3 /**********************************************************************************
4 ** (c) Copyright 2002, Brenno J.S.A.A.F. de Winter, De Winter Information Soltions
5 ** This is free software; you can redistribute it and/or modify it under the
6 ** terms of the GNU General Public License, see the file COPYING.
7 ***********************************************************************************/
11 /* The function linux_log will seperate the logline in several elements. This will
12 * ease the work of recognizing the type of logline. Once this has been detected
13 * the correct module will start using the data for a log_adv-table.
15 * GLOBALS : $dbms (database class containing the logline)
16 * OUTPUT : Status of success ('TRUE' for success and 'FALSE' for failure
20 global $developrelease;
22 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
23 $local_logline_array = explode (" ", $local_log_string);
25 $service_type = $dbms->db_result_row[3];
26 switch (strtolower($service_type))
29 //This is a kernel logline now discover which type kernel-record we have
31 //Detect if this is a network-line
32 if (strtolower(substr($local_logline_array[5],0,3)) == "in=")
34 //this is a networkline call the processing the routines
35 $local_result = linux_kernel_network();
41 //This line is a kernel line writing about a device.
42 if (strtolower($local_logline_array[4]) == 'device')
44 echo $local_log_string;
46 $local_result = linux_kernel_device();
51 if ($developrelease == 'TRUE')
54 $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
55 syslog (LOG_INFO, "Unrecognized kernelline:".$local_log_string);
56 syslog (LOG_INFO, $local_failing_string);
64 $local_result = linux_daemon();
68 $local_result = linux_daemon();
72 $local_result = linux_daemon();
76 $local_result = linux_daemon();
80 $local_result = linux_daemon();
84 $local_result = linux_daemon();
88 $local_result = linux_daemon();
92 $local_result = linux_daemon();
96 $local_result = linux_daemon();
100 $local_result = linux_daemon();
104 $local_result = linux_daemon_sendmail();
108 $local_result = linux_daemon();
112 $local_result = linux_daemon();
116 $local_result = linux_daemon();
124 function linux_daemon_sendmail()
127 /* This function is able to deal with the logs delivered by MTAs
128 * the following are currently supported:
131 * GLOBALS : $dbms, $dbms_working
132 * OUTPUT : "TRUE" for success and "FALSE" for failure.
136 global $dbms_working;
140 //Determine the type of records
141 //When this is sendmail find the beginning by chopping everything into
143 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
144 //echo " Processing " . $local_log_string . "\n";
145 $local_logline_array = explode (" ", $local_log_string);
147 $local_sql_1 = "INSERT INTO log_adv_daemon_email"; //BASIC STATEMENT
148 $local_sql_2 = "logid, detailed_table, service, internal_messageid "; //FIELDS
149 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'log_adv_daemon_email', 'sendmail'"; //VALUES
151 $local_sql_3 .= ", '".substr (trim($local_logline_array[5]), 0
152 ,strlen(trim($local_logline_array[5])) -1)."'";
156 for ($i = 6; $i <= ( count($local_logline_array) - 1); $i++)
159 //Get rid of the nasty comma's at the end
160 if ( substr($local_logline_array[$i], strlen($local_logline_array[$i])-1, 1) == "," )
162 $local_dummylength = strlen($local_logline_array[$i]) -1;
163 $local_dummy = substr ($local_logline_array[$i], 0,$local_dummylength );
164 $local_logline_array[$i] = trim($local_dummy);
167 if (substr($local_logline_array[$i],0,1) == '[')
169 $local_dummy = trim($local_logline_array[$i]);
170 $local_sql_2 .= ", source_ip";
171 $local_sql_3 .= ", '".substr($local_dummy, 1, strlen($local_dummy)-2)."'";
173 else if (strstr($local_logline_array[$i], "="))
176 $local_element = explode("=", $local_logline_array[$i]);
178 switch (strtolower($local_element[0]))
181 $local_sql_2 .= ", from_email";
182 $local_sql_3 .= ", '".$local_element[1]."'";
186 $local_sql_2 .= ", size";
187 $local_sql_3 .= ", '".$local_element[1]."'";
191 $local_sql_2 .= ", delay";
192 $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
196 $local_sql_2 .= ", xdelay";
197 $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
201 $local_sql_2 .= ", mailer";
202 $local_sql_3 .= ", '".$local_element[1]."'";
206 $local_sql_2 .= ", dsn";
207 $local_sql_3 .= ", '".$local_element[1]."'";
211 $local_sql_2 .= ", external_messageid";
212 if (substr($local_element[1],0,1) == '<')
214 $local_sql_3 .= ", '";
215 $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
220 $local_sql_3 .= ", '".$local_element[1]."'";
224 //As of this point we only deal with Status
226 $local_sql_2 .= ", status";
227 $local_sql_3 .= ", '".$local_element[1]."'";
229 $local_pos = strrpos (strtolower($local_logline_array[$i]), "stat=");
230 $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
231 $local_sql_2 .= ", status_details";
232 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
236 $local_sql_2 .= ", status";
237 $local_sql_3 .= ", '".$local_element[1]."'";
239 $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
240 $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
241 $local_sql_2 .= ", status_details";
242 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
246 if (substr(strtolower($local_element[0]),0,1) == "[")
248 $local_sql_2 .= ", destination_ip";
249 $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
256 //Now that the data is complete create the SQL-statement
257 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
258 $dbms_working->query($local_sql);
263 function linux_kernel_network()
266 /* This function is able to deal with the output of kernel-network messages
267 * coming from iptables and other similar tools. When elements are found
268 * that cannot be identified a notification will be written to the logbook
269 * for easy expansion of this routine.
271 * GLOBALS : $dbms, $dbms_working;
272 * OUTPUT : "TRUE" for success and "FALSE" for failure.
276 global $dbms_working;
278 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
279 $local_logline_array = explode (" ", $local_log_string);
280 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
281 $local_sql_2 = "logid, detailed_table"; //FIELDS
282 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
287 for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++)
289 $local_element = explode("=", $local_logline_array[$i]);
290 switch (strtolower($local_element[0]))
293 $local_sql_2 .= ", device_in";
294 $local_sql_3 .= ", '".$local_element[1]."'";
298 $local_sql_2 .= ", device_out";
299 $local_sql_3 .= ", '".$local_element[1]."'";
303 $local_sql_2 .= ", hw_address";
304 $local_sql_3 .= ", '".$local_element[1]."'";
308 $local_sql_2 .= ", source_ip";
309 $local_sql_3 .= ", '".$local_element[1]."'";
313 $local_sql_2 .= ", destination_ip";
314 $local_sql_3 .= ", '".$local_element[1]."'";
318 if ($local_len == 0) {
319 $local_sql_2 .= ", packet_length";
322 $local_sql_2 .= ", body_len";
325 $local_sql_3 .= ", '".$local_element[1]."'";
329 if ($local_tos == "F") {
330 $local_sql_2 .= ", tos_bit";
331 $local_sql_3 .= ", '".$local_element[1]."'";
337 $local_sql_2 .= ", prec_bit";
338 $local_sql_3 .= ", '".$local_element[1]."'";
342 $local_sql_2 .= ", ttl";
343 $local_sql_3 .= ", '".$local_element[1]."'";
348 if ($local_id == 0) {
349 $local_sql_2 .= ", header_id";
350 $local_sql_3 .= ", '".$local_element[1]."'";
356 $local_sql_2 .= ", protocol";
357 $local_sql_3 .= ", '".$local_element[1]."'";
358 if ($local_element[1] == 'ICMP') {
364 $local_sql_2 .= ", destination_port";
365 $local_sql_3 .= ", '".$local_element[1]."'";
369 $local_sql_2 .= ", source_port";
370 $local_sql_3 .= ", '".$local_element[1]."'";
374 $local_sql_2 .= ", window";
375 $local_sql_3 .= ", '".$local_element[1]."'";
379 $local_sql_2 .= ", urgp";
380 $local_sql_3 .= ", '".$local_element[1]."'";
384 $local_sql_2 .= ", rst";
385 $local_sql_3 .= ", true";
389 $local_sql_2 .= ", syn";
390 $local_sql_3 .= ", true";
394 $local_sql_2 .= ", df";
395 $local_sql_3 .= ", true";
399 $local_sql_2 .= ", type";
400 $local_sql_3 .= ", '".$local_element[1]."'";
404 $local_sql_2 .= ", code";
405 $local_sql_3 .= ", '".$local_element[1]."'";
409 $local_sql_2 .= ", sequence_number";
410 $local_sql_3 .= ", '".$local_element[1]."'";
414 $local_sql_2 .= ", res";
415 $local_sql_3 .= ", '".$local_element[1]."'";
419 /*This record is different. In ICMP information is sometimes returned on an original packet.
420 * When the brackets are used a second line will be added to the
421 * log_adv_kernel_network-table. For that reason the processing into the database will be
422 * done here as well. After that a new insert-string will be created.
425 //Enter the data into the database
426 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
427 $dbms_working->query($local_sql);
429 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
430 $local_sql_2 = "logid, detailed_table"; //FIELDS
431 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
436 /* $local_element[0];
437 syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
445 //Now that the data is complete create the SQL-statement
446 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
447 $dbms_working->query($local_sql);
452 function linux_kernel_device()
454 /* This function is able to deal with the output of kernel-network messages
455 * coming from device related processes. Typically networkcard and other
456 * hardware-related data will show-up here
458 * GLOBALS : $dbms, $dbms_working
459 * OUTPUT : "TRUE" for success and "FALSE" for failure.
462 global $dbms, $dbms_working;
466 function linux_daemon()
468 /* This function is able to deal with the output of kernel-network messages
469 * coming from device related processes. Typically networkcard and other
470 * hardware-related data will show-up here
472 * GLOBALS : $dbms, $dbms_working
473 * OUTPUT : "TRUE" for success and "FALSE" for failure.
476 global $dbms, $dbms_working;
478 $local_log_line = strtolower($dbms->db_result_row[6]);
480 //Find a sign of stop
481 //Using the word shutdown
482 $pos = strpos($local_log_line, "shutdown");
485 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
486 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
487 .$dbms->db_result_row[3]."', 'stop')";
489 $dbms_working->query($local_sql);
493 //Using the word stop
494 $pos = strpos($local_log_line, "stop");
497 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
498 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
499 .$dbms->db_result_row[3]."', 'stop')";
500 $dbms_working->query($local_sql);
504 //As the word restart
505 $pos = strpos($local_log_line, "restart");
508 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
509 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
510 .$dbms->db_result_row[3]."', 'stop')";
511 $dbms_working->query($local_sql);
513 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
514 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
515 .$dbms->db_result_row[3]."', 'start')";
516 $dbms_working->query($local_sql);
520 //As the word start this is an else for restart.
521 //If we wouldn't do so restart would also give a positive on start
522 $pos = strpos($local_log_line, "start");
525 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
526 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
527 .$dbms->db_result_row[3]."', 'start')";
528 $dbms_working->query($local_sql);
533 //The word error indicates problems.
534 $pos = strpos($local_log_line, "error");
535 $pos2 = strpos($local_log_line, "crash"); //The word crash is also considered to be an error
537 if ($pos > 0 or $pos2 > 0)
539 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
540 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
541 .$dbms->db_result_row[3]."', 'error detected')";
542 $dbms_working->query($local_sql);
544 //Quite often an error will be followed with information that the daemon or service ended.
545 $pos = strpos($local_log_line, "abort");
549 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
550 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
551 .$dbms->db_result_row[3]."', 'abort')";
552 $dbms_working->query($local_sql);
556 $pos = strpos($local_log_line, "ended");
559 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
560 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
561 .$dbms->db_result_row[3]."', 'abort')";
562 $dbms_working->query($local_sql);
566 $pos = strpos($local_log_line, "stop");
569 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
570 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
571 .$dbms->db_result_row[3]."', 'abort')";
572 $dbms_working->query($local_sql);
577 //For power management there is a charge warning
578 $pos = strpos($local_log_line, "charge");
581 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
582 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
583 .$dbms->db_result_row[3]."', 'Power warning')";
584 $dbms_working->query($local_sql);
589 //As the word start this is an else for restart.
590 //If we wouldn't do so restart would also give a positive on start
591 //This can only be done if we ensured nothing else was the case
592 //PLEASE USE THIS AS LATE AS POSSIBLE!!!
593 $pos = strpos($local_log_line, "exiting");
596 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
597 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
598 .$dbms->db_result_row[3]."', 'start')";
599 $dbms_working->query($local_sql);