{$msg}->{'count'};
	140	}
	141
	142	print "\n";
	143	}
	144

+9

-5

scripts/services/identd less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	$Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;

110	110	}
111	111	elsif ($ThisLine =~ /^Successful lookup: [1234567890]+ , [1234567890]+ : [^ ]+/ ) {
112	112	# skip empty entry ...
113		}
	113	}
114	114	else {
115	115	# Report any unmatched entries...
116	116	if ( $Debug >= 5 ) {

128	128	print "Identd Lookups:\n";
129	129	foreach $ThisOne (keys %Identd) {
130	130	print " Host: " . ${Identd{$ThisOne}}[0] . " (" . $ThisOne . ") - " . ${Identd{$ThisOne}}[1] . " Connection(s).\n";
131
	131
132	132	}
133		}
	133	}
134	134
135	135	if (($#EmptyRequests >= 0) and ($Detail >= 5)) {
136	136	print "\nEmpty requests:\n";

156	156	exit(0);
157	157
158	158	# vi: shiftwidth=3 tabstop=3 syntax=perl et
159
	159	# Local Variables:
	160	# mode: perl
	161	# perl-indent-level: 3
	162	# indent-tabs-mode: nil
	163	# End:

+21

-9

scripts/services/imapd less more

19	19	## Logwatch project reserves the right to not accept such
20	20	## contributions. If you have made significant
21	21	## contributions to this script and want to claim
22		## copyright please contact logwatch-devel@logwatch.org.
	22	## copyright please contact logwatch-devel@lists.sourceforge.net.
23	23	#########################################################
24	24
25	25	my $Debug = $ENV{'LOGWATCH_DEBUG'};

36	36	($ThisLine =~ /^couriertls: read: Connection reset by peer/ ) or
37	37	# timeouts are reported in some other scripts - maybe it should be here too?
38	38	($ThisLine =~ /^couriertls: read: Connection timed out/ ) or
39		($ThisLine =~ /^LOGOUT, ip=\[(.*)\], rcvd=\d+, sent=\d+$/)
	39	($ThisLine =~ /^LOGOUT, ip=\[.*\], rcvd=\d+, sent=\d+$/) or
	40	($ThisLine =~ /^Disconnected, ip=\[.*\]/) or
	41	# uw-imapd
	42	($ThisLine =~ /^Moved \d+ bytes of new mail to.*$/) or
	43	($ThisLine =~ /^Unexpected client disconnect, while reading line.*$/)
40	44	) {
41	45	# Don't care about these...
42	46	} elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.?) host=(.\[.*\])$/ ) ) {

65	69	} elsif ( ($User, $Host) = ( $ThisLine =~ /^Logout user=(.?) host=(.\[.*\])$/) ) {
66	70	$Logout{$User}{$Host}++;
67	71	$Logout2{$User}++;
	72	# More generic pattern for uw-imapd
	73	} elsif ( ($User, $Host) = ( $ThisLine =~ /^Logout user=(.?) host=(.)$/) ) {
	74	$Logout{$User}{$Host}++;
	75	$Logout2{$User}++;
68	76	} elsif ( ($dummy, $User, $Host, $DownloadSize1, $DownloadSize2) = ( $ThisLine =~ /^(LOGOUT\|TIMEOUT\|DISCONNECTED), user=(.*?), ip=\[([^ ,]+)\](?:, port=\[\d+\])?, headers=(\d+), body=(\d+)/o ) ) {
69	77	$Logout{$User}{$Host}++;
70	78	$Logout2{$User}++;

82	90	$Logout{$User}{$Host}++;
83	91	$Logout2{$User}++;
84	92	$KilledSession{$User}{$Reason}++;
85		} elsif (
	93	} elsif (
86	94	(($User,$Host) = ( $ThisLine =~ /^Broken pipe, while reading line user=(.) host=(.\[.*\])$/ )) or
87	95	(($User,$Host) = ( $ThisLine =~ /^Command stream end of file, while reading line user=(.) host=(.\[.*\])$/ )) or
88	96	(($User,$Host) = ( $ThisLine =~ /^Connection (?:reset by peer\|timed out), while reading line user=(.) host=(.\[.*\])$/ )) or

95	103	} else {
96	104	# Report any unmatched entries...
97	105	# remove PID from named messages
98
	106
99	107	$ThisLine =~ s/^(client [.0-9]+)\S+/$1/;
100	108	chomp($ThisLine);
101	109	$OtherList{$ThisLine}++;

111	119	"\n=========================".
112	120	"\n Host (user) \| # ".
113	121	"\n------------------------------------------------------------- \| -----------";
114
	122
115	123	$ConnCount = 0;
116	124	foreach $Host (sort keys %LoginFailed) {
117	125	$Conns = $LoginFailed{$Host};

133	141	"\n=========================".
134	142	"\n Host \| Connections \| SSL \| Total ".
135	143	"\n-------------------------------------- \| ----------- \| -------- \| ---------";
136
	144
137	145	$ConnCount = 0;
138	146	$SSLConn = 0;
139	147	$TotalConn = 0;

181	189	"\n====================".
182	190	"\n User \| Logouts \| Downloaded \| Mbox Size".
183	191	"\n--------------------------------------- \| ------- \| ---------- \| ----------";
184
	192
185	193	$ConnCount = 0;
186	194	$SizeAll = 0;
187	195	$DownAll = 0;

199	207	#$Size = $MboxSize{$User};
200	208	$Size = 0; #Hack
201	209	$SizeSpaceLength = 11 - length($Size);
202		print "\n" ." " x $UserSpaceLength . $User . " \|" . " " x $CountSpaceLength . $Conns . " \|" .
	210	print "\n" ." " x $UserSpaceLength . $User . " \|" . " " x $CountSpaceLength . $Conns . " \|" .
203	211	" " x $DownSpaceLength . $Down . " \|" . " " x $SizeSpaceLength . $Size;
204	212	$ConnCount += $Conns;
205	213	$SizeAll += $Size;

273	281
274	282
275	283	# vi: shiftwidth=3 tabstop=3 syntax=perl et
276
	284	# Local Variables:
	285	# mode: perl
	286	# perl-indent-level: 3
	287	# indent-tabs-mode: nil
	288	# End:

+8

-4

scripts/services/in.qpopper less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

43	43	# We don't care about these
44	44	}
45	45	## Stats: <UserID> 0 0 0 0 <Host> <IP>
46		elsif (($UserID, $NumDeleted, $BytesDeleted, $NumLeft, $BytesLeft) = ( $ThisLine =~ /Stats: ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)/ )) {
	46	elsif (($UserID, $NumDeleted, $BytesDeleted, $NumLeft, $BytesLeft) = ( $ThisLine =~ /Stats: ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)/ )) {
47	47	$Stats{$UserID}{"Times"}++;
48	48	$Stats{$UserID}{"NumDel"} += $NumDeleted;
49	49	$Stats{$UserID}{"BytesDel"} += $BytesDeleted;

109	109
110	110	if (keys %OtherList) {
111	111	print "\nUnmatched Entries\n";
112		foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList)
	112	foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList)
113	113	{
114	114	print " $line: $OtherList{$line} Time(s)\n";
115	115	}

118	118	exit(0);
119	119
120	120	# vi: shiftwidth=3 tabstop=3 syntax=perl et
121
	121	# Local Variables:
	122	# mode: perl
	123	# perl-indent-level: 3
	124	# indent-tabs-mode: nil
	125	# End:

+19

-11

scripts/services/init less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

24	24	if (( $ThisLine =~ /open$.*$: No such file or directory/) or
25	25	( $ThisLine =~ /Id "r" respawning too fast: disabled for 5 minutes/) or
26	26	( $ThisLine =~ /Re-reading inittab/) or
27		( $ThisLine =~ /.* main process ended, respawning/)) {
28		# We don't care about these
	27	( $ThisLine =~ /.* main process ended, respawning/) or
	28	( $ThisLine =~ /Disconnected from system bus/)) {
	29	# We don't care about these
29	30	}
30	31	elsif ( $ThisLine =~ s/Switching to runlevel: (.)\s*$/$1/ ) {
31	32	# Which runlevel did we change to?

42	43	chomp ($ThisLine);
43	44	$ReExecInit++;
44	45	}
45		elsif ( $ThisLine =~ /(\w+) main process $\d+$ killed by TERM signal/ ) {
46		$Killed{$1}++;
	46	elsif ( ($Name,$Cause) = ($ThisLine =~ /(.) main process $[0-9]$ killed by (.*)/)) {
	47	$ProcessKilled{"$Name,$Cause"}++;
47	48	}
48	49	elsif ( ($Name, $Status) = ($ThisLine =~ /(.) main process $[0-9]$ terminated with status ([0-9]*)/)) {
49		$ProcessTerminated{"$Name,Status"}++;
	50	$ProcessTerminated{"$Name,Status"}++;
50	51	}
51	52	elsif ( $ThisLine =~ /Re-executing \/sbin\/init/) {
52	53	$ReExecSbinInit++;

62	63	print " Entered or switched to runlevel " . $Level . ": " . $RunLevel{$Level} . " Time(s)\n";
63	64	}
64	65	}
	66
65	67	if ($ReExecInit and $Detail) {
66	68	print "\n\nRe-execs of init: $ReExecInit times\n";
67	69	}
68	70
69		if ($ReExecSbinInit) {
	71	if ($ReExecSbinInit and $Detail) {
70	72	print "\n\nRe-executing \/sbin\/init/: $ReExecSbinInit times\n";
71	73	}
72	74
73		if ((keys %Killed) and ($Detail >= 10)) {
74		foreach $Process (sort keys %Killed) {
75		print " " . $Process . " main process killed by TERM signal : " . $Killed{$Process} . " Time(s)\n";
	75	if ((keys %ProcessKilled) and ($Detail >=10)) {
	76	print "\nKilled processses:\n";
	77	foreach (keys %ProcessKilled) {
	78	my ($Name,$Cause)=split ",";
	79	print " Process " . $Name. " killed by " . $Cause . ": " . $ProcessKilled{"$Name,$Cause"} . " Time(s)\n";
76	80	}
77	81	}
78	82

92	96	exit(0);
93	97
94	98	# vi: shiftwidth=3 tabstop=3 syntax=perl et
95
	99	# Local Variables:
	100	# mode: perl
	101	# perl-indent-level: 3
	102	# indent-tabs-mode: nil
	103	# End:

+9

-5

scripts/services/ipop3d less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

65	65	$ThisLine =~/^Login excessive login failures user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
66	66	$Conn_loginfail{$1}{$2}++;
67	67	next;
68		}
	68	}
69	69
70	70	if ( $ThisLine =~/service init from (\d+.\d+.\d+.\d+)$/ ) {
71	71	$Connections{$1}++;

75	75	if ( $ThisLine =~/^(Login\|Auth\|APOP\|Update) user=(\S+) host=[^\[]*\[(\d+.\d+.\d+.\d+)\]/ ) {
76	76	$Conn_loginok{$2}{$3}++;
77	77	next;
78		}
	78	}
79	79
80	80	if ( $ThisLine =~/^AUTHENTICATE (\S+) failure host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
81	81	$Conn_loginfail{$1}{$2}++;
82	82	next;
83		}
	83	}
84	84
85	85	# Report any unmatched entries...
86	86	$OtherList{$ThisLine}++;

123	123	exit(0);
124	124
125	125	# vi: shiftwidth=3 tabstop=3 syntax=perl et
126
	126	# Local Variables:
	127	# mode: perl
	128	# perl-indent-level: 3
	129	# indent-tabs-mode: nil
	130	# End:

+49

-45

scripts/services/iptables less more

54	54	## Logwatch project reserves the right to not accept such
55	55	## contributions. If you have made significant
56	56	## contributions to this script and want to claim
57		## copyright please contact logwatch-devel@logwatch.org.
	57	## copyright please contact logwatch-devel@lists.sourceforge.net.
58	58	#########################################################
59	59
60	60	use Logwatch ':ip';

62	62	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
63	63	$MinFilter = $ENV{'iptables_host_min_count'} \|\| 0;
64	64	$DoLookup = $ENV{'iptables_ip_lookup'}; $DoLookup = $DoLookup; # keep -w happy
65		$ListByHost = $ENV{'iptables_list_by_host'} \|\| 0;
	65	$ListByHost = $ENV{'iptables_list_by_host'} \|\| 0;
66	66	$ListByService = $ENV{'iptables_list_by_service'} \|\| 0;
67	67	# Keep old behaviour if nothing is configured
68	68	$ListByHost = 1 unless ($ListByService);

113	113
114	114	# SORT COMPARISONS
115	115	sub compStr {
116		return $a cmp $b;
	116	return $a cmp $b;
117	117	}
118	118
119	119	sub compNum {

129	129	# doesn't work. Therefore, we extract it here:
130	130	$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) (kernel: )?(\[\d+\.\d+\] )?//;
131	131
132		# IPCHAINS
	132	# IPCHAINS
133	133	if( ($TU,$from,$port,$on) = ( $ThisLine =~ /IP fw-in deny \w+ (\w+) ([^:]+):\d+ ([^:]+):(\d+) / ) ){
134	134	if($MaxNum < ++$TCPscan{$TU}{$from}) {
135	135	$MaxNum = $TCPscan{$TU}{$from}
136	136	}
137	137	$port=0;
138	138	} elsif ( ($chain,$action,$if,$proto,$fromip,$toip,$toport) = ( $ThisLine =~ /^Packet log: ([^ ]+) (\w+) (\w+) PROTO=(\d+) ([\d\|\.]+):\d+ ([\d\|\.]+):(\d+)/ ) ) {
139		$actionType = lookupAction($action);
140		$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$chain,$if"}++;
141		$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$chain,$if"}++;
	139	$actionType = lookupAction($action);
	140	$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$chain,$if"}++;
	141	$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$chain,$if"}++;
142	142	}
143	143	# IPTABLES
144		elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine =~ /^(.?)\sIN=(\w).?OUT=(\w).?SRC=([\w\.:]+).?DST=([\w\.:]+).?PROTO=(\w+)(.*)/ )) {
	144	elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine =~ /^(.?)\sIN=([\w\.]).?OUT=([\w\.]).?SRC=([\w\.:]+).?DST=([\w\.:]+).?PROTO=(\w+)(.*)/ )) {
145	145
146	146	# get a destination port number (or icmp type) if there is one
147	147	if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) {

153	153	# get the action type
154	154	$actionType = lookupAction($chain);
155	155
156		# determine the dominant interface
	156	# determine the dominant interface
157	157	if ($ifin =~ /\w+/ && $ifout =~ /\w+/) {
158	158	$interface = $ifin;
159	159	} elsif ($ifin =~ /\w+/) {
160	160	$interface = $ifin;
161		$ifout = "none";
	161	$ifout = "none";
162	162	} else {
163	163	$interface = $ifout;
164	164	$ifin = "none";

171	171	}
172	172
173	173	# add the packet
174		# $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{"$chain,$ifin,$ifout"}++;
175		$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{$chain_info}++;
176		$ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}{$toip}{$chain_info}++;
177		}
	174	# $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{"$chain,$ifin,$ifout"}++;
	175	$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{$chain_info}++;
	176	$ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}{$toip}{$chain_info}++;
	177	}
178	178	# IPF
179	179	elsif (($repcnt,$if,$chain,$fromip,$fromport,$toip,$toport,$proto,$rest,$inout) = ($ThisLine =~ /^.\d{2,2}:\d{2,2}:\d{2,2}\.\d{6,6}\s(?:(\d{1,})x)\s(\w)\s@[-]\d{1,}:[-]\d{1,}\s(\w)\s([\w\.:]+\w),(\d)\s->\s([\w\.:]+\w),(\d)\sPR\s(\w)\s(.((IN\|OUT)).*)/)) {
180	180	if ($chain eq 'b') {

186	186	$repcnt = 1;
187	187	}
188	188	while ($repcnt >= 1) {
189		$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$actionType,$if"}++;
190		$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$actionType,$if"}++;
	189	$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$actionType,$if"}++;
	190	$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$actionType,$if"}++;
191	191	$repcnt = $repcnt - 1;
192	192	}
193	193	}

202	202	$TCPscan{$ThisOne}{$Next}>$MaxFlood &&
203	203	print " " . LookupIP($Next). ": $TCPscan{$ThisOne}{$Next} Time(s)\n";
204	204	}
205		}
	205	}
206	206	}
207	207
208	208

224	224	$protocol = lookupProtocol($proto);
225	225	} else {
226	226	$protocol = lc($proto);
227		}
	227	}
228	228
229	229	# determine the name of the service
230	230	my $service = lookupService($toport,$protocol);
231
	231
232	232	foreach my $fromip (sort SortIP keys %{$ipt2{$actionType}{$interface}{$toport}{$proto}}) {
233	233	my $fromHostCount = 0;
234	234	my $from = LookupIP($fromip);

246	246	}
247	247	$fromHostCount += $toHostCount;
248	248	}
249		if ( $Detail > 9 ) {
	249	if ( $Detail > 9 ) {
250	250	chop $outputDetails;
251	251	chop $outputDetails;
252		push @{$hostList{"$fromHostCount"}}, $from .
	252	push @{$hostList{"$fromHostCount"}}, $from .
253	253	" " . $outputDetails;
254	254	} else {
255	255	push @{$hostList{"$fromHostCount"}}, $from;

257	257	$portCount += $fromHostCount;
258	258	$hostCount++;
259	259	}
260
	260
261	261	$interfaceCount += $portCount;
262	262	if ($Detail > 5 ) {
263	263	$outputMain .= sprintf(" To port %d/%s (%s) - ".
264		"%d packet%s from %d host%s\n",
265		$toport, $protocol,
266		( $service =~ /^\d+$/ ) ? "?" : $service,
267		$portCount, ( $portCount > 1 ) ? "s" : " ",
	264	"%d packet%s from %d host%s\n",
	265	$toport, $protocol,
	266	( $service =~ /^\d+$/ ) ? "?" : $service,
	267	$portCount, ( $portCount > 1 ) ? "s" : " ",
268	268	$hostCount, ( $hostCount > 1 ) ? "s" : " "
269	269	);
270	270	foreach my $hc (sort { $b <=> $a } keys %hostList) {
271	271	foreach my $h (@{$hostList{"$hc"}}) {
272		$outputMain .= sprintf(" %6d packet%s from %s\n",
	272	$outputMain .= sprintf(" %6d packet%s from %s\n",
273	273	$hc, ( $hc > 1 ) ? "s" : " ", $h);
274	274	}
275	275	}

278	278	($topHostCount, undef) = sort { $b <=> $a } keys %hostList;
279	279	my $topHost = ${$hostList{"$topHostCount"}}[0];
280	280	$outputMain .= sprintf( " To port %5d/%s - %5d packet%s ".
281		"from %4d host%s (%d from %s)\n",
282		$toport, $protocol, $portCount,
283		( $portCount > 1 ) ? "s" : " ", $hostCount,
284		( $hostCount > 1 ) ? "s" : " ",
285		$topHostCount, $topHost
286		);
	281	"from %4d host%s (%d from %s)\n",
	282	$toport, $protocol, $portCount,
	283	( $portCount > 1 ) ? "s" : " ", $hostCount,
	284	( $hostCount > 1 ) ? "s" : " ",
	285	$topHostCount, $topHost
	286	);
287	287	} else {
288	288	$outputMain .= sprintf(" To port %5d/%s - %5d packet%s ".
289		"from %4d host%s\n",
290		$toport, $protocol, $portCount,
291		( $portCount > 1 ) ? "s" : " ", $hostCount,
292		( $hostCount > 1 ) ? "s" : " "
293		);
	289	"from %4d host%s\n",
	290	$toport, $protocol, $portCount,
	291	( $portCount > 1 ) ? "s" : " ", $hostCount,
	292	( $hostCount > 1 ) ? "s" : " "
	293	);
294	294	}
295	295	}
296	296	}
297	297	print "Listed by target ports:";
298		print "\n$actionType $interfaceCount " .
299		( ( $interfaceCount > 1 ) ? "packets" : "packet" ) .
300		" on interface $interface\n";
	298	print "\n$actionType $interfaceCount " .
	299	( ( $interfaceCount > 1 ) ? "packets" : "packet" ) .
	300	" on interface $interface\n";
301	301	print $outputMain;
302	302	}
303	303	}

320	320	$to = LookupIP($toip);
321	321	$outputServices = '';
322	322	foreach $toport (sort compNum keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}}) {
323		foreach $proto (sort compStr keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}}) {
	323	foreach $proto (sort compStr keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}}) {
324	324	# determine the protocol
325	325	if ( $proto =~ /^\d+$/ ) {
326	326	$protocol = lookupProtocol($proto);
327	327	} else {
328	328	$protocol = lc($proto);
329		}
	329	}
330	330
331	331	# determine the name of the service
332	332	$service = lookupService($toport,$protocol);

365	365	$outputMain .= $outputSection;
366	366	}
367	367	print "\nListed by source hosts:";
368		print "\n$actionType $interfaceCount " . ( ( $interfaceCount > 1 ) ? "packets" : "packet" ) . " on interface $interface\n";
	368	print "\n$actionType $interfaceCount " . ( ( $interfaceCount > 1 ) ? "packets" : "packet" ) . " on interface $interface\n";
369	369	print $outputMain;
370	370	}
371	371	}

375	375	exit(0);
376	376
377	377	# vi: shiftwidth=3 tabstop=3 syntax=perl et
378
	378	# Local Variables:
	379	# mode: perl
	380	# perl-indent-level: 3
	381	# indent-tabs-mode: nil
	382	# End:

+28

-9

scripts/services/kernel less more

26	26	# Revision 1.29 2005/06/07 18:14:50 bjorn
27	27	# Filtering out audit statements, since we now have an "audit" service.
28	28	##########################################################################
29		# Kernel script for Logwatch
	29	# Kernel script for Logwatch
30	30	#
31	31	# Visit the Logwatch website at
32	32	# http://www.logwatch.org

45	45	## Logwatch project reserves the right to not accept such
46	46	## contributions. If you have made significant
47	47	## contributions to this script and want to claim
48		## copyright please contact logwatch-devel@logwatch.org.
	48	## copyright please contact logwatch-devel@lists.sourceforge.net.
49	49	#########################################################
50	50
51	51	use strict;
52	52	use Logwatch ':ip';
53	53
54	54	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	55	my $Ignore_faults = $ENV{'ignore_faults'};
55	56	my %SYNflood = ();
56	57	my %RAIDErrors = ();
57	58	my %SegFaults = ();

65	66	while (defined(my $ThisLine = <STDIN>)) {
66	67	chomp($ThisLine);
67	68	next if ($ThisLine eq '');
	69	# Remove timestamp if present
	70	$ThisLine =~ s/^\[\s\d+\.\d+\]\s//;
68	71
69	72	if (
70	73	# filter out audit messages - these should be parsed by the audit
71	74	# service
72		($ThisLine =~ /^\s*audit\(/)
	75	($ThisLine =~ /^\s*(type=\d+\s+)?audit\(/)
73	76	# following now in iptables service
74	77	or ($ThisLine =~ /^Packet log: .*PROTO=/)
75	78	or ($ThisLine =~ /IN=.OUT=.SRC=.DST=.PROTO=/)

98	101	$SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/;
99	102	# filter out error_exit in stack traces caused by OOM conditions
100	103	$SkipError = 1 if $ThisLine =~ /\[<[\da-f]+>\] error_exit\+0x/;
	104	# These are informative, not errors
	105	$SkipError = 1 if $ThisLine =~ /PCIe errors handled by OS/;
101	106	$Errors{$errormsg}++ if ( (! $SkipError) \|\| ($Detail > 8));
102	107	}
103		# OTHER
	108	# OTHER
104	109	else {
105	110	# XXX For now, going to ignore all other kernel messages as there
106	111	# XXX are practically an infinite number and most of them are obviously

119	124	foreach my $ThisOne (sort {$a cmp $b} keys %SYNflood) {
120	125	print " " . $ThisOne . " from:\n";
121	126	foreach my $Next (sort {$a cmp $b} keys %{$SYNflood{$ThisOne}}) {
122		print " " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n";
123		}
	127	print " " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n";
	128	}
124	129	}
125	130	}
126	131

132	137	}
133	138
134	139	if (keys %SegFaults) {
135		print "\nWARNING: Segmentation Faults in these executables\n";
	140	my $header_printed=0;
136	141	foreach my $Thisone ( sort {$a cmp $b} keys %SegFaults ) {
	142	if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
	143	if (!$header_printed) {
	144	print "\nWARNING: Segmentation Faults in these executables\n";
	145	$header_printed=1;
	146	}
137	147	print " $Thisone : $SegFaults{$Thisone} Time(s)\n";
138	148	}
139	149	}
140	150
141	151	if (keys %GPFaults) {
142		print "\nWARNING: General Protection Faults in these executables\n";
	152	my $header_printed=0;
143	153	foreach my $Thisone ( sort {$a cmp $b} keys %GPFaults ) {
	154	if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
	155	if (!$header_printed) {
	156	print "\nWARNING: General Protection Faults in these executables\n";
	157	$header_printed=1;
	158	}
144	159	print " $Thisone : $GPFaults{$Thisone} Time(s)\n";
145	160	}
146	161	}

184	199	exit(0);
185	200
186	201	# vi: shiftwidth=3 tabstop=3 syntax=perl et
187
	202	# Local Variables:
	203	# mode: perl
	204	# perl-indent-level: 3
	205	# indent-tabs-mode: nil
	206	# End:

+64

-11

scripts/services/mailscanner less more

0	0	##########################################################################
1		# $Id: mailscanner,v 1.36 2008/12/08 15:34:53 mike Exp $
	1	# $Id: mailscanner,v 1.38 2009/11/16 17:37:22 mike Exp $
2	2	##########################################################################
3	3
4	4	########################################################

28	28	## Logwatch project reserves the right to not accept such
29	29	## contributions. If you have made significant
30	30	## contributions to this script and want to claim
31		## copyright please contact logwatch-devel@logwatch.org.
	31	## copyright please contact logwatch-devel@lists.sourceforge.net.
32	32	#########################################################
33	33
34	34	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
35	35	my $phishing_detail = $ENV{'mailscanner_phishing_detail'} \|\| 0;
36		my $mailscanner_phishingthreshold = $ENV{'$mailscanner_phishingthreshold'} \|\| 1;
	36	my $mailscanner_phishingthreshold = $ENV{'mailscanner_phishingthreshold'} \|\| 0;
37	37
38	38	#Inits
39	39	my $MailScan_bytes = 0;

50	50	my $MailScan_GoodWatermark = 0;
51	51	my $MailScan_BadWatermark = 0;
52	52	my $MailScan_SkipWatermark = 0;
53
	53	my $SpamAssassin_Rule_Actions = 0;
	54	my $MailScan_Deleted_pdb = 0;
	55	my $MailScan_Found_pdb = 0;
	56	my $MailScan_Spam_Virus = 0;
54	57
55	58	while (defined($ThisLine = <STDIN>)) {
56	59	#($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / );

98	101	( $ThisLine =~ m/Content Checks: Found [0-9]+ problems/ ) or
99	102	( $ThisLine =~ m/Read [0-9]+ hostnames from the phishing whitelist/ ) or
100	103	( $ThisLine =~ m/completed at [0-9]+ bytes per second/ ) or
101		( $ThisLine =~ m/Message .+ from .+ to .+ is/ ) or
	104	( $ThisLine =~ m/Message .+ from .+ to .+ is/ ) or
102	105	( $ThisLine =~ m/^[A-F0-9]+\.[A-F0-9]{5} to/ ) or #for postfix Requeue:
103	106	( $ThisLine =~ m/^calling custom .* function/ ) or
104	107	( $ThisLine =~ m/^Initialising database connection/ ) or

123	126	( $ThisLine =~ m/^Initialising IP blocking/ ) or
124	127	( $ThisLine =~ m/^Closing down IP blocking/ ) or
125	128	( $ThisLine =~ m/Whitelist refresh time reached/ ) or
126		( $ThisLine =~ m/Skipping sender of precedence list/ ) or
	129	( $ThisLine =~ m/Skipping sender of precedence list/ ) or
127	130	( $ThisLine =~ m/^Read \d+ IP blocking entries from/ ) or
128	131	#This for Kaspersky I guess it is duplicated by Content checks, remove if not -mgt
129	132	( $ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+SUSPICION/ ) or
	133	# New processing database
	134	( $ThisLine =~ m/Connected to [Pp]rocessing(?:-messages\| Attempts) [Dd]atabase/ ) or
	135	( $ThisLine =~ m/Found 0 messages in the [Pp]rocessing(?:-messages\| Attempts) [Dd]atabase/ ) or
	136	( $ThisLine =~ m/Reading configuration file/ ) or
130	137	( $ThisLine =~ m/^SpamAssassin temporary working directory is/ ) or
131	138	( $ThisLine =~ m/ignored whitelist, had .+ recipients/ )
132	139	) {

144	151	$MailScan_Spam = $MailScan_Spam + $1;
145	152	} elsif ( $ThisLine =~ m/Virus Scanning: Found ([0-9]+) viruses/) {
146	153	$MailScan_Virus = $MailScan_Virus + $1;
	154	} elsif ( $ThisLine =~ m/Found spam-virus (\S+) in/i) {
	155	$MailScan_Spam_Virus++;
	156	$Spam_Virus_Found{$1}++;
147	157	} elsif ( $ThisLine =~ m/infected message .+ came from (.*)/i) {
148	158	$MailScan_VirualHost = $MailScan_VirualHost + 1;
149	159	$Hostlist{$1}++;

156	166	#without the leading : this would match Fprot so error on the side of matching to much -mgt
157	167	$VirusType_BitDefender{$1}++;
158	168	$MailScan_Virus_BitDefender++;
159		} elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) {
	169	} elsif ( ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) or
	170	($ThisLine =~ m/Clamd::INFECTED:: ?(\S+) ::/i) ) {
160	171	$VirusType_ClamAv{$1}++;
161	172	$MailScan_Virus_ClamAv++;
162		} elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: (.+)::/) {
	173	} elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: ?(.+)::/) {
163	174	$VirusType_ClamAVModule{$1}++;
164	175	$MailScan_Virus_ClamAVModule++;
165		} elsif ($ThisLine =~ m/INFECTED:: (.+) (FOUND )?::/) {
	176	} elsif ($ThisLine =~ m/INFECTED:: ?(.+) (FOUND )?::/) {
166	177	$VirusType_Clamd{$1}++;
167	178	$MailScan_Virus_Clamd++;
168	179	} elsif ($ThisLine =~ m/\/.+ Infection: (.+)/i) {

191	202	} elsif ($ThisLine =~ m/>>> Virus \'(.+)\' found/) {
192	203	$VirusType_Sophos{$1}++;
193	204	$MailScan_Virus_Sophos++;
194		} elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: (.+)::/) {
	205	} elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: ?(.+)::/) {
195	206	$VirusType_SophosSavi{$1}++;
196	207	$MailScan_Virus_SophosSavi++;
197	208	} elsif ($ThisLine =~ m/Commercial scanner (.+) timed out!/){

320	331	} elsif ( ($ThisLine =~ m/Message .+ had bad watermark/) \|\|
321	332	($ThisLine =~ m/Message .+ from .+ has no $or invalid$ watermark or sender address/) ) {
322	333	$MailScan_BadWatermark++;
	334	} elsif ($ThisLine =~ m/SpamAssassin Rule Actions: rule ([^ ]) caused action ([^ ]) .in message ([0-9a-f.])/i) {
	335	$SpamAssassin_Rule_Actions++;
	336	$SpamAssassin_Rule{$1}++;
	337	$SpamAssassin_Action{$2}++;
	338	$SpamAssassin_Message{$3}++;
	339	} elsif ($ThisLine =~ m/Deleted (\d+) messages from processing-database/) { $MailScan_Deleted_pdb += $1;
	340	} elsif ($ThisLine =~ m/Found (\d+) messages in the [Pp]rocessing(?:-messages\| Attempts) [Dd]atabase/) {
	341	$MailScan_Found_pdb += $1;
323	342	} else {
324	343	chomp($ThisLine);
325	344	# Report any unmatched entries...
326		$OtherList{$ThisLine}++;
	345	$OtherList{$ThisLine}++;
327	346	}
328	347	}
329	348

357	376	print "\n\t\t" . $SACacheHit . ' hits from MailScanner SpamAssassin cache';
358	377	}
359	378
	379	#if ($MailScan_Spam_Virus > 0) {
	380	# print "\n\t" . $MailScan_Spam_Virus . ' Spam messages detected by Virus signatures';
	381	#}
	382
360	383	if ($MailScan_Unscanned > 0) {
361	384	print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner';
362	385	}

373	396	print "\n\t" . $MailScan_Content . ' Content Problems found by MailScanner';
374	397	}
375	398
	399	if ($MailScan_Deleted_pdb > 0) {
	400	print "\n\t" . $MailScan_Deleted_pdb . " Messages deleted from processing-database";
	401	}
	402	if ($MailScan_Found_pdb > 0) {
	403	print "\n\t" . $MailScan_Found_pdb . " Messages found in processing-database";
	404	}
376	405	if ($MailScan_Delivered > 0) {
377	406	print "\n\t" . $MailScan_Delivered . " Messages delivered by MailScanner\n";
378	407	}

459	488	print "\nSophosSavi Virus Report: (Total Seen = $MailScan_Virus_SophosSavi)\n";
460	489	foreach $ThisOne (sort keys %VirusType_SophosSavi) {
461	490	print ' ' . $ThisOne . ': ' . $VirusType_SophosSavi{$ThisOne} . " Time(s)\n";
	491	}
	492	}
	493
	494	if (keys %Spam_Virus_Found) {
	495	print "\nSpam Virus Report: (Total Seen = $MailScan_Spam_Virus)\n";
	496	foreach $ThisOne (sort keys %Spam_Virus_Found) {
	497	print ' ' . $ThisOne . ': ' . $Spam_Virus_Found{$ThisOne} . " Time(s)\n";
462	498	}
463	499	}
464	500

591	627	print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n";
592	628	}
593	629	}
	630	if ($SpamAssassin_Rule_Actions > 0) {
	631	print "\nSpamAssassin Rule Actions: (Total Seen = $SpamAssassin_Rule_Actions)\n";
	632	foreach $ThisOne (sort keys %SpamAssassin_Rule) {
	633	print ' ' . 'Rule - ' . $ThisOne . ': ' . $SpamAssassin_Rule{$ThisOne} . " Time(s)\n";
	634	}
	635	foreach $ThisOne (sort keys %SpamAssassin_Action) {
	636	print ' ' . 'Action - ' . $ThisOne . ': ' . $SpamAssassin_Action{$ThisOne} . " Time(s)\n";
	637	}
	638	foreach $ThisOne (sort keys %SpamAssassin_Message) {
	639	print ' ' . 'Message - ' . $ThisOne . ': ' . $SpamAssassin_Message{$ThisOne} . " Time(s)\n";
	640	}
	641	}
594	642
595	643	if ( ($MailScan_GoodWatermark > 0) \|\| ($MailScan_BadWatermark > 0) \|\| ($MailScan_Skipwatermark > 0) ) {
596	644	print "\nWatermark report:\n";

609	657	exit(0);
610	658
611	659	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	660	# Local Variables:
	661	# mode: perl
	662	# perl-indent-level: 3
	663	# indent-tabs-mode: nil
	664	# End:

+8

-2

scripts/services/modprobe less more

47	47	## Logwatch project reserves the right to not accept such
48	48	## contributions. If you have made significant
49	49	## contributions to this script and want to claim
50		## copyright please contact logwatch-devel@logwatch.org.
	50	## copyright please contact logwatch-devel@lists.sourceforge.net.
51	51	#########################################################
52	52
53	53	#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

57	57	if ( $ThisLine =~ s/^modprobe: Can\'t locate module ([\w-]+)\s*$/$1/ ) {
58	58	$Modules{$ThisLine}++;
59	59	} elsif ( $ThisLine =~ s/^FATAL: Module (.*) not found./$1/) {
	60	$Modules{$ThisLine}++;
	61	} elsif ( $ThisLine =~ s/^FATAL: Could not load (.*): No such file or directory/$1/) {
60	62	$Modules{$ThisLine}++;
61	63	} elsif ( (undef,$Module,$Reason) = ( $ThisLine =~ /(WARNING\|FATAL): Error inserting ([^ ]* $[^ ]$): (.)$/ ) ) {
62	64	$ErrorInsert{$Module}{$Reason}++;

110	112	exit(0);
111	113
112	114	# vi: shiftwidth=3 tabstop=3 syntax=perl et
113
	115	# Local Variables:
	116	# mode: perl
	117	# perl-indent-level: 3
	118	# indent-tabs-mode: nil
	119	# End:

+8

-4

scripts/services/mountd less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	use Logwatch ':ip';

23	23	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
24	24
25	25	while (defined($ThisLine = <STDIN>)) {
26		if ( ($ThisLine =~ /^Unauthorized access by NFS client .*$/ ) or
	26	if ( ($ThisLine =~ /^Unauthorized access by NFS client .*$/ ) or
27	27	($ThisLine =~ /^NFS client [^ ]+ tried to access .*$/ ) or
28	28	($ThisLine =~ /^[^ ]* exported to both [0-9.]\/[0-5] and [0-9.]*\/[0-9]/) ) {
29	29	# don't care about this, as the next line reports the IP again

84	84	if (keys %SignalExit) {
85	85	printf "\nExit after catching signal:\n";
86	86	foreach $Number (keys %SignalExit) {
87		print " Signal " . $Number. ": " . $SignalExit{$Number} . " Time(s)\n";
	87	print " Signal " . $Number. ": " . $SignalExit{$Number} . " Time(s)\n";
88	88	}
89	89	}
90	90

116	116	exit(0);
117	117
118	118	# vi: shiftwidth=3 tabstop=3 syntax=perl et
119
	119	# Local Variables:
	120	# mode: perl
	121	# perl-indent-level: 3
	122	# indent-tabs-mode: nil
	123	# End:

+139

-0

scripts/services/mysql less more

	0	#!/usr/bin/perl -w
	1	#
	2	# $Id$
	3	#
	4	# Logwatch service for mysqld error log
	5	# To be placed in
	6	# /etc/logwatch/scripts/mysql
	7	#
	8	# Processes all messages and summarizes them
	9	# Each message is given with a timestamp and RMS
	10	#
	11	########################################################
	12	##(C) 2006 by Jeremias Reith <jr@terragate.net>
	13	## Modified 2009 by Michael Baierl
	14	## Covered under the included MIT/X-Consortium License:
	15	## http://www.opensource.org/licenses/mit-license.php
	16	## All modifications and contributions by other persons to
	17	## this script are assumed to have been donated to the
	18	## Logwatch project and thus assume the above copyright
	19	## and licensing terms. If you want to make contributions
	20	## under your own copyright or a different license this
	21	## must be explicitly stated in the contribution an the
	22	## Logwatch project reserves the right to not accept such
	23	## contributions. If you have made significant
	24	## contributions to this script and want to claim
	25	## copyright please contact logwatch-devel@lists.sourceforge.net.
	26	#########################################################
	27
	28	use strict;
	29	use Logwatch ':dates';
	30	use Time::Local;
	31	use POSIX qw(strftime);
	32
	33	my $date_format = '%y%m%d %H:%M:%S';
	34	my $filter = TimeFilter($date_format);
	35	my $detail = exists $ENV{'LOGWATCH_DETAIL_LEVEL'} ? $ENV{'LOGWATCH_DETAIL_LEVEL'} : 0;
	36
	37	# we do not use any Date:: package (or strptime) as they are probably not available
	38	my %month2num = ( Jan => 0, Feb => 1, Mar => 2, Apr => 3,
	39	May => 4, Jun => 5, Jul => 6, Aug => 7,
	40	Sep => 8, Oct => 9, Nov => 10, Dec => 11 );
	41
	42	# array of message categories (we do not use a hash to keep the order)
	43	# first element: catorory name
	44	# second element: matching regexp ($1 should contain the message)
	45	# third element: anonymous hash ref (stores message counts)
	46	my @message_categories = (['Errors', qr/\[ERROR\] (.*)$/o, {}],
	47	['Note', qr/\[Note\] (.*)$/o, {}],
	48	['Other', qr/(.*)$/o, {}]);
	49
	50	# counting messages
	51	while(<>) {
	52	my $line = $_;
	53	# skipping messages that are not within the requested range
	54	next unless $line =~ /^($filter)/o;
	55	$1 =~ /(\d\d)(\d\d)(\d\d)\s+(\d+):(\d+):(\d+)/;
	56	my $time;
	57
	58	{
	59	# timelocal is quite chatty
	60	local $SIG{'__WARN__'} = sub {};
	61	$time = timelocal($6, $5, $4, $3, $2-1, $1);
	62	}
	63
	64	foreach my $cur_cat (@message_categories) {
	65	if($line =~ /$cur_cat->[1]/) {
	66	my $msgs = $cur_cat->[2];
	67	$msgs->{$1} = {count => '0',
	68	first_occurrence => $time,
	69	sum => 0,
	70	sqrsum => 0} unless exists $msgs->{$1};
	71	$msgs->{$1}->{'count'}++;
	72	# summing up timestamps and squares of timestamps
	73	# in order to calculate the rms
	74	# using first occurrence of message as offset in calculation to
	75	# prevent an integer overflow
	76	$msgs->{$1}->{'sum'} += $time - $msgs->{$1}->{'first_occurrence'};
	77	$msgs->{$1}->{'sqrsum'} += ($time - $msgs->{$1}->{'first_occurrence'}) ** 2;
	78	last;
	79	}
	80	}
	81	}
	82
	83
	84	# generating summary
	85	foreach my $cur_cat (@message_categories) {
	86	# skipping non-requested message types
	87	next unless keys %{$cur_cat->[2]};
	88	my ($name, undef, $msgs) = @{$cur_cat};
	89	print $name, ":\n";
	90	my $last_count = 0;
	91
	92	# sorting messages by count
	93	my @sorted_msgs = sort { $msgs->{$b}->{'count'} <=> $msgs->{$a}->{'count'} } keys %{$msgs};
	94
	95	foreach my $msg (@sorted_msgs) {
	96	# grouping messages by number of occurrence
	97	print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count == $msgs->{$msg}->{'count'};
	98	my $rms = 0;
	99
	100
	101	# printing timestamp
	102	print '[';
	103
	104	if($msgs->{$msg}->{'count'} > 1) {
	105	# calculating rms
	106	$rms = int(sqrt(
	107	($msgs->{$msg}->{'count'} *
	108	$msgs->{$msg}->{'sqrsum'} -
	109	$msgs->{$msg}->{'sum'}) /
	110	($msgs->{$msg}->{'count'} *
	111	($msgs->{$msg}->{'count'} - 1))));
	112
	113	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}+int($rms/2)));
	114
	115	print ' +/-';
	116
	117	# printing rms
	118	if($rms > 86400) {
	119	print int($rms/86400) , ' day(s)';
	120	} elsif($rms > 3600) {
	121	print int($rms/3600) , ' hour(s)';
	122	} elsif($rms > 60) {
	123	print int($rms/60) , ' minute(s)';
	124	} else {
	125	print $rms, ' seconds';
	126	}
	127	} else {
	128	# we have got this message a single time
	129	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}));
	130	}
	131
	132	print '] ', $msg, "\n";
	133	$last_count = $msgs->{$msg}->{'count'};
	134	}
	135
	136	print "\n";
	137	}
	138

+151

-22

scripts/services/named less more

0	0	##########################################################################
1		# $Id: named,v 1.58 2009/06/02 14:55:45 mike Exp $
	1	# $Id: named,v 1.62 2011/01/06 22:53:00 stefan Exp $
2	2	##########################################################################
3	3	# $Log: named,v $
	4	# Revision 1.62 2011/01/06 22:53:00 stefan
	5	# add: deferred zone transfers
	6	# fix: TTL differs in rdataset
	7	#
	8	# Revision 1.61 2010/09/18 17:35:00 stefan
	9	# add: bad zone transfer request
	10	#
	11	# Revision 1.60 2010/05/10 00:25:00 stefan
	12	# fix: clients-per-query,
	13	# add: more lines to ignore, refused notify, client query denied, retry
	14	# limit exceeded, too many open file, no SOA, checkhints
	15	#
	16	# Revision 1.59.1 2010/05/04 22:25:00 stefan
	17	# More refresh: and RCODE handling
	18	#
4	19	# Revision 1.58 2009/06/02 14:55:45 mike
5	20	# Fedora patch from Ivan Varekova -mgt
6	21	#

109	124	## Logwatch project reserves the right to not accept such
110	125	## contributions. If you have made significant
111	126	## contributions to this script and want to claim
112		## copyright please contact logwatch-devel@logwatch.org.
	127	## copyright please contact logwatch-devel@lists.sourceforge.net.
113	128	#########################################################
114	129
115	130	use Logwatch ':ip';

198	213	($ThisLine =~ /binding TCP socket: address in use/) or
199	214	($ThisLine =~ /dbus_mgr initialization failed. D-BUS service is disabled./) or
200	215	($ThisLine =~ /dbus_svc_add_filter failed/) or
201		($ThisLine =~ /isc_log_open 'named.run' failed: permission denied/) or
202		($ThisLine =~ /weak RSASHA1 $5$ key found $exponent=3$/) or
203		($ThisLine =~ /Bad file descriptor/) or
	216	($ThisLine =~ /isc_log_open 'named.run' failed: permission denied/) or
	217	($ThisLine =~ /weak RSASHA1 $5$ key found $exponent=3$/) or
	218	($ThisLine =~ /Bad file descriptor/) or
204	219	($ThisLine =~ /open: .*: file not found/) or
205		($ThisLine =~ /queries: client [0-9.#:]* view localhost_resolver: query: .* IN .*/) or
	220	($ThisLine =~ /queries: client [\.0-9a-fA-F#:]* view localhost_resolver: query: .* IN .*/) or
206	221	($ThisLine =~ /zone .: NS '.' is a CNAME $illegal$/) or
207	222	($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or
208	223	($ThisLine =~ /zone .: loading from master file . failed/) or

211	226	($ThisLine =~ /.*: unexpected end of input/) or
212	227	($ThisLine =~ /too many timeouts resolving '.' .: disabling EDNS/) or
213	228	($ThisLine =~ /too many timeouts resolving '.' .: reducing the advertised EDNS UDP packet size to .* octets/) or
214		($ThisLine =~ /reloading zones succeeded/)
215		# too many timeouts resolving 'ns-ext.nrt1.isc.org/AAAA' (in '.'?): disabling EDNS: 3 Time(s)
	229	($ThisLine =~ /reloading zones succeeded/) or
	230	($ThisLine =~ /success resolving '.' $in '.'?$ after disabling EDNS/) or
	231	($ThisLine =~ /success resolving '.' $in '.'?$ after reducing the advertised EDNS UDP packet size to 512 octets/) or
	232	($ThisLine =~ /the working directory is not writable/) or
	233	($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9], [0-9]\]/) or
	234	($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or
	235	($ThisLine =~ /using up to [0-9]* sockets/) or
	236	($ThisLine =~ /built with/) or
	237	($ThisLine =~ /TTL differs in rdataset, adjusting [0-9]* -> [0-9]*/) or
	238	($ThisLine =~ /max open files $[0-9]$ is smaller than max sockets $[0-9]$/) or
	239	($ThisLine =~ /clients-per-query (?:de\|in)creased to .*/) or
	240	($ThisLine =~ /^must-be-secure resolving '.': ./) or
	241	($ThisLine =~ /^(error $)?no valid (DS\|KEY\|RRSIG)$? resolving '.': ./) or
	242	($ThisLine =~ /^not insecure resolving '.': ./) or
	243	($ThisLine =~ /^validating \@0x[[:xdigit:]]+: .* DS: must be secure failure/) or
	244	($ThisLine =~ /^(error $)?broken trust chain$? resolving '.': ./) or
	245	($ThisLine =~ /journal file [^ ]* does not exist, creating it/) or
	246	($ThisLine =~ /serial number $\d+$ received from master/) or
	247	($ThisLine =~ /zone is up to date/) or
	248	($ThisLine =~ /refresh in progress, refresh check queued/) or
	249	($ThisLine =~ /refresh: NODATA response from master/) or
	250	($ThisLine =~ /update with no effect/) or
	251	# ignore this line because the following line describes the error
	252	($ThisLine =~ /unexpected error/)
216	253	) {
217	254	# Don't care about these...
218	255	} elsif (

233	270	$ShutdownNamedFail++;
234	271	} elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) {
235	272	$DeniedZoneTransfers{$Host}{$Zone}++;
	273	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) {
	274	$DeferredZoneTransfers{$Zone}++;
236	275	} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) {
237	276	$ZoneLoaded{"cache $Zone"}++;
238	277	} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.)\" . loaded/ ) ) {

247	286	$ZoneLoaded{"secondary $Zone"}++;
248	287	} elsif ( ($Zone) = ( $ThisLine =~ /slave zone \"(.+)\" .* loaded/ ) ) {
249	288	$ZoneLoaded{"secondary $Zone"}++;
	289	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN\: expired/ ) ) {
	290	$ZoneExpired{$Zone}++;
250	291	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\: loaded serial/ ) ) {
251	292	$ZoneLoaded{$Zone}++;
252	293	} elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on\|resolving) '(.+)' $in .+$:\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) {

259	300	$ZoneReceivedNotify{$Zone}++;
260	301	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.): notify from . up to date/ ) ) {
261	302	$ZoneReceivedNotify{$Zone}++;
	303	} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN: refused notify from non-master/ ) ) {
	304	$ZoneRefusedNotify{$Zone}++;
	305	# } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) {
	306	} elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: bad zone transfer request: '(.+)\/IN': (.+)/ ) ) {
	307	$BadZone{$Reason}{"$Rhost ($Ldom)"}++;
262	308	} elsif ( ($Host) = ( $ThisLine =~ /([^ ]+) has CNAME and other data $invalid$/ ) ) {
263	309	push @CNAMEAndOther, $Host;
264	310	} elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /dns_master_load: ([^:]+):(\d+): ([^ ]+): (.+)$/ ) ) {

279	325	} elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query $cache$ denied/ ) ) {
280	326	$FullClient = LookupIP ($Client);
281	327	$DeniedQuery{$FullClient}++;
282		} elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) {
	328	} elsif ( ($Client) = ( $ThisLine =~ /client (.)#\d+: query '.\/IN' denied/ ) ) {
	329	$FullClient = LookupIP ($Client);
	330	$DeniedQueryNoCache{$FullClient}++;
	331	} elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) {
283	332	$ViewName = ($ViewName ? "/$ViewName" : "");
284	333	$UpdateDenied{"$Rhost ($Ldom$ViewName)"}++;
285	334	} elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) {

296	345	$MasterFailure{"$Zone from $Host"}{$Reason}++;
297	346	} elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) {
298	347	$NonAuthoritative{$Zone}++;
299		} elsif ( ($ThisLine =~ /unexpected RCODE $(.*)$ resolving/) ){
	348	} elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: retry limit for master \S+ exceeded/) ) {
	349	$RetryLimit{$Zone}++;
	350	} elsif ( ($ThisLine =~ /(?:error $)?unexpected RCODE$? $?(.*?)$? resolving/) ){
300	351	$UnexpRCODE{$1}++;
301		} elsif ( ($ThisLine =~ /FORMERR resolving '[^ ]+: [0-9.#]+/) ) {
	352	} elsif ( ($ThisLine =~ /(?:error $)?FORMERR$? resolving '[^ ]+: [.0-9a-fA-F:#]+/) or
	353	($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for client [^ ]+)?: .*/) ) {
302	354	chomp($ThisLine);
303	355	$FormErr{$ThisLine}++;
304	356	} elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker thread(s)?/) ) {

313	365	(($ErrorText) = ($ThisLine =~ /^(.* REQUIRE.* failed.*)$/)) or
314	366	(($ErrorText) = ($ThisLine =~ /(.*: fatal error)/)) ) {
315	367	$NError{$ErrorText}++;
316		} elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([.0-9])#[0-9]: (.*)/) ) {
	368	} elsif ( (($ErrorText) = ($ThisLine =~ /^(internal_accept: fcntl failed: Too many open files)/)) or
	369	(($ErrorText) = ($ThisLine =~ /^(socket: too many open file descriptors)/)) ) {
	370	$ErrOpenFiles{$ErrorText}++;
	371	} elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([\.0-9a-fA-F:])#[0-9]: (.*)/) ) {
317	372	$CCMessages{"$From,$Log"}++;
318	373	} elsif ( (($Log) = ($ThisLine =~ /(freezing .zone.)/)) or
319	374	(($Log) = ($ThisLine =~ /(thawing .zone.)/)) ) {

322	377	$UnknownCCCommands{$CCC}++;
323	378	} elsif (($CCC) = ($ThisLine =~ /received control channel command '(.*)'/)) {
324	379	$CCCommands{$CCC}++;
325		} elsif (($Name,$Address) = ($ThisLine =~ /network unreachable resolving '(.)': (.)/)) {
	380	} elsif (($Name,$Address) = ($ThisLine =~ /(?:error $)?network unreachable$? resolving '(.)': (.)/)) {
326	381	$NUR{$Name}{$Address}++;
327		} elsif (($Name,$Address) = ($ThisLine =~ /host unreachable resolving '(.)': (.)/)) {
	382	} elsif (($Name,$Address) = ($ThisLine =~ /(?:error $)?host unreachable$? resolving '(.)': (.)/)) {
328	383	$HUR{$Name}{$Address}++;
	384	} elsif (($Client) = ($ThisLine =~ /client ([\da-fA-F.:]+)(?:#\d*:)? notify question section contains no SOA/)) {
	385	$NoSOA{$Client}++;
	386	} elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) {
	387	$Hints{$Hint}++;
329	388	} else {
330	389	# Report any unmatched entries...
331	390	# remove PID from named messages
332		$ThisLine =~ s/(client [.0-9]+)\S+/$1/;
	391	$ThisLine =~ s/(client [\.0-9a-fA-F:]+)\S+/$1/;
333	392	chomp($ThisLine);
334	393	$OtherList{$ThisLine}++;
335	394	}

364	423	print "\nZones receiving notify:\n";
365	424	foreach $ThisOne (sort {$a cmp $b} keys %ZoneReceivedNotify) {
366	425	print " $ThisOne: $ZoneReceivedNotify{$ThisOne} Time(s)\n";
	426	}
	427	}
	428
	429	if ( ( $Detail >= 5 ) and (keys %ZoneRefusedNotify) ) {
	430	print "\nZones refused notify:\n";
	431	foreach $ThisOne (sort {$a cmp $b} keys %ZoneRefusedNotify) {
	432	print " $ThisOne: $ZoneRefusedNotify{$ThisOne} Time(s)\n";
367	433	}
368	434	}
369	435

382	448	foreach $Zone (sort {$a cmp $b} keys %MasterFailure) {
383	449	print " $Zone:\n";
384	450	foreach $Reason (sort {$a cmp $b} keys %{$MasterFailure{$Zone}}) {
385		print " $Reason: $MasterFailure{$Zone}{$Reason}++ Time(s)\n";
	451	print " $Reason: $MasterFailure{$Zone}{$Reason} Time(s)\n";
386	452	}
387	453	}
388	454	}

394	460	foreach my $Zone (keys %{$DeniedZoneTransfers{$Host}}) {
395	461	print " $Zone: $DeniedZoneTransfers{$Host}{$Zone} Time(s)\n";
396	462	}
397		print "\n";
	463	}
	464	}
	465
	466	if ( ( $Detail >= 5 ) and (keys %DeferredZoneTransfers) ) {
	467	print "\nDeferred Zone Transfers:\n";
	468	foreach my $Zone (keys %DeferredZoneTransfers) {
	469	print " $Zone: $DeferredZoneTransfers{$Zone} Time(s)\n";
398	470	}
399	471	}
400	472

415	487	}
416	488	}
417	489
	490	if ( ( $Detail >= 10 ) and (keys %BadZone) ) {
	491	print "\nBad Zone Transfer Request:\n";
	492	foreach $Reason (keys %BadZone) {
	493	print " Reason: $Reason\n";
	494	foreach $ThisOne (sort {$a cmp $b} (keys %{$BadZone{$Reason}}) ) {
	495	print " $ThisOne: $BadZone{$Reason}{$ThisOne} Time(s)\n";
	496	}
	497	}
	498	}
	499
418	500	if ( ( $Detail >= 5 ) and (keys %DeniedTCPClient) ) {
419	501	print "\nno more TCP clients warning:\n";
420	502	foreach $ThisOne (keys %DeniedTCPClient) {

423	505	}
424	506
425	507	if ( ( $Detail >= 5 ) and (keys %DeniedQuery) ) {
426		print "\nQueries (cache) that were denied:\n";
	508	print "\nQueries (cached) that were denied:\n";
427	509	foreach $ThisOne (keys %DeniedQuery) {
428	510	print " from $ThisOne: $DeniedQuery{$ThisOne} Time(s)\n";
	511	}
	512	}
	513
	514	if ( ( $Detail >= 10 ) and (keys %DeniedQueryNoCache) ) {
	515	print "\nQueries (not cached) that were denied:\n";
	516	foreach $ThisOne (sort {$a cmp $b} keys %DeniedQueryNoCache) {
	517	print " from $ThisOne: $DeniedQueryNoCache{$ThisOne} Time(s)\n";
429	518	}
430	519	}
431	520

460	549	}
461	550	}
462	551
	552	if ( ($Detail >= 10) and (keys %RetryLimit) ) {
	553	print "\nRetry limit exceeded for these zones:\n";
	554	foreach $Zone (sort {$a cmp $b} keys %RetryLimit) {
	555	print " $Zone: $RetryLimit{$Zone} Time(s)\n";
	556	}
	557	}
	558
	559	if ( ($Detail >= 10) and (keys %NoSOA) ) {
	560	print "\nNotify question sections of these clients contained no SOA:\n";
	561	foreach $Client (sort {$a cmp $b} keys %NoSOA) {
	562	print " $Client: $NoSOA{$Client} Time(s)\n";
	563	}
	564	}
	565
463	566	if ( ( $Detail >= 10 ) and (keys %NetworkUnreachable) ) {
464	567	print "\nNetwork is unreachable for:\n";
465	568	foreach $ThisOne (sort {$a cmp $b} keys %NetworkUnreachable) {
466	569	print " $ThisOne:\n";
467	570	foreach $Host (sort {$a cmp $b} keys %{$NetworkUnreachable{$ThisOne}}) {
468	571	print " $Host: $NetworkUnreachable{$ThisOne}{$Host} Time(s)\n";
469		}
	572	}
470	573	}
471	574	}
472	575

490	593	}
491	594	}
492	595
	596	if ( keys %ZoneExpired ) {
	597	print "\nZones expired:\n";
	598	foreach $ThisOne (sort {$a cmp $b} keys %ZoneExpired) {
	599	print " $ThisOne: $ZoneExpired{$ThisOne} Time(s)\n";
	600	}
	601	}
	602
493	603	if ( ( $Detail >= 5 ) and (keys %ZoneUpdates) ) {
494	604	print "\nZone Updates:\n";
495	605	foreach $ThisOne (sort {$a cmp $b} keys %ZoneUpdates) {
496	606	print " $ThisOne:\n";
497	607	foreach $Message (sort {$a cmp $b} keys %{$ZoneUpdates{$ThisOne}}) {
498	608	print " $Message: $ZoneUpdates{$ThisOne}{$Message} Time(s)\n";
499		}
	609	}
500	610	}
501	611	}
502	612

575	685	}
576	686	}
577	687
	688	if (keys %ErrOpenFiles) {
	689	print "\n The following seams to be caused by the patches for CVE-2008-1447.";
	690	print "\n Please update your bind.\n";
	691	foreach $ThisOne (keys %ErrOpenFiles) {
	692	print " " . $ThisOne . ": " . $ErrOpenFiles{$ThisOne} . " Time(s)\n";
	693	}
	694	}
	695
578	696	if ((keys %CCMessages) or (keys %CCMessages2)){
579	697	print "\n Messages from control channel\n";
580	698	foreach (keys %CCMessages) {

593	711	}
594	712	foreach $ThisOne (keys %UnknownCCCommands) {
595	713	print " " . $ThisOne . "(unknown command): " . $CCCommands{$ThisOne} . " Time(s)\n";
596		}
	714	}
	715	}
	716
	717	if (keys %Hints) {
	718	print "\nCheckhints:\n";
	719	foreach $ThisOne (sort {$a cmp $b} keys %Hints) {
	720	print " " .$ThisOne .": $Hints{$ThisOne} Time(s)\n";
	721	}
597	722	}
598	723
599	724	if (keys %OtherList) {

606	731	exit(0);
607	732
608	733	# vi: shiftwidth=3 tabstop=3 syntax=perl et
609
	734	# Local Variables:
	735	# mode: perl
	736	# perl-indent-level: 3
	737	# indent-tabs-mode: nil
	738	# End:

+15

-10

scripts/services/netopia less more

24	24	## Logwatch project reserves the right to not accept such
25	25	## contributions. If you have made significant
26	26	## contributions to this script and want to claim
27		## copyright please contact logwatch-devel@logwatch.org.
	27	## copyright please contact logwatch-devel@lists.sourceforge.net.
28	28	#########################################################
29	29
30	30	use Logwatch ':all';

55	55	($month,$day,$time,$host_ip,$host,$msg)=split(/ +/,$ThisLine,7);
56	56
57	57	if ( ($ThisLine =~ /traffic/ ) or
58		($ThisLine =~ /Copyright/ ) or
59		($ThisLine =~ /removed due to simultaneous rekey/ ) or
60		($ThisLine =~ /Responded to the first peer message/ ) or
61		($ThisLine =~ /NBR change/ ) or
	58	($ThisLine =~ /Copyright/ ) or
	59	($ThisLine =~ /removed due to simultaneous rekey/ ) or
	60	($ThisLine =~ /Responded to the first peer message/ ) or
	61	($ThisLine =~ /NBR change/ ) or
62	62	($ThisLine =~ /accept udp/ ) or
63	63	($ThisLine =~ /accept tcp/ ) or
64	64	($ThisLine =~ /accept icmp/ ) or

155	155	$Users{$host}{$2}{$4}{"(all)"}++;
156	156	}
157	157	}
158		elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
	158	elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
159	159	if ( $Debug >= 5 ) {
160	160	print STDERR "DEBUG: Found -Failed login- line\n";
161	161	}
162	162	my $name = LookupIP($4);
163	163	$BadLogins{$host}{"$1/$2 from $name"}++;
164		}
165		elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
	164	}
	165	elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
166	166	my $name = LookupIP($2);
167	167	$Temp = "SSH from $name";
168	168	$BadLogins{$host}{$Temp}++;

235	235	}
236	236	}
237	237	}
238
	238
239	239	if (keys %NTPUpdated) {
240	240	print "\nDevice where The system clock has been updated through NTP :\n";
241	241	foreach $ThisOne (keys %NTPUpdated) {

406	406	print " " . $ThisOne . ":\n";
407	407	for (sort keys %{$IllegalUsers{$ThisOne}}) {
408	408	print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
409
	409
410	410	}
411	411	}
412	412	}

449	449	exit(0);
450	450
451	451	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	452	# Local Variables:
	453	# mode: perl
	454	# perl-indent-level: 3
	455	# indent-tabs-mode: nil
	456	# End:

+14

-10

scripts/services/netscreen less more

24	24	## Logwatch project reserves the right to not accept such
25	25	## contributions. If you have made significant
26	26	## contributions to this script and want to claim
27		## copyright please contact logwatch-devel@logwatch.org.
	27	## copyright please contact logwatch-devel@lists.sourceforge.net.
28	28	#########################################################
29	29
30	30	use Logwatch ':all';

55	55	($month,$day,$time,$host_ip,$host,$msg)=split(/ +/,$ThisLine,7);
56	56
57	57	if ( ($ThisLine =~ /traffic/ ) or
58		($ThisLine =~ /Copyright/ ) or
59		($ThisLine =~ /removed due to simultaneous rekey/ ) or
60		($ThisLine =~ /Responded to the first peer message/ ) or
61		($ThisLine =~ /NBR change/ ) or
	58	($ThisLine =~ /Copyright/ ) or
	59	($ThisLine =~ /removed due to simultaneous rekey/ ) or
	60	($ThisLine =~ /Responded to the first peer message/ ) or
	61	($ThisLine =~ /NBR change/ ) or
62	62	($ThisLine =~ /accept udp/ ) or
63	63	($ThisLine =~ /accept tcp/ ) or
64	64	($ThisLine =~ /accept icmp/ ) or

183	183	$Users{$host}{$2}{$4}{"(all)"}++;
184	184	}
185	185	}
186		elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
	186	elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management $port (\d+)$ from (.+):(.+). failed. (.*)/ ) {
187	187	if ( $Debug >= 5 ) {
188	188	print STDERR "DEBUG: Found -Failed login- line\n";
189	189	}
190	190	my $name = LookupIP($4);
191	191	$BadLogins{$host}{"$1/$2 from $name"}++;
192		}
193		elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
	192	}
	193	elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
194	194	my $name = LookupIP($2);
195	195	$Temp = "SSH from $name";
196	196	$BadLogins{$host}{$Temp}++;

547	547	print " " . $ThisOne . ":\n";
548	548	for (sort keys %{$IllegalUsers{$ThisOne}}) {
549	549	print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
550
	550
551	551	}
552	552	}
553	553	}

588	588	}
589	589
590	590	exit(0);
591
	591	# Local Variables:
	592	# mode: perl
	593	# perl-indent-level: 3
	594	# indent-tabs-mode: nil
	595	# End:

+7

-3

scripts/services/oidentd less more

59	59	## Logwatch project reserves the right to not accept such
60	60	## contributions. If you have made significant
61	61	## contributions to this script and want to claim
62		## copyright please contact logwatch-devel@logwatch.org.
	62	## copyright please contact logwatch-devel@lists.sourceforge.net.
63	63	#########################################################
64	64
65	65	## Initial initialization:

86	86	$Lookups{$Port}{$Temp}{$Host}++;
87	87	$LookupCount++;
88	88	$MasqLookupCount++;
89		} elsif (
	89	} elsif (
90	90	(($Host) = ($ThisLine =~ /^Connection from ([^ ]* $[^ ]*$):\d+$/)) or
91	91	(($Host) = ($ThisLine =~ /^Connection from ([^ ]*):\d+$/))
92	92	) {

158	158	exit(0);
159	159
160	160	# vi: shiftwidth=3 tabstop=3 syntax=perl et
161
	161	# Local Variables:
	162	# mode: perl
	163	# perl-indent-level: 3
	164	# indent-tabs-mode: nil
	165	# End:

+17

-8

scripts/services/openvpn less more

19	19	## Logwatch project reserves the right to not accept such
20	20	## contributions. If you have made significant
21	21	## contributions to this script and want to claim
22		## copyright please contact logwatch-devel@logwatch.org.
	22	## copyright please contact logwatch-devel@lists.sourceforge.net.
23	23	#########################################################
24	24
25	25	my $Debug = $ENV{'LOGWATCH_DEBUG'};
26	26	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
27
	27
28	28	if ( $Debug >= 5 ) {
29	29	print STDERR "\n\nDEBUG \n\n";
30	30	}

40	40	if (
41	41	($ThisLine =~ /^\[[\w.-]+\] Inactivity timeout $--ping-restart$, restarting/) or
42	42	($ThisLine =~ /^\/sbin\//) or
43		($ThisLine =~ /^Attempting to establish TCP connection with [\d.]+:\d+/) or
	43	($ThisLine =~ /^Attempting to establish TCP connection with [\d.]+:\d+/) or
44	44	($ThisLine =~ /^Closing TUN\/TAP interface/) or
45	45	($ThisLine =~ /^Connection reset, restarting \[\d+\]/) or
46	46	($ThisLine =~ /^Control Channel Authentication/) or
47	47	($ThisLine =~ /^Control Channel MTU parms/) or
	48	($ThisLine =~ /CRL CHECK OK: \/.*\//) or
48	49	($ThisLine =~ /^Data Channel MTU parms/) or
49	50	($ThisLine =~ /^Diffie-Hellman initialized/) or
50	51	($ThisLine =~ /^event_wait : Interrupted system call $code=\d+$/) or

65	66	($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or
66	67	($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or
67	68	($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or
	69	($ThisLine =~ /OpenVPN .* built on [A-Z][a-z]{2} [ 12]?[0-9] [0-9]{4}/) or
68	70	($ThisLine =~ /^OPTIONS IMPORT/) or
69	71	($ThisLine =~ /^Preserving previous TUN\/TAP instance: \w+/) or
70	72	($ThisLine =~ /^PUSH: Received control message/) or
71	73	($ThisLine =~ /^Re-using SSL\/TLS context/) or
	74	($ThisLine =~ /read UDPv4 \[.\]: No route to host $code=[0-9]$/) or
72	75	($ThisLine =~ /^Restart pause, \d+ second$s$/) or
73	76	($ThisLine =~ /^SENT CONTROL/) or
74	77	($ThisLine =~ /^SIGTERM\[hard,[^\]]*\] received, process exiting/) or
75	78	($ThisLine =~ /^SIGUSR1\[soft,(connection-reset\|ping-restart)\] received, (process\|client-instance) restarting/) or
	79	($ThisLine =~ /Socket Buffers: R=\[[0-9]+->[0-9]+\] S=\[[0-9]+->[0-9]+\]/) or
76	80	($ThisLine =~ /^TCP\/UDP: Closing socket/) or
77	81	($ThisLine =~ /^TCP\/UDP: Dynamic remote address changed during TCP connection establishment/) or
78	82	($ThisLine =~ /^TCP connection established with [\d.]+:\d+/) or

82	86	($ThisLine =~ /^TLS: soft reset/) or
83	87	($ThisLine =~ /^TLS: tls_process: killed expiring key$/) or
84	88	($ThisLine =~ /^TLS: move_session: dest=.* src=.* reinit_src=[0-9]*/) or
85		($ThisLine =~ /^TLS: tls_multi_process: untrusted session promoted to trusted/) or
	89	($ThisLine =~ /^TLS: tls_multi_process: untrusted session promoted to (semi-)?trusted/) or
	90	($ThisLine =~ /TLS: tls_multi_process: killed expiring key/) or
86	91	($ThisLine =~ /^TLS: new session incoming connection from .*/) or
	92	($ThisLine =~ /TLS Error: TLS object -> incoming plaintext read error/) or
	93	($ThisLine =~ /TLS ERROR: received control packet with stale session-id=.*/) or
87	94	($ThisLine =~ /^TUN\/TAP device \w+ opened/) or
	95	($ThisLine =~ /TUN\/TAP TX queue length set to [0-9]*/) or
88	96	($ThisLine =~ /^UDPv4 link /) or
89	97	($ThisLine =~ /^UID set to/) or
90	98	($ThisLine =~ /^VERIFY OK: nsCertType=\w+/) or
91	99	($ThisLine =~ /^chroot to /) or
92		($ThisLine =~ /TUN\/TAP TX queue length set to [0-9]*/) or
93		($ThisLine =~ /Socket Buffers: R=\[[0-9]+->[0-9]+\] S=\[[0-9]+->[0-9]+\]/) or
94		($ThisLine =~ /OpenVPN .* built on [A-Z][a-z]{2} [ 12]?[0-9] [0-9]{4}/) or
95	100	($ThisLine =~ /Authenticate\/Decrypt packet error: bad packet ID $may be a replay$: \[ #.* \] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings/)
96	101	) {
97	102	# Don't care about these...

235	240
236	241
237	242	# vi: shiftwidth=3 tabstop=3 syntax=perl et
238
	243	# Local Variables:
	244	# mode: perl
	245	# perl-indent-level: 3
	246	# indent-tabs-mode: nil
	247	# End:

+7

-3

scripts/services/pam less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
22	22
23	23	while (defined($ThisLine = <STDIN>)) {
24	24	if ( ( $ThisLine =~ /^pam_get_user: no username obtained$/ ) or
25		( $ThisLine =~ /^pam_end: NULL pam handle passed/ ) ) {
	25	( $ThisLine =~ /^pam_end: NULL pam handle passed/ ) ) {
26	26	# We don't care about these
27	27	}
28	28	elsif ( $ThisLine =~ s/^FAILED LOGIN SESSION FROM ([^ ]+) FOR .*$/$1/ ) {

49	49	exit(0);
50	50
51	51	# vi: shiftwidth=3 tabstop=3 syntax=perl et
52
	52	# Local Variables:
	53	# mode: perl
	54	# perl-indent-level: 3
	55	# indent-tabs-mode: nil
	56	# End:

+10

-5

scripts/services/pam_pwdb less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	# NOTE: This script is for older (6.X era) Red Hat boxes

29	29	( $ThisLine =~ /^check pass; user unknown/ ) or
30	30	( $ThisLine =~ /^User account has expired/ ) or # This one is caught below (2-line message)
31	31	( $ThisLine =~ /^get passwd; pwdb: structure is no longer valid$/) or
32		( $ThisLine =~ /^fatal: Read error from remote host: Connection reset by peer$/) or
	32	( $ThisLine =~ /^fatal: Read error from remote host: Connection reset by peer$/) or
33	33	( $ThisLine =~ /^new password not acceptable$/ ) or
34	34	( $ThisLine =~ /^FTP session closed$/) or
35	35	( $ThisLine =~ /^FTP LOGIN REFUSED/) or

42	42	chomp($ThisLine);
43	43	push @PWChanges, $ThisLine;
44	44	}
45		elsif ( ($RemoteHost,$User) = ( $ThisLine =~ /^failed login from ([^ ]+) \[.*\], ([^ ]+)$/) or
	45	elsif ( ($RemoteHost,$User) = ( $ThisLine =~ /^failed login from ([^ ]+) \[.*\], ([^ ]+)$/) or
46	46	($RemoteHost,$User) = ( $ThisLine =~ /^Login failure user=(\S+) host=([^ ]+)$/) ) {
47	47	chomp ($User);
48	48	push @{$FailedLogins{$RemoteHost}}, $User;

83	83	chomp ($ThisLine);
84	84	$RootLogins{$ThisLine}++;
85	85	}
86		elsif ( ($User,$From) = ( $ThisLine =~ /^LOGIN ON [^ ]+ BY ([^ ]+) FROM ([^ ]+)$/ ) or
	86	elsif ( ($User,$From) = ( $ThisLine =~ /^LOGIN ON [^ ]+ BY ([^ ]+) FROM ([^ ]+)$/ ) or
87	87	($User,$From) = ( $ThisLine =~ /^Login user=([^ ]+) host=([^ ]+)$/ ) ) {
88	88	chomp ($From);
89	89	${$RemoteLogins{$User}}{$From}++;

214	214	exit(0);
215	215
216	216	# vi: shiftwidth=3 tabstop=3 syntax=perl et
217
	217	# Local Variables:
	218	# mode: perl
	219	# perl-indent-level: 3
	220	# indent-tabs-mode: nil
	221	# End:
	222

+108

-55

scripts/services/pam_unix less more

2	2	# $Id: pam_unix,v 1.35 2008/03/24 23:31:26 kirk Exp $
3	3	##########################################################################
4	4	# $Log: pam_unix,v $
	5	# Revision 1.36 2011/01/05 22:01:00 stefan
	6	# recognize: <service>[3254]: PAM <something>
	7	#
5	8	# Revision 1.35 2008/03/24 23:31:26 kirk
6	9	# added copyright/license notice to each script
7	10	#

105	108	## Logwatch project reserves the right to not accept such
106	109	## contributions. If you have made significant
107	110	## contributions to this script and want to claim
108		## copyright please contact logwatch-devel@logwatch.org.
	111	## copyright please contact logwatch-devel@lists.sourceforge.net.
109	112	#########################################################
110	113
111	114	##########################################################################

123	126	my ($service, $line, %data);
124	127
125	128	while ($line = <STDIN>) {
126		chomp $line;
127		$service = $line;
	129	chomp $line;
	130	$service = $line;
128	131	# for fedora and others
129		if ($line =~ s/^... .. ..:..:.. .+ .+$pam_unix$\[\d+\]: //) {
130		$service =~ s/^... .. ..:..:.. .+ (.+)$pam_unix$\[\d+\]: .*$/$1/;
131		# new fedora (fc5) version
	132	if ($line =~ s/^... .. ..:..:.. .+ .+$pam_unix$\[\d+\]: //) {
	133	$service =~ s/^... .. ..:..:.. .+ (.+)$pam_unix$\[\d+\]: .*$/$1/;
	134	# new fedora (fc5) version
132	135	} elsif ( $line =~ s/^... .. ..:..:.. .+ pam_unix$.+:.+$: // ) {
133	136	$service =~ s/^... .. ..:..:.. .+ pam_unix$(.+):.+$: .*$/$1/;
	137	# fedora with pam_sss
	138	} elsif ( $line =~ s/^... .. ..:..:.. .+ pam_sss$.+:.+$: // ) {
	139	$service =~ s/^... .. ..:..:.. .+ pam_sss$(.+):.+$: .*$/$1/;
134	140	# for debian sarge - "normal" lines
135	141	} elsif ($line =~ s/^... .. ..:..:.. .+ [^ :]+: $pam_unix$ //) {
136	142	$service =~ s/^... .. ..:..:.. .+ ([^\s:\[\]]+)(?:\[[0-9]+\]\|): $pam_unix$ .*$/$1/;

143	149	# for Ubuntu 7.10
144	150	} elsif ( $line =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+$.+:.+$: // ) {
145	151	$service =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+$(.+):.+$: .*$/$1/;
146		} else {
147		next;
148		}
149		#lowercase the service
150		$service = lc($service);
151		if (($service =~ /ssh(\|d)/) or ($service eq 'login') or ($service eq 'ftp') or ($service eq 'rsh') or
152		($service eq 'remote') or ($service eq 'rlogin') or ($service eq 'rexec')) {
153		if ($line =~ s/^session opened for user (.+) by $uid=\d+$/$1/) {
154		($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
	152	# for debian and others ?
	153	} elsif ($line =~ s/^... .. ..:..:.. \S+ \S+\[\d+\]: PAM //) {
	154	$service =~ s/^... .. ..:..:.. \S+ (\S+)\[\d+\]: PAM .*/$1/;
	155	} else {
	156	next;
	157	}
	158	# handle password expiring globally
	159	if ($line =~ /^password for user (.+) will expire in (\d+) days/) {
	160	$data{"all"}{'Password Expiring'}{"$1 in $2 days"}++;
	161	next;
	162	}
	163	#lowercase the service
	164	$service = lc($service);
	165	if ( grep $_ eq $service, qw/ssh sshd login ftp vsftpd rsh remote rlogin rexec/) {
	166	if ($line =~ s/^session opened for user (.+) by $uid=\d+$/$1/) {
	167	($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
155	168	} elsif ($line =~ s/^session opened for user ([^ ]) by ([^ ])$uid=\d+$/$1 by $2/) {
156	169	($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
157		} elsif ($line =~ s/^session opened for user (.+) by LOGIN$uid=\d+$/$1/) {
158		$data{$service}{'Sessions Opened'}{$line}++;
159		} elsif ($line =~ /session closed for user/) {
160		# ignore this line
161		} elsif ($line =~ s/^authentication failure; .rhost=(\S)\s+user=(\S*)$/$2 ($1)/) {
162		$data{$service}{'Authentication Failures'}{$line}++;
	170	} elsif ($line =~ s/^session opened for user (.+) by LOGIN$uid=\d+$/$1/) {
	171	$data{$service}{'Sessions Opened'}{$line}++;
	172	} elsif ($line =~ /session closed for user/) {
	173	# ignore this line
	174	} elsif ($line =~ s/^authentication failure; .rhost=(\S)\s+user=(\S*)$/$2 ($1)/) {
	175	$data{$service}{'Authentication Failures'}{$line}++;
163	176	} elsif ($line =~ s/^authentication failure; .rhost=(\S).$/unknown ($1)/) {
164	177	$data{$service}{'Authentication Failures'}{$line}++;
165	178	} elsif ($line =~ s/^authentication failure; logname=(\S) uid=(\d+) .user=(\S*)$/$1($2) -> $3/) {
166	179	$data{$service}{'Authentication Failures'}{$line}++;
167		} elsif ($line =~ s/^(\d+) more authentication failure; .rhost=(\S)\s+user=(\S*)$/$3 ($2)/) {
	180	} elsif ($line =~ s/^authentication failure; logname=(\S) .rhost=(\S)\s+user=(\S)$/($3 or $1)($2): /) {
	181	$data{$service}{'Authentication Failures'}{$line}++;
	182	} elsif ($line =~ s/^(\d+) more authentication failures?; .rhost=(\S)\s+user=(\S*)$/$3 ($2)/) {
168	183	$data{$service}{'Authentication Failures'}{$line} += $1;
169		} elsif ($line =~ s/^(\d+) more authentication failure; .rhost=(\S)$/unknown ($2)/) {
	184	} elsif ($line =~ s/^(\d+) more authentication failures?; .rhost=(\S)$/unknown ($2)/) {
170	185	$data{$service}{'Authentication Failures'}{$line} += $1;
171	186	} elsif ($line =~ /check pass; user unknown/) {
172	187	$data{$service}{'Invalid Users'}{'Unknown Account'}++;

176	191	$data{$service}{'Expired Accounts'}{$line}++;
177	192	} elsif ($line =~ s/bad username \[(.*)\]/$1/) {
178	193	$data{$service}{'Invalid Users'}{"Bad User: $line"}++;
179		} else {
180		$data{$service}{'Unknown Entries'}{$line}++;
181		}
182		} elsif (($service eq 'su') or ($service eq 'sudo') or ($service eq 'su-l')) {
	194	} elsif ($line =~ s/^authentication success; logname=(\S) uid=(\d+) .user=(\S*)$/$1($2) -> $3/) {
	195	($Detail >= 5) && $data{$service}{'Authentication Success'}{$line}++;
	196	} else {
	197	$data{$service}{'Unknown Entries'}{$line}++;
	198	}
	199	} elsif (grep $_ eq $service, qw/su sudo su-l/) {
183	200	if ( my ($logname, $uid, $ruser, $user) = ($line =~ /^authentication failure; logname=(\S)\s+uid=(\d+) (?:.ruser=(\S)\s+)?.user=(\S*)$/)) {
184	201	$line = ($logname or $ruser)."($uid) -> $user";
185	202	$data{$service}{'Authentication Failures'}{$line}++;
186	203	} elsif ($line =~ /session closed for user/) {
187	204	# ignore this line
	205	} elsif ($line =~ /conversation failed/) {
	206	# ignore this line. An other line will describe the reason.
188	207	} elsif (my ($nam, $byid) = ($line =~ /session opened for user (.+) by (.+)$/)) {
189		#resolve uid to name if possible
190		$byid =~ s/$uid=(\d+)$/$1/;
191		my $onam = getpwuid($byid) or $byid;
	208	# resolve uid to name if possible
	209	my $onam;
	210	if ($byid =~ s/^$uid=(\d+)$$/$1/) {
	211	$onam = getpwuid($byid) or $byid;
	212	} elsif ($byid =~ s/^(\S+)$uid=\d+$$/$1/) {
	213	$onam = $byid;
	214	} else {
	215	$onam = $byid;
	216	}
192	217	$data{$service}{'Sessions Opened'}{"$onam -> $nam"}++;
	218	} elsif ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
	219	$data{$service}{'Not Identify Password For'}{$line}++;
193	220	} elsif ($line =~ /^account root has password changed in future/) {
194	221	#I'm not sure whether this info could not be reported
195	222	} else {
196	223	$data{$service}{'Unknown Entries'}{$line}++;
197	224	}
198		} elsif (($service eq 'passwd') \|\| ($service eq 'propassd')) {
	225	} elsif (grep $_ eq $service, qw/passwd propassd/) {
199	226	if ($line =~ s/^password changed for (.+)/$1/) {
200	227	($Detail >= 5) && $data{$service}{'Password changed'}{$line}++;
201	228	}
202		} elsif (($service eq 'gdm') \|\| ($service eq 'kdm') \|\| ($service eq 'kcheckpass') \|\| ($service eq 'xdm') \|\| ($service eq 'imap') \|\| ($service eq 'dovecot') \|\| ($service eq 'cups')) {
	229	} elsif (grep $_ eq $service, qw/gdm gdm-password kdm kcheckpass xdm imap dovecot cups/) {
203	230	if ($line =~ s/^session opened for user (.+) by $uid=\d+$/$1/) {
204	231	($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
205	232	} elsif ($line =~ s/^authentication failure;.* user=(.+)$/$1/) {
206	233	$data{$service}{'Authentication Failures'}{$line}++;
	234	} elsif ($line =~ /check pass; user unknown/) {
	235	$data{$service}{'Invalid Users'}{'Unknown Account'}++;
207	236	} elsif ($line =~ /session closed for user/) {
208	237	# ignore this line
209		} else {
210		$data{$service}{'Unknown Entries'}{$line}++;
211		}
212
213		} elsif ($service eq 'spop3d' \|\| $service eq 'pop') {
	238	} elsif ($line =~ s/^authentication success; logname=(\S) uid=(\d+) .user=(\S*)$/$1($2) -> $3/) {
	239	($Detail >= 5) && $data{$service}{'Authentication Success'}{$line}++;
	240	} elsif ($line =~ /received for user.*Permission denied/) {
	241	# ignore this line - paired with authentication failure
	242	} else {
	243	$data{$service}{'Unknown Entries'}{$line}++;
	244	}
	245
	246	} elsif (grep $_ eq $service, qw/spop3d pop/) {
214	247	if ($line =~ s/^session opened for user (.+)/$1/) {
215	248	$data{$service}{'Sessions Opened'}{$line}++;
216	249	} elsif ($line =~ /session closed for user/) {

228	261	} else {
229	262	$data{$service}{'Unknown Entries'}{$line}++;
230	263	}
231		} elsif ($service eq 'pure-ftpd') {
	264	} elsif (grep $_ eq $service, qw/pure-ftpd vsftpd/) {
232	265	if ($line =~ s/^session opened for user (.+)/$1/) {
233	266	$data{$service}{'Sessions Opened'}{$line}++;
234	267	} elsif ($line =~ s/^check pass; (.+)/$1/) {
235	268	$data{$service}{'Password Failures'}{$line}++;
236		} else {
237		$data{$service}{'Unknown Entries'}{$line}++;
238		}
239		} elsif (($service eq 'xscreensaver') \|\| ($service eq 'gnome-screensaver') \|\| ($service eq 'kscreensaver')) {
	269	} elsif ($line =~ s/^authentication failure; .*user=(.+)$/$1/) {
	270	$data{$service}{'Authentication Failures'}{$line}++;
	271	} else {
	272	$data{$service}{'Unknown Entries'}{$line}++;
	273	}
	274	} elsif (grep $_ eq $service, qw/xscreensaver gnome-screensaver kscreensaver/) {
240	275	if ($line =~ s/^authentication failure; .*uid=(\d+) euid=(\d+) tty=(.+) ruser= rhost= user=(.+)$/$4($1,$2) on display $3/) {
241	276	$data{$service}{'Authentication Failures'}{$line}++;
242	277	}
243		} elsif ($service =~ /^(f)?crond?$/ ) {
	278	} elsif ($service =~ /^(?:\/[\w\/]+\/\|f)?crond?$/ ) {
244	279	if ($line =~ s/^session opened for user (.+) by $uid=\d+$/$1/) {
245	280	($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
246	281	} elsif ($line =~ /session closed for user/) {
247	282	# ignore this line
248	283	} elsif ($line =~ /^account root has password changed in future/) {
249	284	#I'm not sure whether this info could not be reported
	285	} elsif ($line =~ /^adding faulty module: (.+)/) {
	286	$data{$service}{'Faulty modules'}{$1}++;
	287	} elsif ($line =~ /^unable to dlopen$.+$: (.+)$/) {
	288	$data{$service}{'Unable to dlopen'}{$1}++;
250	289	} else {
251	290	$data{$service}{'Unknown Entries'}{$line}++;
252	291	}

258	297	} else {
259	298	$data{$service}{'Unknown Entries'}{$line}++;
260	299	}
261		} elsif (($service eq 'samba') or ($service eq 'smbd')) {
262		if ($line =~ s/^session opened for user ([a-zA-Z\d]+) by (.+)/$1/) {
	300	} elsif (grep $_ eq $service, qw/samba smbd/) {
	301	if ($line =~ s/^session opened for user (\S+) by (.+)/$1/) {
263	302	($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
264	303	} elsif ($line =~ s/^session closed for user (.+)/$1/) {
265	304	($Detail >= 8) && $data{$service}{'Sessions Closed'}{$line}++;
266	305	} else {
267	306	$data{$service}{'Unknown Entries'}{$line}++;
268	307	}
269		} elsif (($service eq 'runuser') or ($service eq 'runuser-l')){
270		if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
	308	} elsif (grep $_ eq $service, qw/runuser runuser-l/) {
	309	if ($line =~/^session (opened)?(\/)?(closed)? for user [\w\.\-]+/) {
271	310	} else {
272	311	$data{$service}{'Unknown Entries'}{$line}++;
273	312	}
274	313	} elsif ($service eq 'atd') {
275		if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
276		} elsif ($line =~ /^account root has password changed in future/) {
	314	if ($line =~/^session (opened)?(\/)?(closed)? for user [\w\.\-]+/) {
	315	} elsif ($line =~ /^account root has password changed in future/) {
277	316	#I'm not sure whether this info could not be reported
278	317	} else {
279	318	$data{$service}{'Unknown Entries'}{$line}++;
280	319	}
281	320	} elsif ($service eq 'system-config-date') {
282		if ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
	321	if ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
283	322	$data{$service}{'Not Identify Password For'}{$line}++;
284		} else {
285		$data{$service}{'Unknown Entries'}{$line}++;
286		}
287		} else {
	323	} else {
	324	$data{$service}{'Unknown Entries'}{$line}++;
	325	}
	326	} elsif ($service eq 'smtp') {
	327	if ($line =~ s/^authentication failure; logname=(\S) uid=(\d+).user=(\S*)$/$1($2) -> $3/) {
	328	$data{$service}{'Authentication Failures'}{$line}++;
	329	} elsif ($line =~ /authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=/) {
	330	# ignore this line
	331	} elsif ($line =~ /check pass; user unknown/) {
	332	$data{$service}{'Invalid Users'}{'Unknown Account'}++;
	333	} else {
	334	$data{$service}{'Unknown Entries'}{$line}++;
	335	}
	336	} else {
288	337	$data{$service}{'Unknown Entries'}{$line}++;
289	338	}
290	339	}

304	353	exit(0);
305	354
306	355	# vi: shiftwidth=3 tabstop=3 syntax=perl et
307
	356	# Local Variables:
	357	# mode: perl
	358	# perl-indent-level: 3
	359	# indent-tabs-mode: nil
	360	# End:

+17

-12

scripts/services/php less more

27	27	## Logwatch project reserves the right to not accept such
28	28	## contributions. If you have made significant
29	29	## contributions to this script and want to claim
30		## copyright please contact logwatch-devel@logwatch.org.
	30	## copyright please contact logwatch-devel@lists.sourceforge.net.
31	31	#########################################################
32	32
33	33	use strict;

45	45	Sep => 8, Oct => 9, Nov => 10, Dec => 11 );
46	46
47	47	# array of message categories (we do not use a hash to keep the order)
48		# first element: catorory name
	48	# first element: catorory name
49	49	# second element: matching regexp ($1 should contain the message)
50	50	# third element: anonymous hash ref (stores message counts)
51	51	my @message_categories = (['Fatal errors', qr/\] PHP Fatal error: (.*)$/o, {}],

76	76	my $msgs = $cur_cat->[2];
77	77	$msgs->{$1} = {count => '0',
78	78	first_occurrence => $time,
79		sum => 0,
	79	sum => 0,
80	80	sqrsum => 0} unless exists $msgs->{$1};
81	81	$msgs->{$1}->{'count'}++;
82	82	# summing up timestamps and squares of timestamps
83	83	# in order to calculate the rms
84		# using first occurrence of message as offset in calculation to
	84	# using first occurrence of message as offset in calculation to
85	85	# prevent an integer overflow
86	86	$msgs->{$1}->{'sum'} += $time - $msgs->{$1}->{'first_occurrence'};
87	87	$msgs->{$1}->{'sqrsum'} += ($time - $msgs->{$1}->{'first_occurrence'}) ** 2;

104	104
105	105	foreach my $msg (@sorted_msgs) {
106	106	# grouping messages by number of occurrence
107		print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count == $msgs->{$msg}->{'count'};
	107	print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count == $msgs->{$msg}->{'count'};
108	108	my $rms = 0;
109	109
110	110

114	114	if($msgs->{$msg}->{'count'} > 1) {
115	115	# calculating rms
116	116	$rms = int(sqrt(
117		($msgs->{$msg}->{'count'} *
118		$msgs->{$msg}->{'sqrsum'} -
119		$msgs->{$msg}->{'sum'}) /
120		($msgs->{$msg}->{'count'} *
	117	($msgs->{$msg}->{'count'} *
	118	$msgs->{$msg}->{'sqrsum'} -
	119	$msgs->{$msg}->{'sum'}) /
	120	($msgs->{$msg}->{'count'} *
121	121	($msgs->{$msg}->{'count'} - 1))));
122	122
123	123	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}+int($rms/2)));
124	124
125	125	print ' +/-';
126
	126
127	127	# printing rms
128	128	if($rms > 86400) {
129	129	print int($rms/86400) , ' day(s)';

138	138	# we have got this message a single time
139	139	print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}));
140	140	}
141
142		print '] ', $msg, "\n";
	141
	142	print '] ', $msg, "\n";
143	143	$last_count = $msgs->{$msg}->{'count'};
144	144	}
145	145

147	147	}
148	148
149	149	# vi: shiftwidth=3 tabstop=3 et
	150	# Local Variables:
	151	# mode: perl
	152	# perl-indent-level: 3
	153	# indent-tabs-mode: nil
	154	# End:

+11

-6

scripts/services/pix less more

28	28	## Logwatch project reserves the right to not accept such
29	29	## contributions. If you have made significant
30	30	## contributions to this script and want to claim
31		## copyright please contact logwatch-devel@logwatch.org.
	31	## copyright please contact logwatch-devel@lists.sourceforge.net.
32	32	#########################################################
33	33
34	34	use Logwatch ':all';

53	53
54	54	while (defined($ThisLine = <STDIN>)) {
55	55	if ($ThisLine =~ m/^$SearchDate/o) { # added
56
	56
57	57	if ( $Debug >= 30 ) {
58	58	print STDERR "DEBUG($DebugCounter): $ThisLine";
59	59	$DebugCounter++;

62	62	($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
63	63
64	64	if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or
65		($ThisLine =~ /Copyright/ ) or
66		($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
67		($ThisLine =~ /IOS $tm$/ ) or
	65	($ThisLine =~ /Copyright/ ) or
	66	($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
	67	($ThisLine =~ /IOS $tm$/ ) or
68	68	($ThisLine =~ /TAC:Home:SW:IOS:Specials/ )
69	69	) {
70	70	# don't care about this, will code this later

107	107	$source_ip = @testfields[3];
108	108	$source_port = @testfields[4];
109	109	$destination_ip = @testfields[7];
110		$destination_port = @dfields[8];
	110	$destination_port = @dfields[8];
111	111	} else {
112	112	$count = 0;
113	113	}

406	406	exit(0);
407	407
408	408	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	409	# Local Variables:
	410	# mode: perl
	411	# perl-indent-level: 3
	412	# indent-tabs-mode: nil
	413	# End:

+9

-5

scripts/services/pluto less more

30	30	# supported (see http://www.freeswan.org). But it also appears to work
31	31	# with Openswan (http://www.openswan.org), which is described as a code
32	32	# fork of FreeS/WAN.
33		#
	33	#
34	34	# Also, notice that in this script, many variables are set, but not
35	35	# printed. And many logged statements are filtered by this script.
36	36	#

40	40
41	41	# This is a scanner for logwatch (see www.logwatch.org) that processes
42	42	# FreeSWAN's <http://www.freeswan.org/> Pluto log files and attempts to
43		# make some sense out of them.
	43	# make some sense out of them.
44	44	#
45	45	# Please CC suggestions to mcr@freeswan.org and/or design@lists.freeswan.org
46	46
47		# the vendorID hash maps vendor IDs to products. VendorIDs are hashs of
	47	# the vendorID hash maps vendor IDs to products. VendorIDs are hashs of
48	48	# internal stuff from each vendor. Grow this table as you encouter new
49	49	# products.
50	50

61	61	## Logwatch project reserves the right to not accept such
62	62	## contributions. If you have made significant
63	63	## contributions to this script and want to claim
64		## copyright please contact logwatch-devel@logwatch.org.
	64	## copyright please contact logwatch-devel@lists.sourceforge.net.
65	65	#########################################################
66	66
67	67	$vendorID{"p....}..&..i...5..............................."}="KAME/Racoon";

285	285	}
286	286
287	287	# vi: shiftwidth=3 tabstop=3 syntax=perl et
288
	288	# Local Variables:
	289	# mode: perl
	290	# perl-indent-level: 3
	291	# indent-tabs-mode: nil
	292	# End:

+14

-7

scripts/services/pop3 less more

19	19	## Logwatch project reserves the right to not accept such
20	20	## contributions. If you have made significant
21	21	## contributions to this script and want to claim
22		## copyright please contact logwatch-devel@logwatch.org.
	22	## copyright please contact logwatch-devel@lists.sourceforge.net.
23	23	#########################################################
24	24
25	25	my $Debug = $ENV{'LOGWATCH_DEBUG'};

45	45	return $Addr;
46	46	}
47	47	}
48
	48
49	49	if ( $Debug >= 5 ) {
50	50	print STDERR "\n\nDEBUG \n\n";
51	51	}

78	78	($ThisLine =~ /tpop3d startup succeeded$/) or
79	79	($ThisLine =~ /^disconnected, user=/i) or
80	80	($ThisLine =~ /^timeout, user=/i) or
81		($ThisLine =~ /^connection, ip=/i)
82		or ($ThisLine =~ /^Connection, ip=/o)
	81	($ThisLine =~ /^(connection\|disconnected), ip=/io)
83	82	) {
84	83	# Don't care about these...
85	84	} elsif (

124	123	(($User,$Host) = ( $ThisLine =~ /^authentication failed for user (.?) - (.)/ )) or
125	124	(($Host,$User) = ( $ThisLine =~ /^connection_do: client `\[\d+\](.)\/.': username `(.*)': \d authentication failures/ ))
126	125	) {
	126	$LoginFailed{"$Host ($User)"}++;
	127	} elsif (($User,$Host) = ( $ThisLine =~ /^LOGIN FAILED, user=([^,]), ip=\[([0-9.:a-f])\]/ )) {
	128	$Host = LookupIPv46($Host);
127	129	$LoginFailed{"$Host ($User)"}++;
128	130	} elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed: no such user: (.?) - (.)/ ) ) {
129	131	$LoginFailed{"$Host (UNKNOWN: $User)"}++;

246	248	"\n=========================".
247	249	"\n Host (user) \| # ".
248	250	"\n------------------------------------------------------------- \| -----------";
249
	251
250	252	$ConnCount = 0;
251	253	foreach $Host (sort keys %LoginFailed) {
252	254	$Conns = $LoginFailed{$Host};

262	264	"\n=========================".
263	265	"\n Host \| Connections".
264	266	"\n------------------------------------------------------------- \| -----------";
265
	267
266	268	$ConnCount = 0;
267	269	foreach $Host (sort keys %Connection) {
268	270	$Conns = $Connection{$Host};

280	282	"\n============================".
281	283	"\n User \| Logouts \| Downloaded \| Mbox Size".
282	284	"\n--------------------------------------- \| ------- \| ---------- \| ----------";
283
	285
284	286	$ConnCount = 0;
285	287	$SizeAll = 0;
286	288	$DownAll = 0;

394	396
395	397
396	398	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	399	# Local Variables:
	400	# mode: perl
	401	# perl-indent-level: 3
	402	# indent-tabs-mode: nil
	403	# End:

+7

-3

scripts/services/portsentry less more

20	20	## Logwatch project reserves the right to not accept such
21	21	## contributions. If you have made significant
22	22	## contributions to this script and want to claim
23		## copyright please contact logwatch-devel@logwatch.org.
	23	## copyright please contact logwatch-devel@lists.sourceforge.net.
24	24	#########################################################
25	25
26	26	use Logwatch ':ip';

114	114	}
115	115	print "\n";
116	116	}
117
	117
118	118	if ( ($Detail >= 10) and (keys %Exclude) ) {
119	119	print "\nExcluded following ports";
120	120	foreach $mode (sort {$a cmp $b} keys %Exclude) {

147	147	exit(0);
148	148
149	149	# vi: shiftwidth=3 tabstop=3 syntax=perl et
150
	150	# Local Variables:
	151	# mode: perl
	152	# perl-indent-level: 3
	153	# indent-tabs-mode: nil
	154	# End:

+67

-19

scripts/services/postfix less more

0	0	##########################################################################
1		# $Id: postfix,v 1.41 2008/08/11 15:33:53 mike Exp $
	1	# $Id: postfix,v 1.44 2010/09/19 16:40:00 stefan Exp $
2	2	##########################################################################
3	3
4	4	#####################################################

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19	#
20	20	# $Log: postfix,v $
	21	# Revision 1.44 2010/09/19 16:40:00 stefan
	22	# fix: pix workaround in postfix >v2.3, (thanks kabe)
	23	# add: improper Pipeling (thanks kabe)
	24	#
	25	# Revision 1.43 2010/05/15 15:45:36 stefan
	26	# fix: fatal: open database <db>: No such file or directory
	27	#
	28	# Revision 1.42 2010/05/05 11:42:53 stefan
	29	# fix: ignore reload
	30	#
21	31	# Revision 1.41 2008/08/11 15:33:53 mike
22	32	# Lost connection patch from Peter Johnson -mgt
23	33	#

200	210	$Deliverable = 0;
201	211
202	212	while (defined($ThisLine = <STDIN>)) {
203		if (
204		( $ThisLine =~ m/^$re_MsgID: client=([^ ]\[[^ ]\])\s*$/ ) or
	213	if (
	214	( $ThisLine =~ m/^$re_MsgID: client=([^ ]\[[^ ]\])\s*$/ ) or
205	215	( $ThisLine =~ m/^$re_MsgID: message-id/ ) or
206	216	( $ThisLine =~ m/^$re_MsgID: skipped, still being delivered/ ) or
207	217	( $ThisLine =~ m/^$re_MsgID: to=\<.>, relay=., delay=[\d.]+,(?: delays=[\d\/.]+, dsn=[\d.]+,)? status=(?:sent\|deferred)/ ) or

215	225	( $ThisLine =~ m/^SSL_accept error from/ ) or
216	226	( $ThisLine =~ m/^Verified: / ) or
217	227	( $ThisLine =~ m/^cert has expired/ ) or
218		( $ThisLine =~ m/^connect/ ) or
	228	( $ThisLine =~ m/^connect/ ) or
219	229	( $ThisLine =~ m/^daemon started$/ ) or
220	230	( $ThisLine =~ m/^daemon started -- version / ) or
221	231	( $ThisLine =~ m/^dict_eval_action:/ ) or
222		( $ThisLine =~ m/^disconnect/ ) or
	232	( $ThisLine =~ m/^disconnect/ ) or
223	233	( $ThisLine =~ m/^mynetworks:/ ) or
224	234	( $ThisLine =~ m/^name_mask:/ ) or
225		( $ThisLine =~ m/^reload configuration/ ) or
	235	( $ThisLine =~ m/^reload(?: -- version [\d.]+,)? configuration/ ) or
226	236	( $ThisLine =~ m/^setting up TLS connection (from\|to)/ ) or
227	237	( $ThisLine =~ m/^starting TLS engine$/ ) or
228	238	( $ThisLine =~ m/^terminating on signal 15$/ ) or

270	280	# print "bounce message from " . $Dest . " msg : " . $Relay . "\n";
271	281	if ($Relay =~ m/^(none\|local\|avcheck\|127\.0\.0\.1)/) {
272	282	$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
273		$LocalBounce{$Temp}++;
	283	$LocalBounce{$Temp}++;
274	284	} else {
275	285	$Temp = "To " . $Dest . " Msg=\"" . $Msg . "\"";
276	286	$ForeignBounce{$Temp}++;

347	357	$HostnameVerification{$Error}++;
348	358	} elsif ( $ThisLine =~ /^$re_MsgID: removed\s*$/) {
349	359	$RemovedFromQueue++;
350		} elsif ( ($Host) = ($ThisLine =~ /^$re_MsgID: enabling PIX <CRLF>.<CRLF> workaround for ([^ ]\[[^ ]\])$/)) {
	360	#TD 2F38EE3341: enabling PIX <CRLF>.<CRLF> workaround for host.name[111.222.333.444]
	361	#TD 2A34C1123BC4: enabling PIX workarounds: disable_esmtp delay_dotcrlf for host.name[111.222.333.444]:25
	362	} elsif ( ($Host) = ($ThisLine =~ /^$re_MsgID: enabling PIX (?:<CRLF>\.<CRLF> )?workaround(?:s: [a-z_, -]+)? for ([^ ]\[[^ ]\])(?::\d+)?$/)) {
351	363	$PixWorkaround{$Host}++;
352	364	} elsif ( ($Message) = ($ThisLine =~ /warning: valid_hostname: (.*)$/)) {
353	365	$ValidHostname{$Message}++;

361	373	$HeloError{$Error}{$Host}++;
362	374	} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: Illegal address syntax from ([^ ]\[[^ ]\]) in ([^ ]*) command:/)) {
363	375	$IllegalAddressSyntax{$Command}{$Host}++;
	376	} elsif ( ($Command,$Host) = ($ThisLine =~ /^improper command pipelining after ([^ ]) from ([^ ]\[[^ ]*\])/ )) {
	377	$UnauthPipeline{$Command}{$Host}++;
364	378	} elsif ( ($Error) = ($ThisLine =~ /warning: mailer loop: (.*)$/)) {
365	379	$MailerLoop{$Error}++;
366	380	} elsif ( ($Host) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]): SASL .* authentication failed/)) {

373	387	chomp($User);
374	388	$SaslAuth{$Host}{$User}++;
375	389	} elsif ( ($Host) = ($ThisLine =~ /TLS connection established from ([^ ]\[[^ ]\]):/)) {
376		$TLSconnectFrom{$Host}++;
	390	$TLSconnectFrom{$Host}++;
377	391	} elsif ( ($Host) = ($ThisLine =~ /TLS connection established to ([^ ]*):/)) {
378		$TLSconnectTo{$Host}++;
	392	$TLSconnectTo{$Host}++;
379	393	} elsif ( ($Cert) = ($ThisLine =~ /^Unverified: (.*)/)) {
380		$TLSunverified{$Cert}++;
	394	$TLSunverified{$Cert}++;
381	395	} elsif ( ($Domain) = ($ThisLine =~ /warning: malformed domain name in resource data of MX record (.*)$/)) {
382	396	$MxError{$Domain}++;
383	397	} elsif ( ($Host,$Command) = ($ThisLine =~ /warning: ([^ ]\[[^ ]\]) sent .* header instead of ([^ ]*) command: /)) {

405	419	$SizeLimit{"$From -> $To"}++;
406	420	} elsif ( ($Server) = ($ThisLine =~ /^NOQUEUE: reject: MAIL from ([^ ]\[[^ ]\]): 552 Message size exceeds fixed limit; proto=[^ ]* helo=<[^ ]*>$/)) {
407	421	$SizeLimit{"MAIL from $Server"}++;
408		} elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([a-zA-Z0-9\/]+)$/)) {
	422	} elsif ( (undef,$Source) = ($ThisLine =~ /^warning: database ([^ ]*) is older than source file ([\w\/.-]+)$/)) {
409	423	$DatabaseGeneration{$Source}++;
410	424	} elsif ( ($Reason) = ($ThisLine =~ /^warning: $re_MsgID: write queue file: (.*)$/)) {
411	425	$QueueWriteError{$Reason}++;

423	437	$ProcessExit{$Status}{$Process}++;
424	438	} elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ ]): (.)$/)) {
425	439	$ConfigError{$Option}{$Reason}++;
	440	} elsif ( ($db,$Reason) = ($ThisLine =~ /fatal: open database (\S): (.)/) ) {
	441	$Databases{$db}{$Reason}++;
426	442	} elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) {
427	443	# keep this as the next to last condition
428	444	$UnknownWarnings{$Warn}++;

489	505	print "_______\n";
490	506	}
491	507
492		if (keys %ConfigError) {
493		print "\n\nWARNING!!!\n";
	508	if (keys %ConfigError or keys %Databases) {
	509	print "\n\nFATAL!!!\n";
494	510	print "Configuration Errors:\n";
495	511	foreach $Option (sort {$a cmp $b} keys %ConfigError) {
496	512	print " Option: $Option\n";

498	514	print " $Reason: $ConfigError{$Option}{$Reason} Time(s)\n";
499	515	}
500	516	}
	517	foreach $db (sort {$a cmp $b} keys %Databases) {
	518	print " Database: $db\n";
	519	foreach $Reason (sort {$a cmp $b} keys %{$Databases{$db}} ) {
	520	print " $Reason: $Databases{$db}{$Reason} Time(s)\n";
	521	}
	522	}
501	523	}
502	524
503	525	if (keys %QueueWriteError) {

551	573
552	574	if (keys %PixWorkaround) {
553	575	if ($Detail >= 5) {
554		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for:\n";
	576	print "\n\nEnabled PIX workarounds for:\n";
555	577	foreach $Host (sort {$a cmp $b} keys %PixWorkaround) {
556	578	print " $Host : $PixWorkaround{$Host} Time(s)\n";
557	579	}

562	584	foreach $Host (keys %PixWorkaround) {
563	585	$n+=$PixWorkaround{$Host};
564	586	}
565		print "\n\nEnabled PIX <CRLF>.<CRLF> workaround for: $hn Host(s), $n Time(s)";
	587	print "\n\nEnabled PIX workarounds for: $hn Host(s), $n Time(s)";
566	588	}
567	589	}
568	590

1065	1087	}
1066	1088	}
1067	1089
	1090	if (%UnauthPipeline) {
	1091	if ($Detail >= 5) {
	1092	print "\n\nImproper SMTP command pipelining attempts:\n";
	1093	foreach $Command (sort {$a cmp $b} keys %UnauthPipeline) {
	1094	print " In command $Command from:\n";
	1095	foreach $Host (sort {$a cmp $b} keys %{$UnauthPipeline{$Command}} ) {
	1096	print " $Host : $UnauthPipeline{$Command}{$Host} Time(s)\n";
	1097	}
	1098	}
	1099	}
	1100	else {
	1101	$n=0; $hn=0;
	1102	foreach $Command (sort {$a cmp $b} keys %UnauthPipeline) {
	1103	foreach $Host (keys %{$UnauthPipeline{$Command}}) {
	1104	$hn++;
	1105	$n+=$UnauthPipeline{$Command}{$Host};
	1106	}
	1107	}
	1108	print "\n\nImproper SMTP command pipelining attempts: $hn Host(s), $n Time(s)\n";
	1109	}
	1110	}
	1111
1068	1112	if (keys %ConnectionLost) {
1069	1113	print "\n\nConnections lost:\n";
1070	1114	foreach $ThisOne (sort {$a cmp $b} keys %ConnectionLost) {

1191	1235	print "\n\nUnmatched Entries\n\n";
1192	1236	print @OtherList;
1193	1237	}
1194
	1238
1195	1239	exit(0);
1196	1240
1197	1241	# vi: shiftwidth=3 tabstop=3 syntax=perl et
1198
	1242	# Local Variables:
	1243	# mode: perl
	1244	# perl-indent-level: 3
	1245	# indent-tabs-mode: nil
	1246	# End:

+6

-2

scripts/services/pound less more

22	22	## Logwatch project reserves the right to not accept such
23	23	## contributions. If you have made significant
24	24	## contributions to this script and want to claim
25		## copyright please contact logwatch-devel@logwatch.org.
	25	## copyright please contact logwatch-devel@lists.sourceforge.net.
26	26	#########################################################
27	27
28	28	$Debug = $ENV{'LOGWATCH_DEBUG'};

109	109	exit(0);
110	110
111	111	# vi: shiftwidth=3 tabstop=3 syntax=perl et
112
	112	# Local Variables:
	113	# mode: perl
	114	# perl-indent-level: 3
	115	# indent-tabs-mode: nil
	116	# End:

+9

-4

scripts/services/proftpd-messages less more

49	49	# This was written by Simon Liddington for use with Logwatch
50	50	#
51	51	# Please send all comments, suggestions, bug reports,
52		# etc, to logwatch-devel@logwatch.org
	52	# etc, to logwatch-devel@lists.sourceforge.net
53	53	########################################################
54	54
55	55	#######################################################

65	65	## Logwatch project reserves the right to not accept such
66	66	## contributions. If you have made significant
67	67	## contributions to this script and want to claim
68		## copyright please contact logwatch-devel@logwatch.org.
	68	## copyright please contact logwatch-devel@lists.sourceforge.net.
69	69	#########################################################
70	70
71	71	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

210	210	}
211	211	}
212	212	}
213
	213
214	214	if ( (keys %BadPasswds) and ($Detail >= 5) ) {
215	215	print "\n Incorrect Password:\n";
216	216	foreach $ThisOne (sort {$a cmp $b} keys %BadPasswds) {
217	217	print $ThisOne . $BadPasswds{$ThisOne} . " Time(s)\n";
218	218	}
219	219	}
220
	220
221	221	if ( (keys %BadShell) and ($Detail >= 5) ) {
222	222	print "\n Invalid Shell:\n";
223	223	foreach $ThisOne (sort {$a cmp $b} keys %BadShell) {

272	272	exit(0);
273	273
274	274	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	275	# Local Variables:
	276	# mode: perl
	277	# perl-indent-level: 3
	278	# indent-tabs-mode: nil
	279	# End:

+189

-0

scripts/services/puppet less more

	0	#!/usr/bin/perl
	1	##########################################################################
	2	# $Id$
	3	##########################################################################
	4	# $Log$
	5	########################################################
	6	## Copyright (c) 2011 Nathan Crawford
	7	## Covered under the included MIT/X-Consortium License:
	8	## http://www.opensource.org/licenses/mit-license.php
	9	## All modifications and contributions by other persons to
	10	## this script are assumed to have been donated to the
	11	## Logwatch project and thus assume the above copyright
	12	## and licensing terms. If you want to make contributions
	13	## under your own copyright or a different license this
	14	## must be explicitly stated in the contribution and the
	15	## Logwatch project reserves the right to not accept such
	16	## contributions. If you have made significant
	17	## contributions to this script and want to claim
	18	## copyright please contact logwatch-devel@logwatch.org.
	19	#########################################################
	20
	21	# Detail level is currently not used
	22	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	23
	24	# Init counters
	25	$FailedRuns = 0;
	26	$SuccessfulRuns = 0;
	27	$ResourceFailures = 0;
	28	$DependencyFailures = 0;
	29
	30	while (defined($ThisLine = <STDIN>)) {
	31	chomp($ThisLine);
	32	if (
	33	($ThisLine =~ /Using cached catalog/) or
	34	($ThisLine =~ /Caching catalog for /) or
	35	($ThisLine =~ /Caching node for /) or
	36	($ThisLine =~ /Caught TERM; calling stop/) or
	37	($ThisLine =~ /[sS]hutting down/) or
	38	($ThisLine =~ /Reopening log files/) or
	39	($ThisLine =~ /Starting Puppet client version /) or
	40	($ThisLine =~ /Restarting with.+puppetd/) or
	41	($ThisLine =~ /Caught HUP; calling restart/) or
	42	($ThisLine =~ /Skipping because of failed dependencies/) or
	43	($ThisLine =~ /Failed to generate additional resources/) or
	44	($ThisLine =~ /Could not retrieve catalog from remote server/) or
	45	($ThisLine =~ /replacing from source .+ with contents /) or
	46	($ThisLine =~ /Starting catalog run/) or
	47	($ThisLine =~ /Applying configuration version/) or
	48	($ThisLine =~ /Loading facts in/) or
	49	($ThisLine =~ /Retrieving plugin/)
	50	) {
	51	# Ignore
	52	} elsif ($ThisLine =~ /Finished catalog run in [0-9]+\.[0-9]+ seconds/) {
	53	$SuccessfulRuns++;
	54	} elsif ($ThisLine =~ /skipping run/) {
	55	$FailedRuns++;
	56	} elsif ($ThisLine =~ /File\[.+\].+checksum changed/) {
	57	$ThisLine =~ /File\[(.+)\].+checksum changed/;
	58	$ChangedFiles{$1}++;
	59	} elsif ($ThisLine =~ /File\[.+\].+content changed/) {
	60	$ThisLine =~ /File\[(.+)\].+content changed/;
	61	$ChangedFiles{$1}++;
	62	} elsif ($ThisLine =~ /File\[.+\].+created/) {
	63	$ThisLine =~ /File\[(.+)\].+created/;
	64	$CreatedFiles{$1}++;
	65	} elsif ($ThisLine =~ /File\[.+\].+removed/) {
	66	$ThisLine =~ /File\[(.+)\].+removed/;
	67	$RemovedFiles{$1}++;
	68	} elsif (
	69	($ThisLine =~ /Failed to retrieve current state of resource/) or
	70	($ThisLine =~ /Package.+ensure.+Could not find package/) or
	71	($ThisLine =~ /File\[.+\].+ Could not describe /) or
	72	($ThisLine =~ /File\[.+\].+ No specified sources exist/)
	73	) {
	74	$ResourceFailures++;
	75	} elsif ($ThisLine =~ /Package\[.+\].+ensure changed/) {
	76	$ThisLine =~ /Package\[(.+)\].+ensure changed/;
	77	$ChangedPackages{$1}++;
	78	} elsif ($ThisLine =~ /Package\[.+\].+ensure\) created/) {
	79	$ThisLine =~ /Package\[(.+)\].+ensure\) created/;
	80	$InstalledPackages{$1}++;
	81	} elsif ($ThisLine =~ /Package\[.+\].+ensure\) removed/) {
	82	$ThisLine =~ /Package\[(.+)\].+ensure\) removed/;
	83	$RemovedPackages{$1}++;
	84	} elsif ($ThisLine =~ /Exec\[.+\].+executed successfully/) {
	85	$ThisLine =~ /Exec\[(.+)\].+executed successfully/;
	86	$ExecRuns{$1}++;
	87	} elsif ($ThisLine =~ /Exec\[.+\].+Triggering 'refresh' from [0-9]+ dependencies/) {
	88	$ThisLine =~ /Exec\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/;
	89	$ExecRuns{$1}++;
	90	} elsif ($ThisLine =~ /Service\[.+\].+ensure changed \'.+\' to \'running\'/) {
	91	$ThisLine =~ /Service\[(.+)\].+ensure changed \'.+\' to \'running\'/;
	92	$ServiceStarts{$1}++;
	93	} elsif ($ThisLine =~ /Service\[.+\].+Triggering 'refresh' from [0-9]+ dependencies/) {
	94	$ThisLine =~ /Service\[(.+)\].+Triggering 'refresh' from [0-9]+ dependencies/;
	95	$ServiceStarts{$1}++;
	96	} elsif ($ThisLine =~ /Dependency .+\[.+\] has [0-9]+ failure/) {
	97	$DependencyFailures++;
	98	} else {
	99	# Report any unmatched entries...
	100	$OtherList{$ThisLine}++;
	101	}
	102	}
	103
	104	#######################################
	105
	106	if ($SuccessfulRuns > 0 && $Detail > 0) {
	107	print "\nSuccessful runs: $SuccessfulRuns\n";
	108	}
	109
	110	if ($FailedRuns > 0) {
	111	print "\nFailed runs: $FailedRuns\n";
	112	}
	113
	114	if (keys %CreatedFiles) {
	115	print "\nCreated files:\n";
	116	foreach $ThisOne (keys %CreatedFiles) {
	117	print "$ThisOne: $CreatedFiles{$ThisOne} Time(s)\n";
	118	}
	119	}
	120
	121	if (keys %ChangedFiles) {
	122	print "\nChanged files:\n";
	123	foreach $ThisOne (keys %ChangedFiles) {
	124	print "$ThisOne: $ChangedFiles{$ThisOne} Time(s)\n";
	125	}
	126	}
	127
	128	if (keys %RemovedFiles) {
	129	print "\nRemoved files:\n";
	130	foreach $ThisOne (keys %RemovedFiles) {
	131	print "$ThisOne: $RemovedFiles{$ThisOne} Time(s)\n";
	132	}
	133	}
	134
	135	if (keys %InstalledPackages) {
	136	print "\nInstalled packages:\n";
	137	foreach $ThisOne (keys %InstalledPackages) {
	138	print "$ThisOne: $InstalledPackages{$ThisOne} Time(s)\n";
	139	}
	140	}
	141
	142	if (keys %ChangedPackages) {
	143	print "\nChanged packages:\n";
	144	foreach $ThisOne (keys %ChangedPackages) {
	145	print "$ThisOne: $ChangedPackages{$ThisOne} Time(s)\n";
	146	}
	147	}
	148
	149	if (keys %RemovedPackages) {
	150	print "\nRemoved packages:\n";
	151	foreach $ThisOne (keys %RemovedPackages) {
	152	print "$ThisOne: $RemovedPackages{$ThisOne} Time(s)\n";
	153	}
	154	}
	155
	156	if (keys %ExecRuns) {
	157	print "\nExec runs:\n";
	158	foreach $ThisOne (keys %ExecRuns) {
	159	print "$ThisOne: $ExecRuns{$ThisOne} Time(s)\n";
	160	}
	161	}
	162
	163	if (keys %ServiceStarts) {
	164	print "\nService starts:\n";
	165	foreach $ThisOne (keys %ServiceStarts) {
	166	print "$ThisOne: $ServiceStarts{$ThisOne} Time(s)\n";
	167	}
	168	}
	169
	170	if ($ResourceFailures > 0) {
	171	print "\nResource failures: $ResourceFailures\n";
	172	}
	173
	174	if ($DependencyFailures > 0) {
	175	print "\nDependency failures: $DependencyFailures\n";
	176	}
	177
	178	if (keys %OtherList) {
	179	print "\nUnmatched Entries\n";
	180	foreach $ThisOne (keys %OtherList) {
	181	print "$ThisOne: $OtherList{$ThisOne} Time(s)\n";
	182	}
	183	}
	184
	185	exit(0);
	186
	187	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	188

+8

-4

scripts/services/pureftpd less more

52	52	## Logwatch project reserves the right to not accept such
53	53	## contributions. If you have made significant
54	54	## contributions to this script and want to claim
55		## copyright please contact logwatch-devel@logwatch.org.
	55	## copyright please contact logwatch-devel@lists.sourceforge.net.
56	56	#########################################################
57	57
58	58	##########################################################################

151	151	if ($ShowDataStats) {
152	152	foreach $Direction (keys %{$Stats}) {
153	153	print "\nTransfer statistics - $Direction files:\n";
154
	154
155	155	print "\t$Stats->{$Direction}->{files_count} $Direction files\n";
156	156	printf "\t%.2f $Direction MB\n", ($Stats->{$Direction}->{'files_size'}/1024)/1024;
157	157	if ($Stats->{$Direction}->{speed}) {

178	178	}
179	179	}
180	180	}
181		}
	181	}
182	182	}
183	183
184	184	if (keys %SecureAnon) {

205	205	exit(0);
206	206
207	207	# vi: shiftwidth=3 tabstop=3 syntax=perl et
208
	208	# Local Variables:
	209	# mode: perl
	210	# perl-indent-level: 3
	211	# indent-tabs-mode: nil
	212	# End:

+6

-2

scripts/services/qmail less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

158	158	exit(0);
159	159
160	160	# vi: shiftwidth=3 tabstop=3 syntax=perl et
161
	161	# Local Variables:
	162	# mode: perl
	163	# perl-indent-level: 3
	164	# indent-tabs-mode: nil
	165	# End:

+7

-1

scripts/services/qmail-pop3d less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

162	162
163	163	exit(0);
164	164
	165	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	166	# Local Variables:
	167	# mode: perl
	168	# perl-indent-level: 3
	169	# indent-tabs-mode: nil
	170	# End:

+7

-1

scripts/services/qmail-pop3ds less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

145	145
146	146	exit(0);
147	147
	148	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	149	# Local Variables:
	150	# mode: perl
	151	# perl-indent-level: 3
	152	# indent-tabs-mode: nil
	153	# End:

+8

-1

scripts/services/qmail-send less more

25	25	## Logwatch project reserves the right to not accept such
26	26	## contributions. If you have made significant
27	27	## contributions to this script and want to claim
28		## copyright please contact logwatch-devel@logwatch.org.
	28	## copyright please contact logwatch-devel@lists.sourceforge.net.
29	29	#########################################################
30	30
31	31	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

475	475	}
476	476
477	477	exit(0);
	478
	479	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	480	# Local Variables:
	481	# mode: perl
	482	# perl-indent-level: 3
	483	# indent-tabs-mode: nil
	484	# End:

+24

-19

scripts/services/qmail-smtpd less more

47	47	## Logwatch project reserves the right to not accept such
48	48	## contributions. If you have made significant
49	49	## contributions to this script and want to claim
50		## copyright please contact logwatch-devel@logwatch.org.
	50	## copyright please contact logwatch-devel@lists.sourceforge.net.
51	51	#########################################################
52	52
53	53	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

163	163	$Domains{$remote} = $remotedomain if($remotedomain);
164	164	$ChkuserRejectsTo{$to}++;
165	165	$ChkuserRejectsReason{$reason}++;
166
	166
167	167	$TotalReject++;
168	168	# remove it from previous parse
169	169	if ( defined( $From{$from} ) ) {

304	304	}
305	305	$Totalscantimeattach += $scantime;
306	306	}
307
	307
308	308	# simscan-1.2 attach
309	309	elsif ( ($scantime, $attach, $attachfrom, $attachto ) = ($ThisLine =~ /simscan:\[\d+\]:ATTACH:(.)s:(.):.:(.):(.*)/)) {
310	310	$SimscanTotal++;

339	339	$SimscanPassthruIpFrom{$passthruipfrom}++;
340	340	$SimscanPassthruFrom{$passthrufrom}++;
341	341	$SimscanPassthruTo{$passthruto}++;
342		$SimscanPassthruTotal++;
	342	$SimscanPassthruTotal++;
343	343	}
344	344	if ($Maxscantimespam < $scantime) {
345	345	$Maxscantimespam = $scantime;

444	444	}
445	445	if (($SimscanRegexThreshold < 0) or ($SimscanRegexThreshold eq '')) {
446	446	$SimscanRegexThreshold = $QmailThreshold;
447		}
	447	}
448	448	if (($SimscanPassthruIpFromThreshold < 0) or ($SimscanPassthruIpFromThreshold eq '')) {
449	449	$SimscanPassthruIpFromThreshold = $QmailThreshold;
450	450	}

623	623	print "\t" . "None found above the threshold\n";
624	624	}
625	625	}
626
	626
627	627	if ( (keys %ChkuserRejectsTo) ) {
628	628	print "\nChkuser Rejects To (Threshold of " . $ChkuserRejectsToThreshold . "):\n";
629	629	$threshold_reached=0;

642	642	print "\t" . "None found above the threshold\n";
643	643	}
644	644	}
645
	645
646	646	if ( (keys %ChkuserRejectsRemote) ) {
647	647	print "\nChkuser Rejects Remote (Threshold of " . $ChkuserRejectsRemoteThreshold . "):\n";
648	648	$threshold_reached=0;

682	682	print "\t" . "None found above the threshold\n";
683	683	}
684	684	}
685
	685
686	686	if ( (keys %ChkuserRejectsRelayTo) ) {
687	687	print "\nChkuser Rejects Relay To (Threshold of " . $ChkuserRejectsRelayToThreshold . "):\n";
688	688	$threshold_reached=0;

701	701	print "\t" . "None found above the threshold\n";
702	702	}
703	703	}
704
	704
705	705	if ( (keys %ChkuserRejectsRelayRemote) ) {
706	706	print "\nChkuser Rejects Relay Remote (Threshold of " . $ChkuserRejectsRelayRemoteThreshold . "):\n";
707	707	$threshold_reached=0;

763	763	print "\t" . "None found above the threshold\n";
764	764	}
765	765	}
766
	766
767	767	if ( (keys %ChkuserAcceptsTo) ) {
768	768	print "\nChkuser Accepts to (Threshold of " . $ChkuserAcceptsToThreshold . "):\n";
769	769	$threshold_reached=0;

803	803	print "\t" . "None found above the threshold\n";
804	804	}
805	805	}
806
	806
807	807	if ( (keys %ChkuserAcceptsRelayTo) ) {
808	808	print "\nChkuser Accepts Relay to (Threshold of " . $ChkuserAcceptsRelayToThreshold . "):\n";
809	809	$threshold_reached=0;

843	843	print "\t" . "None found above the threshold\n";
844	844	}
845	845	}
846
	846
847	847	if ( (keys %ChkuserNoAuthResourceTo) ) {
848	848	print "\nChkuser No Auth resource to (Threshold of " . $ChkuserNoAuthResourceThreshold . "):\n";
849	849	$threshold_reached=0;

862	862	print "\t" . "None found above the threshold\n";
863	863	}
864	864	}
865
	865
866	866	if ( (keys %ChkuserOverquotaTo) ) {
867	867	print "\nChkuser Over Quota (Threshold of " . $ChkuserOverquotaThreshold . "):\n";
868	868	$threshold_reached=0;

881	881	print "\t" . "None found above the threshold\n";
882	882	}
883	883	}
884
	884
885	885	if ( (keys %ChkuserRejectedIntrusionFrom) ) {
886	886	print "\nChkuser Rejected Intrusions from (Threshold of " . $ChkuserRejectedIntrusionThreshold . "):\n";
887	887	$threshold_reached=0;

900	900	print "\t" . "None found above the threshold\n";
901	901	}
902	902	}
903
	903
904	904	if ( (keys %ChkuserRejectedIntrusionTo) ) {
905	905	print "\nChkuser Rejected Intrusions to (Threshold of " . $ChkuserRejectedIntrusionThreshold . "):\n";
906	906	$threshold_reached=0;

1235	1235	print "\t" . "None found above the threshold\n";
1236	1236	}
1237	1237	}
1238
	1238
1239	1239	# simscan passthru from
1240	1240	if ( (keys %SimscanPassthruFrom) ) {
1241	1241	print "\nSimscan Passthru From (Threshold of " . $SimscanPassthruFromThreshold . "):\n";

1255	1255	print "\t" . "None found above the threshold\n";
1256	1256	}
1257	1257	}
1258
	1258
1259	1259	# simscan passthru to
1260	1260	if ( (keys %SimscanPassthruTo) ) {
1261	1261	print "\nSimscan Passthru To (Threshold of " . $SimscanPassthruToThreshold . "):\n";

1316	1316	print "\t" . "None found above the threshold\n";
1317	1317	}
1318	1318	}
1319
	1319
1320	1320	# simscan spamreject to
1321	1321	if ( (keys %SimscanSpamrejectTo) ) {
1322	1322	print "\nSimscan Spam reject To (Threshold of " . $SimscanSpamRejectToThreshold . "):\n";

1378	1378	print "\t" . "None found above the threshold\n";
1379	1379	}
1380	1380	}
1381
	1381
1382	1382	# simscan spamdropped to
1383	1383	if ( (keys %SimscanSpamdroppedTo) ) {
1384	1384	print "\nSimscan Spam dropped To (Threshold of " . $SimscanSpamDroppedToThreshold . "):\n";

1565	1565	exit(0);
1566	1566
1567	1567	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	1568	# Local Variables:
	1569	# mode: perl
	1570	# perl-indent-level: 3
	1571	# indent-tabs-mode: nil
	1572	# End:

+6

-2

scripts/services/raid less more

10	10	# Logwatch project reserves the right to not accept such
11	11	# contributions. If you have made significant
12	12	# contributions to this script and want to claim
13		# copyright please contact logwatch-devel@logwatch.org.
	13	# copyright please contact logwatch-devel@lists.sourceforge.net.
14	14	########################################################
15	15
16	16	while (defined($_ = <STDIN>)) {

45	45	}
46	46
47	47	# vi: shiftwidth=3 tabstop=3 syntax=perl et
48
	48	# Local Variables:
	49	# mode: perl
	50	# perl-indent-level: 3
	51	# indent-tabs-mode: nil
	52	# End:

+10

-6

scripts/services/resolver less more

10	10	#
11	11	#Redistribution and use in source and binary forms, with or without
12	12	#modification, are permitted provided that the following conditions are met:
13		#
	13	#
14	14	#* Redistributions of source code must retain the above copyright notice,
15	15	# this list of conditions and the following disclaimer.
16		#
	16	#
17	17	#* Redistributions in binary form must reproduce the above copyright
18	18	# notice, this list of conditions and the following disclaimer in the
19	19	# documentation and/or other materials provided with the distribution.
20		#
	20	#
21	21	#* Neither the name of Sparta, Inc nor the names of its contributors may
22	22	# be used to endorse or promote products derived from this software
23	23	# without specific prior written permission.
24		#
	24	#
25	25	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
26	26	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27	27	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

58	58	$nonextValOK++;
59	59	} elsif ($ThisLine =~ /validation OK/) {
60	60	$valOK++;
61		}
	61	}
62	62	}
63	63
64	64	if ($detail >= 5) {

85	85	exit (0);
86	86
87	87	# vi: shiftwidth=3 tabstop=3 et
88
	88	# Local Variables:
	89	# mode: perl
	90	# perl-indent-level: 3
	91	# indent-tabs-mode: nil
	92	# End:

+6

-2

scripts/services/rt314 less more

29	29	## Logwatch project reserves the right to not accept such
30	30	## contributions. If you have made significant
31	31	## contributions to this script and want to claim
32		## copyright please contact logwatch-devel@logwatch.org.
	32	## copyright please contact logwatch-devel@lists.sourceforge.net.
33	33	#########################################################
34	34
35	35	use Socket;

164	164	exit(0);
165	165
166	166	# vi: shiftwidth=3 tabstop=3 syntax=perl et
167
	167	# Local Variables:
	168	# mode: perl
	169	# perl-indent-level: 3
	170	# indent-tabs-mode: nil
	171	# End:

+13

-8

scripts/services/samba less more

72	72	## Logwatch project reserves the right to not accept such
73	73	## contributions. If you have made significant
74	74	## contributions to this script and want to claim
75		## copyright please contact logwatch-devel@logwatch.org.
	75	## copyright please contact logwatch-devel@lists.sourceforge.net.
76	76	#########################################################
77	77
78	78	$Debug = $ENV{'LOGWATCH_DEBUG'};

92	92
93	93	while (defined($ThisLine = <STDIN>)) {
94	94	chomp($ThisLine);
95		if (
	95	if (
96	96	($ThisLine =~ /smbd\/server\.c:open_sockets_smbd$\d+$ Reloading services after SIGHUP/) or
97	97	($ThisLine =~ /lib\/util_sock\.c:get_peer_addr$\d+$ getpeername failed\. Error was (Transport endpoint\|Socket) is not connected/) or
98	98	($ThisLine =~ /add_domain_logon_names/) or

131	131	($ThisLine =~ /lib\/access\.c:check_access$\d+$$/) or
132	132	($ThisLine =~ /lib\/access\.c:check_access$\d+$ Allowed connection from/) or
133	133	($ThisLine =~ /smbd\/close\.c:close_normal_file$\d+$ .+ closed file/) or
134		($ThisLine =~ /smbd\/open\.c:open_file$\d+$ .+ opened file/) or
	134	($ThisLine =~ /smbd\/open\.c:open_file$\d+$ .+ opened file/) or
135	135	($ThisLine =~ /smbd\/process.c:timeout_processing$\d+$ Closing idle connection/) or
136	136	($ThisLine =~ /nmbd\/nmbd_browsesync\.c:sync_with_dmb$\d+$ sync_with_dmb: Initiating sync with domain master browser/) or
137	137	($ThisLine =~ /param\/loadparm\.c:do_section$\d+$ Processing section/) or

140	140	($ThisLine =~ /smbd\/reply\.c:reply_special$\d+$ netbios connect: name1=.+ /) or
141	141	($ThisLine =~ /nmbd\/nmbd_browsesync\.c:announce_local_master_browser_to_domain_master_browser$\d+$ announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup .+ /) or
142	142	($ThisLine =~ /auth\/auth\.c:check_ntlm_password$\d+$ check_ntlm_password: authentication for user \[.+\] -> \[.+\] -> \[.+\] succeeded/) or
143		($ThisLine =~ /rpc_server\/srv_samr_nt\.c:_samr_lookup_domain$d+$ Returning domain sid for domain ([^ ]) -> ([^ ])/) or
	143	($ThisLine =~ /rpc_server\/srv_samr_nt\.c:_samr_lookup_domain$d+$ Returning domain sid for domain ([^ ]) -> ([^ ])/) or
144	144	($ThisLine =~ /===============================================================/)
145	145	) {
146	146	#Don't care about these...

181	181	$SocketReadError++;
182	182	} elsif (
183	183	( $ThisLine =~ /lib\/util_sock.c:write_socket$\d+$ write_socket: Error writing \d bytes to socket/ ) or
184		( $ThisLine =~ /lib\/util_sock.c:write_socket_data$\d+$ write_socket_data: write failure./ ) or
	184	( $ThisLine =~ /lib\/util_sock.c:write_socket_data$\d+$ write_socket_data: write failure./ ) or
185	185	( $ThisLine =~ /lib\/util_sock.c:send_smb$\d+$ Error writing \d+ bytes to client. / )
186	186	) {
187	187	# Something more generic should be here

250	250	} elsif ( ($SID,$dsid) = ($ThisLine =~ /User administrator has Primary Group SID ([^ ]+), which conflicts with the domain sid ([^ ]+). Failing operation.$/)) {
251	251	$SIDnotvalid{"$SID,$dsid"}++;
252	252	} elsif ( ($Addr) = ($ThisLine =~ /libsmb\/cliconnect.c:cli_connect$[0-9]+$ Error connecting to ([0-9.]*) $Connection refused$/)) {
253		$RefConnect{$Addr}++;
	253	$RefConnect{$Addr}++;
254	254	} elsif ( ($Name) = ($ThisLine =~ /passdb\/pdb_smbpasswd.c:startsmbfilepwent$[0-9]+$ startsmbfilepwent_internal: file ([^ ]*) did not exist. File successfully created./)) {
255	255	$CrFile{$Name}++;
256	256	} elsif ( ($user,$file,$read,$write) = ($ThisLine =~ /(\S+) opened file (\S+) read=(\w+) write=(\w+)/)) {

327	327	}
328	328	} else {
329	329	foreach $Ho (sort {$a cmp $b} keys %{$Connect{$Serv}{$Us}}) {
330		print " $Ho " . (" " x (25 - length($Ho))) . ":
	330	print " $Ho " . (" " x (25 - length($Ho))) . ":
331	331	$Connect{$Serv}{$Us}{$Ho} Time(s)\n";
332	332	}
333	333	}

408	408	}
409	409	}
410	410	}
411
	411
412	412
413	413	if (keys %ForceElection) {
414	414	print "\nForced Election:\n";

575	575	exit(0);
576	576
577	577	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	578	# Local Variables:
	579	# mode: perl
	580	# perl-indent-level: 3
	581	# indent-tabs-mode: nil
	582	# End:

+10

-4

scripts/services/saslauthd less more

37	37	## Logwatch project reserves the right to not accept such
38	38	## contributions. If you have made significant
39	39	## contributions to this script and want to claim
40		## copyright please contact logwatch-devel@logwatch.org.
	40	## copyright please contact logwatch-devel@lists.sourceforge.net.
41	41	#########################################################
42	42
43	43	########################################################

45	45	# Pawe³ Go³aszewski <blues@ds.pg.gda.pl>
46	46	#
47	47	# Please send all comments, suggestions, bug reports,
48		# logwatch-devel@logwatch.org
	48	# logwatch-devel@lists.sourceforge.net
49	49	#
50	50	########################################################
51	51

57	57	$Shutdowns = 0;
58	58
59	59	while (defined($ThisLine = <STDIN>)) {
60		if (
	60	if (
61	61	( $ThisLine =~ m/^DEBUG: / ) or
62		( $ThisLine =~ m/^ipc_init : listening on socket:/ )
	62	( $ThisLine =~ m/^ipc_init : listening on socket:/ ) or
	63	( $ThisLine =~ m/^pam_unix/ )
63	64	) {
64	65	# We don't care about these
65	66	} elsif ( ($User,$Service,$Realm,$Mechanism,$Reason) = ($ThisLine =~ /^do_auth : auth failure: \[user=(.)\] \[service=([^ ])\] \[realm=([^ ])\] \[mech=([^ ])\] \[reason=(.*)\]$/) ) {

108	109	exit(0);
109	110
110	111	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	112	# Local Variables:
	113	# mode: perl
	114	# perl-indent-level: 3
	115	# indent-tabs-mode: nil
	116	# End:

+13

-8

scripts/services/scsi less more

34	34	## Logwatch project reserves the right to not accept such
35	35	## contributions. If you have made significant
36	36	## contributions to this script and want to claim
37		## copyright please contact logwatch-devel@logwatch.org.
	37	## copyright please contact logwatch-devel@lists.sourceforge.net.
38	38	#########################################################
39	39
40	40	########################################################

44	44	# Heavily based on sshd script
45	45	#
46	46	# Please send all comments, suggestions, bug reports,
47		# etc, to logwatch-devel@logwatch.org
	47	# etc, to logwatch-devel@lists.sourceforge.net
48	48	########################################################
49	49
50	50	use strict;

63	63
64	64	while (defined(my $ThisLine = <STDIN>)) {
65	65
66		if ( $Debug >= 5 ) {
	66	if ( $Debug >= 5 ) {
67	67	print STDERR "DEBUG($DebugCounter): $ThisLine";
68	68	$DebugCounter++;
69	69	}

72	72	($ThisLine =~ m/target/) # startup
73	73	) {
74	74	# Ignore these
75		} elsif ( ($ThisLine =~ m/WARNING:/) or
	75	} elsif ( ($ThisLine =~ m/WARNING:/) or
76	76	($ThisLine =~ m/Requested Block:/) or
77		($ThisLine =~ m/Sense Key:/) or
78		($ThisLine =~ m/Vendor:/) or
79		($ThisLine =~ m/ASC:/)
	77	($ThisLine =~ m/Sense Key:/) or
	78	($ThisLine =~ m/Vendor:/) or
	79	($ThisLine =~ m/ASC:/)
80	80	) {
81	81	$ListDiskWarning{$ThisLine} += 1;
82		if ( $ThisLine =~ m/WARNING:/ )
	82	if ( $ThisLine =~ m/WARNING:/ )
83	83	{
84	84	$Diskwarning++;
85	85	}

105	105	exit(0);
106	106
107	107	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	108	# Local Variables:
	109	# mode: perl
	110	# perl-indent-level: 3
	111	# indent-tabs-mode: nil
	112	# End:

+37

-15

scripts/services/secure less more

0	0	#########################################################################
1		# $Id: secure,v 1.85 2009/06/02 14:59:58 mike Exp $
	1	# $Id: secure,v 1.86 2009/11/14 16:26:41 kirk Exp $
2	2	##########################################################################
3	3	# $Log: secure,v $
	4	# Revision 1.86 2009/11/14 16:26:41 kirk
	5	# * empty log message *
	6	#
4	7	# Revision 1.85 2009/06/02 14:59:58 mike
5	8	# Fedora patch from Ivan Varekova -mgt
6	9	#

160	163	## Logwatch project reserves the right to not accept such
161	164	## contributions. If you have made significant
162	165	## contributions to this script and want to claim
163		## copyright please contact logwatch-devel@logwatch.org.
	166	## copyright please contact logwatch-devel@lists.sourceforge.net.
164	167	#########################################################
165	168
166	169	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

188	191
189	192	#current sarge
190	193	if ($ThisLine =~ /^[^ :]*:( [0-9:\[\]\.]+\|) $pam_(unix\|securetty)$/i ) {next; }
191
	194
192	195	#Woody - specific, thanks to Michael Stovenour
193	196	if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; }
194	197

197	200	( $ThisLine =~ /pam_rhosts_auth$[^$]+\): allowed to [^ ]+ as \w+/) or
198	201	( $ThisLine =~ /^(.*)$pam_unix$/) or
199	202	( $ThisLine =~ /pam_unix$.:.$/) or
	203	( $ThisLine =~ /pam_sss$.:.$/) or
200	204	( $ThisLine =~ m/^[^ ]+\[\d+\]: connect from localhost$/ ) or
201	205	( $ThisLine =~ /^\/usr\/bin\/sudo:/) or
202	206	( $ThisLine =~ /^halt:/) or

214	218	( $ThisLine =~ /com.apple.SecurityServer: Entering service/) or
215	219	( $ThisLine =~ /^(xinetd\|xinetd-ipv6)\[\d+\]: EXIT: /) or
216	220	( $ThisLine =~ /^crond$\w+$\[\d+\]: session /) or
	221	( $ThisLine =~ /pam_systemd$.+:session$: Moving/) or
217	222	( $ThisLine =~ /^sshd$\w+$\[\d+\]: authentication failure/) or
218	223	( $ThisLine =~ /^sshd$\w+$\[\d+\]: check pass; user unknown/) or
219	224	( $ThisLine =~ /^sshd$\w+$\[\d+\]: session /) or

233	238	( $ThisLine =~ /pam_timestamp$?[^ ]*$?: timestamp file `([^ ]+)' (has unacceptable age $\d+ seconds$\|is older than oldest login), disallowing access to ([^ ]+) for user ([^ ]+)/) or
234	239	( $ThisLine =~ /userhelper\[\d+\]: running '([^ ]+)' with [^ ]+ context/) or
235	240	( $ThisLine =~ /pam_timestamp$.:session$: updated timestamp file `\/var\/run\/sudo.'/) or
236		( $ThisLine =~ /[^ ]: pam_keyinit(.:.): Unable to change GID to [0-9] temporarily/) or
	241	( $ThisLine =~ /[^ ]: pam_keyinit(.:.): Unable to change GID to [0-9] temporarily/) or
237	242	( $ThisLine =~ /password check failed for user $[a-zA-Z]*$/) or
238	243	( $ThisLine =~ /PAM pam_set_item: attempt to set conv to NULL/) or
239	244	( $ThisLine =~ /PAM pam_get_item: nowhere to place requested item/) or

242	247	( $ThisLine =~ /vmware-authd\[[0-9]+\]: PAM \[error: [^ ]+ cannot open shared object file: No such file or directory\]/) or
243	248	( $ThisLine =~ /vmware-authd\[[0-9]+\]: PAM adding faulty module: [^ ]+/) or
244	249	( $ThisLine =~ /Connection closed by/) or
245		( $ThisLine =~ /sshd.*: Accepted \S+ for \S+ from [\d\.:a-f]+ port \d+/) or # ssh script reads this log
	250	( $ThisLine =~ /sshd.*: Accepted \S+ for \S+ from [\d\.:a-f]+ port \d+/) or # ssh script reads this log
246	251	( $ThisLine =~ /userhelper.: running (.) with context (.*)/) or
247	252	( $ThisLine =~ /userhelper.: pam_thinkfinger(.): conversation failed/) or
248	253	( $ThisLine =~ /su: PAM [0-9] more authentication failure; .*/) or

272	277	$FailedLogins->{$User}->{$Host}++;
273	278	} elsif ( ($Service,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: connect(ion)? from "?(\d+\.\d+\.\d+\.\d+).*/) ) {
274	279	$Name = LookupIP($IP);
275		if ($Summarize =~ /\Q$Service\E/) {
	280	if ($Summarize =~ /\Q$Service\E/) {
276	281	$Connections->{$Service}++;
277	282	} else {
278	283	$Connections->{$Service}->{$Name}++;

295	300	} elsif ( ($Service,$Name) = ($ThisLine =~ /^([^ ]+)\[\d+\]: refused connect from (.*)$/) ) {
296	301	$Refused->{$Service}->{$Name}++;
297	302	} elsif ( ($Service,$Name) = ($ThisLine =~ /^([^ ]+)\[\d+\]: connect from ([^\n]+)$/) ) {
298		if ($Summarize =~ /\Q$Service\E/) {
	303	if ($Summarize =~ /\Q$Service\E/) {
299	304	$Connections->{$Service}++;
300	305	} else {
301	306	$Connections->{$Service}->{$Name}++;
302	307	}
303	308	} elsif ( (undef, $Service, $IP) = ($ThisLine =~ /^(xinetd\|xinetd-ipv6)\[\d+\]: START: ([^ ]+) pid=\d+ from=([^\n]+)$/) ) {
304	309	if ($Ignore =~ /\b\Q$Service\E\b/i) { next; }
305		if ($Summarize =~ /\Q$Service\E/) {
	310	if ($Summarize =~ /\Q$Service\E/) {
306	311	$Connections->{$Service}++;
307	312	} else {
308	313	# the following is intended for the <no address> string, but captures

391	396	# sudo unauthorized commands
392	397	push @SudoList, "$1: $3\n" unless ($2 eq "");
393	398	} elsif ( ($service, $from) = ($ThisLine =~ /^xinetd\[\d+\]: FAIL: (.+) (?:address\|libwrap\|service_limit\|connections per second) from=([\d.]+)/)) {
394		if ($Ignore =~ /\b\Q$service\E\b/i) { next; }
	399	if ($Ignore =~ /\b\Q$service\E\b/i) { next; }
395	400	$Refused->{$service}->{$from}++;
396	401	} elsif ( ($from, $service, $user) = ($ThisLine =~ /^pam_abl\[\d+\]: Blocking access from (.+) to service (.+), user (.+)/)) {
397	402	if ($Detail >= 5) {

441	446	} elsif ($ThisLine =~ /^pam_pwdfile\[\d+\]: password too short or NULL/) {
442	447	$pwd_file_too_short++;
443	448	} elsif ( ($User,$Su) = ($ThisLine =~ /^su: ([^ ]+) to ([^ ]+) on \/dev\/ttyp([0-9a-z]+)/) ) {
444		$Su_User{$User}{$Su}++;
	449	$Su_User{$User}{$Su}++;
445	450	} elsif ( ($Su,$User) = ($ThisLine =~ /^su: $to ([^ ]+)$ ([^ ]+) on (?:none\|\/dev\/(pts\/\|ttyp)([0-9]+))/) ) {
446	451	$Su_User{$User}{$Su}++;
447	452	} elsif ( ($Su,$User) = ($ThisLine =~ /^su\[\d+\]: Successful su for (\S+) by (\S+)/) ) {

451	456	} elsif ( ($User) = $ThisLine =~ /change user `([^']+)' password/) {
452	457	$PwdChange{"$User"}++;
453	458	} elsif ( ($User) = ($ThisLine =~ /^cvs: password mismatch for ([^']+): ([^']+) vs. ([^']+)/) ){
454		$cvs_passwd_mismatch{$User}++;
	459	$cvs_passwd_mismatch{$User}++;
455	460	} elsif ( ($User,$From,$To) = ($ThisLine =~ /usermod\[[0-9]\]: change user `([^ ])' shell from `([^ ])' to `([^ ])'/) ) {
456	461	$ChangedShell{"$User,$From,$To"}++;
457	462	} elsif ( ($Name1,$Name2) = ($ThisLine =~ /usermod\[[0-9]\]: change user name `([^ ])' to `([^ ]*)'/)) {
458		$ChangedUserName{"$Name1,$Name2"}++;
	463	$ChangedUserName{"$Name1,$Name2"}++;
459	464	} elsif (($Name,$GID) = ($ThisLine =~ /change GID for `([^ ])' to ([0-9])/)) {
460	465	$ChangedGID{"$Name,$GID"}++;
461	466	} elsif (($Name,$UID1,$UID2) = ($ThisLine =~ /change user `([^ ])' UID from `([0-9])' to `([^ ]*)'/)) {

470	475	} elsif ( ($User) = ($ThisLine =~ /useradd.failed adding user `(.)', data deleted/) ) {# failed adding user/)) {# (.*), data deleted/)) {
471	476	# useradd: failed adding user `rpcuser', data deleted
472	477	$FailedAddUsers{$User}++;
	478	} elsif (($User,$Reason) = ($ThisLine =~ /dovecot-auth: pam_userdb$dovecot:auth$: user `(.)' denied access $(.)$/)) {
	479	# dovecot-auth: pam_userdb(dovecot:auth): user `bobok' denied access (incorrect password)
	480	$DeniedAccess{"$User,$Reason"}++;
473	481	} else {
474	482	# Unmatched entries...
475	483	$ThisLine =~ s/\[\d+\]:/:/;

570	578	if ($pwd_file_unknown > 0) {
571	579	print "\nUsers unknown in password database (pwd_file): $pwd_file_unknown\n";
572	580	}
	581
573	582	if ($pwd_file_too_short > 0) {
574	583	print "\nPassword too short or NULL (pwd_file): $pwd_file_too_short Time(s)\n";
575	584	}

577	586	if (keys %{$Connections}) {
578	587	print "\nConnections:\n";
579	588	foreach $ThisOne (keys %{$Connections}) {
580		if ($Summarize =~ /\Q$ThisOne\E/) {
	589	if ($Summarize =~ /\Q$ThisOne\E/) {
581	590	print " Service " . $ThisOne . ": " . $Connections->{$ThisOne} . " Connection(s)\n";
582	591	} else {
583	592	my $service_check = 0;

629	638	}
630	639	}
631	640
	641	if (keys %DeniedAccess) {
	642	print "\ndovecot-auth: Denied access\n";
	643	foreach (keys %DeniedAccess) {
	644	($User,$Reason) = split ",";
	645	print " for user " . $User . " (reason: " . $Reason . ") :" . $DeniedAccess{"$User,$Reason"} . " Time(s)\n";
	646	}
	647	}
	648
632	649	if (keys %NoIP) {
633	650	print "\nCouldn't get client IPs for connections to:\n";
634	651	foreach $ThisOne (sort {$a cmp $b} keys %NoIP) {

661	678	}
662	679
663	680	if (keys %UserLogin) {
664		print "\nUser Login's:\n";
	681	print "\nUser Logins:\n";
665	682	foreach $User (sort {$a cmp $b} keys %UserLogin) {
666	683	print " $User : $UserLogin{$User} Time(s)\n";
667	684	}

757	774	if (keys %Executed_app) {
758	775	print "\nUserhelper executed applications:\n";
759	776	foreach (keys %Executed_app) {
760		($longapp,$asuser,$user) = split ",";
	777	($longapp,$asuser,$user) = split ",";
761	778	$app = substr($longapp,rindex($longapp,"/")+1);
762	779	print " $user -> $app as $asuser: ".$Executed_app{"$longapp,$asuser,$user"}." Time(s)\n";
763	780	}

830	847	exit(0);
831	848
832	849	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	850	# Local Variables:
	851	# mode: perl
	852	# perl-indent-level: 3
	853	# indent-tabs-mode: nil
	854	# End:

+127

-64

scripts/services/sendmail less more

205	205	## Logwatch project reserves the right to not accept such
206	206	## contributions. If you have made significant
207	207	## contributions to this script and want to claim
208		## copyright please contact logwatch-devel@logwatch.org.
	208	## copyright please contact logwatch-devel@lists.sourceforge.net.
209	209	#########################################################
210	210
211	211	########################################################
212	212	# Please send all comments, suggestions, bug reports,
213		# etc, to logwatch-devel@logwatch.org
	213	# etc, to logwatch-devel@lists.sourceforge.net
214	214	########################################################
215	215
216	216	#use diagnostics;

224	224	my $Line = $_[0];
225	225	# $_[1] is the length available
226	226	my $LineLength = $_[1];
227		#
	227	#
228	228	if ((not defined $main::sendmail_prettyhost) or
229	229	($main::sendmail_prettyhost == 0)) {
230	230	return($Line);

272	272	#print "\nSee file conf/services/sendmail.conf on how to customize output.";
273	273
274	274	# The following variables are auto-increment counts, so are initialized
275		my $AddrRcpts = my $BytesTransferred = my $CantCreateOutput =
276		my $DaemonThrottle = my $LoadAvgQueueSkip = my $LoadAvgReject =
	275	my $AddrRcpts = my $BytesTransferred = my $CantCreateOutput =
	276	my $DaemonThrottle = my $LoadAvgQueueSkip = my $LoadAvgReject =
277	277	my $MsgsNoRcpt =
278		my $MsgsSent = my $NoMilterFilters = my $NoMoreSpace =
279		my $NumTimeoutSend = my $NumTimeoutSendWarnings =my $OutdatedAliasdb =
280		my $OverSize = my $OverSizeBytes = my $RelayLocalhost =
281		my $RemoteProtocolError =my $ReturnReceipt = my $SendmailStarts =
	278	my $MsgsSent = my $NoMilterFilters = my $NoMoreSpace =
	279	my $NumTimeoutSend = my $NumTimeoutSendWarnings =my $OutdatedAliasdb =
	280	my $OverSize = my $OverSizeBytes = my $RelayLocalhost =
	281	my $RemoteProtocolError =my $SendmailStarts =
282	282	my $SendmailStopped = my $TLSAcceptFailed = my $TLSConnectFailed =
283	283	my $TooManyRcpts = my $XS4ALL =
284	284	0;

288	288	# (Someday it might be useful to reduce their scope, but most of them are used in the large
289	289	# if..elsif structure, making that hard.
290	290	my (
291		$Address, $Arg, $Attack,
	291	$Address, $Arg, $Attack,
292	292	$Auth,
293		$BlSite, $Bytes, $DeliverStat,
	293	$BlSite, $Bytes, $DeliverStat,
294	294	$Dest, $Domain,
295		$Error, $ErrorCount,
296		$ETRN, $File, $Forward,
297		$FromUser, $Header, $HeaderMod,
298		$Host, $IP,
	295	$Error, $ErrorCount,
	296	$ETRN, $File, $Forward,
	297	$FromUser, $Header, $HeaderMod,
	298	$Host, $IP,
299	299	$LastIndex, $LastIndex2,
300		$Load, $Luser, $MailerName,
301		$MailerString, $MailerType, $NewQueueID,
302		$NumRcpts, $Owner, $QueueID,
303		$Reason, $RejCmd, $Relay,
304		$RelayDeniedCount, $RelayHost, $RelayName,
305		$Ruser, $Size, $Source,
306		$StarttlsCipherEntry, $StarttlsCipherType, $StarttlsMode,
307		$StarttlsNumBits, $StarttlsReason, $StarttlsVerify,
308		$StatError, $StatFile, $Temp,
309		$Temp1, $ThisLine, $ThisOne,
310		$TimeoutSend, $TimeoutSendWarning, $TLSFile,
311		$TLSReason, $TotalBytes, $TotalNum,
312		$ToUser, $User, $Usr,
	300	$Load, $Luser, $MailerName,
	301	$MailerString, $MailerType, $NewQueueID,
	302	$NoCommonName,
	303	$NumRcpts, $Owner, $QueueID,
	304	$Reason, $RejCmd, $Relay,
	305	$RelayDeniedCount, $RelayHost, $RelayName,
	306	$Ruser, $Size, $Source,
	307	$StarttlsCipherEntry, $StarttlsCipherType, $StarttlsMode,
	308	$StarttlsNumBits, $StarttlsReason, $StarttlsVerify,
	309	$StatError, $StatFile, $Temp,
	310	$Temp1, $ThisLine, $ThisOne,
	311	$TimeoutSend, $TimeoutSendWarning, $TLSFile,
	312	$TLSReason, $TotalBytes, $TotalNum,
	313	$ToUser, $User, $Usr,
313	314	$Warning, $Directory, $Cause
314	315	);
315	316

318	319	my @SizeDist;
319	320
320	321	my (
321		%Abuse, %AddressError, %AttackAttempt,
	322	%Abuse, %AddressError, %AttackAttempt,
322	323	%AuthWarns, %BadAuth,
323		%BadRcptThrottle, %BlackHoled,
324		%BlackHoles, %CheckMailReject, %CheckRcptReject,
325		%CollectError, %CommandUnrecognized, %DisabledMailbox,
326		%DNSMap,
327		%DomainErrors, %DummyConnection, %ETRNs,
328		%ForwardErrors, %KnownSpammer, %LargeHdrs,
	324	%BadRcptThrottle, %BlackHoled,
	325	%BlackHoles, %CheckMailReject, %CheckRcptReject,
	326	%CollectError, %CommandUnrecognized, %DisabledMailbox,
	327	%DNSMap,
	328	%DomainErrors, %DummyConnection, %ETRNs,
	329	%ForwardErrors, %KnownSpammer, %LargeHdrs,
329	330	%LargeMsgs, %LastCmd,
330		%LoadAvg, %LostInputChannel,
331		%LostQueueFile, %LowSpace, %MailBomber,
332		%MailBomberConn, %Mailers, %MailRejected,
	331	%LoadAvg, %LostInputChannel,
	332	%LostQueueFile, %LowSpace, %MailBomber,
	333	%MailBomberConn, %Mailers, %MailRejected,
333	334	%MilterDeferrals,
334		%MilterHeaderCount, %Msgs, %NotLocal,
335		%OtherList, %PREGreeting, %PREGreetingQueue,
336		%RelayDenied, %RelayReject, %RuleSets,
	335	%MilterHeaderCount, %Msgs, %NotLocal,
	336	%OtherList, %PREGreeting, %PREGreetingQueue,
	337	%Quarantined,
	338	%RelayDenied, %RelayReject, %ReturnReceipts,
	339	%RuleSets,
337	340	%SaslError, %SenderIDresults, %SortedUsers,
338		%SPFResults, %Starttls, %StarttlsCert,
339		%StarttlsCipher, %StatDeferred, %StatFileError,
	341	%SPFResults, %Starttls, %StarttlsCert,
	342	%StarttlsCipher, %StatDeferred, %StatFileError,
340	343	%StatRejected, %StatRejectedLog,
341		%SysErr, %Timeouts,
	344	%SysErr, %Timeouts,
342	345	%TLSFailed, %TLSFileMissing, %ToList,
343	346	%TooManyHops, %UnknownUsers, %UnknownUsersCheckRcpt,
344	347	%WUnsafe

390	393	( $ThisLine =~ /accepting new messages $again$/ ) or
391	394	# the following is captured later, as detailed info is also printed
392	395	# file=collect.c, LogLevel>1, LOG_WARNING
393		( $ThisLine =~ /^collect: premature EOM: / ) or
	396	( $ThisLine =~ /^collect: premature EOM: / ) or
394	397	# the following is captured later, as detailed info is also printed
395	398	# file=milter.c, LogLevel>0, LOG_INFO
396		( $ThisLine =~ /^Milter $.*$: to error state$/ ) or
	399	( $ThisLine =~ /^Milter $.*$: to error state$/ ) or
397	400
398	401	# milter statements
399	402	# file=milter.c, LogLevel>8, LOG_INFO

447	450	( ( $ThisLine =~ /^--- 4[0-9]{2}(-\| )/ ) and not
448	451	# but note bad commands, because we'll need it later
449	452	( $ThisLine =~ /^--- 421 4\.7\.0 .* Too many bad commands; closing connection$/)) or
	453	# status code 334 is used for STARTTLS verification
	454	( $ThisLine =~ /^--- 334 / ) or
450	455	# status code 354 used to request data
451	456	( $ThisLine =~ /^--- 354 Enter mail, end with \"\.\" on a line by itself/ ) or
452	457	# invalid smtp commands detected later ($RejCmd)
453		( $ThisLine =~ /^--- 502 5(\.[0-9]){2} Sorry, we do not allow this operation$/ ) or
	458	( $ThisLine =~ /^--- 502 5(\.[0-9]){2} Sorry, we do not allow this operation$/ ) or
454	459	# Need RCPT most likely because of incorrect RCPT command, in which case ignore it
455	460	( ( $ThisLine =~ /^--- 503 5(\.[0-9]){2} Need RCPT $recipient$$/ ) and
456	461	( $Msgs{$QueueID}{"BadRCPT"} > 0)) or

573	578	# check for ENOENT return codes, as others are maybe worth looking into
574	579	# file=queue.c, LogLevel>97, LOG_DEBUG
575	580	( $ThisLine =~ /$QueueIDFormat: unlink-fail $ENOENT/o ) or
	581	# dumpfd() output
	582	( $ThisLine =~ /\d+: fl=0x\d+, mode=\d+/ ) or
576	583	# generic DEBUG statement
577	584	( $ThisLine =~ /^DEBUG: / )
578
	585
579	586
580	587	) {
581	588	# We don't care about these statements above

628	635	} else {
629	636	$MsgsNoRcpt++;
630	637	}
631
	638
632	639	# Add info from message to a hash
633	640	$Msgs{$QueueID}{"Relay"} = $RelayHost;
634	641	$Msgs{$QueueID}{"FromUser"} = $FromUser;

663	670	}
664	671	} elsif (($CleanTo =~ m/\w+\@[\w\.]+/) && ($RelayName !~ m/\[127\.0\.0\.1\]/)) {
665	672	$ToList{$CleanTo}++;
	673	} elsif ($CleanTo =~ m/\w+/) { # Match a simple name
	674	$ToList{$CleanTo}++;
666	675	} #Else ignore it
667	676
668	677	if (defined $Msgs{$QueueID}{"Size"}) {

688	697	$Msgs{$NewQueueID}{"FromUser"} = "system_notify";
689	698	} elsif ($Reason =~ /^Unable to deliver mail$/) {
690	699	$StatRejected{"Unable to deliver mail"}{"system notify"}++;
	700	# Return Receipts from successful delivery
	701	} elsif ($Reason = ~/Return receipt$/) {
	702	$ReturnReceipts{$Msgs{$QueueID}{"FromUser"}}++;
691	703	}
692	704
693	705	# These are transient errors

708	720	$TimeoutSend = $2;
709	721	$NumTimeoutSend++;
710	722	} elsif ($ThisLine=~ /(return to sender\|sender notify\|postmaster notify\|DSN): Return receipt/) {
711		$ReturnReceipt++;
	723	$ReturnReceipts{$Msgs{$QueueID}{"FromUser"}}++;
712	724	# file=main.c, LogLevel>-1, LOG_INFO
713	725	} elsif ( $ThisLine =~ /^starting daemon/) {
714	726	$SendmailStarts++;

783	795	$BlackHoles{$BlSite}++;
784	796	} elsif ( ($Relay,$BlSite) = ($ThisLine =~ /^ruleset=(?:check_relay\|check_rcpt), arg1=([^,]),(?: arg2=[^,],)? reject=55\d\s[\d.]\s.http:\/\/([^\/]*)\//) ) {
785	797	#Example 553 error with NO RELAY -mgt
786		#ruleset=check_relay, arg1=s010600402b39ee29.vf.shawcable.net, arg2=127.0.0.2, reject=553 5.3.0
	798	#ruleset=check_relay, arg1=s010600402b39ee29.vf.shawcable.net, arg2=127.0.0.2, reject=553 5.3.0
787	799	#Spam blocked see: http://spamcop.net/bl.shtml?70.68.8.182: 1 Time(s)
788	800	$Temp = "From " . $Relay . " by " . $BlSite;
789	801	$BlackHoled{$Temp}++;

922	934	# file=stats.c, LogLevel>12, LOG_INFO
923	935	} elsif ( ($StatFile, $StatError) = ($ThisLine=~ /^poststats: (.?): (.)/) ) {
924	936	$StatFileError{$StatFile}{$StatError}++;
	937	# file=tls.c, LogLevel>7, LOG_INFO
	938	} elsif ($ThisLine=~ /STARTTLS=.* field=cn_issuer, status=failed to extract CN/ ) {
	939	$NoCommonName++;
925	940	# file=tls.c, LogLevel>12, LOG_WARNING
926	941	} elsif ( ($TLSFile) = ($ThisLine=~ /STARTTLS: (.* missing)/) ) {
927	942	$TLSFileMissing{$TLSFile}++;

1005	1020	$MilterHeaderCount{$Header}++;
1006	1021	}
1007	1022	}
	1023	# file=milter.c, LogLevel>3, LOG_INFO
	1024	} elsif ((my $Milter,$Reason) = ($ThisLine =~ /milter\=(.), quarantine\=(.)/)) {
	1025	my $QuarantineReason = $Milter . ": " . $Reason;
	1026	$Quarantined{$QuarantineReason}++;
	1027
1008	1028	} elsif (
1009	1029	# file=parseaddr.c, LogLevel>3, LOG_NOTICE
1010	1030	($Address,$Reason) = ($ThisLine =~ /^Syntax error in mailbox address "(.+)" $([^ ]+)$/) or

1047	1067
1048	1068	# This is for the Sendmail Sender-ID milter
1049	1069	} elsif ( (my $SenderIDStatus, $SPFStatus) = ($ThisLine =~ /^Milter insert $1$: header: Authentication-Results:.; sender-id=(fail.\|softfail\|neutral\|none\|error\|unknown\|pass); spf=(fail.*\|softfail\|neutral\|none\|error\|unknown\|pass)/) ) {
1050		# Example string
1051		# Milter insert (1): header: Authentication-Results: my.host.name
1052		# sender=list-users-bounces+list-users=host.name@another.org;
	1070	# Example string
	1071	# Milter insert (1): header: Authentication-Results: my.host.name
	1072	# sender=list-users-bounces+list-users=host.name@another.org;
1053	1073	# sender-id=neutral; spf=neutral
1054	1074	$SPFResults{$SPFStatus}++;
1055	1075	$SenderIDResults{$SenderIDStatus}++;

1105	1125	$WUnsafe{$Directory}{$Cause}++;
1106	1126
1107	1127	# the following is the catch-all:
	1128	} elsif ( ($Milter,$Error) = ($ThisLine =~ /^Milter $(.*)$: (.+)/) ) {
	1129	$MilterErrors{$Milter}{$Error}++;
1108	1130	} else {
1109	1131	$ThisLine =~ s/.\: (DSN\: .)/$1/;
1110	1132	$ThisLine =~ s/.\: (postmaster notify\: .)/$1/;

1117	1139	}
1118	1140	# store last unmatched entry, in case it is needed later.
1119	1141	$LastCmd{$QueueID} = $ThisLine;
1120		$OtherList{$ThisLine}++;
	1142	$OtherList{$ThisLine}++;
1121	1143	}
1122	1144	}
1123	1145

1433	1455	print "\n $StarttlsCipherEntry: $StarttlsCipher{$StarttlsCipherEntry} Time(s)";
1434	1456	}
1435	1457	}
	1458	if ($NoCommonName) {
	1459	eval "$PrintCond";
	1460	# The following is a frequent occurrence, but not an error
	1461	print "\n\nFor STARTTLS, no CommonName given $NoCommonName time(s).";
	1462	}
1436	1463	}
1437	1464
1438	1465	if (($Detail >= 5) and (keys %ETRNs)) {

1443	1470	}
1444	1471	}
1445	1472
1446		if(($Detail >= 5) and ($ReturnReceipt > 0)) {
1447		eval "$PrintCond";
1448		print "\n\n$ReturnReceipt Return Receipt's";
	1473	if(($Detail >= 10) and (keys %ReturnReceipts > 0)) {
	1474	eval "$PrintCond";
	1475	print "\n\nSuccessful Return Receipts:";
	1476	foreach $ThisOne (sort keys %ReturnReceipts) {
	1477	print "\n $ThisOne: $ReturnReceipts{$ThisOne} Time(s)";
	1478	}
1449	1479	}
1450	1480
1451	1481	if (($Detail >= 5) and (keys %MilterHeaderCount)) {

1456	1486	}
1457	1487	}
1458	1488
1459		if (($Detail >= 5) and (keys %MilterDeferrals)) {
	1489	if (($Detail >= 3) and (keys %MilterDeferrals)) {
1460	1490	eval "$PrintCond";
1461	1491	print "\n\nMilter transient failures:";
1462	1492	foreach $Reason (sort keys %MilterDeferrals) {

1530	1560	$TotalError[$ErrorIndex] += $BadAuth{$Auth};
1531	1561	}
1532	1562	}
1533		$TotalError[++$ErrorIndex] = 0;
	1563	$TotalError[++$ErrorIndex] = 0;
1534	1564
1535	1565	if($RemoteProtocolError > 0) {
1536	1566	eval "$PrintCond" if ($Detail >= 3);

1796	1826
1797	1827	print "\n\nClient submitted too many bad recipients: [Occurrences >= $BadRcptThrottleThreshold]" if ($Detail >= 3);
1798	1828	foreach $ThisOne (sort $BadRcptCount keys %BadRcptThrottle) {
1799		print "\n $ThisOne: $BadRcptThrottle{$ThisOne} Time(s)" if ($Detail >= 5)
	1829	print "\n $ThisOne: $BadRcptThrottle{$ThisOne} Time(s)" if ($Detail >= 5)
1800	1830	&& ( $BadRcptThrottle{$ThisOne} >= $BadRcptThrottleThreshold );
1801	1831	$TotalError[$ErrorIndex] += $BadRcptThrottle{$ThisOne};
1802	1832	}

1835	1865	print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
1836	1866	}
1837	1867	$TotalError[++$ErrorIndex] = 0;
	1868
	1869	if (keys %Quarantined) {
	1870	eval "$PrintCond" if ($Detail >= 3);
	1871	#Set Threshold default
	1872	my $QuarantinedThreshold = $ENV{'sendmail_quarantinedthreshold'} \|\| "1";
	1873	my $QuarantinedCount = CountOrder(%Quarantined);
	1874	print "\n\nMessages quarantined by milter: [Occurrences >= $QuarantinedThreshold]" if ($Detail >= 3);
	1875	foreach $ThisOne (sort $QuarantinedCount keys %Quarantined) {
	1876	if ($Quarantined{$ThisOne} >= $QuarantinedThreshold) {
	1877	printf("\n %s: %3i Time(s)", $ThisOne, $Quarantined{$ThisOne}) if ($Detail >= 5);
	1878	}
	1879	$TotalError[$ErrorIndex] += $Quarantined{$ThisOne};
	1880	}
	1881	print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
	1882	}
	1883	$TotalError[++$ErrorIndex] = 0;
	1884
1838	1885
1839	1886
1840	1887	# Recipient errors

1880	1927	}
1881	1928	if ($UnknownUsersCount >= $UnknownUsersThreshold) {
1882	1929	print "\n $Usr : $UnknownUsersCount Time(s)";
1883		if ($Details >= 15) {
	1930	if ($Detail >= 15) {
1884	1931	foreach $RelayHost (sort $subcount keys %{ $SortedUsers{$Usr} }) {
1885	1932	printf ("\n from %s %3i Time(s)", PrettyHost($RelayHost, 54), $SortedUsers{$Usr}{$RelayHost});
1886	1933	}

1919	1966	}
1920	1967	if ($UnknownUsersCount >= $UnknownUsersThreshold) {
1921	1968	print "\n $Usr : $UnknownUsersCount Time(s)";
1922		if ($Details >= 15) {
	1969	if ($Detail >= 15) {
1923	1970	foreach $RelayHost (sort $subcount keys %{ $SortedUsers{$Usr} }) {
1924	1971	printf ("\n from %s %3i Time(s)", PrettyHost($RelayHost, 54), $SortedUsers{$Usr}{$RelayHost});
1925	1972	}

2019	2066	}
2020	2067	if ($Detail >= 10) {
2021	2068	print "\n\nBlackholed:";
2022		my $BlackHoleThreshold = $ENV{'sendmail_blackholethreshold'} \|\| "1";
	2069	my $BlackHoleThreshold = $ENV{'sendmail_blackholethreshold'} \|\| "1";
2023	2070	foreach $ThisOne (sort keys %BlackHoled) {
2024	2071	if ($BlackHoled{$ThisOne} >= $BlackHoleThreshold) {
2025	2072	print "\n $ThisOne: $BlackHoled{$ThisOne} Times(s)";

2114	2161	if ($Detail >= 3);
2115	2162	}
2116	2163
	2164	if (keys %MilterErrors) {
	2165	eval "$PrintCond";
	2166	print "\n\nMilter Errors:\n";
	2167	foreach $Milter (sort {$a cmp $b} keys %MilterErrors) {
	2168	print " $Milter:\n";
	2169	foreach $Error (sort {$a cmp $b} keys %{$MilterErrors{$Milter}}) {
	2170	print " $Error: $MilterErrors{$Milter}{$Error} Time(s)\n";
	2171	}
	2172	}
	2173	}
	2174
2117	2175	if (keys %OtherList) {
2118	2176	$HeaderPrinted = 1;
2119	2177	print "\n\nUnmatched Entries";

2129	2187	exit(0);
2130	2188
2131	2189	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	2190	# Local Variables:
	2191	# mode: perl
	2192	# perl-indent-level: 3
	2193	# indent-tabs-mode: nil
	2194	# End:

+8

-1

scripts/services/sendmail-largeboxes less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use strict;

61	61	}
62	62	}
63	63	}
	64
	65	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	66	# Local Variables:
	67	# mode: perl
	68	# perl-indent-level: 3
	69	# indent-tabs-mode: nil
	70	# End:

+6

-2

scripts/services/shaperd less more

56	56	## Logwatch project reserves the right to not accept such
57	57	## contributions. If you have made significant
58	58	## contributions to this script and want to claim
59		## copyright please contact logwatch-devel@logwatch.org.
	59	## copyright please contact logwatch-devel@lists.sourceforge.net.
60	60	#########################################################
61	61
62	62	## Initial initialization:

158	158	exit(0);
159	159
160	160	# vi: shiftwidth=3 tabstop=3 syntax=perl et
161
	161	# Local Variables:
	162	# mode: perl
	163	# perl-indent-level: 3
	164	# indent-tabs-mode: nil
	165	# End:

+11

-6

scripts/services/slon less more

26	26	#
27	27	# Heavily based on xntpd script
28	28	#
29		# This script and config file assumes that slon is
30		# logging to /var/log/messages, if not, you need to
31		# update the /usr/share/logwatch/default.conf/services/slon.conf and
	29	# This script and config file assumes that slon is
	30	# logging to /var/log/messages, if not, you need to
	31	# update the /usr/share/logwatch/default.conf/services/slon.conf and
32	32	# possibly add a new entry in /usr/share/logwatch/default.conf/logfiles
33	33	#
34	34	# Please send all comments, suggestions, bug reports,
35	35	# etc, to jeff.frost@frostconsultingllc.com and
36		# logwatch-devel@logwatch.org
	36	# logwatch-devel@lists.sourceforge.net
37	37	########################################################
38	38
39	39	#######################################################

49	49	## Logwatch project reserves the right to not accept such
50	50	## contributions. If you have made significant
51	51	## contributions to this script and want to claim
52		## copyright please contact logwatch-devel@logwatch.org.
	52	## copyright please contact logwatch-devel@lists.sourceforge.net.
53	53	#########################################################
54	54
55	55	use Logwatch ':all';

69	69	}
70	70	chomp($ThisLine);
71	71	if (
72		($ThisLine =~ m/new sl_action_seq/) or
	72	($ThisLine =~ m/new sl_action_seq/) or
73	73	($ThisLine =~ m/new sl_rowid_seq value/) or
74	74	($ThisLine =~ m/seconds delay for first row/) or
75	75	($ThisLine =~ m/seconds until close cursor/) or

145	145	exit(0);
146	146
147	147	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	148	# Local Variables:
	149	# mode: perl
	150	# perl-indent-level: 3
	151	# indent-tabs-mode: nil
	152	# End:

+36

-15

scripts/services/smartd less more

32	32	## Logwatch project reserves the right to not accept such
33	33	## contributions. If you have made significant
34	34	## contributions to this script and want to claim
35		## copyright please contact logwatch-devel@logwatch.org.
	35	## copyright please contact logwatch-devel@lists.sourceforge.net.
36	36	#########################################################
37	37
38	38	use strict;

52	52	my $StartupFailed = 0;
53	53	my %NotInDatabase = ();
54	54	my %CantMonitor = ();
	55	my $UnableToMonitor = 0;
55	56	my %SelfTest = ();
56	57	my %Failed = ();
57	58	my @OtherList = ();

100	101	# ignore
101	102	} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), is in STANDBY mode, skipping checks/ )) {
102	103	# ignore
	104	} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), self-test in progress, [0-9]+% remaining/ )) {
	105	# ignore
	106	} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), previous self-test completed without error/ )) {
	107	# ignore
	108	} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), type changed from \'\w+\' to \'\w+\'/ )) {
	109	# ignore
	110	} elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), state (?:read from\|written to)/ )) {
	111	# ignore
103	112	} elsif ( $ThisLine =~ /^file \/var\/run\/smartd.pid written containing PID [0-9]+/ ) {
104	113	# ignore
105	114	} elsif ( ($Device,$Msg) = ($ThisLine =~ /^ *$/ )) {
106	115	# ignore empty lines
107	116	} elsif ( ($ThisLine =~ /^smartd version/)
108	117	\|\| ($ThisLine =~ /^Home page/)
	118	\|\| ($ThisLine =~ /^smartd .* Copyright $C$ [0-9-]+ by Bruce Allen/)
109	119	\|\| ($ThisLine =~ /configuration file/i)
110	120	\|\| ($ThisLine =~ /\[trip Temperature is \d+ Celsius\]/)
111	121	\|\| ($ThisLine =~ /^Monitoring/)

114	124	\|\| ($ThisLine =~ /smartd has fork/)
115	125	\|\| ($ThisLine =~ /smartd (startup\|shutdown) succeeded/)
116	126	\|\| ($ThisLine =~ /Unable to register device (.*) $no Directive -d removable$. Exiting/)
117		\|\| ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./)
118		\|\| ($ThisLine =~ /Device: (.), IE $SMART$ not enabled, skip device Try '.' to turn on SMART features/)
	127	\|\| ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./)
	128	\|\| ($ThisLine =~ /Device: (.), IE $SMART$ not enabled, skip device Try '.' to turn on SMART features/)
119	129	\|\| ($ThisLine =~ /Device: (.*), Bad IEC (SMART) mode page, err=-5, skip device/)
120		\|\| ($ThisLine =~ /Drive: DEVICESCAN, implied '-a' Directive on line [\d]+ of file/)
121		\|\| ($ThisLine =~ /packet devices \[this device CD\/DVD\] not SMART capable/) )
	130	\|\| ($ThisLine =~ /Drive: DEVICESCAN, implied '-a' Directive on line [\d]+ of file/)
	131	\|\| ($ThisLine =~ /packet devices \[this device CD\/DVD\] not SMART capable/) )
122	132	{
123	133	# ignore
124	134

135	145	push @{$TempChanges{$Device}},$NewVal;
136	146	} elsif ( my ($Device,$Limit) = ($ThisLine =~ /^Device: ([^,]+), Temperature \d+ Celsius reached limit of (\d+) Celsius/)) {
137	147	# Device: /dev/sda, Temperature 37 Celsius reached limit of 10 Celsius (Min/Max 37/37)
138		$TempLimit{"$Device,$Limit"}++;
	148	$TempLimit{"$Device,$Limit"}++;
139	149	} elsif ( my ($Device,$Limit) = ($ThisLine =~ /^Device: ([^,]+), Temperature \d+ Celsius reached critical limit of (\d+) Celsius/)) {
140	150	# Device: /dev/sda, Temperature 38 Celsius reached critical limit of 15 Celsius (Min/Max 38!/39)
141		$TempCritLimit{"$Device,$Limit"}++;
	151	$TempCritLimit{"$Device,$Limit"}++;
142	152	} elsif ( my ($Device,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), Temperature changed [-+]?\d+ Celsius to (\d+) Celsius/)) {
143	153	push @{$TempChanges{$Device}},$NewVal;
144	154	} elsif ( my ($Device, $Num) = ($ThisLine =~ /^Device: ([^,]+), (\d+) Currently unreadable $pending$ sectors/) ) {

160	170	} elsif ( ($ThisLine =~ /smartd shutdown failed/ ) ) {
161	171	$ShutdownFailed++;
162	172	} elsif ( my ($Device,$DLine) = ($ThisLine =~ /Unable to register SCSI device (.) at line ([0-9]) of file/) ) {
163		$UnableToReg{"$Device,$DLine"}++
	173	$UnableToReg{"$Device,$DLine"}++
164	174	} elsif ( ($Device) = ($ThisLine =~ /Device ([^ ]+) not available/)) {
165	175	$UnavailableDev{$Device}++;
166	176	} elsif ( my ($Device) = ($ThisLine =~ /Device (.*): SATA disks accessed via libata are supported by Linux kernel versions 2.6.15-rc1 and above/) ) {
167	177	$SataDisk{"$Device"}++;
	178	} elsif ($ThisLine =~ /Unable to monitor any SMART enabled devices\. Try debug $-d$ option\. Exiting/) {
	179	$UnableToMonitor++;
168	180	} else {
169	181	# Report any unmatched entries...
170	182	push @OtherList,"$ThisLine\n";
171	183	}
172	184
	185	}
	186
	187	if ($UnableToMonitor > 0) {
	188	print "\nUnable to monitor any SMART enabled devices.";
	189	print "\n Try debug (-d) option: $UnableToMonitor Time(s)\n";
173	190	}
174	191
175	192	if (keys %NotInDatabase) {

177	194	foreach my $Device (sort keys %NotInDatabase) {
178	195	print "$Device not in smartd database.\n";
179	196	}
180
	197
181	198	}
182	199
183	200	if (keys %CantMonitor) {

247	264	foreach (keys %TempLimit) {
248	265	my ($Device,$Limit)=split ",";
249	266	print "\t" . $Device . ": reached limit of " . $Limit . " Celsius: ". $TempLimit{"$Device,$Limit"} . " Time(s)\n";
250		}
251		}
252
	267	}
	268	}
	269
253	270
254	271	if (keys %Pendsectors){
255	272	print "\nCurrently unreadable (pending) sectors detected:\n";

323	340	print " " .$Device .": Try adding '-d ata' or '-d sat' to the smartd.conf config file line\n";
324	341	}
325	342	print "\n";
326		}
327
	343	}
	344
328	345	if (($#OtherList >= 0) and (not $IgnoreUnmatched)){
329	346	print "\nUnmatched Entries\n";
330	347	print @OtherList;

333	350	exit(0);
334	351
335	352	# vi: shiftwidth=3 tabstop=3 syntax=perl et
336
	353	# Local Variables:
	354	# mode: perl
	355	# perl-indent-level: 3
	356	# indent-tabs-mode: nil
	357	# End:

+40

-35

scripts/services/sonicwall less more

22	22	# Kirk Bauer <kirk@kaybee.org>
23	23	#
24	24	# Please send all comments, suggestions, bug reports,
25		# etc, to logwatch-devel@logwatch.org
	25	# etc, to logwatch-devel@lists.sourceforge.net
26	26	########################################################
27	27
28	28	#######################################################

38	38	## Logwatch project reserves the right to not accept such
39	39	## contributions. If you have made significant
40	40	## contributions to this script and want to claim
41		## copyright please contact logwatch-devel@logwatch.org.
	41	## copyright please contact logwatch-devel@lists.sourceforge.net.
42	42	#########################################################
43	43
44	44	use Logwatch ':all';

54	54
55	55	# Taken from DiskUsage.pm inside Filesys-DiskUsage-0.02
56	56	#
57		# Jose Castro, C<< <cog@cpan.org>
	57	# Jose Castro, C<< <cog@cpan.org>
58	58	# Please report any bugs or feature requests to
59	59	# C<bug-disk-usage@rt.cpan.org>, or through the web interface at
60	60	# L<http://rt.cpan.org>. I will be notified, and then you'll

106	106	if ($ThisLine =~ /sn=/ ) { #mean that we ave to deal with a sonicwall log file line
107	107
108	108	if ( ($ThisLine =~ /traffic/ ) or
109		($ThisLine =~ /Copyright/ ) or
110		($ThisLine =~ /removed due to simultaneous rekey/ ) or
111		($ThisLine =~ /Administrator logged out/ ) or
112		($ThisLine =~ /Connection (Closed\|Opened)/ ) or
113		($ThisLine =~ /(TCP\|UDP) connection dropped/ )
	109	($ThisLine =~ /Copyright/ ) or
	110	($ThisLine =~ /removed due to simultaneous rekey/ ) or
	111	($ThisLine =~ /Administrator logged out/ ) or
	112	($ThisLine =~ /Connection (Closed\|Opened)/ ) or
	113	($ThisLine =~ /(TCP\|UDP) connection dropped/ )
114	114	) {
115	115	# don't care about this, will code this later
116	116	}

126	126	}
127	127
128	128	elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$ip_proto,$xfer_port_type,$op_type,$http_result) = ($ThisLine =~ /n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN\|LAN\|DMZ):?(.)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN\|LAN\|DMZ):?(.)? proto=(udp\|tcp)\/(http\|80) op=(HEAD\|Other) result=(\d+)/) ) {
129
	129
130	130	if ($op_type eq "HEAD") {
131	131	$URL_HEAD{$host_ip}{$url}++;
132		}
	132	}
133	133	else {
134	134	$URL_OTHER{$host_ip}{$url}++;
135		}
	135	}
136	136	}
137	137
138	138

141	141
142	142	if ($op_type eq "GET") {
143	143	$URL_GET{$host_ip}{$url}++;
144		}
	144	}
145	145	else {
146	146	$URL_POST{$host_ip}{$url}++;
147		}
148
	147	}
	148
149	149	if ($xfer_way eq "sent") {
150	150
151	151	$ProtoPacketSent{$host_ip}{$ip_proto}++;
152	152	$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte;
153
	153
154	154	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
155	155	$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
156	156	$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
157	157	}
158		}
	158	}
159	159	else {
160	160	$ProtoPacketReceived{$host_ip}{$ip_proto}++;
161	161	$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte;
162
	162
163	163	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
164	164	$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
165	165	$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;

173	173
174	174	if ($op_type eq "GET") {
175	175	$URL_GET{$host_ip}{$url}++;
176		}
	176	}
177	177	else {
178	178	$URL_POST{$host_ip}{$url}++;
179		}
180
	179	}
	180
181	181	$ProtoPacketSent{$host_ip}{$ip_proto}++;
182	182	$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte_sent;
183
	183
184	184	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
185	185	$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte_sent;
186	186	$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
187	187	}
188
	188
189	189	$ProtoPacketReceived{$host_ip}{$ip_proto}++;
190	190	$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte_rcvd;
191
	191
192	192	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
193	193	$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte_rcvd;
194	194	$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;

209	209
210	210	$ProtoPacketSent{$host_ip}{$ip_proto}++;
211	211	$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte;
212
	212
213	213	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
214	214	$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
215	215	$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
216	216	}
217		}
	217	}
218	218	else {
219	219	$ProtoPacketReceived{$host_ip}{$ip_proto}++;
220	220	$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte;
221
	221
222	222	if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
223	223	$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
224	224	$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;

268	268	elsif ( ($message) = ($ThisLine =~ /RESTART: (.*)/) ) {
269	269	$Restarted{$host_ip}{$message}++;
270	270	}
271		elsif ( $ThisLine =~ m/msg="Probable TCP NULL scan " n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
	271	elsif ( $ThisLine =~ m/msg="Probable TCP NULL scan " n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
272	272	if ( $Debug >= 5 ) {
273	273	print STDERR "DEBUG: Found -TCP NULL scan- line\n";
274	274	}
275	275	my $name = LookupIP($2);
276	276	$Temp = "TCP NULL scan from $name";
277	277	$TCP_NULL_scan{$host_ip}{$Temp}++;
278		}
	278	}
279	279	elsif ( ($interface) = ($ThisLine =~ /msg="Successful administrator login" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/) ) {
280	280	if ($Debug >= 5) {
281	281	print STDERR "DEBUG: Found -$1 logged in from $4 using $2\n";

299	299
300	300
301	301
302		elsif ( $ThisLine =~ m/msg="Administrator login failed - incorrect password" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
	302	elsif ( $ThisLine =~ m/msg="Administrator login failed - incorrect password" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
303	303	if ( $Debug >= 5 ) {
304	304	print STDERR "DEBUG: Found -Failed login- line\n";
305	305	}

307	307	$Temp = "HTTP from $name";
308	308	$BadAdminLogins{$host_ip}{"Administrator login failed - incorrect password from $name"}++;
309	309	$IllegalUsers{$host_ip}{$Temp}++;
310		}
311		elsif ( $ThisLine =~ m/msg="Unknown user attempted to log in" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) dst=(\d+\.\d+\.\d+\.\d+) user=(.*)/ ) {
	310	}
	311	elsif ( $ThisLine =~ m/msg="Unknown user attempted to log in" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) dst=(\d+\.\d+\.\d+\.\d+) user=(.*)/ ) {
312	312	if ( $Debug >= 5 ) {
313	313	print STDERR "DEBUG: Found -Failed login- line\n";
314	314	}

316	316	$Temp = "HTTP from $name";
317	317	$BadLogins{$host_ip}{"$4 user attempted to log in from $name"}++;
318	318	$IllegalUsers{$host_ip}{$Temp}++;
319		}
320		elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
	319	}
	320	elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
321	321	my $name = LookupIP($2);
322	322	$Temp = "SSH from $name";
323	323	$BadLogins{$host_ip}{$Temp}++;

512	512	}
513	513
514	514
515
	515
516	516	if (keys %NTPUpdated) {
517	517	print "\nDevice where The system clock has been updated through NTP :\n";
518	518	foreach $ThisOne (keys %NTPUpdated) {

642	642	print " " . $ThisOne . ":\n";
643	643	for (sort keys %{$IllegalUsers{$ThisOne}}) {
644	644	print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
645
	645
646	646	}
647	647	}
648	648	}

685	685	exit(0);
686	686
687	687	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	688	# Local Variables:
	689	# mode: perl
	690	# perl-indent-level: 3
	691	# indent-tabs-mode: nil
	692	# End:

+8

-3

scripts/services/spamassassin less more

32	32	### Logwatch project reserves the right to not accept such
33	33	### contributions. If you have made significant
34	34	### contributions to this script and want to claim
35		### copyright please contact logwatch-devel@logwatch.org.
	35	### copyright please contact logwatch-devel@lists.sourceforge.net.
36	36	##########################################################
37	37	##########################################################################
38	38

58	58	# server killed by SIGTERM, shutting down : 1 Time(s)
59	59	# meta test DIGEST_MULTIPLE has undefined dependency 'PYZOR_CHECK' : 1 Time(s)
60	60	# meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score : 1 Time(s)
61
	61
62	62	while (defined($ThisLine = <STDIN>)) {
63	63	$ThisLine =~ s/^[a-zA-Z0-9]+: //;
64	64	if ( # We don't care about these

148	148
149	149	exit(0);
150	150
151		# vi: shiftwidth=3 tabstop=3 et
	151	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	152	# Local Variables:
	153	# mode: perl
	154	# perl-indent-level: 3
	155	# indent-tabs-mode: nil
	156	# End:

+74

-16

scripts/services/sshd less more

1	1	# $Id: sshd,v 1.77 2009/02/20 17:49:03 mike Exp $
2	2	##########################################################################
3	3	# $Log: sshd,v $
	4	# Revision 1.79 2011/01/05 10:49:03 stefan
	5	# ignoring PAM 2 more authentication failures
	6	#
	7	# Revision 1.78 2010/05/10 10:49:03 stefan
	8	# ignoring nasty PTR records
	9	#
4	10	# Revision 1.77 2009/02/20 17:49:03 mike
5	11	# pam_winbind ignores from JT Moree -mgt
6	12	#

167	173	## Logwatch project reserves the right to not accept such
168	174	## contributions. If you have made significant
169	175	## contributions to this script and want to claim
170		## copyright please contact logwatch-devel@logwatch.org.
	176	## copyright please contact logwatch-devel@lists.sourceforge.net.
171	177	#########################################################
172	178
173	179	use strict;

205	211	my %PostPonedAuth = ();
206	212	my %LockedAccount = ();
207	213	my %AllowUsers = ();
	214	my %DenyUsers = ();
208	215	my %AllowGroups = ();
	216	my %DenyGroups = ();
	217	my %NoGroups = ();
209	218	my %NoShellUsers = ();
210	219	my %ShellNotExecutableUsers = ();
211	220	my %DeprecatedOption = ();

218	227	my %OtherList = ();
219	228	my %ChmodErr = ();
220	229	my %ChownErr = ();
	230	my %Krb_relm = ();
221	231
222	232	my $sftpRequests = 0;
223	233	my $NetworkErrors = 0;

226	236	my $NetworkErrors = 0;
227	237
228	238	if ( $Debug >= 5 ) {
229		print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n";
230		$DebugCounter = 1;
	239	print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n";
	240	$DebugCounter = 1;
231	241	}
232	242
233	243	while (defined(my $ThisLine = <STDIN>)) {

274	284	($ThisLine =~ /pam_succeed_if$.:.$: error retrieving information about user [a-zA-Z]*/ ) or
275	285	($ThisLine =~ /pam_winbind$sshd:account$: user .* granted access/) or
276	286	($ThisLine =~ /pam_winbind$sshd:account$: user .* OK/) or
277		($ThisLine =~ /PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=/) or
	287	($ThisLine =~ /PAM \d+ more authentication failures?;/) or
278	288	($ThisLine =~ /^Failed keyboard-interactive for <invalid username> from/ ) or
279	289	($ThisLine =~ /^Keyboard-interactive $PAM$ userauth failed/ ) or
280		($ThisLine =~ /^debug1: /)
	290	($ThisLine =~ /^debug1: /) or
	291	($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
281	292	) {
282	293	# Ignore these
283	294	} elsif ( my ($Method,$User,$Host,$Port) = ($ThisLine =~ /^Accepted (\S+) for (\S+) from ([\d\.:a-f]+) port (\d+)/) ) {

326	337	} elsif ( my ($Port,$Address,$Reason) = ($ThisLine =~ /^error: Bind to port ([^ ]+) on ([^ ]+) failed: (.+).$/ )) {
327	338	my $Temp = "$Address port $Port ($Reason)";
328	339	# Failed to bind on 0.0.0.0 likely due to configured "ListenAddress"
329		# on both IPv4 and IPv6
	340	# on both IPv4 and IPv6
330	341	unless ($Address =~ /^0.0.0.0$/) {
331	342	$BindFailed{$Temp}++;
332	343	}

352	363	$BadLogins{$Host}{"$User/$Method"}++;
353	364	} elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]).$/$2/) {
354	365	$NoRevMap{$ThisLine}++;
355		} elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for ([^ ]*) failed - POSSIBLE BREAK-?IN ATTEMPT!/)) {
	366	} elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for (\S+( \[\S+\])?) failed - POSSIBLE BREAK-IN ATTEMPT!/)) {
356	367	$NoRevMap{$Address}++;
357		} elsif ( my ($IP,$Address) = ($ThisLine =~ /^Address ([^ ]) maps to ([^ ]), but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!/)) {
	368	} elsif ( my ($IP,$Address) = ($ThisLine =~ /^Address ([^ ]) maps to ([^ ]), but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!/)) {
358	369	$NoRevMap{"$Address($IP)"}++;
359	370	} elsif ( my (undef,$Address) = ($ThisLine =~ /^warning: ([^ ]), line \d+: can't verify hostname: getaddrinfo$([^ ]), AF_INET$ failed$/)) {
360	371	$NoRevMap{$Address}++;

389	400	$LockedAccount{$User}++;
390	401	} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]) from (?:[^ ]) not allowed because not listed in AllowUsers/)) {
391	402	$AllowUsers{$User}++;
	403	} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ])( from [0-9.])? not allowed because listed in DenyUsers/)){
	404	$DenyUsers{$User}++;
	405	} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ])( from [0-9.])? not allowed because not in any group/)) {
	406	$NoGroups{$User}++;
	407	} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ])( from [^ ])? not allowed because a group is listed in DenyGroups/)) {
	408	$DenyGroups{$User}++;
392	409	} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]) from ([^ ]) not allowed because none of user's groups are listed in AllowGroups/)) {
393		$AllowGroups{$User}++;
	410	$AllowGroups{$User}++;
394	411	} elsif ( ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because shell (\S+) does not exist/)) {
395	412	$NoShellUsers{$User}++;
396	413	} elsif ( ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because shell (\S+) is not executable/)) {

400	417	} elsif ( my ($Line,$Option) = ($ThisLine =~ /^rexec line (\d+): Deprecated option (.*)$/)) {
401	418	$DeprecatedOption{"$Option - line $Line"}++;
402	419	} elsif ( my ($Pom1,$Pom2,$User) = ($ThisLine =~ /pam_krb5(\[\d\])?: authentication fails for (`\|')([^ ])'/)) {
403		$KrbAutFail{$User}++;
	420	$KrbAutFail{$User}++;
404	421	} elsif ( my ($Error) = ($ThisLine =~ /pam_krb5: authenticate error: (.*)$/)) {
405	422	$KrbAutErr{$Error}++;
406	423	} elsif ( ($ThisLine =~ /pam_krb5: unable to determine uid\/gid for user$/)) {
407	424	$KrbAutErr{"unable to determine uid/gid for user"}++;
408	425	} elsif ( my ($Error) = ($ThisLine =~ /pam_krb5: error removing file (.*)$/)) {
409		$KrbErr{"error removing file " . $Error}++;
	426	$KrbErr{"error removing file " . $Error}++;
410	427	} elsif ( my ($Pom,$Error) = ($ThisLine =~ /pam_krb5(\[\d\]): error resolving user name '[^ ]' to uid\/gid pai/)) {
411	428	$KrbErr{"error resolving user name '$Error' to uid\/gid pai"}++;
412	429	} elsif ( my (undef,$User,$Host) = ($ThisLine =~ m/^(Illegal\|Invalid) user (.*) from ([^ ]+)/ )) {

416	433	} elsif (my ($File,$Perm,$Why) = ($ThisLine =~ /error: chmod (.) (.) failed: (.*)/)) {
417	434	$ChmodErr{"$File,$Perm,$Why"}++;
418	435	} elsif (my ($File,$From,$To,$Why) = ($ThisLine =~ /error: chown (.) (.) (.) failed: (.)/)) {
419		$ChownErr{"$File,$From,$To,$Why"}++;
	436	$ChownErr{"$File,$From,$To,$Why"}++;
	437	} elsif (my ($user,$relm) = ($ThisLine =~ /Authorized to ([^ ]+), krb5 principal \1@([^ ]+) $krb5_kuserok$/)) {
	438	$Krb_relm{$relm}{$user}++;
420	439	} else {
421	440	# Report any unmatched entries...
422	441	unless ($ThisLine =~ /fwd X11 connect/) {

560	579	}
561	580	}
562	581
	582	if (keys %DenyUsers) {
	583	print "\nLogin attempted when in DenyUsers list:\n";
	584	foreach my $User (sort {$a cmp $b} keys %DenyUsers) {
	585	print " $User : $DenyUsers{$User} Time(s)\n";
	586	}
	587	}
	588
563	589	if (keys %AllowGroups) {
564	590	print "\nLogin attempted when not in AllowGroups list:\n";
565	591	foreach my $User (sort {$a cmp $b} keys %AllowGroups) {
566	592	print " $User : $AllowGroups{$User} Time(s)\n";
	593	}
	594	}
	595
	596	if (keys %DenyGroups) {
	597	print "\nLogin attempted when in DenyGroups list:\n";
	598	foreach my $User (sort {$a cmp $b} keys %DenyGroups) {
	599	print " $User : $DenyGroups{$User} Time(s)\n";
	600	}
	601	}
	602
	603	if (keys %NoGroups) {
	604	print "\nLogin attempted when user is in no group:\n";
	605	foreach my $User (sort {$a cmp $b} keys %NoGroups) {
	606	print " $User : $NoGroups{$User} Time(s)\n";
567	607	}
568	608	}
569	609

635	675	print " $User: " . $KrbAutFail{$User} . " Time(s)\n";
636	676	}
637	677	}
638
	678
639	679	if (keys %KrbAutErr) {
640	680	print "\n\pam_krb5 authentication errors:\n";
641	681	foreach my $Error (sort keys %KrbAutErr) {
642	682	print " $Error: " . $KrbAutErr{$Error} . " Time(s)\n";
643	683	}
644	684	}
645
	685
646	686
647	687	if (keys %KrbErr) {
648	688	print "\n pam_krb5 errors:\n";

740	780
741	781	if (keys %ChownErr) {
742	782	print "\nChown errors:\n";
743		foreach (keys %ChownErr) {
	783	foreach (keys %ChownErr) {
744	784	my ($File,$From,$To,$Why)= split ",";
745	785	print " " . $File . " " . $From . " " .$To . " failed(" . $Why . "): ". $ChmodErr{"$File,$From,$To,$Why"} . " Time(s)\n";
746	786	}
747	787	}
748
	788
	789	if ( ($Detail == 7 && keys %Krb_relm > 1) \|\| ($Detail > 8 && keys %Krb_relm) ){
	790	print "\nSucessfull Kerberos Authentication from ",(scalar keys %Krb_relm)," relm:\n";
	791	foreach my $relm (keys %Krb_relm) {
	792	if($Detail > 9){
	793	print " ",$relm,":\n";
	794	foreach my $user(keys %{$Krb_relm{$relm}}){
	795	print " ",$user,": ". $Krb_relm{$relm}{$user} . " Times(s)\n";
	796	}
	797	}else{
	798	print " ",$relm,": ". (scalar keys %{$Krb_relm{$relm}}) . " User(s)\n";
	799	}
	800	}
	801	}
749	802
750	803	if (keys %OtherList) {
751	804	print "\nUnmatched Entries\n";

755	808	exit(0);
756	809
757	810	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	811	# Local Variables:
	812	# mode: perl
	813	# perl-indent-level: 3
	814	# indent-tabs-mode: nil
	815	# End:

+8

-4

scripts/services/sshd2 less more

20	20	## Logwatch project reserves the right to not accept such
21	21	## contributions. If you have made significant
22	22	## contributions to this script and want to claim
23		## copyright please contact logwatch-devel@logwatch.org.
	23	## copyright please contact logwatch-devel@lists.sourceforge.net.
24	24	#########################################################
25	25
26	26	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

51	51	foreach $ThisOne (keys %OtherList) {
52	52	print "$ThisOne: $OtherList{$ThisOne} Time(s)\n";
53	53	}
54		}
55
	54	}
	55
56	56	exit(0);
57	57
58	58	# vi: shiftwidth=3 tabstop=3 syntax=perl et
59
	59	# Local Variables:
	60	# mode: perl
	61	# perl-indent-level: 3
	62	# indent-tabs-mode: nil
	63	# End:

+6

-2

scripts/services/stunnel less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	$^W=1;

113	113	exit(0);
114	114
115	115	# vi: shiftwidth=3 tabstop=3 syntax=perl et
116
	116	# Local Variables:
	117	# mode: perl
	118	# perl-indent-level: 3
	119	# indent-tabs-mode: nil
	120	# End:

+35

-4

scripts/services/sudo less more

1	1	# $Id: sudo,v 1.14 2008/03/24 23:31:27 kirk Exp $
2	2	###########################################################################
3	3	# $Log: sudo,v $
	4	# Revision 1.15 2011/01/06 15:36:02 stefan
	5	# added: Conversation failed with
	6	#
4	7	# Revision 1.14 2008/03/24 23:31:27 kirk
5	8	# added copyright/license notice to each script
6	9	#

40	43	## Logwatch project reserves the right to not accept such
41	44	## contributions. If you have made significant
42	45	## contributions to this script and want to claim
43		## copyright please contact logwatch-devel@logwatch.org.
	46	## copyright please contact logwatch-devel@lists.sourceforge.net.
44	47	#########################################################
45	48
46	49	use strict;

53	56	my $CmdsThresh = $ENV{'command_run_threshold'} \|\| 0;
54	57
55	58	my ($user, $error, $tty, $dir, $euser, $cmd, $args);
	59	my (%ConFailed);
	60	my $contlines = 0;
	61	my $argsprinted = 0;
56	62
57	63	while (defined(my $ThisLine = <STDIN>)) {
58	64	if ($ThisLine =~ /pam_unix$sudo:auth$: authentication failure; logname=\S* uid=[0-9]* euid=[0-9]* tty=\S* ruser=\S* rhost=\S* user=\S*/
59	65	)
60	66	# this log is parsed in pam_unix section
61		{
	67	{
62	68	# Ignore
	69	} elsif ($ThisLine =~ /pam_unix$sudo:session$: session (opened\|closed) for user \S+/) {
	70	# handled in pam_unix
	71	} elsif ($ThisLine =~ /pam_unix$sudo:auth$: auth could not identify password for/) {
	72	# handled in pam_unix
	73	} elsif ($ThisLine =~ /(.+): conversation failed/) {
	74	$ConFailed{$1}++;
63	75	} elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s(\S+) : (.; )?TTY=(\S+) ; PWD=(.?) ; USER=(\S+) ; COMMAND=(\S+)( ?.)/) {
64	76	push @{$byUser{$user}{$euser}}, [$error . $cmd,$args, $dir, $tty];
65	77	$byUserSum{$user}{$euser}{$cmd} += 1;
66	78	} elsif ( ($user,$euser) = $ThisLine =~ /^\s*(\S+) : no passwd entry for (\S+)\!$/) {
67	79	push @{$byUser{$user}{$euser . " (No such user)"}}, ["No password entry"];
	80	} elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*\S+ : $command continued$/) {
	81	$contlines++;
68	82	} else {
69	83	chomp($ThisLine);
70	84	$OtherList{$ThisLine}++;

72	86	}
73	87
74	88	foreach my $user (sort keys %byUser) {
75		print "\n" . "=" x 78 . "\n";
76	89	foreach my $euser (sort keys %{$byUser{$user}}) {
77	90	print "\n$user => $euser\n", "-" x length("$user => $euser"), "\n";
78	91	foreach my $cmd (sort keys %{$byUserSum{$user}{$euser}}) {
79	92	if ($Detail < 10 && $CmdsThresh <= $byUserSum{$user}{$euser}{$cmd}) {
80		print "$cmd - $byUserSum{$user}{$euser}{$cmd} Times.\n";
	93	printf "%-30s - %3i Time(s).\n", $cmd, $byUserSum{$user}{$euser}{$cmd};
81	94	} # if $Detail < 10
82	95	} # foreach $gcmd
83	96	foreach my $row (@{$byUser{$user}{$euser}}) {

92	105	$ttydetail = "($tty) " if $Detail >= 30;
93	106	print "\t$ttydetail$dir\n";
94	107	} # if $Detail >= 20
	108	$argsprinted=1;
95	109	} # if $Detail >= 10
96	110	} # foreach $row
97	111	} # foreach $euser
98	112	} # foreach $user
99	113
	114	if (keys %ConFailed) {
	115	print "\nConversation failed with:";
	116	print "\n-------------------------";
	117	foreach my $conv (sort keys %ConFailed) {
	118	printf "\n%-30s - %3i Time(s)", $conv, $ConFailed{$conv};
	119	}
	120	print "\n";
	121	}
	122
	123	if($contlines && $argsprinted) {
	124	print "\nThe argument list of some of above commands might be incomplete\n";
	125	}
100	126
101	127	if (keys %OtherList) {
102	128	print "\n\nUnmatched Entries";

107	133
108	134
109	135	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	136	# Local Variables:
	137	# mode: perl
	138	# perl-indent-level: 3
	139	# indent-tabs-mode: nil
	140	# End:

+386

-0

scripts/services/syslog-ng less more

	0	###########################################################################
	1	# $Id: syslog-ng,v 1.5.1.1 2011/01/06 21:32:01 general Exp $
	2	###########################################################################
	3
	4	###########################################################################
	5	# This was written and is maintained by:
	6	# Stefan Jakobs <logwatch at localside.net>
	7	#
	8	# Please send all comments, suggestions, bug reports,
	9	# etc, to logwatch at localside.net.
	10	###########################################################################
	11	# Copyright (c) 2008-2010 Stefan Jakobs
	12	# Covered under the included MIT/X-Consortium License:
	13	# http://www.opensource.org/licenses/mit-license.php
	14	# Permission is hereby granted, free of charge, to any person obtaining a
	15	# copy of this software and associated documentation files (the "Software"),
	16	# to deal in the Software without restriction, including without limitation
	17	# the rights to use, copy, modify, merge, publish, distribute, sublicense,
	18	# and/or sell copies of the Software, and to permit persons to whom the
	19	# Software is furnished to do so, subject to the following conditions:
	20	#
	21	# The above copyright notice and this permission notice shall be included
	22	# in all copies or substantial portions of the Software.
	23	#
	24	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	25	# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	26	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	27	# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
	28	# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
	29	# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	30	# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	31	###########################################################################
	32
	33	#use warnings;
	34	use strict;
	35
	36	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;
	37	my $Version = "1.2-20110106";
	38
	39	# initialize logwatch variables
	40	my $ThisLine = "";
	41	my %OtherList = ();
	42
	43	# initialize variables which save the stats
	44	my ($Starts,$Stops,$Reloads) = ( 0, 0, 0);
	45	my ($Perms,$FileOpenErrors) = ( 0, 0);
	46	my ($Drops, $BrokenConnsSum, $WriteErrsSum) = ( 0, 0, 0);
	47	my ($Exceed_Conns) = ( 0);
	48	my (%BrokenConns, %PermFiles, %OpenFiles) = ( (), (), ());
	49	my (%WriteErrs) = ();
	50	my (%Stats_center, %Stats_source, %Stats_dest) = ( (), (), ());
	51	my (%Stats_dropped, %Stats_supp, %Stats_global) = ( (), (), ());
	52	my (%Stats_dropped_net, %Stats_supp_net) = ( (), ());
	53	my (%Warnings) = ();
	54
	55	### Parse the lines ###
	56
	57	while (defined($ThisLine = <STDIN>)) {
	58	chomp($ThisLine);
	59
	60	#TD syslog-ng[2351]: New configuration initialized;
	61	if ($ThisLine =~ /^New configuration initialized/ ) {
	62	#ignore
	63	}
	64
	65	#TD syslog-ng[9754]: Changing permissions on special file /dev/xconsole
	66	elsif ($ThisLine =~ /^Changing permissions on special file ((\/[a-zA-Z0-9_]))$/) {
	67	%PermFiles = (%PermFiles, $1 => $PermFiles{$1}+1);
	68	$Perms++;
	69	}
	70
	71	#TD syslog-ng[9754]: Cannot open file /tmp/.adir/afile for writing (No such file or directory)
	72	elsif ($ThisLine =~ /^Cannot open file ((\/[a-zA-Z0-9_.])) .*/) {
	73	# $1 fq file name, $2 only filename
	74	%OpenFiles = (%OpenFiles, $1 => $OpenFiles{$1}+1);
	75	$FileOpenErrors++;
	76	}
	77
	78	#TD syslog-ng[9754]: SIGHUP received, restarting syslog-ng
	79	#TD syslog-ng[4027]: Configuration reload request received, reloading configuration;
	80	elsif ($ThisLine =~ /^SIGHUP received, restarting syslog-ng$/ \|\|
	81	$ThisLine =~ /^Configuration reload request received, reloading configuration;/) {
	82	$Reloads++;
	83	}
	84
	85	#TD syslog-ng[9754]: new configuration initialized
	86	elsif ($ThisLine =~ /^new configuration initialized$/) {
	87	# happens with reload, but it's not for extra accounting
	88	}
	89
	90	#TD syslog-ng[9754]: syslog-ng version 1.6.2 starting
	91	#TD syslog-ng[3956]: syslog-ng starting up; version='2.0.9'
	92	elsif ($ThisLine =~ /^syslog-ng version [\d.]+ starting$/ \|\|
	93	$ThisLine =~ /^syslog-ng starting up; version='[\d.]+'$/) {
	94	$Starts++;
	95	}
	96
	97	#TD syslog-ng[9754]: syslog-ng version 1.6.2 going down
	98	#TD syslog-ng[20043]: syslog-ng shutting down; version='2.0.9'
	99	elsif ($ThisLine =~ /^syslog-ng version [\d.]+ going down$/ \|\|
	100	$ThisLine =~ /^syslog-ng shutting down; version='[\d.]+'$/) {
	101	$Stops++;
	102	}
	103
	104	#TD syslog-ng[20043]: Termination requested via signal, terminating;
	105	elsif ($ThisLine =~ /^Termination requested via signal, terminating;/) {
	106	# happens with shutdown, but it's not for extra accounting
	107	}
	108
	109	# syslog-ng v1.X
	110	#TD syslog-ng[4833]: STATS: dropped 0
	111	elsif ($ThisLine =~ /^STATS: dropped ([0-9]*)$/) {
	112	if ($1 != 0) { $Drops = $Drops + $1; }
	113	}
	114
	115	#TD syslog-ng[4833]: Connection broken to AF_INET(XXX.YYY.ZZZ.AAA:BBB), reopening in 60 seconds
	116	elsif ($ThisLine =~ /^Connection broken to [A-Z_]$(([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]{1,5})$, reopening in [0-9] seconds$/) {
	117	$BrokenConns{$1}++;
	118	$BrokenConnsSum++;
	119	}
	120
	121	#TD syslog-ng[4869]: io.c: do_write: write() failed (errno 111), Connection refused
	122	elsif ($ThisLine =~ /^io\.c: do_write: write failed $errno ([\d]+)$/) {
	123	$WriteErrs{$1}++;
	124	$WriteErrsSum++;
	125	}
	126
	127	# Log statistics from syslog-ng v2.X
	128	#TD syslog-ng[4883]: Log statistics; dropped='program(/path/to/p)=12',
	129	# processed='center(queued)=1717', processed='center(received)=916', ...
	130	# suppressed='program(/path/to/p)=0'
	131	# Log statisctics from syslog-ng v3.X
	132	#TD syslog-ng[1625]: Log statistics; processed='destination(newsnotice)=0',
	133	# processed='center(queued)=0', processed='src.internal(src#0)=7',
	134	# stamp='src.internal(src#0)=1283808150', processed='global(msg_clones)=0', ...
	135	elsif ($ThisLine =~ /^Log statistics; /) {
	136	my @processed =
	137	$ThisLine =~ /processed='([a-z.])$(\S)$=([0-9]*)'/g;
	138	for (my $i=0; $i<@processed; $i=$i+3)
	139	{
	140	if ($processed[$i] eq "center") {
	141	$Stats_center{$processed[$i+1]} =
	142	$Stats_center{$processed[$i+1]} + $processed[$i+2];
	143	} elsif ($processed[$i] eq "destination") {
	144	$Stats_dest{$processed[$i+1]} =
	145	$Stats_dest{$processed[$i+1]} + $processed[$i+2];
	146	} elsif ($processed[$i] eq "source" \|\| $processed[$i] eq "src.internal") {
	147	$Stats_source{$processed[$i+1]} =
	148	$Stats_source{$processed[$i+1]} + $processed[$i+2];
	149	} elsif ($processed[$i] eq "global") {
	150	$Stats_global{$processed[$i+1]} =
	151	$Stats_global{$processed[$i+1]} + $processed[$i+2];
	152	} else { chomp($ThisLine); $OtherList{$ThisLine}++; }
	153	}
	154	my @dropped =
	155	$ThisLine =~ /dropped='([a-z])$(\S)$=([0-9]*)'/g;
	156	for (my $i=0; $i<@dropped; $i=$i+3)
	157	{
	158	if ($dropped[$i] eq "program" \|\| $dropped[$i] eq "pipe") {
	159	if ($dropped[$i+2] > 0) {
	160	$Stats_dropped{$dropped[$i+1]} =
	161	$Stats_dropped{$dropped[$i+1]} + $dropped[$i+2];
	162	}
	163	} elsif ($dropped[$i] eq "tcp" \|\| $dropped[$i] eq "udp") {
	164	if ($dropped[$i+2] > 0) {
	165	$Stats_dropped_net{$dropped[$i+1]} =
	166	$Stats_dropped_net{$dropped[$i+1]} + $dropped[$i+2];
	167	}
	168	} else { chomp($ThisLine); $OtherList{$ThisLine}++; }
	169	}
	170	my @suppressed =
	171	$ThisLine =~ /suppressed='([a-z])$(\S)$=([0-9]*)'/g;
	172	for (my $i=0; $i<@suppressed; $i=$i+3)
	173	{
	174	if ($suppressed[$i] eq "program" \|\| $suppressed[$i] eq "pipe") {
	175	if ($suppressed[$i+2] > 0) {
	176	$Stats_supp{$suppressed[$i+1]} =
	177	$Stats_supp{$suppressed[$i+1]} + $suppressed[$i+2];
	178	}
	179	} elsif ($suppressed[$i] eq "tcp" \|\| $suppressed[$i] eq "udp") {
	180	if ($suppressed[$i+2] > 0) {
	181	$Stats_supp_net{$suppressed[$i+1]} =
	182	$Stats_supp_net{$suppressed[$i+1]} + $suppressed[$i+2];
	183	}
	184	} else { chomp($ThisLine); $OtherList{$ThisLine}++; }
	185	}
	186	}
	187
	188	# syslog-ng v2.X
	189	#TD syslog-ng[1796]: Number of allowed concurrent connections exceeded; num='10', max='10'
	190	elsif ($ThisLine =~ /^Number of allowed concurrent connections exceeded/) {
	191	$Exceed_Conns++;
	192	}
	193
	194	# syslog-ng v3.X
	195	#TD syslog-ng[1601]: WARNING: global: the default value of chain_hostnames is changing to
	196	# 'no' in version 3.0, please update your configuration accordingly;
	197	#TD syslog-ng[1601]: WARNING: you are using the pipe driver, underlying file is not a
	198	# FIFO, it should be used by file(); filename='/dev/tty10'
	199	elsif ($ThisLine =~ /^WARNING: (.*)$/) {
	200	$Warnings{$1}++;
	201	}
	202	# syslog-nb v3.X
	203	#TD syslog-ng[1601]: Configuration file has no version number, assuming ...
	204	elsif ($ThisLine =~ /(Configuration file has no version number)/) {
	205	$Warnings{$1}++;
	206	}
	207
	208	else {
	209	# Report any unmatched entries...
	210	chomp($ThisLine);
	211	$OtherList{$ThisLine}++;
	212	}
	213	}
	214
	215	### generate the output ###
	216
	217	if ($Starts) {
	218	printf "\nSyslog-ng started:\t\t%5i Time(s)", $Starts;
	219	}
	220
	221	if ($Stops) {
	222	printf "\nSyslog-ng stopped:\t\t%5i Time(s)", $Stops;
	223	}
	224
	225	if ($Reloads) {
	226	printf "\nSyslog-ng reloaded:\t\t%5i Time(s)", $Reloads;
	227	}
	228	if ($Starts \|\| $Stops \|\| $Reloads) { print "\n"; }
	229
	230	if ($Perms) {
	231	if ($Detail >= 5) {
	232	print "\nSyslog-ng changed the permission on the file(s):";
	233	foreach my $file (keys %PermFiles) {
	234	printf "\n\t$file\t\t%5i Time(s)", $PermFiles{$file};
	235	}
	236	print "\n";
	237	} else {
	238	print "\nSyslog-ng changed $Perms time(s) permission on file(s)\n";
	239	}
	240	}
	241
	242	if ($FileOpenErrors) {
	243	if ($Detail >= 5) {
	244	print "\nSyslog-ng could not open the file(s):";
	245	foreach my $file (keys %OpenFiles) {
	246	printf "\n\t$file\t\t%5i Time(s)", $OpenFiles{$file};
	247	}
	248	print "\n";
	249	} else {
	250	printf "\nSyslog-ng could not open file:\t%5i Time(s)", $FileOpenErrors;
	251	}
	252	}
	253
	254	if (keys %BrokenConns) {
	255	if ($Detail >= 5) {
	256	print "\nBroken connection(s) to:";
	257	foreach my $IP (keys %BrokenConns) {
	258	printf "\n\t%-21s\t%5i Time(s)", $IP, $BrokenConns{$IP};
	259	}
	260	print "\n";
	261	} else {
	262	printf "\nBroken connection(s):\t\t%5i Time(s)\n", $BrokenConnsSum;
	263	}
	264	}
	265
	266	if (keys %WriteErrs) {
	267	if ($Detail >= 5) {
	268	print "\nWrite Error(s):";
	269	foreach my $err (keys %WriteErrs) {
	270	printf "\n\tError Number %3i:\t%5i Time(s)", $err, $WriteErrs{$err};
	271	}
	272	print "\n";
	273	} else {
	274	printf "\nWrite Error(s): \t\t%5i Time(s)\n", $WriteErrsSum;
	275	}
	276	}
	277
	278	if ($Exceed_Conns && $Detail >= 5) {
	279	printf "\nConcurrent Connections Exceeded:%3i Time(s)\n", $Exceed_Conns;
	280	}
	281
	282	if (keys %Stats_center \|\| keys %Stats_dest \|\| keys %Stats_source \|\|
	283	keys %Stats_dropped \|\| keys %Stats_supp \|\| keys %Stats_global ) {
	284	my ($lost_rcvd, $lost_dest) = ( 0, 0);
	285
	286	if ($Stats_center{received} && %Stats_source) {
	287	$lost_rcvd = 0 - $Stats_center{received};
	288	map { $lost_rcvd = $lost_rcvd + $Stats_source{$_} } keys %Stats_source;
	289	}
	290	if ($Stats_center{queued} && %Stats_dest) {
	291	$lost_dest = $Stats_center{queued};
	292	map { $lost_dest = $lost_dest - $Stats_dest{$_} } keys %Stats_dest;
	293	}
	294
	295	if ($Detail >= 6) { print "\nLog Statistics:"; }
	296	if ($lost_rcvd != 0 \|\| $lost_dest != 0) {
	297	if ($lost_rcvd != 0) {
	298	if ($Detail >= 5) {
	299	print "\n- Failed to receive $lost_rcvd message(s)!";
	300	}
	301	}
	302	if ($lost_dest != 0) {
	303	if ($Detail >= 5 ) {
	304	print "\n- Failed to save $lost_dest message(s) in logfile(s)!";
	305	} else { $Drops = $Drops + $lost_dest; }
	306	}
	307	if ($Detail >= 5) { print "\n"; }
	308	}
	309
	310	if ($Detail >= 6) {
	311	if (keys %Stats_center) {
	312	print "\nCenter:";
	313	foreach my $center (sort {$a cmp $b} keys %Stats_center) {
	314	printf "\n\t%-30s %12i", $center, $Stats_center{$center};
	315	}
	316	}
	317	if (keys %Stats_dest) {
	318	print "\nDestination:";
	319	foreach my $dest (sort {$a cmp $b} keys %Stats_dest) {
	320	printf "\n\t%-30s %12i", $dest, $Stats_dest{$dest};
	321	}
	322	}
	323	if (keys %Stats_source) {
	324	print "\nSource:";
	325	foreach my $source (sort {$a cmp $b} keys %Stats_source) {
	326	printf "\n\t%-30s %12i", $source, $Stats_source{$source};
	327	}
	328	}
	329	if (keys %Stats_supp) {
	330	print "\nSuppressed:";
	331	foreach my $source (sort {$a cmp $b} keys %Stats_supp) {
	332	printf "\n\t%-30s %12i", $source, $Stats_supp{$source};
	333	}
	334	}
	335	if (keys %Stats_supp_net) {
	336	print "\nSuppressed(net):";
	337	foreach my $source (sort {$a cmp $b} keys %Stats_supp_net) {
	338	printf "\n\t%-30s %12i", $source, $Stats_supp_net{$source};
	339	}
	340	}
	341	if (keys %Stats_dropped) {
	342	print "\nDropped:";
	343	foreach my $source (sort {$a cmp $b} keys %Stats_dropped) {
	344	printf "\n\t%-30s %12i", $source, $Stats_dropped{$source};
	345	}
	346	}
	347	if (keys %Stats_dropped_net) {
	348	print "\nDropped(net):";
	349	foreach my $source (sort {$a cmp $b} keys %Stats_dropped_net) {
	350	printf "\n\t%-30s %12i", $source, $Stats_dropped_net{$source};
	351	}
	352	}
	353	if (keys %Stats_global) {
	354	print "\nGlobal:";
	355	foreach my $source (sort {$a cmp $b} keys %Stats_global) {
	356	printf "\n\t%-30s %12i", $source, $Stats_global{$source};
	357	}
	358	}
	359	print "\n";
	360	}
	361	}
	362
	363	if ($Drops) {
	364	print "\nSyslog-ng dropped " . $Drops ." line(s)\n";
	365	}
	366
	367	if (keys %Warnings) {
	368	print "\nWarnings:\n";
	369	foreach my $warning (keys %Warnings) {
	370	print " $warning : $Warnings{$warning} Time(s)\n";
	371	}
	372	}
	373
	374	if (keys %OtherList) {
	375	print "\n** Unmatched entries **\n";
	376	foreach my $Error (keys %OtherList) {
	377	print " $Error : $OtherList{$Error} Time(s)\n";
	378	}
	379	}
	380
	381	### return without a failure ###
	382	exit(0);
	383
	384	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	385

+6

-2

scripts/services/syslogd less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

58	58	exit(0);
59	59
60	60	# vi: shiftwidth=3 tabstop=3 syntax=perl et
61
	61	# Local Variables:
	62	# mode: perl
	63	# perl-indent-level: 3
	64	# indent-tabs-mode: nil
	65	# End:

+6

-2

scripts/services/tac_acc less more

21	21	## Logwatch project reserves the right to not accept such
22	22	## contributions. If you have made significant
23	23	## contributions to this script and want to claim
24		## copyright please contact logwatch-devel@logwatch.org.
	24	## copyright please contact logwatch-devel@lists.sourceforge.net.
25	25	#########################################################
26	26
27	27	my ($ThisLine, @fields, %activity, %isdn, @OtherList);

111	111	exit(0);
112	112
113	113	# vi: shiftwidth=3 tabstop=3 syntax=perl et
114
	114	# Local Variables:
	115	# mode: perl
	116	# perl-indent-level: 3
	117	# indent-tabs-mode: nil
	118	# End:

+10

-5

scripts/services/up2date less more

23	23	## Logwatch project reserves the right to not accept such
24	24	## contributions. If you have made significant
25	25	## contributions to this script and want to claim
26		## copyright please contact logwatch-devel@logwatch.org.
	26	## copyright please contact logwatch-devel@lists.sourceforge.net.
27	27	#########################################################
28	28
29	29	$Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;

40	40	$DebugCounter++;
41	41	}
42	42	if ( ( $ThisLine =~ /^updating login info$/ ) or
	43	( $ThisLine =~ /^updateLoginInfo login info$/ ) or
43	44	( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or
44		( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or
	45	( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or
45	46	( $ThisLine =~ /^(getA\|a)vailablePackageList from network$/ ) or
46	47	( $ThisLine =~ /^getAdvisoryInfo for / ) or
47	48	( $ThisLine =~ /^logging into up2date server$/ ) or

66	67	( $ThisLine =~ /rhn_register logging into up2date server/) or
67	68	( $ThisLine =~ /rhn_register successfully retrieved authentication token from up2date server/) or
68	69	( $ThisLine =~ /rhn_register An exception was raised causing login to fail. This is usually correct. Exception information:/) or
69		( $ThisLine =~ /^Running elilo with the new configuration/) ) {
70
	70	( $ThisLine =~ /^Running elilo with the new configuration/) ) {
	71
71	72	# We don't care about these
72	73	} elsif ( $ThisLine =~ s/^installing packages: ([^ ]+)/$1/ ) {
73	74	$PackageInstalled{$ThisLine}++;

114	115	exit(0);
115	116
116	117	# vi: shiftwidth=3 tabstop=3 syntax=perl et
117
	118	# Local Variables:
	119	# mode: perl
	120	# perl-indent-level: 3
	121	# indent-tabs-mode: nil
	122	# End:

+6

-2

scripts/services/vpopmail less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

94	94	exit(0);
95	95
96	96	# vi: shiftwidth=3 tabstop=3 syntax=perl et
97
	97	# Local Variables:
	98	# mode: perl
	99	# perl-indent-level: 3
	100	# indent-tabs-mode: nil
	101	# End:

+63

-10

scripts/services/vsftpd less more

10	10	## Logwatch project reserves the right to not accept such
11	11	## contributions. If you have made significant
12	12	## contributions to this script and want to claim
13		## copyright please contact logwatch-devel@logwatch.org.
	13	## copyright please contact logwatch-devel@lists.sourceforge.net.
14	14	#########################################################
15	15
16	16	# added $SearchDate to deal with xferlog format - see below

21	21	$IgnoreUnmatched = $ENV{'vsftpd_ignore_unmatched'};
22	22	$TotalBytesOut = 0;
23	23	$TotalBytesIn = 0;
	24	$TotalDeleted = 0;
	25	$TotalCreatedDirs = 0;
	26	$TotalRemovedDirs = 0;
	27
24	28
25	29	while (defined($ThisLine = <STDIN>)) {
26	30	if ( ( $ThisLine =~ /CONNECT/ ) or
27		( $ThisLine =~ /[OK\|FAIL] RMDIR/ ) or
	31	( $ThisLine =~ /[OK\|FAIL] RENAME/ ) or
28	32	( $ThisLine =~ /[OK\|FAIL] CHMOD/ ) or
29		( $ThisLine =~ /[OK\|FAIL] DELETE/ ) or
30		( $ThisLine =~ /MKDIR/ ) )
	33	( $ThisLine =~ /authentication failure/ )
	34	)
31	35	{ # We don't care about these
32	36	} elsif ( ($IP,$Email) = ( $ThisLine =~ /OK LOGIN: Client \"(.)\", anon password \"(.)\"$/ ) ) {
33	37	$Temp = " (" . $IP . "): " . $Email . " - ";

36	40	$Temp = " (" . $IP . "): " . $User . " - ";
37	41	$UserLogins{$Temp}++;
38	42	} elsif ( ($PID,$User,$IP) = ( $ThisLine =~ /\[(.)\] \[(.)\] FAIL LOGIN: Client \"(.*)\"$/ ) ) {
39		$Temp = " (" . $IP . "): " . $User . " - ";
	43	$Temp = " (" . $IP . "): " . $User . " - ";
40	44	$FailedLogins{$Temp}++;
41	45	} elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.)\] \[(.)\] OK UPLOAD: Client \"(.)\", \"(.)\", (?:(\d+) bytes)?/ ) ) {
42	46	$Temp = " " . $FileName . " <- " . $IP . " (User: " . $User . ")\n";

54	58	$Temp = " " . $FileName . " -> " . $IP . " (User: " . $User . ")\n";
55	59	$TotalBytesOut+= $FileSize;
56	60	push @FailedDownloadedFiles,$Temp;
57		} elsif ( ($Date, $IP,$FileSize,$FileName,$Direction,$AccessMode,$User) =
	61	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] OK DELETE: Client \"(.)\", \"(.)\"/ ) ) {
	62	$Temp = " " . $FileName . " >< " . $IP . " (User: " . $User . ")\n";
	63	$TotalDeleted++;
	64	push @DeletedFiles,$Temp;
	65	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] FAIL DELETE: Client \"(.)\", \"(.)\"/ ) ) {
	66	$Temp = " " . $FileName . " <> " . $IP . " (User: " . $User . ")\n";
	67	push @FailedDeletedFiles,$Temp;
	68	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] OK MKDIR: Client \"(.)\", \"(.)\"/ ) ) {
	69	$Temp = " " . $FileName . " <- " . $IP . " (User: " . $User . ")\n";
	70	$TotalCreatedDirs++;
	71	push @CreatedDirs,$Temp;
	72	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] FAIL MKDIR: Client \"(.)\", \"(.)\"/ ) ) {
	73	$Temp = " " . $FileName . " xx " . $IP . " (User: " . $User . ")\n";
	74	push @FailedCreatedDirs,$Temp;
	75	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] OK RMDIR: Client \"(.)\", \"(.)\"/ ) ) {
	76	$Temp = " " . $FileName . " >< " . $IP . " (User: " . $User . ")\n";
	77	$TotalRemovedDirs++;
	78	push @RemovedDirs,$Temp;
	79	} elsif ( ($PID,$User,$IP,$FileName) = ( $ThisLine =~ /\[(.)\] \[(.)\] FAIL RMDIR: Client \"(.)\", \"(.)\"/ ) ) {
	80	$Temp = " " . $FileName . " <> " . $IP . " (User: " . $User . ")\n";
	81	push @FailedRemovedDirs,$Temp;
	82	} elsif ( ($Date, $IP,$FileSize,$FileName,$Direction,$AccessMode,$User) =
58	83	( $ThisLine =~ /^(... ... .. ..:..:.. ....) \d+ ([^ ]+) (\d+) (.) . . (.) (.) (.) ftp . .*$/ ) ) {
59	84	# Handle xferlog format entries too...
60	85	# It appears that older versions of vsftpd would write to vsftpd.log with the xferlog format.

134	159	print "\nTOTAL KB OUT: " . $TotalKBytesOut . "KB (" . $TotalMBytesOut . "MB)\n";
135	160	}
136	161
137		if ( (@DeletedFiles) ) {
138		print "\nDeleted Files:\n";
139		print @DeletedFiles;
	162	if ( $Detail > 5 ) {
	163	if ( $#DeletedFiles >= 0 ) {
	164	print "\nDeleted Files: (Total: $TotalDeleted)\n";
	165	print @DeletedFiles;
	166	}
	167	if ( $#FailedDeletedFiles >= 0) {
	168	print "\n Failed Deleted\n";
	169	print @FailedDeletedFiles;
	170	}
	171
	172	if ( $#CreatedDirs >= 0 ) {
	173	print "\nCreated Directories: (Total: $TotalCreatedDirs)\n";
	174	print @CreatedDirs;
	175	}
	176	if ( $#FailedCreatedDirs >= 0) {
	177	print "\n Failed to create Directories\n";
	178	print @FailedCreatedFiles;
	179	}
	180
	181	if ( $#RemovedDirs >= 0 ) {
	182	print "\nRemoved Directories: (Total: $TotalRemovedDirs)\n";
	183	print @RemovedDirs;
	184	}
	185	if ( $#FailedRemovedDirs >= 0) {
	186	print "\n Failed to remove Directories\n";
	187	print @FailedRemovedFiles;
	188	}
140	189	}
141	190
142	191	if (($#OtherList >= 0) and (not $IgnoreUnmatched)){

147	196	exit(0);
148	197
149	198	# vi: shiftwidth=3 tabstop=3 syntax=perl et
150
	199	# Local Variables:
	200	# mode: perl
	201	# perl-indent-level: 3
	202	# indent-tabs-mode: nil
	203	# End:

+22

-17

scripts/services/windows less more

14	14	# Initial commit. Files submitted by William Roumier.
15	15	#
16	16	##########################################################################
17		# This is a logwatch script that looks at a log file composed of windows auth
18		# security logs counts the number of times a user failed to login and
	17	# This is a logwatch script that looks at a log file composed of windows auth
	18	# security logs counts the number of times a user failed to login and
19	19	# optionally the number times they succesfully logged in and some other account
20	20	# creation/modification audits.
21	21	#

37	37	## Logwatch project reserves the right to not accept such
38	38	## contributions. If you have made significant
39	39	## contributions to this script and want to claim
40		## copyright please contact logwatch-devel@logwatch.org.
	40	## copyright please contact logwatch-devel@lists.sourceforge.net.
41	41	#########################################################
42	42
43	43	use lib "/usr/share/logwatch/lib";

47	47
48	48	my ($month, $day, $time, $host, $process, $eventid, $msg);
49	49
50		# Loop through the given input and parse it first to make sure we need to,
	50	# Loop through the given input and parse it first to make sure we need to,
51	51	# then to sort it into various categories.
52	52	while (defined($line = <STDIN>)) {
53	53

120	120	$loginSuccess{$2}{$5}++;
121	121	}
122	122	}
123
	123
124	124	elsif ($eventid == 517) { # Audit log was cleared.
125	125	$msg =~ /Primary User Name:\s(\S+)\s+.Client User Name:\s*(\S+)/;
126	126	# print "DEBUG Audit log cleared: host:$host primary:$1 client:$2\n";
127	127	$auditLogCleared{$host}{$1}{$2}++;
128	128	}
129
	129
130	130	elsif ($eventid == 608) { # User Right Assigned
131	131	$msg =~ /User Right:\s(\S+)\s+Assigned To:\s(\S+)\s+Assigned By:\s+User Name:\s*(\S+)/;
132	132	# print "DEBUG Rights Added: right:$1 to:$2 by:$3\n";

143	143	# print "DEBUG New Trusted Domain: domain:$2 user:$3 host:$host\n";
144	144	$newDomainTrust{$host}{$2}{$3}++;
145	145	}
146		elsif ($eventid == 611) { # Removing Trusted Domain
	146	elsif ($eventid == 611) { # Removing Trusted Domain
147	147	$msg =~ /Removing Trusted Domain\s+Domain( Name)?:\s(\S+)\s+.Established By:\s+User Name:\s*(\S+)/;
148	148	# print "DEBUG New Trusted Domain: domain:$2 user:$3 host:$host\n";
149	149	$rmDomainTrust{$host}{$2}{$3}++;

156	156	}
157	157
158	158	# Group all account types together - should be clear what's what.
159		elsif ($eventid == 624 \|\| $eventid == 631 \|\| $eventid == 635 \|\| $eventid == 645
	159	elsif ($eventid == 624 \|\| $eventid == 631 \|\| $eventid == 635 \|\| $eventid == 645
160	160	\|\| $eventid == 653 \|\| $eventid == 658 \|\| $eventid == 663) { # Account Created
161	161
162	162	$msg =~ /New Account Name:\s(\S+)\s+.Caller User Name:\s*(\S+)/;

183	183	# print "DEBUG User Account password set: $1 by $2 on $host\n";
184	184	$passwordSet{$host}{$2}{$1}++;
185	185	}
186		elsif ($eventid == 630 \|\| $eventid == 634 \|\| $eventid == 638 \|\| $eventid == 647
	186	elsif ($eventid == 630 \|\| $eventid == 634 \|\| $eventid == 638 \|\| $eventid == 647
187	187	\|\| $eventid == 652 \|\| $eventid == 657 \|\| $eventid == 662 \|\| $eventid == 667) { # User Account Deleted
188	188
189	189	$msg =~ /Target Account Name:\s(\S+)\s+.+Caller User Name:\s(\S+)/;

192	192	}
193	193
194	194	# Note: This doesn't distinguish between Global and Local Groups
195		elsif ($eventid == 632 \|\| $eventid == 636 \|\| $eventid == 650 \|\| $eventid == 655
	195	elsif ($eventid == 632 \|\| $eventid == 636 \|\| $eventid == 650 \|\| $eventid == 655
196	196	\|\| $eventid == 660 \|\| $eventid == 665) { # Group Member Added
197	197
198	198	$msg =~ /Member Name:\s(\S+)\s+.+Target Account Name:\s(\S+)\s+.+Caller User Name:\s*(\S+)/;
199	199	# print "DEBUG Group Member Added: $1 to $2 by $3 on $host\n";
200	200	$groupMemberAdded{$host}{$2}{$3}{$1}++;
201	201	}
202		elsif ($eventid == 633 \|\| $eventid == 637 \|\| $eventid == 651 \|\| $eventid == 656
	202	elsif ($eventid == 633 \|\| $eventid == 637 \|\| $eventid == 651 \|\| $eventid == 656
203	203	\|\| $eventid == 661 \|\| $eventid == 666) { # Group Member Removed
204	204
205	205	$msg =~ /Member Name:\s(\S+)\s+.+Target Account Name:\s(\S+)\s+.+Caller User Name:\s*(\S+)/;
206		#print "DEBUG Group Member Removed: $1 to $2 by $3 on $host\n";
	206	#print "DEBUG Group Member Removed: $1 to $2 by $3 on $host\n";
207	207	$groupMemberRemoved{$host}{$2}{$3}{$1}++;
208	208	}
209		elsif ($eventid == 639 \|\| $eventid == 641 \|\| $eventid == 642 \|\| $eventid == 646 \|\| $eventid == 649
	209	elsif ($eventid == 639 \|\| $eventid == 641 \|\| $eventid == 642 \|\| $eventid == 646 \|\| $eventid == 649
210	210	\|\| $eventid == 654 \|\| $eventid == 659 \|\| $eventid == 664 \|\| $eventid == 668) { # Account Changed
211	211
212	212	$msg =~ /Target Account Name:\s(\S+)\s+.+Caller User Name:\s(\S+)/;
213	213	#print "DEBUG Account Changed: $1 by $2 on $host\n";
214	214	$accountChanged{$host}{$2}{$1}++;
215	215	}
216
	216
217	217	elsif ($eventid == 643) { # Domain Policy Changed
218	218	$msg =~ /Domain Policy Changed:\s(.+) modified.+Caller User Name:\s(\S+)/;
219		#print "DEBUG Domain Policy Changed: $2 on $host to $1\n";
	219	#print "DEBUG Domain Policy Changed: $2 on $host to $1\n";
220	220	$domainPolicyChanged{$host}{$2}{$1}++;
221	221	}
222	222
223	223	elsif ($detail > 5 && $eventid == 672) { # Authentication Ticket Granted
224	224	$msg =~ /User Name:\s(\S+)\s+.+Service Name:\s(\S+)\s+.+Client Address:\s*(\S+)/;
225		#print "DEBUG TGT Granted to $1 for $2 from $3\n";
	225	#print "DEBUG TGT Granted to $1 for $2 from $3\n";
226	226	$tgtGranted{$host}{$1}{$2}{$3}++;
227	227	}
228	228	elsif ($detail > 5 && $eventid == 673) { # Service Ticket Granted

339	339	if (keys %accountChanged) {
340	340	printLevel3("Account Changed by Host, Modifier, Account", \%accountChanged);
341	341	}
342
	342
343	343	if (keys %domainPolicyChanged) {
344	344	printLevel3("Domain Policy Changed by Host, Modifier, Change", \%domainPolicyChanged);
345	345	}

431	431	exit(0);
432	432
433	433	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	434	# Local Variables:
	435	# mode: perl
	436	# perl-indent-level: 3
	437	# indent-tabs-mode: nil
	438	# End:

+40

-8

scripts/services/xntpd less more

2	2	# $Id: xntpd,v 1.22 2008/06/30 23:07:51 kirk Exp $
3	3	##########################################################################
4	4	# $Log: xntpd,v $
	5	# Revision 1.23 2010/05/05 12:30:51 stefan
	6	# added: Operation not permitted, fixed: typo in Errors
	7	#
5	8	# Revision 1.22 2008/06/30 23:07:51 kirk
6	9	# fixed copyright holders for files where I know who they should be
7	10	#

97	100	## Logwatch project reserves the right to not accept such
98	101	## contributions. If you have made significant
99	102	## contributions to this script and want to claim
100		## copyright please contact logwatch-devel@logwatch.org.
	103	## copyright please contact logwatch-devel@lists.sourceforge.net.
101	104	#########################################################
102	105
103	106	use strict;

112	115	my $SyncLost = 0;
113	116	my (@TimeReset,%Interfaces,%Syncs,%TwoInst,%Errors,%OtherList);
114	117	my %ConfErrs;
	118	my %Operations;
115	119
116	120	# No sense in running if 'xntpd' doesn't even exist on this system...
117		unless (( -f "/usr/sbin/ntpd" ) or ( -f "/usr/local/sbin/ntpd") or ( -f "/usr/lib/inet/xntpd")) {
	121	unless (( -f "/usr/sbin/ntpd" ) or ( -f "/usr/local/sbin/ntpd") or ( -f "/usr/lib/inet/xntpd") or ( -f "/usr/lib/inet/ntpd" ) ) {
118	122	if ( $Debug >= 5 ) {
119	123	print STDERR "\n\nDEBUG: Exiting XNTPD Filter - no ntpd binary on system\n\n";
120	124	}

133	137	$DebugCounter++;
134	138	}
135	139	chomp($ThisLine);
136		if (
	140	if (
137	141	($ThisLine =~ m/tickadj = /) or # startup
138	142	($ThisLine =~ m/precision = /) or # startup
139	143	($ThisLine =~ m/ (succeeded\|failed)/) or # startup

141	145	($ThisLine =~ m/kernel time sync (dis\|en)abled /) or # startup
142	146	($ThisLine =~ m/frequency initialized/) or # startup
143	147	($ThisLine =~ m/using kernel phase-lock loop/) or # startup
	148	($ThisLine =~ m/0\.0\.0\.0 [[:xdigit:]]{4} [[:xdigit:]]{2} /) or # startup
144	149	($ThisLine =~ m/select([^\)]) error: Interrupted system call/) or
145	150	($ThisLine =~ m/signal_no_reset: signal \d+ had flags \d+/) or
146	151	($ThisLine =~ /Deleting interface \#[0-9]+ [^,], [^,], interface stats: received=., sent=., dropped=., active_time=. secs/) or
147	152	($ThisLine =~ /Invalid argument/) or
148		($ThisLine =~ /Listening on interface .* Disabled/)
	153	($ThisLine =~ /Listening on interface .* Disabled/) or
	154	($ThisLine =~ /Listen and drop on /) or
	155	($ThisLine =~ /Listening on routing socket on/) or
	156	($ThisLine =~ /ntp_io: estimated max descriptors: \d, initial socket boundary: \d/) or
	157	($ThisLine =~ /peers refreshed$/) or
	158	($ThisLine =~ /restrict: error in address/) or
	159	($ThisLine =~ /syntax error in .+ line \d+, column \d+$/)
149	160	) {
150	161	# Ignore these
151	162	} elsif ($ThisLine =~ m/ntpd [\d\-\.\w@]+ ... ... .. ..:..:.. /) {

158	169	push @TimeReset, $TimeStep;
159	170	} elsif ( my (undef,$TimeStep) = ($ThisLine =~ /(step\|adjust) time server [^ ]+ offset ([^ ]+) sec$/ )) {
160	171	push @TimeReset, $TimeStep;
161		} elsif ( my ($TimeStep) = ($ThisLine =~ /adjusting local clock by ([^ ]+)s $/ )) {
	172	} elsif ( my ($TimeStep) = ($ThisLine =~ /adjusting local clock by ([^ ]+)s$/ )) {
162	173	# Jacob Joseph (12/8/06)
163	174	push @TimeReset, $TimeStep;
164	175	# MEv start no leadin to line

166	177	push @TimeReset, $TimeStep;
167	178	# MEv end no leadin to line
168	179	} elsif ( my ($ListenOn) = ($ThisLine =~ /Listening on interface (.*)(?: Enabled)?/ )) {
	180	$Interfaces{$ListenOn}++;
	181	} elsif ( my ($ListenOn) = ($ThisLine =~ /Listen normally on \d+ (.*)/ )) {
169	182	$Interfaces{$ListenOn}++;
170	183	} elsif ( my ($SyncTo,$Stratum) = ($ThisLine =~ /synchronized to ([^ ]+), stratum[ =]([^ ]+)/ )) {
171	184	my $name = $SyncTo;

192	205	$Errors{$Error}++;
193	206	} elsif ( my ($ConfErr) = ($ThisLine =~ /configure: (keyword "[^"]*" unknown, line ignored)/ )) {
194	207	$ConfErrs{$ConfErr}++;
	208	} elsif ( my ($ConfErr) = ($ThisLine =~ /line \d+ column \d+ syntax error, (.+)$/ )) {
	209	$ConfErrs{$ConfErr}++;
	210	} elsif ( my ($StepTime) = ($ThisLine =~ /(.*:) Operation not permitted/) ) {
	211	$Operations{$StepTime}++
195	212	} else {
196	213	# Report any unmatched entries...
197	214	$OtherList{$ThisLine} += 1;

226	243	print "\nListening on interfaces:\n" if ($Detail > 5);
227	244	foreach my $i (keys %Interfaces) {
228	245	print " $i - $Interfaces{$i} times\n" if ($Detail > 5);
229		unless ($i =~ m/^(wildcard\|lo)/) {
	246	unless ($i =~ m/^(wildcard\|v[46]wildcard\|lo)/) {
230	247	$lt++;
231	248	}
232	249	$t++;
233	250	}
234		print "\nTotal interfaces $t (non-local: $lt)\n";
	251	print "\nTotal interfaces: $t (non-local: $lt)\n";
235	252	}
236	253
237	254	if (keys %Syncs) {

259	276	}
260	277
261	278	if (keys %ConfErrs) {
262		print "\n Errors in configuration file\n";
	279	print "\nErrors in configuration file:\n";
263	280	foreach my $k (keys %ConfErrs) {
264	281	print " $k ". $ConfErrs{$k} . " time(s)\n";
265	282	}
	283	}
	284
	285	if (keys %Operations) {
	286	print "\nOperations not permitted\n";
	287	foreach my $o (keys %Operations) {
	288	print " $o ". $Operations{$o} . " time(s)\n";
	289	}
	290	print "\n The clock on a VPS is inherited from the clock on the\n";
	291	print " hardware node, therefore the ntp-service must be run on\n";
	292	print " the hardware node, and not the VPS.\n";
266	293	}
267	294
268	295	if (keys %OtherList) {

273	300	exit(0);
274	301
275	302	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	303	# Local Variables:
	304	# mode: perl
	305	# perl-indent-level: 3
	306	# indent-tabs-mode: nil
	307	# End:

+7

-3

scripts/services/yum less more

2	2	##########################################################################
3	3	########################################################
4	4	# Please send all comments, suggestions, bug reports,
5		# etc, to logwatch-devel@logwatch.org.
	5	# etc, to logwatch-devel@lists.sourceforge.net.
6	6	########################################################
7	7
8	8	#######################################################

18	18	## Logwatch project reserves the right to not accept such
19	19	## contributions. If you have made significant
20	20	## contributions to this script and want to claim
21		## copyright please contact logwatch-devel@logwatch.org.
	21	## copyright please contact logwatch-devel@lists.sourceforge.net.
22	22	#########################################################
23	23
24	24	$Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;

81	81	exit(0);
82	82
83	83	# vi: shiftwidth=3 tabstop=3 syntax=perl et
84
	84	# Local Variables:
	85	# mode: perl
	86	# perl-indent-level: 3
	87	# indent-tabs-mode: nil
	88	# End:

+8

-5

scripts/services/zz-disk_space less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	$\| = 1;

22	22	use POSIX qw(uname);
23	23
24	24	my (%Config);
25
26		$ENV{PRINTING} = "y";
27	25
28	26	my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
29	27	my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;

74	72	sub DirectorySizes
75	73	{
76	74	my $Dir = $_[0];
77		DirUsage($Dir.'/*');
	75	DirUsage($Dir.'/*');
78	76	}
79	77
80	78	sub HomeDirectorySizes

196	194	#Main
197	195
198	196	#Only show disk space "df" by default -mgt
199		DiskSpace();
	197	DiskSpace() if (($ENV{PRINTING} eq 'y') or $Detail);
200	198
201	199	if ( $show_disk_usage == 1 ) { DiskUsage(); }; #Turn on in zz-disk_space.conf
202	200

214	212	}
215	213
216	214	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	215	# Local Variables:
	216	# mode: perl
	217	# perl-indent-level: 3
	218	# indent-tabs-mode: nil
	219	# End:

+6

-2

scripts/services/zz-fortune less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	my $env = ( $ENV{'REAL_LANG'} ? "LANG=".$ENV{'REAL_LANG'}." " : "" ).

33	33	}
34	34
35	35	# vi: shiftwidth=3 tabstop=3 syntax=perl et
36
	36	# Local Variables:
	37	# mode: perl
	38	# perl-indent-level: 3
	39	# indent-tabs-mode: nil
	40	# End:

+76

-3

scripts/services/zz-network less more

34	34	## Logwatch project reserves the right to not accept such
35	35	## contributions. If you have made significant
36	36	## contributions to this script and want to claim
37		## copyright please contact logwatch-devel@logwatch.org.
	37	## copyright please contact logwatch-devel@lists.sourceforge.net.
38	38	#########################################################
39	39
40	40	$\| = 1;

151	151	close(SYSCTL) \|\| die "can't close $!";
152	152	}
153	153	}
	154
	155	elsif ($OSname eq "SunOS") {
	156	if ( ($release eq "5.10") \|\| ($release eq "5.11") ) {
	157
	158	if ( -f $pathto_routeadm)
	159	{
	160	open(FILE1, "$pathto_routeadm -p \|") \|\| die "can't open $!";
	161	while (<FILE1>)
	162	{
	163	if (/ipv(\d+)-forwarding .*default=(\S+) current=(\S+)/) {
	164	print "IPv$1 fowarding is $3 (normal state is $2)\n";
	165	}
	166	}
	167	close(FILE1) \|\| die "can't close $!";
	168	}
	169
	170	}
	171	}
	172
154	173	else
155	174	{
156	175	print "Unable to find routing information in your system.\n";

212	231	else
213	232	{
214	233
215		open(NET, "netstat -a \|") \|\| die "can't run netstat: $!";
	234	open(NET, "netstat -a -n \|") \|\| die "can't run netstat: $!";
216	235	while (<NET>)
217	236	{
218	237	if ($_ =~ /LISTEN/ ) {# grep LISTEN

259	278	system("netstat -i \| grep -v Kernel \| awk '$awkprog' ");
260	279	}
261	280	else {
262		open(NET, "netstat -i \|") \|\| die "can't run netstat: $!";
	281	my $netstat_cmd = "netstat -i";
	282	if ($OSname eq "SunOS") {
	283	$netstat_cmd .= " -a";
	284	}
	285	open(NET, "$netstat_cmd \|") \|\| die "can't run netstat: $!";
263	286	while (<NET>)
264	287	{
265	288	print $_;

370	393	close(NET) \|\| die "can't use $cmd_to_show_int: $!";
371	394
372	395	}
	396
	397	elsif ($OSname eq "SunOS") {
	398
	399	# Representative 'ifconfig -a' output from a local zone
	400	# (global zone is similar, but has the top-level lo0, in0, etc)
	401	# as well.
	402	#lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
	403	# inet 127.0.0.1 netmask ff000000
	404	#in0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
	405	# inet 192.168.1.31 netmask ffffff00 broadcast 192.168.1.255
	406	#local1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 4
	407	# inet 172.16.0.3 netmask fffffff8 broadcast 172.16.0.7
	408	#out0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
	409	# inet 184.105.220.67 netmask fffffff8 broadcast 184.105.220.71
	410	#lo0:1: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
	411	# inet6 ::1/128
	412
	413	# Run through twice; a single interface plumbed with both IPv4 and IPv6
	414	# can be listed separately, but shouldn't count as two interfaces
	415	foreach my $ip (qw( 4 6 )) {
	416	open(NET, "/usr/sbin/ifconfig -a$ip \|") \|\| die "can't run '/usr/sbin/ifconfig -a$ip': $!";
	417	while (<NET>)
	418	{
	419	if ($_ =~ /^(\w+\d+(?::\d+)?): flags=\d+<[^>]+> mtu (\d+)/) {
	420	($if_name, $mtu) = ($1, $2);
	421	if (! grep { $_ eq $if_name } (@ethernet_iface_list, @other_iface_list)) {
	422	# Not seen before; process it
	423	$total_iface++;
	424	if ($mtu == 1500) {
	425	# Guess that it's ethernet
	426	push @ethernet_iface_list, $if_name;
	427	push @short_ethernet_iface_list, $if_name;
	428	$total_ethernet_iface++;
	429	} else {
	430	push @other_iface_list, $if_name;
	431	push @short_other_iface_list, $if_name;
	432	$total_other_iface++;
	433	}
	434	}
	435	}
	436	}
	437	close(NET) \|\| die "can't use '/usr/sbin/ifconfig -a$ip': $!";
	438	}
	439
	440	}
373	441	else
374	442	{
375	443

419	487	}
420	488
421	489	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	490	# Local Variables:
	491	# mode: perl
	492	# perl-indent-level: 3
	493	# indent-tabs-mode: nil
	494	# End:

+6

-1

scripts/services/zz-runtime less more

26	26	## Logwatch project reserves the right to not accept such
27	27	## contributions. If you have made significant
28	28	## contributions to this script and want to claim
29		## copyright please contact logwatch-devel@logwatch.org.
	29	## copyright please contact logwatch-devel@lists.sourceforge.net.
30	30	#########################################################
31	31
32	32	my $uptime=`uptime`;

36	36	}
37	37
38	38	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	39	# Local Variables:
	40	# mode: perl
	41	# perl-indent-level: 3
	42	# indent-tabs-mode: nil
	43	# End:

+7

-2

scripts/services/zz-sys less more

34	34	## Logwatch project reserves the right to not accept such
35	35	## contributions. If you have made significant
36	36	## contributions to this script and want to claim
37		## copyright please contact logwatch-devel@logwatch.org.
	37	## copyright please contact logwatch-devel@lists.sourceforge.net.
38	38	#########################################################
39	39
40	40	eval "require Sys::CPU";

64	64	$OStitle = "Solaris" if ($OSname eq "SunOS" && $release >= 2);
65	65	print " Release: $OStitle $release\n";
66	66
67
	67	# vi: shiftwidth=3 tabstop=3 syntax=perl et
	68	# Local Variables:
	69	# mode: perl
	70	# perl-indent-level: 3
	71	# indent-tabs-mode: nil
	72	# End:

+169

-0

scripts/services/zz-zfs less more

	0	###########################################################################
	1	# $Id$
	2	###########################################################################
	3	# $Log$
	4	#
	5	###########################################################################
	6
	7	###########################################################################
	8	# zz-zfs: Output states of ZFS pools and datasets
	9	#
	10	# Detail Levels:
	11	# 0: Output list of pools and capacities
	12	# 5: Output full pool status (automatic if any pools are not healthy)
	13	#
	14	###########################################################################
	15
	16	#######################################################
	17	## Copyright 2011 Cloyce D. Spradling
	18	## Covered under the included MIT/X-Consortium License:
	19	## http://www.opensource.org/licenses/mit-license.php
	20	## All modifications and contributions by other persons to
	21	## this script are assumed to have been donated to the
	22	## Logwatch project and thus assume the above copyright
	23	## and licensing terms. If you want to make contributions
	24	## under your own copyright or a different license this
	25	## must be explicitly stated in the contribution an the
	26	## Logwatch project reserves the right to not accept such
	27	## contributions. If you have made significant
	28	## contributions to this script and want to claim
	29	## copyright please contact logwatch-devel@lists.sourceforge.net.
	30	#########################################################
	31
	32	use strict;
	33	use vars qw($logwatch_hostname $DebugCounter);
	34	use POSIX;
	35
	36	# Keep the pipes hot
	37	$\| = 1;
	38
	39	$ENV{PRINTING} = "y";
	40
	41	my $debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
	42	my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| $ENV{'zfs_detail'} \|\| 0;
	43
	44	my ($os_name, $host, $os_release, $version, $machine) = POSIX::uname();
	45
	46	# Check to see if we should even be looking at this...
	47	$host =~ s/\..*//; # Trim domain (if any)
	48	if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} && ($logwatch_hostname ne $host)) {
	49	exit 0;
	50	}
	51
	52	my $pathto_zpool = $ENV{'pathto_zpool'} \|\| '/usr/sbin/zpool';
	53	my $pathto_zfs = $ENV{'pathto_zfs'} \|\| '/usr/sbin/zfs';
	54	my $summary_only = $ENV{'summary_only'} \|\| ($detail < 5);
	55	my $detail_only = $ENV{'detail_only'} \|\| 0;
	56
	57	if (!-x $pathto_zpool) {
	58	# Doesn't support ZFS
	59	exit 0;
	60	}
	61
	62	if ( $debug >= 5 ) {
	63	print STDERR "\n\nDEBUG: Inside zz-zfs\n\n";
	64	$DebugCounter = 1;
	65	}
	66
	67	my @pools = ();
	68	my %poolinfo = ();
	69	my %counts = ( 'mounted' => 0,
	70	'filesystem' => 0,
	71	'snapshot' => 0,
	72	'volume' => 0,
	73	);
	74	my $total_pools = 0;
	75
	76	# Table for converting things to kibibytes
	77	my %units = ( 'P' => 1024 * 1024 * 1024 * 1024,
	78	'T' => 1024 * 1024 * 1024,
	79	'G' => 1024 * 1024,
	80	'M' => 1024,
	81	'K' => 1,
	82	);
	83	my $unit_re = '['.join('', keys %units).']';
	84
	85	# Discover the pools
	86	open POOLS, '-\|', $pathto_zpool, qw(list -H -o name,size,allocated,free,dedupratio,capacity,health) or die "Error running 'zpool list': $!\n";
	87	while(<POOLS>) {
	88	chomp;
	89	my ($name, $size, $used, $avail, $dedup, $cap, $health) = split(/\s+/);
	90	next unless $name ne '';
	91	$size = convert_to_kb($size);
	92	$used = convert_to_kb($used);
	93	$avail = convert_to_kb($avail);
	94	print STDERR "\nPOOLS: \"$_\" name=\"$name\" size=$size used=$used avail=$avail dedup=$dedup cap=\"$cap\" health=\"$health\"\n" if ($debug);
	95	push @pools, [ $name, $size, $used, $avail, $dedup, $cap, $health ];
	96	}
	97	close(POOLS);
	98
	99	exit 0 unless @pools; # Nothing to do?
	100
	101	# Read filesystem information for each pool
	102	foreach my $type (qw( filesystem volume snapshot ) ) {
	103	foreach my $pool (map { $_->[0] } @pools) {
	104	open POOLINFO, '-\|', $pathto_zfs, qw(list -H -t), $type, qw(-o name,referenced,available,mountpoint -r), $pool or die "Error running 'zfs list': $!\n";
	105	while(<POOLINFO>) {
	106	next if /no datasets available/i;
	107	chomp;
	108	my ($name, $used, $avail, $mountpoint) = split(/\s+/);
	109	next unless $name ne '';
	110	$used = convert_to_kb($used);
	111	$avail = convert_to_kb($avail);
	112	print STDERR "\nPOOLINFO: \"$_\" name=\"$name\" used=$used avail=$avail mountpoint=\"$mountpoint\"\n" if ($debug);
	113	push @{$poolinfo{$pool}->{$type}}, [ $name, $used, $avail, $mountpoint ];
	114	$counts{$type}++;
	115	$counts{'mounted'}++ if ($type eq 'filesystem' && $mountpoint ne 'none');
	116	}
	117	close(POOLINFO)
	118	}
	119	}
	120
	121	print "Total ZFS pools: ".(@pools+0)."\n";
	122	print "Total filesystems: $counts{'filesystem'} ($counts{'mounted'} mounted)\n";
	123	print "Total snapshots: $counts{'snapshot'}\n";
	124	print "Total volumes: $counts{'volume'}\n";
	125
	126
	127	if (!$detail_only) {
	128	my $pool_format = "%2s%-15s %-10s %-10s %-10s %-10s %s\n";
	129	print "\n------------------- ZFS Pool Summary -------------------\n\n";
	130	printf $pool_format, '', 'Pool Name', 'Size (MiB)', 'Used (MiB)', 'Free (MiB)', 'Dedup', '';
	131	foreach my $poolref (@pools) {
	132	my ($name, $size, $used, $avail, $dedup, $cap, $health) = @{$poolref};
	133	my $badflag = ($health eq 'ONLINE') ? '' : '!!';
	134	$detail = 1000 if $badflag ne ''; # Show status if something's wrong
	135	printf $pool_format, $badflag, $name, convert_to_mb($size, 10), convert_to_mb($used, 10), convert_to_mb($avail, 10), $dedup, $cap;
	136	}
	137	print "\n--------------------------------------------------------\n\n";
	138	}
	139
	140	if (!$summary_only \|\| $detail > 999) {
	141	print "\n------------------- ZFS Pool Status -------------------\n\n";
	142	foreach my $pool (map { $_->[0] } @pools) {
	143	system $pathto_zpool, 'status', $pool;
	144	}
	145	print "\n-------------------------------------------------------\n\n";
	146	}
	147
	148	sub convert_to_kb {
	149	my ($val) = @_;
	150
	151	my ($num, $unit) = ($val =~ /([\.\d]+)\s*($unit_re)?/io);
	152	return 0 if $num eq '';
	153	$unit = uc($unit);
	154
	155	return $num * $units{$unit};
	156	}
	157
	158	sub convert_to_mb {
	159	my ($kb, $width) = @_;
	160	$width = 0 unless defined($width);
	161
	162	$kb /= 1024;
	163	$kb = int(($kb * 10) + 0.5) / 10;
	164
	165	return sprintf '%*.1f', $width, $kb;
	166	}
	167
	168	# vi: shiftwidth=3 tabstop=3 syntax=perl et

+10

-4

scripts/shared/applybinddate less more

3	3	#
4	4	#Redistribution and use in source and binary forms, with or without
5	5	#modification, are permitted provided that the following conditions are met:
6		#
	6	#
7	7	#* Redistributions of source code must retain the above copyright notice,
8	8	# this list of conditions and the following disclaimer.
9		#
	9	#
10	10	#* Redistributions in binary form must reproduce the above copyright
11	11	# notice, this list of conditions and the following disclaimer in the
12	12	# documentation and/or other materials provided with the distribution.
13		#
	13	#
14	14	#* Neither the name of Sparta, Inc nor the names of its contributors may
15	15	# be used to endorse or promote products derived from this software
16	16	# without specific prior written permission.
17		#
	17	#
18	18	#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
19	19	#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20	20	#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

55	55	}
56	56	}
57	57
	58	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	59	# Local Variables:
	60	# mode: perl
	61	# perl-indent-level: 3
	62	# indent-tabs-mode: nil
	63	# End:

+8

-3

scripts/shared/applyeurodate less more

14	14	# Added fail2ban service, written by Yaroslav Halchenko.
15	15	#
16	16	#
17		# This was originally written by
	17	# This was originally written by
18	18	# Yaroslav Halchenko <debian@onerussian.com>
19	19	########################################################
20	20

30	30	# must be explicitly stated in the contribution an the
31	31	# Logwatch project reserves the right to not accept such
32	32	# contributions. If you have made significant
33		# contributions to this script and want to claim
34		# copyright please contact logwatch-devel@logwatch.org.
	33	# contributions to this script and want to claim
	34	# copyright please contact logwatch-devel@lists.sourceforge.net.
35	35	########################################################
36	36
37	37	#

58	58	}
59	59
60	60	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	61	# Local Variables:
	62	# mode: perl
	63	# perl-indent-level: 3
	64	# indent-tabs-mode: nil
	65	# End:

+6

-1

scripts/shared/applyhttpdate less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use Logwatch ':dates';

35	35	}
36	36
37	37	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	38	# Local Variables:
	39	# mode: perl
	40	# perl-indent-level: 3
	41	# indent-tabs-mode: nil
	42	# End:

+9

-2

scripts/shared/applystddate less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use Logwatch ':dates';
21	21
22	22	my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;
23	23
24		$SearchDate = TimeFilter('%b %e %H:%M:%S');
	24	# customize the Timefilter by appending a string:
	25	# *ApplyStdDate = "%H:%M %d/%m/%Y"
	26	$SearchDate = TimeFilter($ARGV[0] \|\| '%b %e %H:%M:%S');
25	27
26	28	# The date might be "Dec 09", but it needs to be "Dec 9"...
27	29	#$SearchDate =~ s/ 0/ /;

40	42	}
41	43
42	44	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	45	# Local Variables:
	46	# mode: perl
	47	# perl-indent-level: 3
	48	# indent-tabs-mode: nil
	49	# End:

+8

-1

scripts/shared/applytaidate less more

28	28	## Logwatch project reserves the right to not accept such
29	29	## contributions. If you have made significant
30	30	## contributions to this script and want to claim
31		## copyright please contact logwatch-devel@logwatch.org.
	31	## copyright please contact logwatch-devel@lists.sourceforge.net.
32	32	#########################################################
33	33
34	34	use Logwatch ':dates';

56	56	}
57	57	}
58	58	}
	59
	60	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	61	# Local Variables:
	62	# mode: perl
	63	# perl-indent-level: 3
	64	# indent-tabs-mode: nil
	65	# End:

+6

-1

scripts/shared/applyusdate less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	use Logwatch ':dates';

35	35	}
36	36
37	37	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	38	# Local Variables:
	39	# mode: perl
	40	# perl-indent-level: 3
	41	# indent-tabs-mode: nil
	42	# End:

+7

-2

scripts/shared/eventlogonlyservice less more

28	28	# Logwatch project reserves the right to not accept such
29	29	# contributions. If you have made significant
30	30	# contributions to this script and want to claim
31		# copyright please contact logwatch-devel@logwatch.org.
	31	# copyright please contact logwatch-devel@lists.sourceforge.net.
32	32	########################################################
33	33
34	34	$ServiceName = $ARGV[0];

37	37	}
38	38
39	39	while (defined($ThisLine = <STDIN>)) {
40		if ($ThisLine =~ m/^... .. ..:..:.. \w+ \w+ \w+\t\d+\t$ServiceName\t\d/oi) {
	40	if ($ThisLine =~ m/^... .. ..:..:.. .* MSWinEventLog(\t\d+\t\|\[\d+\]:)$ServiceName\t/oi) {
41	41	print $ThisLine;
42	42	}
43	43	}
44	44
45	45	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	46	# Local Variables:
	47	# mode: perl
	48	# perl-indent-level: 3
	49	# indent-tabs-mode: nil
	50	# End:

+7

-2

scripts/shared/eventlogremoveservice less more

26	26	## Logwatch project reserves the right to not accept such
27	27	## contributions. If you have made significant
28	28	## contributions to this script and want to claim
29		## copyright please contact logwatch-devel@logwatch.org.
	29	## copyright please contact logwatch-devel@lists.sourceforge.net.
30	30	#########################################################
31	31
32	32	use strict;

47	47
48	48	while (defined($ThisLine = <STDIN>)) {
49	49	$linesin++;
50		unless ($ThisLine =~ m/^... .. ..:..:.. \w+ \w+ \w+\t\d+\t$ServiceName\t\d/oi) {
	50	unless ($ThisLine =~ m/^... .. ..:..:.. .* MSWinEventLog(\t\d+\t\|\[\d+\]:)$ServiceName\t/oi) {
51	51	$linesout++;
52	52	print $ThisLine;
53	53	}

58	58	}
59	59
60	60	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	61	# Local Variables:
	62	# mode: perl
	63	# perl-indent-level: 3
	64	# indent-tabs-mode: nil
	65	# End:

+7

-2

scripts/shared/expandrepeats less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21		# This used to expand "Last Message Repeated n Times" messages in
	21	# This used to expand "Last Message Repeated n Times" messages in
22	22	# standard syslog files. Now, I have decided it is much better to
23	23	# just ignore the repeats, as otherwise our temporary logfiles will
24	24	# be too huge.

39	39	}
40	40
41	41	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	42	# Local Variables:
	43	# mode: perl
	44	# perl-indent-level: 3
	45	# indent-tabs-mode: nil
	46	# End:

+8

-2

scripts/shared/hosthash less more

17	17	## Logwatch project reserves the right to not accept such
18	18	## contributions. If you have made significant
19	19	## contributions to this script and want to claim
20		## copyright please contact logwatch-devel@logwatch.org.
	20	## copyright please contact logwatch-devel@lists.sourceforge.net.
21	21	#########################################################
22	22
23	23	my $hostname = $ENV{'LOGWATCH_ONLY_HOSTNAME'};

30	30	my %hosts;
31	31
32	32	while (defined($line = <STDIN>)) {
33		$line =~ m/^... .. ..:..:.. ([\w\-\_]+)\b/io;
	33	$line =~ m/^... .. ..:..:.. ([\w\-\_]+)\b/io;
34	34	$hosts{$1} = "1";
35	35	}
36	36
37	37	my @uniquehost = sort keys (%hosts);
38	38
39	39	for my $host (@uniquehost) { print "$host\n"; };
	40
40	41	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	42	# Local Variables:
	43	# mode: perl
	44	# perl-indent-level: 3
	45	# indent-tabs-mode: nil
	46	# End:

+6

-1

scripts/shared/hostlist less more

10	10	# Logwatch project reserves the right to not accept such
11	11	# contributions. If you have made significant
12	12	# contributions to this script and want to claim
13		# copyright please contact logwatch-devel@logwatch.org.
	13	# copyright please contact logwatch-devel@lists.sourceforge.net.
14	14	########################################################
15	15
16	16	use strict;

58	58	close TEMPFILE;
59	59
60	60	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	61	# Local Variables:
	62	# mode: perl
	63	# perl-indent-level: 3
	64	# indent-tabs-mode: nil
	65	# End:

+7

-1

scripts/shared/multiservice less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	# This will pick out only the wanted service from a logfile

45	45	}
46	46
47	47	}
	48
48	49	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	50	# Local Variables:
	51	# mode: perl
	52	# perl-indent-level: 3
	53	# indent-tabs-mode: nil
	54	# End:

+6

-1

scripts/shared/onlycontains less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	# Just does a case-insensitive egrep ;)

22	22	system("egrep -i \"@ARGV\"");
23	23
24	24	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	25	# Local Variables:
	26	# mode: perl
	27	# perl-indent-level: 3
	28	# indent-tabs-mode: nil
	29	# End:

+6

-1

scripts/shared/onlyhost less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	# This feature concieved by mark@winksmith.com

54	54	}
55	55
56	56	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	57	# Local Variables:
	58	# mode: perl
	59	# perl-indent-level: 3
	60	# indent-tabs-mode: nil
	61	# End:

+6

-1

scripts/shared/onlyservice less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	# This will pick out only the wanted service from a logfile

36	36	}
37	37
38	38	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	39	# Local Variables:
	40	# mode: perl
	41	# perl-indent-level: 3
	42	# indent-tabs-mode: nil
	43	# End:

+6

-1

scripts/shared/remove less more

14	14	## Logwatch project reserves the right to not accept such
15	15	## contributions. If you have made significant
16	16	## contributions to this script and want to claim
17		## copyright please contact logwatch-devel@logwatch.org.
	17	## copyright please contact logwatch-devel@lists.sourceforge.net.
18	18	#########################################################
19	19
20	20	# Just a case-insensitive, inverse egrep

23	23	system("egrep -vi \"@ARGV\"");
24	24
25	25	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	26	# Local Variables:
	27	# mode: perl
	28	# perl-indent-level: 3
	29	# indent-tabs-mode: nil
	30	# End:

+6

-1

scripts/shared/removeheaders less more

15	15	## Logwatch project reserves the right to not accept such
16	16	## contributions. If you have made significant
17	17	## contributions to this script and want to claim
18		## copyright please contact logwatch-devel@logwatch.org.
	18	## copyright please contact logwatch-devel@lists.sourceforge.net.
19	19	#########################################################
20	20
21	21	# Removes the beginning of each line of a standard /var/log/messages-style

35	35	}
36	36
37	37	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	38	# Local Variables:
	39	# mode: perl
	40	# perl-indent-level: 3
	41	# indent-tabs-mode: nil
	42	# End:

+6

-1

scripts/shared/removeservice less more

16	16	## Logwatch project reserves the right to not accept such
17	17	## contributions. If you have made significant
18	18	## contributions to this script and want to claim
19		## copyright please contact logwatch-devel@logwatch.org.
	19	## copyright please contact logwatch-devel@lists.sourceforge.net.
20	20	#########################################################
21	21
22	22	my ($ServiceName, $ThisLine);

48	48	}
49	49
50	50	# vi: shiftwidth=3 syntax=perl tabstop=3 et
	51	# Local Variables:
	52	# mode: perl
	53	# perl-indent-level: 3
	54	# indent-tabs-mode: nil
	55	# End: