3 /**********************************************************************************
4 ** (c) Copyright 2002, Brenno J.S.A.A.F. de Winter, De Winter Information Soltions
5 ** This is free software; you can redistribute it and/or modify it under the
6 ** terms of the GNU General Public License, see the file COPYING.
7 ***********************************************************************************/
11 /* The function linux_log will seperate the logline in several elements. This will
12 * ease the work of recognizing the type of logline. Once this has been detected
13 * the correct module will start using the data for a log_adv-table.
15 * GLOBALS : $dbms (database class containing the logline)
16 * OUTPUT : Status of success ('TRUE' for success and 'FALSE' for failure
20 global $developrelease;
22 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
23 $local_logline_array = explode (" ", $local_log_string);
25 $service_type = $dbms->db_result_row[3];
26 switch (strtolower($service_type))
29 //This is a kernel logline now discover which type kernel-record we have
31 //Detect if this is a network-line
32 if (strtolower(substr($local_logline_array[5],0,3)) == "in=")
34 //this is a networkline call the processing the routines
35 $local_result = linux_kernel_network();
41 //This line is a kernel line writing about a device.
42 if (strtolower($local_logline_array[4]) == 'device')
44 echo $local_log_string;
46 $local_result = linux_kernel_device();
55 if ($developrelease == 'TRUE')
59 $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
60 syslog (LOG_INFO, "Unrecognized kernelline:".$local_log_string);
61 syslog (LOG_INFO, $local_failing_string);
72 $local_result = linux_daemon();
76 $local_result = linux_daemon();
80 $local_result = linux_daemon();
84 $local_result = linux_daemon();
88 $local_result = linux_daemon();
92 $local_result = linux_daemon();
96 $local_result = linux_daemon();
100 $local_result = linux_daemon();
104 $local_result = linux_daemon();
108 $local_result = linux_daemon();
112 $local_result = linux_daemon_sendmail();
116 $local_result = linux_daemon();
120 $local_result = linux_daemon();
124 $local_result = linux_daemon();
132 function linux_daemon_sendmail() {
134 /* This function is able to deal with the logs delivered by MTAs
135 * the following are currently supported:
138 * GLOBALS : $dbms, $dbms_working
139 * OUTPUT : "TRUE" for success and "FALSE" for failure.
143 global $dbms_working;
147 //Determine the type of records
148 //When this is sendmail find the beginning by chopping everything into
150 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
151 $local_logline_array = explode (" ", $local_log_string);
152 $local_sql_1 = "INSERT INTO log_adv_daemon_email"; //BASIC STATEMENT
153 $local_sql_2 = "logid, detailed_table, service, internal_messageid "; //FIELDS
154 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'log_adv_daemon_email', 'sendmail'"; //VALUES
156 echo $local_log_line_array[5];
157 $local_sql_3 .= ", '".substr (trim($local_logline_array[5]), 0,strlen(trim($local_logline_array[5])) -1)."'";
161 for ($i = 6; $i <= ( count($local_logline_array) - 1); $i++) {
163 //Get rid of the nasty comma's at the end
164 if ( substr($local_logline_array[$i], strlen($local_logline_array[$i])-1, 1) == "," ) {
165 $local_dummylength = strlen($local_logline_array[$i]) -1;
166 $local_dummy = substr ($local_logline_array[$i], 0,$local_dummylength );
167 $local_logline_array[$i] = trim($local_dummy);
170 if (substr($local_logline_array[$i],0,1) == '[') {
171 $local_dummy = trim($local_logline_array[$i]);
172 $local_sql_2 .= ", source_ip";
173 $local_sql_3 .= ", '".substr($local_dummy, 1, strlen($local_dummy)-2)."'";
176 $local_element = explode("=", $local_logline_array[$i]);
178 switch (strtolower($local_element[0])) {
180 $local_sql_2 .= ", from_email";
181 $local_sql_3 .= ", '".$local_element[1]."'";
184 $local_sql_2 .= ", size";
185 $local_sql_3 .= ", '".$local_element[1]."'";
188 $local_sql_2 .= ", delay";
189 $local_sql_3 .= ", '".$local_element[1]."'";
192 $local_sql_2 .= ", xdelay";
193 $local_sql_3 .= ", '".$local_element[1]."'";
196 $local_sql_2 .= ", mailer";
197 $local_sql_3 .= ", '".$local_element[1]."'";
200 $local_sql_2 .= ", dsn";
201 $local_sql_3 .= ", '".$local_element[1]."'";
204 $local_sql_2 .= ", external_messageid";
205 if (substr($local_element[1],0,1) == '<') {
206 $local_sql_3 .= ", '";
207 $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
210 $local_sql_3 .= ", '".$local_element[1]."'";
213 //As of this point we only deal with Status
215 $local_sql_2 .= ", status";
216 $local_sql_3 .= ", '".$local_element[1]."'";
218 $local_pos = strrpos (strtolower($local_element[$i]), "stat=");
219 $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
220 $local_sql_2 .= ", status_details";
221 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
225 $local_sql_2 .= ", status";
226 $local_sql_3 .= ", '".$local_element[1]."'";
228 $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
229 $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
230 $local_sql_2 .= ", status_details";
231 $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
235 if (substr(strtolower($local_element[0]),0,1) == "[") {
236 $local_sql_2 .= ", destination_ip";
237 $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
244 //Now that the data is complete create the SQL-statement
245 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
246 $dbms_working->query($local_sql);
251 function linux_kernel_network() {
253 /* This function is able to deal with the output of kernel-network messages
254 * coming from iptables and other similar tools. When elements are found
255 * that cannot be identified a notification will be written to the logbook
256 * for easy expansion of this routine.
258 * GLOBALS : $dbms, $dbms_working;
259 * OUTPUT : "TRUE" for success and "FALSE" for failure.
262 global $dbms_working;
264 $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
265 $local_logline_array = explode (" ", $local_log_string);
266 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
267 $local_sql_2 = "logid, detailed_table"; //FIELDS
268 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
273 for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++) {
274 $local_element = explode("=", $local_logline_array[$i]);
275 switch (strtolower($local_element[0])) {
277 $local_sql_2 .= ", device_in";
278 $local_sql_3 .= ", '".$local_element[1]."'";
282 $local_sql_2 .= ", device_out";
283 $local_sql_3 .= ", '".$local_element[1]."'";
287 $local_sql_2 .= ", hw_address";
288 $local_sql_3 .= ", '".$local_element[1]."'";
292 $local_sql_2 .= ", source_ip";
293 $local_sql_3 .= ", '".$local_element[1]."'";
297 $local_sql_2 .= ", destination_ip";
298 $local_sql_3 .= ", '".$local_element[1]."'";
302 if ($local_len == 0) {
303 $local_sql_2 .= ", packet_length";
306 $local_sql_2 .= ", body_len";
309 $local_sql_3 .= ", '".$local_element[1]."'";
313 if ($local_tos == "F") {
314 $local_sql_2 .= ", tos_bit";
315 $local_sql_3 .= ", '".$local_element[1]."'";
321 $local_sql_2 .= ", prec_bit";
322 $local_sql_3 .= ", '".$local_element[1]."'";
326 $local_sql_2 .= ", ttl";
327 $local_sql_3 .= ", '".$local_element[1]."'";
332 if ($local_id == 0) {
333 $local_sql_2 .= ", header_id";
334 $local_sql_3 .= ", '".$local_element[1]."'";
340 $local_sql_2 .= ", protocol";
341 $local_sql_3 .= ", '".$local_element[1]."'";
342 if ($local_element[1] == 'ICMP') {
348 $local_sql_2 .= ", destination_port";
349 $local_sql_3 .= ", '".$local_element[1]."'";
353 $local_sql_2 .= ", source_port";
354 $local_sql_3 .= ", '".$local_element[1]."'";
358 $local_sql_2 .= ", window";
359 $local_sql_3 .= ", '".$local_element[1]."'";
363 $local_sql_2 .= ", urgp";
364 $local_sql_3 .= ", '".$local_element[1]."'";
368 $local_sql_2 .= ", rst";
369 $local_sql_3 .= ", true";
373 $local_sql_2 .= ", syn";
374 $local_sql_3 .= ", true";
378 $local_sql_2 .= ", df";
379 $local_sql_3 .= ", true";
383 $local_sql_2 .= ", type";
384 $local_sql_3 .= ", '".$local_element[1]."'";
388 $local_sql_2 .= ", code";
389 $local_sql_3 .= ", '".$local_element[1]."'";
393 $local_sql_2 .= ", sequence_number";
394 $local_sql_3 .= ", '".$local_element[1]."'";
398 $local_sql_2 .= ", res";
399 $local_sql_3 .= ", '".$local_element[1]."'";
403 /*This record is different. In ICMP information is sometimes returned on an original packet.
404 * When the brackets are used a second line will be added to the
405 * log_adv_kernel_network-table. For that reason the processing into the database will be
406 * done here as well. After that a new insert-string will be created.
409 //Enter the data into the database
410 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
411 $dbms_working->query($local_sql);
413 $local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
414 $local_sql_2 = "logid, detailed_table"; //FIELDS
415 $local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
420 /* $local_element[0];
421 syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
429 //Now that the data is complete create the SQL-statement
430 $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
431 $dbms_working->query($local_sql);
436 function linux_kernel_device() {
437 /* This function is able to deal with the output of kernel-network messages
438 * coming from device related processes. Typically networkcard and other
439 * hardware-related data will show-up here
441 * GLOBALS : $dbms, $dbms_working
442 * OUTPUT : "TRUE" for success and "FALSE" for failure.
445 global $dbms, $dbms_working;
449 function linux_daemon() {
450 /* This function is able to deal with the output of kernel-network messages
451 * coming from device related processes. Typically networkcard and other
452 * hardware-related data will show-up here
454 * GLOBALS : $dbms, $dbms_working
455 * OUTPUT : "TRUE" for success and "FALSE" for failure.
458 global $dbms, $dbms_working;
460 $local_log_line = strtolower($dbms->db_result_row[6]);
462 //Find a sign of stop
463 //Using the word shutdown
464 $pos = strpos($local_log_line, "shutdown");
466 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
467 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'stop')";
468 $dbms_working->query($local_sql);
470 //Using the word stop
471 $pos = strpos($local_log_line, "stop");
473 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
474 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'stop')";
475 $dbms_working->query($local_sql);
477 //As the word restart
478 $pos = strpos($local_log_line, "restart");
480 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
481 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'stop')";
482 $dbms_working->query($local_sql);
484 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
485 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'start')";
486 $dbms_working->query($local_sql);
488 //As the word start this is an else for restart.
489 //If we wouldn't do so restart would also give a positive on start
490 $pos = strpos($local_log_line, "start");
492 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
493 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'start')";
494 $dbms_working->query($local_sql);
497 //The word error indicates problems.
498 $pos = strpos($local_log_line, "error");
499 $pos2 = strpos($local_log_line, "crash"); //The word crash is also considered to be an error
500 if ($pos > 0 or $pos2 > 0) {
502 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
503 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'error detected')";
504 $dbms_working->query($local_sql);
506 //Quite often an error will be followed with information that the daemon or service ended.
507 $pos = strpos($local_log_line, "abort");
509 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
510 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'abort')";
511 $dbms_working->query($local_sql);
513 $pos = strpos($local_log_line, "ended");
515 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
516 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'abort')";
517 $dbms_working->query($local_sql);
519 $pos = strpos($local_log_line, "stop");
521 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
522 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'abort')";
523 $dbms_working->query($local_sql);
526 //For power management there is a charge warning
527 $pos = strpos($local_log_line, "charge");
529 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
530 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'Power warning')";
531 $dbms_working->query($local_sql);
534 //As the word start this is an else for restart.
535 //If we wouldn't do so restart would also give a positive on start
536 //This can only be done if we ensured nothing else was the case
537 //PLEASE USE THIS AS LATE AS POSSIBLE!!!
538 $pos = strpos($local_log_line, "exiting");
540 $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
541 $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '".$dbms->db_result_row[3]."', 'start')";
542 $dbms_working->query($local_sql);