[gnucomo.git] / src / gcm_daemon / gcm_daemon.php

#!/usr/bin/php
<?PHP
/**********************************************************************************
**  (c) Copyright 2002, Brenno J.S.A.A.F. de Winter, De Winter Information Solutions
** This is free software; you can redistribute it and/or modify it under the
** terms of the GNU General Public License, see the file COPYING.
***********************************************************************************/


/*
   NAME          : gcm_daemon
   AUTHOR        : Brenno J.S.A.A.F. de Winter
                   De Winter Information Solutions
   COPYRIGHT     : 2002 - De Winter Information Solutions,
                   Brenno J.S.A.A.F. de Winter

   * DATES *
   First        : November 8th 2002
   Gnucomo-0.0.3: December 6th 2002
   Gnucomo-0.0.8: September 4th 2003

 $Log: gcm_daemon.php,v $
 Revision 1.22  2007-10-23 11:23:52  arjen
 Record the date when adding the number of abuses for an IP address
 in the abuse list.

 Revision 1.21  2007/01/11 13:47:41  arjen
 Log_adv and derived tables removed.
 Create notifications from log entries with pattern matching.

 Revision 1.20  2005/06/04 07:15:16  arjen
 Added pattern check on log entries with the service_pattern table.

 Revision 1.19  2004/01/10 20:04:12  arjen
 Send email about open notifications to an object's users.

 Revision 1.18  2003/12/03 08:07:21  arjen
 Changed the type of log_adv_daemon_email.delay and log_adv_daemon_email.xdelay
 from time to interval. These delays can be more than 24 hours.

 Revision 1.17  2003/10/29 09:58:29  arjen
 Create separate notifications for different objects in service_check().

 Revision 1.16  2003/09/03 12:48:48  arjen
 Check the log table against the servies running on an object and
 create notifications if a service is not supposed to be available
 or is not known at all.

 Revision 1.15  2003/09/02 12:48:09  arjen
 BUGFIX: Secondary indices on log_notification were unique.
 Additional information in the 'usr' table: 'display_name' and 'email'.
 Added new issues and services.

 Revision 1.14  2003/09/01 06:51:07  arjen
 Accept command argument '-c config' to use an alternate
 gnucomo configuration.

 Revision 1.13  2003/08/14 10:22:42  arjen
 Disabled DEBUG output

 Revision 1.12  2003/08/05 07:46:37  arjen
 BUGFIX: Print an error message if a parameter does not have
 any history.

 Revision 1.11  2003/07/09 07:25:02  arjen
 Gcm_daemon gathers statistics on parameters, notifications, etc. for all objects.

 Revision 1.10  2003/03/29 08:33:58  arjen
 In phpclasses/db.class.php: Added the database connection string as
 an argument to the function copy_db_class.
 Fixed the PHP member function db::db_connect(). The Postgres connection
 string is now passed as an argument to that function.

 Revision 1.9  2003/02/21 08:37:59  arjen
 Added new table to the database: log_adv_daemon_email.


*/

// $Id: gcm_daemon.php,v 1.22 2007-10-23 11:23:52 arjen Exp $

ini_set('include_path', '.:./classes:../phpclasses');
ini_set('html_errors', 'false');

define("BATCHSIZE", 5000);

//Tell the log that we're up.
define_syslog_variables();

require_once "gnucomo_config.php";
require_once "db.class.php";
require_once "gnucomo.process_log.php";

// Set the standard variables //

$purge_date     ="";            // Purge log entries until this date. Default: no purging
$project_name   = "gnucomo";    // name of the entire project
$app_name       = "gcm_daemon"; // name of the application running
$developrelease = "FALSE";      // Indicates if special debug settings are needed
$db_version     = 51;           // The db_version indicates what the level of
                                // the database should be. If the database is
                                // old an update will be generated.
$gcmd_version   = 5;            // This value indicates the active version of
                                // the gcm_daemon, which is saved in the database.
                                // Log records that were not recognized before
                                // will now be recognized. The version doesn't
                                // mean anything in the overall gnucomo project.

//Avoid time-limit issues
set_time_limit(0);

//  Scan the command arguments

for ($argi = 1; $argi < $argc; $argi++)
{
   switch ($argv[$argi])
   {
   case "-c":
      $argi++;
      $project_name = $argv[$argi];
      break;

   case "-p":
      $argi++;
      $purge_date = $argv[$argi];
      break;

   default:
      echo "Usage: gcm_daemon [-c configname] [-p purgedate]\n";
      exit();
      break;
   }
}

// Read the database settings //
$class_settings = new gnucomo_config();
if (!$class_settings->read($project_name))
{
   echo "Can not read Gnucomo configuration file for $project_name.\n";
   exit();
}

openlog("gnucomo", LOG_PID, LOG_DAEMON);
syslog(LOG_INFO, "gcm_daemon started");

//Open an connection to the database
$dbms_type = $class_settings->find_parameter("database", "type");
$dbms_host = $class_settings->find_parameter("database", "host");
$dbms_name = $class_settings->find_parameter("database", "name");
$dbms_user = $class_settings->find_parameter("gcm_daemon", "user");
$dbms_password = $class_settings->find_parameter("gcm_daemon", "password");

db_select($dbms_type);
$dbms = new db();
$dbms->db_host = $dbms_host;
$dbms->db_name = $dbms_name;
$dbms->db_user = $dbms_user;
$dbms->db_password = $dbms_password;
$dbms->db_connect($class_settings->database());

if ($dbms->have_db_connection() == "FALSE")
{
   exit ("Database connection failed.");
}
else
{
   // The database connection has been made.
   $dbms_working = copy_db_class($dbms, $class_settings->database());
}

// Verify if the database is up-to-date by checking the versionnumber

$local_sql = "SELECT setting_value FROM db_value WHERE setting = 'db_version' ";
$dbms->query($local_sql);

if ($dbms->fetch_row() == "TRUE")
{
  $active_version = $dbms->db_result_row[0];

  // Update the database to the most recent version.

  if ($active_version < $db_version)
  {
     include ("gnucomo_db_version.php");
  }
}
else
{
  syslog (LOG_INFO, "Couldn't initialize database version. Is this a gnucomo database?");
  die ("Couldn't initialize database version.\n");
}

// If there is a new gcm_daemon_version the logrecords that couldn't be
// understood can be reprocessed. For this reason processed is now changed
// to false again for not recognized records.

$local_sql = "SELECT setting_value FROM db_value
              WHERE setting = 'gcm_daemon_version'";
$dbms->query($local_sql);

if ($dbms->fetch_row() == "TRUE")
{
   if ($dbms->db_result_row[0] < $gcmd_version)
   {
      //Reactive log-records that weren't understood earlier.

      $local_sql = "UPDATE log SET processed = false
                    WHERE logid NOT IN (SELECT DISTINCT logid FROM log_adv)";
      $dbms->query($local_sql);

      //Update de gcm_daemon version in the database
      $local_sql = "UPDATE db_value SET setting_value = '".$gcmd_version;
      $local_sql .= "' WHERE setting = 'gcm_daemon_version'";
      $dbms->query($local_sql);

   }

}

// Now we loop the tasks that we have to do.


do
{

   if ($purge_date != "")
   {
      purge_old_logs($purge_date);
   }

   echo "Processing logs...\n";
   process_log ();
   service_check();
   find_notifications();
   //mail_notifications();

   //  Gather the statistics for each object

   $obj_result = $dbms->query("SELECT objectid FROM object");
   for ($obj = 0; $obj < $dbms->num_rows($obj_result); $obj++)
   {
      $object = $dbms->fetch_object($obj_result, $obj);
      echo "Gathering statistics for object " . $object->objectid . "\n";
      GatherStatistics($object->objectid);
   }

   $keep_running = false;

} while ($keep_running == true);

//Tell the log that we're ending our efforts in a nice way

syslog (LOG_INFO, "gcm_daemon ended nicely");

function purge_old_logs($purge_date)
{
   global $dbms;

   /*
    *   Make a temporary table with the logids of the old log entries
    *   We don't want to repeat a selection on the large log table itself.
    */

   echo "Purging log entries before $purge_date\n";

   $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE timestamp < '$purge_date'");
   $dbms->query("SELECT logid FROM gcm_deamon_old_log");
   echo $dbms->num_rows() . " log entries found.\n";
   $r = $dbms->query("select notificationid from log_notification where logid in
                         (select logid from gcm_deamon_old_log) group by notificationid");
   echo "Notifications that may be affected:\n";
   $notifications = array();
   for ($i=0; $i < $dbms->num_rows(); $i++)
   {
      $notif = $dbms->fetch_object($r, $i);
      $notifications[] = $notif->notificationid;
      echo $notif->notificationid . "\n";
   }
   $dbms->query("delete from log_notification where logid in
                         (select logid from gcm_deamon_old_log)");

   //  Clean up any notifications that have no more logs left
   foreach ($notifications as $notif)
   {
      $c = $dbms->fetch_object($dbms->query("select count(*) from log_notification where notificationid=$notif"), 0);
      echo "Notification $notif has " . $c->count . " log entries left.\n";
      if ($c->count == 0)
      {
         echo "Cleaning up notification $notif.\n";
         $dbms->query("delete from action_user where notificationid=$notif");
         $dbms->query("delete from notification where notificationid=$notif");
      }
   }

   $dbms->query("delete from log where logid in
                         (select logid from gcm_deamon_old_log)");

   $dbms->query("drop table gcm_deamon_old_log");
}


function process_log ()
{

 /* This function will walk through the log-records that haven't been processed
  * first a snapshot will be created of a the non-processed records.
  * sequentially each record will dealt with. By doing that changes will be made
  * in several log_adv_xxx tables
  * INPUT  : NONE
  * OUTPUT : NONE
  */

  global $dbms;
  global $dbms_working;
  global $class_settings;

  $last_log = 0;

  // Find records in log that still have to be processed.

  $local_sql = "SELECT setting_value FROM db_value WHERE setting = 'log_processing'";
  $dbms->query($local_sql);

  if ($dbms->fetch_row() == "TRUE")
  {
     $last_log = $dbms->db_result_row[0];
  }

  echo "Last processed logid = $last_log \n";

  //Query the log-table
  $log_limit = $last_log + BATCHSIZE;
  $local_sql = "SELECT * FROM log WHERE logid > CAST(".$last_log." AS BIGINT)
                AND logid <= $log_limit ORDER BY logid";
  $dbms->query($local_sql);

  //Update the log-statistics in the object-table
  $local_statistics_db = copy_db_class($dbms, $class_settings->database());
  $local_findobject_db = copy_db_class($dbms, $class_settings->database());

  //Make totals
  $local_upper_row = $dbms->num_rows() + $last_log + 1;
  $local_sql = "SELECT COUNT(logid), objectid from log WHERE logid > CAST(". $last_log .
      " AS BIGINT) AND logid < CAST (" . $local_upper_row . " AS BIGINT) GROUP BY objectid";
  $local_statistics_db->query ($local_sql);

  // Loop the objects
  for ($i = 1; $i <= $local_statistics_db->num_rows(); $i++)
  {
      $local_object_row = $local_statistics_db->fetch_row();

      $local_sql = "UPDATE object SET log_count = log_count + " .
          $local_statistics_db->db_result_row[0] . " WHERE objectid = '" .
          $local_statistics_db->db_result_row[1] . "'";

      $local_findobject_db->query($local_sql);
  }

  $local_counter = 0;

  if ($dbms->num_rows() > 0)
  {

    //Create a database connection for changes in the database.
    $dbms_changes = copy_db_class($dbms, $class_settings->database());
    if ($dbms_changes->have_db_connection() == 'TRUE')
    {

       $local_sql               = 0 ;
       $local_sql_statistics    = "";
       $local_object_os         = "";
       $local_object_os_version = "";

/*
       while ($local_counter < $dbms->num_rows())
       {

         $local_return_row = $dbms->fetch_row();
         if ($local_return_row == 'TRUE')
         {
            // Work on active rows
            $local_log_id = $dbms->db_result_row[0];

            $local_sql_findobject = "SELECT os, os_version FROM object
                                WHERE objectid = '".$dbms->db_result_row[1]."'";
            $local_findobject_db->query($local_sql_findobject);
            $local_findobject_result = $local_findobject_db->fetch_row();
            if ($local_findobject_result == 'TRUE')
            {

                // Now work on the OS again
                $local_object_os = $local_findobject_db->db_result_row[0];
                if  ($local_object_os == "")
                {
                    $local_object_os = "Linux";
                    $local_object_os_version = "Unknown assuming Linux";
                }
                else
                {
                  $local_object_os_version = $local_findobject_db->db_result_row[1];
                }
             }

            switch (strtolower($local_object_os))
            {
            case "linux":
                $local_process_return = linux_log ();
                break;
            default:
                syslog (LOG_INFO, "Couldn't find suitable OS for processing the logline");
                break;
            }

            if ($local_process_return != 'TRUE')
            {
              $local_process_return = 'FALSE';
            }

         }
         else
         {

           break;

         }
         $local_counter++;
       }
*/

       //  Check for spam and other abuses.

       // abuse_check($last_log);

       match_log_patterns($last_log);

       // Register that the logrecords have been processed.
       $local_upper_row--;
       $local_sql = "UPDATE db_value SET setting_value = '"
                   . $local_upper_row ."' where setting = 'log_processing'";
       $dbms->query($local_sql);


       // Update the statistics for the object-table


     }
     else
     {
       syslog (LOG_INFO, "Couldn't clone database connection.");
       die ("Couldn't reconnect to the database.\n");
     }
  }

}

/*
 *   Update a single statistic for some object.
 *   If it does not yet exist, it will be created.
 */

function UpdateStatistic($objectid, $name, $value)
{
   global $dbms;

   $result = $dbms->query("SELECT objectid FROM object_statistics WHERE
             objectid='$objectid' AND statname='$name'");
   if ($dbms->num_rows() == 0)
   {
      $dbms->query("INSERT INTO object_statistics VALUES
                    ('$objectid', '$name', '$value')");
   }
   else
   {
      $dbms->query("UPDATE object_statistics SET statvalue='$value' WHERE
           statname='$name' AND objectid='$objectid'");
   }
}

/*
 *   Gather the statistics for a single object ($objectid).
 *   We count the number of parameters, removed parameters, notifications
 *   closed notifications and log entries. The totals of these are
 *   maintained in a separate table: object_statistics.
 */

function GatherStatistics($objectid)
{
   global $dbms;

   //  Gather statistics on parameters

   $r = $dbms->query("SELECT paramid FROM parameter WHERE objectid=CAST('"
                        . $objectid . "' AS BIGINT)");
   $nr_parameters = $dbms->num_rows($r);

   $removed_parameters = 0;
   for ($p = 0; $p < $nr_parameters; $p++)
   {
      $param = pg_fetch_object($r, $p);
      $qry ="select change_nature from history where paramid= CAST('";
      $qry .= $param->paramid . "' AS BIGINT) order by modified desc";
      $rhist = $dbms->query($qry);
      if ($dbms->num_rows($rhist) == 0)
      {
         echo "ERROR: No history for parameter id " . $param->paramid . "\n";
      }
      else
      {
         $hist = $dbms->fetch_object($rhist, 0);
         if ($hist->change_nature == "REMOVED")
         {
            $removed_parameters++;
         }
      }
   }

   UpdateStatistic($objectid, 'parameters', $nr_parameters);
   UpdateStatistic($objectid, 'removed_parameters', $removed_parameters);

   //  Gather statistics on notifications

   $r = $dbms->query("SELECT count(notificationid) FROM notification WHERE
                       objectid = CAST('" . $objectid . "' AS BIGINT)");
   $cnt = $dbms->fetch_object($r, 0);
   UpdateStatistic($objectid, 'notifications', $cnt->count);

   $r = $dbms->query("SELECT count(notificationid) FROM notification WHERE
                       objectid = CAST('" . $objectid . "' AS BIGINT) AND statuscode ='cls'");
   $cnt = $dbms->fetch_object($r, 0);
   UpdateStatistic($objectid, 'closed_notifications', $cnt->count);

   //  Gather statistics on log entries

   $r = $dbms->query("SELECT count(logid) FROM log WHERE
                       objectid = CAST('" . $objectid . "' AS BIGINT)");
   $cnt = $dbms->fetch_object($r, 0);
   UpdateStatistic($objectid, 'logs', $cnt->count);
}

//  Check for spam and other abuses in the log_adv tables.

function abuse_check($logstart)
{
return;   //  This function is obsolete
   global  $dbms;

  // notification: 'abuses exceeded'.

   $noqueue_res = $dbms->query("select logid, source_ip from log_adv_daemon_email
                                where event='NOQUEUE' and logid > " . $logstart);
   echo "NOQUEUE abuses:\n\n";
   for ($row = 0; $row < $dbms->num_rows($noqueue_res); $row++)
   {
      $noqueue = $dbms->fetch_object($noqueue_res, $row);
      if ($noqueue->source_ip != '')
      {
         $obj = $dbms->fetch_object(
                       $dbms->query("SELECT objectid FROM log WHERE logid = '" . $noqueue->logid . "'"),0);
         record_abuse(0, $obj->objectid, $noqueue->source_ip, 2);

         // TODO: Create notification
      }
   } 
   $dbms->Free($noqueue_res);

   $noqueue_res = $dbms->query("select logid, source_ip, relay from log_adv_daemon_email
                                where event='SPAM' and logid > " . $logstart);
   echo "SPAM abuses:\n\n";
   for ($row = 0; $row < $dbms->num_rows($noqueue_res); $row++)
   {
      $noqueue = $dbms->fetch_object($noqueue_res, $row);
      $source = $noqueue->source_ip;
      if ($source == '')
      {
         $source = $noqueue->relay;
      }
      if ($source != '')
      {
         $obj = $dbms->fetch_object(
                       $dbms->query("SELECT objectid FROM log WHERE logid = '" . $noqueue->logid . "'"),0);
         record_abuse(0, $obj->objectid, $source, 1);

         // TODO: Create notification
      }
   } 
   $dbms->Free($noqueue_res);

   echo "HTTP abuses:\n\n";
   $abuse_res = $dbms->query("select logid, objectid, rawdata from log
                              where servicecode='httpd' and logid > " . $logstart);
   for ($row = 0; $row < $dbms->num_rows($abuse_res); $row++)
   {
      $source = '';
      $abuse = $dbms->fetch_object($abuse_res, $row);
      if (ereg("\[error\] \[client ([0-9.]+)\] request failed: URI too long", $abuse->rawdata, $parts))
      {
         echo $abuse->rawdata . "\n";
         echo "Abuse on object " . $abuse->objectid . " from IP address " . $parts[1] . "\n";
         $source = $parts[1];
      }
      if (ereg("\[error\] \[client ([0-9.]+)\] File does not exist: .+/MSADC",
               $abuse->rawdata, $parts))
      {
         echo $abuse->rawdata . "\n";
         echo "Abuse on object " . $abuse->objectid . " from IP address " . $parts[1] . "\n";
         $source = $parts[1];
      }
      if ($source != '')
      {
         record_abuse(0, $abuse->objectid, $source, 2);

         // TODO: Create notification
      }
   }
   $dbms->Free($abuse_res);
}

function match_log_patterns($logstart)
{
   global  $dbms;

   $notifications = array();

   $log_limit = $logstart + BATCHSIZE;
   $noqueue_res = $dbms->query("select logid, objectid, servicecode, rawdata from log
                              where logid > $logstart and logid <= $log_limit
                              order by logid");
   for ($row = 0; $row < $dbms->num_rows($noqueue_res); $row++)
   {
      $logentry = $dbms->fetch_object($noqueue_res, $row);
      //echo "\n----------\n" . $logentry->rawdata . "\n----------\n";
      $service = $logentry->servicecode;
      $pattern_res = $dbms->query("select * from service_pattern where service='$service'
                                              OR service='ANY' order by rank");

      $match_found = false;
      for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
      {
         $srv_pat = $dbms->fetch_object($pattern_res, $patnr);
         //echo "  Checking with pattern " . $srv_pat->pattern . "\n";
         if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
         {
            //  Scan the argument for '$n' expressions and expand

            $srv_pat->argument = expand_arguments($srv_pat->argument, $matches);
            //echo "   " . $srv_pat->pattern . " matches.\n";
            //echo "   Matched string: " . $matches[0] . "\n";
            //echo "   Action = " . $srv_pat->action . "(" . $srv_pat->argument . ")\n\n";
            $match_found = true;

            switch ($srv_pat->action)
            {
            case "ignore":
               break;

            case "notify":
               $notif = $srv_pat->argument;
               if (!isset($notifications[$logentry->objectid][$notif]))
               {
                  //echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
                  $remark = "Notification generated from Gnucomo pattern match.";
                  $notifications[$logentry->objectid][$notif] =
                         $dbms->new_notification($logentry->objectid, $notif, $remark);
               }
               if (isset($notifications[$logentry->objectid][$notif]))
               {
                  //echo "Notification $notif for object " . $logentry->objectid . " already created.\n";
                  $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
                  $insertion .= $notifications[$logentry->objectid][$notif] . "', '";
                  $insertion .= $logentry->logid . "')";
                  $dbms->query($insertion);
               }
               break;

            case "abuse":
               if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 32)
               {
                  $source_ip = $srv_pat->argument;
                  $notif = 'abuses exceeded';
                  if (!isset($notifications[$logentry->objectid][$notif][$source_ip]))
                  {
                     echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
                     $remark = "Abuses from IP address $source_ip exceeded the limit.";
                     $notifid = $dbms->new_notification($logentry->objectid, $notif, $remark);
                     $notifications[$logentry->objectid][$notif][$source_ip] = $notifid;

                     //  Add log entries from previously detected abuses

                     echo " Add log entries from previously detected abuses";
                     $abuses = $dbms->query("SELECT logid FROM log_abuse WHERE objectid = '" .
                                    $logentry->objectid . "' AND source = '$source_ip'");
                     for ($abusenr = 0; $abusenr < $dbms->num_rows($abuses); $abusenr++)
                     {
                        $log_abuse = $dbms->fetch_object($abuses, $abusenr);
                        if ($log_abuse->logid != $logentry->logid)
                        {
                           $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
                           $insertion .= $notifid . "', '";
                           $insertion .= $log_abuse->logid . "')";
                           $dbms->query($insertion);
                        }
                     }
                  }
                  if (isset($notifications[$logentry->objectid][$notif][$source_ip]))
                  {
                     echo "Notification $notif for object " . $logentry->objectid . " already created.\n";
                     $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
                     $insertion .= $notifications[$logentry->objectid][$notif][$source_ip] . "', '";
                     $insertion .= $logentry->logid . "')";
                     $dbms->query($insertion);
                  }
               }
               break;
            case "forgive":
               record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, -4);
               break;
            default:
               echo "Error: unrecognized action in service pattern: " . $srv_pat->action . "\n";
               break;
            }
         }
         else
         {
            // echo "   " . $srv_pat->pattern . " does not match.\n";
         }
      }

   }
}

/*
 *  Some IP address abused us. Record the event.
 *  Return the number of abuse points recorded so far for the address
 */

function record_abuse($logid, $objectid, $sourceip, $points)
{
   global  $dbms;

   $abuse_points = $points;

   $ipaddress = gethostbyname($sourceip);
   //echo " IP address for $sourceip is $ipaddress.\n";
   $sourceip = $ipaddress;

   $abres = $dbms->query("SELECT * FROM object_abuse WHERE objectid='$objectid' AND source='$sourceip'");

   if (pg_numrows($abres) == 0 && $points > 0)
   {
      //echo "$sourceip is new.\n";
      $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
      $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
   }
   else if (pg_numrows($abres) != 0)
   {
      $abuse = $dbms->fetch_object($abres, 0);
      if ($abuse->status == '' || $abuse->status == 'dropped')
      {
         $abuse_points = $abuse->nr_abuses + $points;
         if ($abuse_points < 0)
         {
            $abuse_points = 0;
         }
         //echo $sourceip . " will get " . $abuse_points . " abuse points, ";
         //echo "Status was " . $abuse->status . "\n";
         $dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
                     ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");

         if ($points > 0)
         {
            $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
         }
         if ($abuse_points >= 32)
         {
            //echo "      BLOCK IP adrress $sourceip on the firewall.\n";
            $dbms->query("UPDATE object_abuse SET status='dropped'" .
                     " WHERE objectid='$objectid' AND source='$sourceip'");
         }
      }
   }

   return $abuse_points;
}


/*
 *   Service_check - Check the log entries if there are any unknown
 *   services.
 */

function service_check()
{
   global  $dbms;

   $unknown_notification = array();
   $unused_notification  = array();
   $last_log             = 0;

   //  How far did we get last time ?

   $lastlogres = $dbms->query("SELECT setting_value FROM db_value
                               WHERE setting = 'log_servicecheck'");

   if ($dbms->num_rows($lastlogres) == 1)
   {
     $last_log = $dbms->Field($lastlogres, 0, 'setting_value');
   }
   else
   {
      $dbms->query("INSERT INTO db_value (setting, setting_value)
                            VALUES ('log_servicecheck', '0')");
   }

   echo "Running service check from log id $last_log.\n";
   // Query the log-table

   $log_limit = $last_log + BATCHSIZE;
   $qry = "SELECT logid, objectid, servicecode FROM log
           WHERE logid > CAST(".$last_log." AS BIGINT) AND logid <= $log_limit
           ORDER BY logid";
   $log_res = $dbms->query($qry);
   //$log_res = $dbms->query("SELECT logid, objectid, servicecode,rawdata FROM log");

   for ($log_row = 0; $log_row < $dbms->num_rows($log_res); $log_row++)
   {
      $log_entry = $dbms->fetch_object($log_res, $log_row);
      $last_log  = $log_entry->logid;

      //   Check if the service is used on the object.

      $qry = "SELECT * FROM object_service WHERE objectid='";
      $qry .= $log_entry->objectid . "' AND servicecode='";
      $qry .= $log_entry->servicecode . "'";

      $os_res = $dbms->query($qry);
      if ($dbms->num_rows($os_res) == 0)
      {
         //   Service is not found for the object, check if the service
         //   exists at all.

         $qry = "SELECT * FROM service WHERE servicecode='";
         $qry .= $log_entry->servicecode . "'";

         if ($dbms->num_rows($dbms->query($qry)) == 0)
         {
            if (!isset($unknown_notification[$log_entry->objectid]))
            {
               $remark = "One or more log entries from a service that is not in the database";
               $unknown_notification[$log_entry->objectid] =
                         $dbms->new_notification($log_entry->objectid, 'service unknown', $remark);
            }
            if (isset($unknown_notification[$log_entry->objectid]))
            {
               $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
               $insertion .= $unknown_notification[$log_entry->objectid] . "', '";
               $insertion .= $log_entry->logid . "')";
               $dbms->query($insertion);
            }
         }
         else
         {
            if (!isset($unused_notification[$log_entry->objectid]))
            {
               $remark = "One or more log entries from a service not running on this object";
               $unused_notification[$log_entry->objectid] =
                         $dbms->new_notification($log_entry->objectid, 'service not used', $remark);
            }
            if (isset($unused_notification[$log_entry->objectid]))
            {
               $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
               $insertion .= $unused_notification[$log_entry->objectid] . "', '";
               $insertion .= $log_entry->logid . "')";
               $dbms->query($insertion);
            }
         }
      }
   }

   $qry = "UPDATE db_value SET setting_value = '"
                   . $last_log . "' WHERE setting = 'log_servicecheck'";
   $dbms->query($qry);
}

function find_notifications ()
{

/*
 *  Do something with notification checks.
 *
 * INPUT  : NONE
 * OUTPUT : NONE
 */

   global $dbms;

   // Find checks that have to be executed.
   $local_sql = "select * from notification_check where
                    age(last_execution) > time_between_executions";
   $dbms->query($local_sql);

   for ($i=0; $i<$dbms->num_rows(); $i++)
   {
      // A check has been found that has to be executed
      $dbms->fetch_row();
   }
}

/*
 *  find open notifications and send an email to the object's users.
 */

function mail_notifications ()
{
   global $dbms;

   $notifres = $dbms->query("SELECT notificationid, objectid, type_of_issueid FROM notification
                               WHERE statuscode != 'cls'");

   for ($notifrow = 0; $notifrow < pg_numrows($notifres); $notifrow++)
   {
      $notification = pg_fetch_object($notifres, $notifrow);

      $issue = pg_fetch_object($dbms->query("SELECT description FROM type_of_issue
                                             WHERE type_of_issueid='" . $notification->type_of_issueid . "'"), 0);
      echo "Mailing Notification for object id " . $notification->objectid . "\n";
      $object = pg_fetch_object($dbms->query("SELECT objectname FROM object
                                              WHERE objectid='" . $notification->objectid ."'"), 0);

      $users = $dbms->query("SELECT username FROM object_user WHERE objectid='" . $notification->objectid . "'");

      for ($userrow = 0; $userrow < pg_numrows($users); $userrow++)
      {
         $objusr = pg_fetch_object($users, $userrow);
         $usr = pg_fetch_object($dbms->query("SELECT email FROM usr
                                              WHERE username='" . $objusr->username . "'"), 0);

         $message = "Notification " . $notification->notificationid . ": " . $issue->description;
         $message .= "  for object " . $object->objectname . "\n";

         mail($usr->email, "GnuCoMo Notification", $message);
      }
   }
}

/*
 *   The 'command' may contain positional parameters such as '$1' and '$3',
 *   just like the shell. These parameters are replaced by content from
 *   the 'args' array.
 */

function expand_arguments($command, $args)
{
   while (ereg('\$([0-9]+)', $command, $match))
   {
      $index = $match[1];
      if ($index >= count($args))
      {
         echo "Error: Argument $index not found for $command.\n";
         $command = ereg_replace('\$' . $index, "", $command);
      }
      else
      {
         $command = ereg_replace('\$' . $index, $args[$index], $command);
      }
   }
   return $command;
}

?>