3 /**********************************************************************************
4 ** (c) Copyright 2002, Brenno J.S.A.A.F. de Winter, De Winter Information Soltions
5 ** This is free software; you can redistribute it and/or modify it under the
6 ** terms of the GNU General Public License, see the file COPYING.
7 ***********************************************************************************/
11 /* The function linux_log will seperate the logline in several elements. This will
12 * ease the work of recognizing the type of logline. Once this has been detected
13 * the correct module will start using the data for a log_adv-table.
15 * GLOBALS : $dbms (database class containing the logline)
16 * OUTPUT : Status of success ('TRUE' for success and 'FALSE' for failure
20 global $developrelease;
22 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
23 $local_logline_array = explode (" ", $local_log_string);
25 $service_type = $dbms->db_result_row[3];
26 switch (strtolower($service_type))
29 //This is a kernel logline now discover which type kernel-record we have
31 //Detect if this is a network-line
32 if (strtolower(substr($local_logline_array[5],0,3)) == "in=")
34 //this is a networkline call the processing the routines
35 $local_result = linux_kernel_network();
41 //This line is a kernel line writing about a device.
42 if (strtolower($local_logline_array[4]) == 'device')
44 echo $local_log_string;
46 $local_result = linux_kernel_device();
51 if ($developrelease == 'TRUE')
54 $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
55 syslog (LOG_INFO, "Unrecognized kernelline:".$local_log_string);
56 syslog (LOG_INFO, $local_failing_string);
64 $local_result = linux_daemon();
68 $local_result = linux_daemon();
72 $local_result = linux_daemon();
76 $local_result = linux_daemon();
80 $local_result = linux_daemon();
84 $local_result = linux_daemon();
88 $local_result = linux_daemon();
92 $local_result = linux_daemon();
96 $local_result = linux_daemon();
100 $local_result = linux_daemon();
104 $local_result = linux_daemon_sendmail();
108 $local_result = linux_daemon();
112 $local_result = linux_daemon();
116 $local_result = linux_daemon();
124 function linux_daemon_sendmail()
127 /* This function is able to deal with the logs delivered by MTAs
128 * the following are currently supported:
131 * GLOBALS : $dbms, $dbms_working
132 * OUTPUT : "TRUE" for success and "FALSE" for failure.
136 global $dbms_working;
140 //Determine the type of records
141 //When this is sendmail find the beginning by chopping everything into
143 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
144 $local_logline_array = explode (" ", $local_log_string);
145 $local_sql_1 = "INSERT INTO log_adv_daemon_email"; //BASIC STATEMENT
146 $local_sql_2 = "logid, detailed_table, service, internal_messageid "; //FIELDS
147 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'log_adv_daemon_email', 'sendmail'"; //VALUES
149 $local_sql_3 .= ", '".substr (trim($local_logline_array[5]), 0
150 ,strlen(trim($local_logline_array[5])) -1)."'";
154 for ($i = 6; $i <= ( count($local_logline_array) - 1); $i++)
157 //Get rid of the nasty comma's at the end
158 if ( substr($local_logline_array[$i], strlen($local_logline_array[$i])-1, 1) == "," )
160 $local_dummylength = strlen($local_logline_array[$i]) -1;
161 $local_dummy = substr ($local_logline_array[$i], 0,$local_dummylength );
162 $local_logline_array[$i] = trim($local_dummy);
165 if (substr($local_logline_array[$i],0,1) == '[')
167 $local_dummy = trim($local_logline_array[$i]);
168 $local_sql_2 .= ", source_ip";
169 $local_sql_3 .= ", '".substr($local_dummy, 1, strlen($local_dummy)-2)."'";
174 $local_element = explode("=", $local_logline_array[$i]);
176 switch (strtolower($local_element[0]))
179 $local_sql_2 .= ", from_email";
180 $local_sql_3 .= ", '".$local_element[1]."'";
184 $local_sql_2 .= ", size";
185 $local_sql_3 .= ", '".$local_element[1]."'";
189 $local_sql_2 .= ", delay";
190 $local_sql_3 .= ", '".$local_element[1]."'";
194 $local_sql_2 .= ", xdelay";
195 $local_sql_3 .= ", '".$local_element[1]."'";
199 $local_sql_2 .= ", mailer";
200 $local_sql_3 .= ", '".$local_element[1]."'";
204 $local_sql_2 .= ", dsn";
205 $local_sql_3 .= ", '".$local_element[1]."'";
209 $local_sql_2 .= ", external_messageid";
210 if (substr($local_element[1],0,1) == '<')
212 $local_sql_3 .= ", '";
213 $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
218 $local_sql_3 .= ", '".$local_element[1]."'";
222 //As of this point we only deal with Status
224 $local_sql_2 .= ", status";
225 $local_sql_3 .= ", '".$local_element[1]."'";
227 $local_pos = strrpos (strtolower($local_logline_array[$i]), "stat=");
228 $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
229 $local_sql_2 .= ", status_details";
230 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
234 $local_sql_2 .= ", status";
235 $local_sql_3 .= ", '".$local_element[1]."'";
237 $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
238 $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
239 $local_sql_2 .= ", status_details";
240 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
244 if (substr(strtolower($local_element[0]),0,1) == "[")
246 $local_sql_2 .= ", destination_ip";
247 $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
254 //Now that the data is complete create the SQL-statement
255 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
256 $dbms_working->query($local_sql);
261 function linux_kernel_network()
264 /* This function is able to deal with the output of kernel-network messages
265 * coming from iptables and other similar tools. When elements are found
266 * that cannot be identified a notification will be written to the logbook
267 * for easy expansion of this routine.
269 * GLOBALS : $dbms, $dbms_working;
270 * OUTPUT : "TRUE" for success and "FALSE" for failure.
274 global $dbms_working;
276 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
277 $local_logline_array = explode (" ", $local_log_string);
278 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
279 $local_sql_2 = "logid, detailed_table"; //FIELDS
280 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
285 for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++)
287 $local_element = explode("=", $local_logline_array[$i]);
288 switch (strtolower($local_element[0]))
291 $local_sql_2 .= ", device_in";
292 $local_sql_3 .= ", '".$local_element[1]."'";
296 $local_sql_2 .= ", device_out";
297 $local_sql_3 .= ", '".$local_element[1]."'";
301 $local_sql_2 .= ", hw_address";
302 $local_sql_3 .= ", '".$local_element[1]."'";
306 $local_sql_2 .= ", source_ip";
307 $local_sql_3 .= ", '".$local_element[1]."'";
311 $local_sql_2 .= ", destination_ip";
312 $local_sql_3 .= ", '".$local_element[1]."'";
316 if ($local_len == 0) {
317 $local_sql_2 .= ", packet_length";
320 $local_sql_2 .= ", body_len";
323 $local_sql_3 .= ", '".$local_element[1]."'";
327 if ($local_tos == "F") {
328 $local_sql_2 .= ", tos_bit";
329 $local_sql_3 .= ", '".$local_element[1]."'";
335 $local_sql_2 .= ", prec_bit";
336 $local_sql_3 .= ", '".$local_element[1]."'";
340 $local_sql_2 .= ", ttl";
341 $local_sql_3 .= ", '".$local_element[1]."'";
346 if ($local_id == 0) {
347 $local_sql_2 .= ", header_id";
348 $local_sql_3 .= ", '".$local_element[1]."'";
354 $local_sql_2 .= ", protocol";
355 $local_sql_3 .= ", '".$local_element[1]."'";
356 if ($local_element[1] == 'ICMP') {
362 $local_sql_2 .= ", destination_port";
363 $local_sql_3 .= ", '".$local_element[1]."'";
367 $local_sql_2 .= ", source_port";
368 $local_sql_3 .= ", '".$local_element[1]."'";
372 $local_sql_2 .= ", window";
373 $local_sql_3 .= ", '".$local_element[1]."'";
377 $local_sql_2 .= ", urgp";
378 $local_sql_3 .= ", '".$local_element[1]."'";
382 $local_sql_2 .= ", rst";
383 $local_sql_3 .= ", true";
387 $local_sql_2 .= ", syn";
388 $local_sql_3 .= ", true";
392 $local_sql_2 .= ", df";
393 $local_sql_3 .= ", true";
397 $local_sql_2 .= ", type";
398 $local_sql_3 .= ", '".$local_element[1]."'";
402 $local_sql_2 .= ", code";
403 $local_sql_3 .= ", '".$local_element[1]."'";
407 $local_sql_2 .= ", sequence_number";
408 $local_sql_3 .= ", '".$local_element[1]."'";
412 $local_sql_2 .= ", res";
413 $local_sql_3 .= ", '".$local_element[1]."'";
417 /*This record is different. In ICMP information is sometimes returned on an original packet.
418 * When the brackets are used a second line will be added to the
419 * log_adv_kernel_network-table. For that reason the processing into the database will be
420 * done here as well. After that a new insert-string will be created.
423 //Enter the data into the database
424 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
425 $dbms_working->query($local_sql);
427 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
428 $local_sql_2 = "logid, detailed_table"; //FIELDS
429 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
434 /* $local_element[0];
435 syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
443 //Now that the data is complete create the SQL-statement
444 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
445 $dbms_working->query($local_sql);
450 function linux_kernel_device()
452 /* This function is able to deal with the output of kernel-network messages
453 * coming from device related processes. Typically networkcard and other
454 * hardware-related data will show-up here
456 * GLOBALS : $dbms, $dbms_working
457 * OUTPUT : "TRUE" for success and "FALSE" for failure.
460 global $dbms, $dbms_working;
464 function linux_daemon()
466 /* This function is able to deal with the output of kernel-network messages
467 * coming from device related processes. Typically networkcard and other
468 * hardware-related data will show-up here
470 * GLOBALS : $dbms, $dbms_working
471 * OUTPUT : "TRUE" for success and "FALSE" for failure.
474 global $dbms, $dbms_working;
476 $local_log_line = strtolower($dbms->db_result_row[6]);
478 //Find a sign of stop
479 //Using the word shutdown
480 $pos = strpos($local_log_line, "shutdown");
483 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
484 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
485 .$dbms->db_result_row[3]."', 'stop')";
487 $dbms_working->query($local_sql);
491 //Using the word stop
492 $pos = strpos($local_log_line, "stop");
495 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
496 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
497 .$dbms->db_result_row[3]."', 'stop')";
498 $dbms_working->query($local_sql);
502 //As the word restart
503 $pos = strpos($local_log_line, "restart");
506 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
507 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
508 .$dbms->db_result_row[3]."', 'stop')";
509 $dbms_working->query($local_sql);
511 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
512 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
513 .$dbms->db_result_row[3]."', 'start')";
514 $dbms_working->query($local_sql);
518 //As the word start this is an else for restart.
519 //If we wouldn't do so restart would also give a positive on start
520 $pos = strpos($local_log_line, "start");
523 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
524 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
525 .$dbms->db_result_row[3]."', 'start')";
526 $dbms_working->query($local_sql);
531 //The word error indicates problems.
532 $pos = strpos($local_log_line, "error");
533 $pos2 = strpos($local_log_line, "crash"); //The word crash is also considered to be an error
535 if ($pos > 0 or $pos2 > 0)
537 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
538 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
539 .$dbms->db_result_row[3]."', 'error detected')";
540 $dbms_working->query($local_sql);
542 //Quite often an error will be followed with information that the daemon or service ended.
543 $pos = strpos($local_log_line, "abort");
547 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
548 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
549 .$dbms->db_result_row[3]."', 'abort')";
550 $dbms_working->query($local_sql);
554 $pos = strpos($local_log_line, "ended");
557 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
558 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
559 .$dbms->db_result_row[3]."', 'abort')";
560 $dbms_working->query($local_sql);
564 $pos = strpos($local_log_line, "stop");
567 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
568 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
569 .$dbms->db_result_row[3]."', 'abort')";
570 $dbms_working->query($local_sql);
575 //For power management there is a charge warning
576 $pos = strpos($local_log_line, "charge");
579 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
580 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
581 .$dbms->db_result_row[3]."', 'Power warning')";
582 $dbms_working->query($local_sql);
587 //As the word start this is an else for restart.
588 //If we wouldn't do so restart would also give a positive on start
589 //This can only be done if we ensured nothing else was the case
590 //PLEASE USE THIS AS LATE AS POSSIBLE!!!
591 $pos = strpos($local_log_line, "exiting");
594 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
595 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
596 .$dbms->db_result_row[3]."', 'start')";
597 $dbms_working->query($local_sql);