** terms of the GNU General Public License, see the file COPYING.
***********************************************************************************/
-function linux_log () {
+function linux_log ()
+{
/* The function linux_log will seperate the logline in several elements. This will
* ease the work of recognizing the type of logline. Once this has been detected
* the correct module will start using the data for a log_adv-table.
* GLOBALS : $dbms (database class containing the logline)
* OUTPUT : Status of success ('TRUE' for success and 'FALSE' for failure
*/
-
+
global $dbms;
-
+ global $developrelease;
+
$local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
$local_logline_array = explode (" ", $local_log_string);
- switch (strtolower($local_logline_array[4])) {
- case "kernel:":
- //This is a kernel logline now discover which type kernel-record we have
-
- //Detect if this is a network-line
- if (strtolower(substr($local_logline_array[5],0,3)) == "in=") {
- //this is a networkline call the processing the routines
- $local_result = linux_kernel_network();
- return $local_result;
- } else {
- $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
- syslog (LOG_INFO, "Unrecognized kernelline");
- syslog (LOG_INFO, $local_failing_string);
- return "FALSE";
- }
- break;
- default:
- break;
+ $service_type = $dbms->db_result_row[3];
+ switch (strtolower($service_type))
+ {
+ case "kernel":
+ //This is a kernel logline now discover which type kernel-record we have
+
+ //Detect if this is a network-line
+ if (strtolower(substr($local_logline_array[5],0,3)) == "in=")
+ {
+ //this is a networkline call the processing the routines
+ $local_result = linux_kernel_network();
+ return $local_result;
+ }
+ else
+ {
+
+ //This line is a kernel line writing about a device.
+ if (strtolower($local_logline_array[4]) == 'device')
+ {
+ echo $local_log_string;
+
+ $local_result = linux_kernel_device();
+ return $local_result;
+ }
+ else
+ {
+ if ($developrelease == 'TRUE')
+ {
+
+ $local_failing_string = "Failing string: ".$dbms->db_result_row[5];
+ syslog (LOG_INFO, "Unrecognized kernelline:".$local_log_string);
+ syslog (LOG_INFO, $local_failing_string);
+ }
+ return "FALSE";
+ }
+ }
+ break;
+
+ case "anacron":
+ $local_result = linux_daemon();
+ break;
+
+ case "apmd":
+ $local_result = linux_daemon();
+ break;
+
+ case "atd":
+ $local_result = linux_daemon();
+ break;
+
+ case "crond":
+ $local_result = linux_daemon();
+ break;
+
+ case "httpd":
+ $local_result = linux_daemon();
+ break;
+
+ case "lpd":
+ $local_result = linux_daemon();
+ break;
+
+ case "mysqld":
+ $local_result = linux_daemon();
+ break;
+
+ case "postfix":
+ $local_result = linux_daemon();
+ break;
+
+ case "random":
+ $local_result = linux_daemon();
+ break;
+
+ case "rhnsd":
+ $local_result = linux_daemon();
+ break;
+
+ case "sendmail":
+ $local_result = linux_daemon_sendmail();
+ break;
+
+ case "syslog":
+ $local_result = linux_daemon();
+ break;
+
+ case "syslogd":
+ $local_result = linux_daemon();
+ break;
+
+ case "xinetd":
+ $local_result = linux_daemon();
+ break;
+
+ default:
+ break;
}
- }
+}
+
+function linux_daemon_sendmail()
+{
+
+ /* This function is able to deal with the logs delivered by MTAs
+ * the following are currently supported:
+ * - sendmail
+ * INPUT : NONE
+ * GLOBALS : $dbms, $dbms_working
+ * OUTPUT : "TRUE" for success and "FALSE" for failure.
+ */
+
+ global $dbms;
+ global $dbms_working;
+
+ //Basic processing.
+
+ //Determine the type of records
+ //When this is sendmail find the beginning by chopping everything into
+ //little pieces.
+ $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
+ //echo " Processing " . $local_log_string . "\n";
+ $local_logline_array = explode (" ", $local_log_string);
+
+ $local_sql_1 = "INSERT INTO log_adv_daemon_email"; //BASIC STATEMENT
+ $local_sql_2 = "logid, detailed_table, service, internal_messageid "; //FIELDS
+ $local_sql_3 = "'".$dbms->db_result_row[0]."', 'log_adv_daemon_email', 'sendmail'"; //VALUES
+
+ $local_sql_3 .= ", '".substr (trim($local_logline_array[5]), 0
+ ,strlen(trim($local_logline_array[5])) -1)."'";
+ $local_len = 0;
+ $local_id = 0;
-function linux_kernel_network() {
+ for ($i = 6; $i <= ( count($local_logline_array) - 1); $i++)
+ {
+
+ //Get rid of the nasty comma's at the end
+ if ( substr($local_logline_array[$i], strlen($local_logline_array[$i])-1, 1) == "," )
+ {
+ $local_dummylength = strlen($local_logline_array[$i]) -1;
+ $local_dummy = substr ($local_logline_array[$i], 0,$local_dummylength );
+ $local_logline_array[$i] = trim($local_dummy);
+ }
+
+ if (substr($local_logline_array[$i],0,1) == '[')
+ {
+ $local_dummy = trim($local_logline_array[$i]);
+ $local_sql_2 .= ", source_ip";
+ $local_sql_3 .= ", '".substr($local_dummy, 1, strlen($local_dummy)-2)."'";
+ }
+ else if (strstr($local_logline_array[$i], "="))
+ {
+
+ $local_element = explode("=", $local_logline_array[$i]);
+
+ switch (strtolower($local_element[0]))
+ {
+ case "from":
+ $local_sql_2 .= ", from_email";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "size":
+ $local_sql_2 .= ", size";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "delay":
+ $local_sql_2 .= ", delay";
+ $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
+ break;
+
+ case "xdelay":
+ $local_sql_2 .= ", xdelay";
+ $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
+ break;
+
+ case "mailer":
+ $local_sql_2 .= ", mailer";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "dsn":
+ $local_sql_2 .= ", dsn";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "msgid":
+ $local_sql_2 .= ", external_messageid";
+ if (substr($local_element[1],0,1) == '<')
+ {
+ $local_sql_3 .= ", '";
+ $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
+ $local_sql_3 .= "'";
+ }
+ else
+ {
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ }
+ break;
+
+ //As of this point we only deal with Status
+ case "stat":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_logline_array[$i]), "stat=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
+ break;
+
+ case "status":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
+ break;
+
+ default:
+ if (substr(strtolower($local_element[0]),0,1) == "[")
+ {
+ $local_sql_2 .= ", destination_ip";
+ $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
+ }
+ break;
+ }
+ }
+ }
+
+ //Now that the data is complete create the SQL-statement
+ $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
+ $dbms_working->query($local_sql);
+
+ RETURN "TRUE";
+}
+
+function linux_kernel_network()
+{
/* This function is able to deal with the output of kernel-network messages
* coming from iptables and other similar tools. When elements are found
* that cannot be identified a notification will be written to the logbook
* for easy expansion of this routine.
* INPUT : NONE
- * GLOBALS : $dmbs
+ * GLOBALS : $dbms, $dbms_working;
* OUTPUT : "TRUE" for success and "FALSE" for failure.
*/
+
global $dbms;
+ global $dbms_working;
$local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
$local_logline_array = explode (" ", $local_log_string);
$local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
$local_len = 0;
$local_id = 0;
+ $local_tos = "F";
- $local_dbms = copy_db_class($dbms);
-
- for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++) {
- //Process each element by exploding this based on the sign: =
+ for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++)
+ {
$local_element = explode("=", $local_logline_array[$i]);
- switch (strtolower($local_element[0])) {
-
+ switch (strtolower($local_element[0]))
+ {
case "in":
$local_sql_2 .= ", device_in";
$local_sql_3 .= ", '".$local_element[1]."'";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
- case "len":
- if ($local_len == 0) {
+ case "len":
+ if ($local_len == 0) {
$local_sql_2 .= ", packet_length";
$local_len++;
} else {
$local_sql_3 .= ", '".$local_element[1]."'";
break;
-
case "tos":
- $local_sql_2 .= ", tos_bit";
- $local_sql_3 .= ", '".$local_element[1]."'";
+ if ($local_tos == "F") {
+ $local_sql_2 .= ", tos_bit";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ }
+ $local_tos = "T";
break;
case "prec":
break;
case "id":
-
+
if ($local_id == 0) {
$local_sql_2 .= ", header_id";
$local_sql_3 .= ", '".$local_element[1]."'";
$local_sql_2 .= ", protocol";
$local_sql_3 .= ", '".$local_element[1]."'";
if ($local_element[1] == 'ICMP') {
- $local_icmp = true;
+ $local_icmp = true;
}
break;
$local_sql_2 .= ", window";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
-
+
case "urgp":
$local_sql_2 .= ", urgp";
$local_sql_3 .= ", '".$local_element[1]."'";
case "syn":
$local_sql_2 .= ", syn";
$local_sql_3 .= ", true";
- break;
+ break;
case "df":
$local_sql_2 .= ", df";
case "type":
$local_sql_2 .= ", type";
$local_sql_3 .= ", '".$local_element[1]."'";
- break;
+ break;
case "code":
$local_sql_2 .= ", code";
$local_sql_3 .= ", '".$local_element[1]."'";
- break;
+ break;
case "seq":
$local_sql_2 .= ", sequence_number";
$local_sql_3 .= ", '".$local_element[1]."'";
- break;
+ break;
- case "res":
+ case "res":
$local_sql_2 .= ", res";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
case "[src":
/*This record is different. In ICMP information is sometimes returned on an original packet.
- * When the brackets are used a second line will be added to the
- * log_adv_kernel_network-table. For that reason the processing into the database will be
+ * When the brackets are used a second line will be added to the
+ * log_adv_kernel_network-table. For that reason the processing into the database will be
* done here as well. After that a new insert-string will be created.
- */
+ */
//Enter the data into the database
- $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
- $local_dbms->query($local_sql);
+ $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
+ $dbms_working->query($local_sql);
$local_sql_1 = "INSERT INTO log_adv_kernel_network"; //BASIC STATEMENT
$local_sql_2 = "logid, detailed_table"; //FIELDS
$local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
$local_len = 0;
$local_id = 0;
- break;
- default:
- $local_element[0];
- syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
+ break;
+ default:
+/* $local_element[0];
+ syslog(LOG_INFO, "Unrecognized kernel/network entry: ".$local_element[0]);
+
+*/
}
+ }
+
+
+ //Now that the data is complete create the SQL-statement
+ $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
+ $dbms_working->query($local_sql);
+ RETURN "TRUE";
+
+}
+
+function linux_kernel_device()
+{
+ /* This function is able to deal with the output of kernel-network messages
+ * coming from device related processes. Typically networkcard and other
+ * hardware-related data will show-up here
+ * INPUT : NONE
+ * GLOBALS : $dbms, $dbms_working
+ * OUTPUT : "TRUE" for success and "FALSE" for failure.
+ */
+
+ global $dbms, $dbms_working;
+
}
+function linux_daemon()
+{
+ /* This function is able to deal with the output of kernel-network messages
+ * coming from device related processes. Typically networkcard and other
+ * hardware-related data will show-up here
+ * INPUT : NONE
+ * GLOBALS : $dbms, $dbms_working
+ * OUTPUT : "TRUE" for success and "FALSE" for failure.
+ */
+
+ global $dbms, $dbms_working;
+
+ $local_log_line = strtolower($dbms->db_result_row[6]);
+
+ //Find a sign of stop
+ //Using the word shutdown
+ $pos = strpos($local_log_line, "shutdown");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'stop')";
+
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+ //Using the word stop
+ $pos = strpos($local_log_line, "stop");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'stop')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+ //As the word restart
+ $pos = strpos($local_log_line, "restart");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'stop')";
+ $dbms_working->query($local_sql);
+
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'start')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+ //As the word start this is an else for restart.
+ //If we wouldn't do so restart would also give a positive on start
+ $pos = strpos($local_log_line, "start");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'start')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+
+ //The word error indicates problems.
+ $pos = strpos($local_log_line, "error");
+ $pos2 = strpos($local_log_line, "crash"); //The word crash is also considered to be an error
+
+ if ($pos > 0 or $pos2 > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'error detected')";
+ $dbms_working->query($local_sql);
+
+ //Quite often an error will be followed with information that the daemon or service ended.
+ $pos = strpos($local_log_line, "abort");
+
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'abort')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+ $pos = strpos($local_log_line, "ended");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'abort')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+ $pos = strpos($local_log_line, "stop");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'abort')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+
+ //For power management there is a charge warning
+ $pos = strpos($local_log_line, "charge");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'Power warning')";
+ $dbms_working->query($local_sql);
+ }
+ else
+ {
+
+ //As the word start this is an else for restart.
+ //If we wouldn't do so restart would also give a positive on start
+ //This can only be done if we ensured nothing else was the case
+ //PLEASE USE THIS AS LATE AS POSSIBLE!!!
+ $pos = strpos($local_log_line, "exiting");
+ if ($pos > 0)
+ {
+ $local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";
+ $local_sql .= "('".$dbms->db_result_row[0]."', 'log_adv_daemon', '"
+ .$dbms->db_result_row[3]."', 'start')";
+ $dbms_working->query($local_sql);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return "ok";
- //Now that the data is complete create the SQL-statement
- $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
- $local_dbms->query($local_sql);
- RETURN "TRUE";
+}
- }
-
?>
projects / gnucomo.git / blobdiff