$local_result = linux_daemon();
break;
+ case "sendmail":
+ $local_result = linux_daemon_sendmail();
+ break;
+
case "syslog":
$local_result = linux_daemon();
break;
}
}
+function linux_daemon_sendmail() {
+
+ /* This function is able to deal with the logs delivered by MTAs
+ * the following are currently supported:
+ * - sendmail
+ * INPUT : NONE
+ * GLOBALS : $dbms, $dbms_working
+ * OUTPUT : "TRUE" for success and "FALSE" for failure.
+ */
+
+ global $dbms;
+ global $dbms_working;
+
+ //Basic processing.
+
+ //Determine the type of records
+ //When this is sendmail find the beginning by chopping everything into
+ //little pieces.
+ $local_log_string = str_replace(" ", " ", $dbms->db_result_row[6]);
+ $local_logline_array = explode (" ", $local_log_string);
+ $local_sql_1 = "INSERT INTO log_adv_daemon_email"; //BASIC STATEMENT
+ $local_sql_2 = "logid, detailed_table, service, internal_messageid "; //FIELDS
+ $local_sql_3 = "'".$dbms->db_result_row[0]."', 'log_adv_daemon_email', 'sendmail'"; //VALUES
+
+ echo $local_log_line_array[5];
+ $local_sql_3 .= ", '".substr (trim($local_logline_array[5]), 0,strlen(trim($local_logline_array[5])) -1)."'";
+ $local_len = 0;
+ $local_id = 0;
+
+ for ($i = 6; $i <= ( count($local_logline_array) - 1); $i++) {
+
+ //Get rid of the nasty comma's at the end
+ if ( substr($local_logline_array[$i], strlen($local_logline_array[$i])-1, 1) == "," ) {
+ $local_dummylength = strlen($local_logline_array[$i]) -1;
+ $local_dummy = substr ($local_logline_array[$i], 0,$local_dummylength );
+ $local_logline_array[$i] = trim($local_dummy);
+ }
+
+ if (substr($local_logline_array[$i],0,1) == '[') {
+ $local_dummy = trim($local_logline_array[$i]);
+ $local_sql_2 .= ", source_ip";
+ $local_sql_3 .= ", '".substr($local_dummy, 1, strlen($local_dummy)-2)."'";
+ } else {
+
+ $local_element = explode("=", $local_logline_array[$i]);
+
+ switch (strtolower($local_element[0])) {
+ case "from":
+ $local_sql_2 .= ", from_email";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "size":
+ $local_sql_2 .= ", size";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "delay":
+ $local_sql_2 .= ", delay";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "xdelay":
+ $local_sql_2 .= ", xdelay";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "mailer":
+ $local_sql_2 .= ", mailer";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "dsn":
+ $local_sql_2 .= ", dsn";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+ case "msgid":
+ $local_sql_2 .= ", external_messageid";
+ if (substr($local_element[1],0,1) == '<') {
+ $local_sql_3 .= ", '";
+ $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
+ $local_sql_3 .= "'";
+ } else {
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ }
+
+ //As of this point we only deal with Status
+ case "stat":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_element[$i]), "stat=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
+ break;
+
+ case "status":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
+
+ break;
+ default:
+ if (substr(strtolower($local_element[0]),0,1) == "[") {
+ $local_sql_2 .= ", destination_ip";
+ $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
+ }
+
+ }
+ }
+ }
+
+ //Now that the data is complete create the SQL-statement
+ $local_sql = $local_sql_1." (".$local_sql_2.") VALUES (".$local_sql_3.")";
+ $dbms_working->query($local_sql);
+
+ RETURN "TRUE";
+}
+
function linux_kernel_network() {
/* This function is able to deal with the output of kernel-network messages
$local_sql_3 = "'".$dbms->db_result_row[0]."', 'kernel_network'"; //VALUES
$local_len = 0;
$local_id = 0;
+ $lcoal_tos = "F";
for ($i = 4; $i <= ( count($local_logline_array) - 1); $i++) {
- //Process each element by exploding this based on the sign: =
$local_element = explode("=", $local_logline_array[$i]);
switch (strtolower($local_element[0])) {
-
case "in":
$local_sql_2 .= ", device_in";
$local_sql_3 .= ", '".$local_element[1]."'";
break;
case "tos":
- $local_sql_2 .= ", tos_bit";
- $local_sql_3 .= ", '".$local_element[1]."'";
+ if ($local_tos == "F") {
+ $local_sql_2 .= ", tos_bit";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ }
+ $local_tos = "T";
break;
case "prec":
//The word error indicates problems.
$pos = strpos($local_log_line, "error");
- $pos2 = strpost($local_log_line, "crash"); //The word crash is also considered to be an error
+ $pos2 = strpos($local_log_line, "crash"); //The word crash is also considered to be an error
if ($pos > 0 or $pos2 > 0) {
$local_sql = "INSERT INTO log_adv_daemon (logid, detailed_table, service, event) VALUES ";