***********************************************************************************/
-/*
- NAME : gcm_daemon
- AUTHOR : Brenno J.S.A.A.F. de Winter
- De Winter Information Solutions
- COPYRIGHT : 2002 - De Winter Information Solutions,
- Brenno J.S.A.A.F. de Winter
-
- * DATES *
- First : November 8th 2002
+/*
+ NAME : gcm_daemon
+ AUTHOR : Brenno J.S.A.A.F. de Winter
+ De Winter Information Solutions
+ COPYRIGHT : 2002 - De Winter Information Solutions,
+ Brenno J.S.A.A.F. de Winter
+
+ * DATES *
+ First : November 8th 2002
Gnucomo-0.0.3: December 6th 2002
+ Gnucomo-0.0.8: September 4th 2003
$Log: gcm_daemon.php,v $
- Revision 1.9 2003-02-21 08:37:59 arjen
+ Revision 1.26 2011-03-24 09:46:36 arjen
+ Resolve a hostname before adding to the abuses.
+
+ Revision 1.25 2007/12/12 09:06:21 arjen
+ Added a new script gcm_maintenance.php to cleanup the database
+ and check referential integrity. Purging old log entries is
+ removed from the gcm_daemon script.
+
+ Revision 1.24 2007/11/17 09:34:07 arjen
+ Cleaned up some leftovers
+
+ Revision 1.23 2007/11/03 10:31:12 arjen
+ Added the class definition for a filesystem parameter.
+ New issue type: 'property out of range'.
+
+ Revision 1.22 2007/10/23 11:23:52 arjen
+ Record the date when adding the number of abuses for an IP address
+ in the abuse list.
+
+ Revision 1.21 2007/01/11 13:47:41 arjen
+ Log_adv and derived tables removed.
+ Create notifications from log entries with pattern matching.
+
+ Revision 1.20 2005/06/04 07:15:16 arjen
+ Added pattern check on log entries with the service_pattern table.
+
+ Revision 1.19 2004/01/10 20:04:12 arjen
+ Send email about open notifications to an object's users.
+
+ Revision 1.18 2003/12/03 08:07:21 arjen
+ Changed the type of log_adv_daemon_email.delay and log_adv_daemon_email.xdelay
+ from time to interval. These delays can be more than 24 hours.
+
+ Revision 1.17 2003/10/29 09:58:29 arjen
+ Create separate notifications for different objects in service_check().
+
+ Revision 1.16 2003/09/03 12:48:48 arjen
+ Check the log table against the servies running on an object and
+ create notifications if a service is not supposed to be available
+ or is not known at all.
+
+ Revision 1.15 2003/09/02 12:48:09 arjen
+ BUGFIX: Secondary indices on log_notification were unique.
+ Additional information in the 'usr' table: 'display_name' and 'email'.
+ Added new issues and services.
+
+ Revision 1.14 2003/09/01 06:51:07 arjen
+ Accept command argument '-c config' to use an alternate
+ gnucomo configuration.
+
+ Revision 1.13 2003/08/14 10:22:42 arjen
+ Disabled DEBUG output
+
+ Revision 1.12 2003/08/05 07:46:37 arjen
+ BUGFIX: Print an error message if a parameter does not have
+ any history.
+
+ Revision 1.11 2003/07/09 07:25:02 arjen
+ Gcm_daemon gathers statistics on parameters, notifications, etc. for all objects.
+
+ Revision 1.10 2003/03/29 08:33:58 arjen
+ In phpclasses/db.class.php: Added the database connection string as
+ an argument to the function copy_db_class.
+ Fixed the PHP member function db::db_connect(). The Postgres connection
+ string is now passed as an argument to that function.
+
+ Revision 1.9 2003/02/21 08:37:59 arjen
Added new table to the database: log_adv_daemon_email.
*/
-// $Id: gcm_daemon.php,v 1.9 2003-02-21 08:37:59 arjen Exp $
+// $Id: gcm_daemon.php,v 1.26 2011-03-24 09:46:36 arjen Exp $
ini_set('include_path', '.:./classes:../phpclasses');
+ini_set('html_errors', 'false');
-//Tell the log that we're up.
-define_syslog_variables();
-openlog("gnucomo", LOG_PID, LOG_DAEMON);
-syslog(LOG_INFO, "gcm_daemon started");
+define("BATCHSIZE", 50000);
require_once "gnucomo_config.php";
require_once "db.class.php";
-require_once "gnucomo.process_log.php";
// Set the standard variables //
-$project_name = "gnucomo"; //name of the entire project
-$app_name = "gcm_daemon"; //name of the application running
-$developrelease = "TRUE"; //Indicates if special debug settings are needed
-$db_version = 32; //The db_version indicates what the level of
- //the database should be. If the database is
- //old an update will be generated.
-$gcmd_version = 3; //This value indicates the active version of the gcm_daemon,
- //which is saved in the database. Log records that were not
- //recognized before will now be recognized. The version doesn't
- //mean anything in the overall gnucomo project.
+
+$project_name = "gnucomo"; // name of the entire project
+$app_name = "gcm_daemon"; // name of the application running
+$developrelease = "FALSE"; // Indicates if special debug settings are needed
+$db_version = 54; // The db_version indicates what the level of
+ // the database should be. If the database is
+ // old an update will be generated.
+$gcmd_version = 5; // This value indicates the active version of
+ // the gcm_daemon, which is saved in the database.
+ // Log records that were not recognized before
+ // will now be recognized. The version doesn't
+ // mean anything in the overall gnucomo project.
//Avoid time-limit issues
set_time_limit(0);
+// Scan the command arguments
+
+for ($argi = 1; $argi < $argc; $argi++)
+{
+ switch ($argv[$argi])
+ {
+ case "-c":
+ $argi++;
+ $project_name = $argv[$argi];
+ break;
+
+ default:
+ echo "Usage: gcm_daemon [-c configname]\n";
+ exit();
+ break;
+ }
+}
// Read the database settings //
$class_settings = new gnucomo_config();
-$class_settings->read($project_name);
-$class_settings->database();
+if (!$class_settings->read($project_name))
+{
+ echo "Can not read Gnucomo configuration file for $project_name.\n";
+ exit();
+}
+
+openlog("gnucomo", LOG_PID, LOG_DAEMON);
+syslog(LOG_INFO, "gcm_daemon started");
//Open an connection to the database
$dbms_type = $class_settings->find_parameter("database", "type");
$dbms->db_name = $dbms_name;
$dbms->db_user = $dbms_user;
$dbms->db_password = $dbms_password;
-$dbms->db_connect();
+$dbms->db_connect($class_settings->database());
-if ($dbms->have_db_connection() == "FALSE") {
- exit ("Database connection failed.");
-} else {
- //The database connection has been made.
- $dbms_working = copy_db_class($dbms);
+if ($dbms->have_db_connection() == "FALSE")
+{
+ exit ("Database connection failed.");
}
+else
+{
+ // The database connection has been made.
+ $dbms_working = copy_db_class($dbms, $class_settings->database());
+}
+
+// Verify if the database is up-to-date by checking the versionnumber
-//Verify if the database is up-to-date by checking the versionnumber
$local_sql = "SELECT setting_value FROM db_value WHERE setting = 'db_version' ";
$dbms->query($local_sql);
-if ($dbms->fetch_row() == "TRUE") {
+if ($dbms->fetch_row() == "TRUE")
+{
$active_version = $dbms->db_result_row[0];
-
- //Update the database to the most recent version.
- if ($active_version < $db_version) {
+
+ // Update the database to the most recent version.
+
+ if ($active_version < $db_version)
+ {
include ("gnucomo_db_version.php");
}
-} else {
+}
+else
+{
syslog (LOG_INFO, "Couldn't initialize database version. Is this a gnucomo database?");
die ("Couldn't initialize database version.\n");
}
-//If there is a new gcm_daemon_version the logrecords that couldn't be understood can be
-//reprocessed. For this reason processed is now changed to false again for not recognized
-//records.
-$local_sql = "SELECT setting_value FROM db_value WHERE setting = 'gcm_daemon_version'";
+// The gcm_daemon version is maintained in the database to enable
+// automatic update actions.
+
+$local_sql = "SELECT setting_value FROM db_value
+ WHERE setting = 'gcm_daemon_version'";
$dbms->query($local_sql);
-if ($dbms->fetch_row() == "TRUE") {
- if ($dbms->db_result_row[0] < $gcmd_version) {
- //Reactive log-records that weren't understood earlier.
- $local_sql = "UPDATE log SET processed = false WHERE logid NOT IN (SELECT DISTINCT logid FROM log_adv)";
- $dbms->query($local_sql);
+if ($dbms->fetch_row() == "TRUE")
+{
+ if ($dbms->db_result_row[0] < $gcmd_version)
+ {
//Update de gcm_daemon version in the database
$local_sql = "UPDATE db_value SET setting_value = '".$gcmd_version;
$dbms->query($local_sql);
}
-
+
}
-//Now we loop the tasks that we have to do.
+// Now we loop the tasks that we have to do.
+
+do
+{
-do {
+ echo "Processing logs...\n";
+ process_log ();
+ service_check();
+ //mail_notifications();
- //At this place we start processing new log-lines
- process_log ();
- notificationstats();
+ // Gather the statistics for each object
- $keep_running = 'FALSE';
+ $obj_result = $dbms->query("SELECT objectid FROM object");
+ for ($obj = 0; $obj < $dbms->num_rows($obj_result); $obj++)
+ {
+ $object = $dbms->fetch_object($obj_result, $obj);
+ echo "Gathering statistics for object " . $object->objectid . "\n";
+ GatherStatistics($object->objectid);
+ }
+
+ $keep_running = false;
-} while ($keep_running == 'TRUE');
+} while ($keep_running == true);
//Tell the log that we're ending our efforts in a nice way
+
syslog (LOG_INFO, "gcm_daemon ended nicely");
-function process_log () {
-
+function process_log ()
+{
+
/* This function will walk through the log-records that haven't been processed
- * first a snapshot will be created of a the non-processed records.
+ * first a snapshot will be created of a the non-processed records.
* sequentially each record will dealt with. By doing that changes will be made
* in several log_adv_xxx tables
* INPUT : NONE
* OUTPUT : NONE
*/
+
global $dbms;
global $dbms_working;
+ global $class_settings;
+
+ $last_log = 0;
- //Find records in log that still have to be processed.
+ // Find records in log that still have to be processed.
$local_sql = "SELECT setting_value FROM db_value WHERE setting = 'log_processing'";
$dbms->query($local_sql);
- if ($dbms->fetch_row() == "TRUE") {
+ if ($dbms->fetch_row() == "TRUE")
+ {
$last_log = $dbms->db_result_row[0];
}
-
+
+ echo "Last processed logid = $last_log \n";
+
//Query the log-table
- $local_sql = "SELECT * FROM log WHERE logid > CAST(".$last_log." AS BIGINT) order by logid";
+ $log_limit = $last_log + BATCHSIZE;
+ $local_sql = "SELECT * FROM log WHERE logid > CAST(".$last_log." AS BIGINT)
+ AND logid <= $log_limit ORDER BY logid";
$dbms->query($local_sql);
- //Update the log-statistics in the object-table
- $local_statistics_db = copy_db_class($dbms);
- $local_findobject_db = copy_db_class($dbms);
+ //Update the log-statistics in the object-table
+ $local_statistics_db = copy_db_class($dbms, $class_settings->database());
+ $local_findobject_db = copy_db_class($dbms, $class_settings->database());
- //Make totals
+ //Make totals
$local_upper_row = $dbms->num_rows() + $last_log + 1;
$local_sql = "SELECT COUNT(logid), objectid from log WHERE logid > CAST(". $last_log .
" AS BIGINT) AND logid < CAST (" . $local_upper_row . " AS BIGINT) GROUP BY objectid";
$local_statistics_db->query ($local_sql);
- //Loop the objects
- for ($i = 1; $i <= $local_statistics_db->num_rows(); $i++) {
+ // Loop the objects
+ for ($i = 1; $i <= $local_statistics_db->num_rows(); $i++)
+ {
$local_object_row = $local_statistics_db->fetch_row();
- $local_sql = "UPDATE object SET log_count = log_count + " .
+
+ $local_sql = "UPDATE object SET log_count = log_count + " .
$local_statistics_db->db_result_row[0] . " WHERE objectid = '" .
- $local_statistics_db->db_result_row[1] . "'";
- $local_findobject_db->query($local_sql);
+ $local_statistics_db->db_result_row[1] . "'";
+
+ $local_findobject_db->query($local_sql);
}
$local_counter = 0;
- if ($dbms->num_rows() > 0) {
+ if ($dbms->num_rows() > 0)
+ {
//Create a database connection for changes in the database.
- $dbms_changes = copy_db_class($dbms);
- if ($dbms_changes->have_db_connection() == 'TRUE') {
+ $dbms_changes = copy_db_class($dbms, $class_settings->database());
+ if ($dbms_changes->have_db_connection() == 'TRUE')
+ {
- $local_sql = 0 ;
+ $local_sql = 0 ;
$local_sql_statistics = "";
$local_object_os = "";
$local_object_os_version = "";
- while ($local_counter < $dbms->num_rows()) {
-
- $local_return_row = $dbms->fetch_row();
- if ($local_return_row == 'TRUE') {
- //Work on active rows
- $local_log_id = $dbms->db_result_row[0];
-
- $local_sql_findobject = "SELECT os, os_version FROM object WHERE objectid = '".$dbms->db_result_row[1]."'";
- $local_findobject_db->query($local_sql_findobject);
- $local_findobject_result = $local_findobject_db->fetch_row();
- if ($local_findobject_result == 'TRUE') {
-
- //Now work on the OS again
- $local_object_os = $local_findobject_db->db_result_row[0];
- if ($local_object_os == "") {
- $local_object_os = "Linux";
- $local_object_os_version = "Unknown assuming Linux";
- } else {
- $local_object_os_version = $local_findobject_db->db_result_row[1];
- }
- }
-
- switch (strtolower($local_object_os)) {
- case "linux":
- $local_process_return = linux_log ();
- break;
- default:
- syslog (LOG_INFO, "Couldn't find suitable OS for processing the logline");
- break;
- }
-
- if ($local_process_return <> 'TRUE') {
- $local_process_return = 'FALSE';
- }
+ match_log_patterns($last_log);
- } else {
+ // Register that the logrecords have been processed.
+ $local_upper_row--;
+ $local_sql = "UPDATE db_value SET setting_value = '"
+ . $local_upper_row ."' where setting = 'log_processing'";
+ $dbms->query($local_sql);
- break;
- }
- $local_counter++;
- }
-
- //Register that the logrecords have been processed.
- $local_sql = "UPDATE db_value SET setting_value = '".$local_log_id."' where setting = 'log_processing'";
- $dbms->query($local_sql);
-
+ // Update the statistics for the object-table
- //Update the statistics for the object-table
-
- } else {
+ }
+ else
+ {
syslog (LOG_INFO, "Couldn't clone database connection.");
die ("Couldn't reconnect to the database.\n");
- }
+ }
+ }
+
+}
+
+/*
+ * Update a single statistic for some object.
+ * If it does not yet exist, it will be created.
+ */
+
+function UpdateStatistic($objectid, $name, $value)
+{
+ global $dbms;
+
+ $result = $dbms->query("SELECT objectid FROM object_statistics WHERE
+ objectid='$objectid' AND statname='$name'");
+ if ($dbms->num_rows() == 0)
+ {
+ $dbms->query("INSERT INTO object_statistics VALUES
+ ('$objectid', '$name', '$value')");
+ }
+ else
+ {
+ $dbms->query("UPDATE object_statistics SET statvalue='$value' WHERE
+ statname='$name' AND objectid='$objectid'");
+ }
+}
+
+/*
+ * Gather the statistics for a single object ($objectid).
+ * We count the number of parameters, removed parameters, notifications
+ * closed notifications and log entries. The totals of these are
+ * maintained in a separate table: object_statistics.
+ */
+
+function GatherStatistics($objectid)
+{
+ global $dbms;
+
+ // Gather statistics on parameters
+
+ $r = $dbms->query("SELECT paramid FROM parameter WHERE objectid=CAST('"
+ . $objectid . "' AS BIGINT)");
+ $nr_parameters = $dbms->num_rows($r);
+
+ $removed_parameters = 0;
+ for ($p = 0; $p < $nr_parameters; $p++)
+ {
+ $param = pg_fetch_object($r, $p);
+ $qry ="select change_nature from history where paramid= CAST('";
+ $qry .= $param->paramid . "' AS BIGINT) order by modified desc";
+ $rhist = $dbms->query($qry);
+ if ($dbms->num_rows($rhist) == 0)
+ {
+ echo "ERROR: No history for parameter id " . $param->paramid . "\n";
+ }
+ else
+ {
+ $hist = $dbms->fetch_object($rhist, 0);
+ if ($hist->change_nature == "REMOVED")
+ {
+ $removed_parameters++;
+ }
+ }
}
+ UpdateStatistic($objectid, 'parameters', $nr_parameters);
+ UpdateStatistic($objectid, 'removed_parameters', $removed_parameters);
+
+ // Gather statistics on notifications
+
+ $r = $dbms->query("SELECT count(notificationid) FROM notification WHERE
+ objectid = CAST('" . $objectid . "' AS BIGINT)");
+ $cnt = $dbms->fetch_object($r, 0);
+ UpdateStatistic($objectid, 'notifications', $cnt->count);
+
+ $r = $dbms->query("SELECT count(notificationid) FROM notification WHERE
+ objectid = CAST('" . $objectid . "' AS BIGINT) AND statuscode ='cls'");
+ $cnt = $dbms->fetch_object($r, 0);
+ UpdateStatistic($objectid, 'closed_notifications', $cnt->count);
+
+ // Gather statistics on log entries
+
+ $r = $dbms->query("SELECT count(logid) FROM log WHERE
+ objectid = CAST('" . $objectid . "' AS BIGINT)");
+ $cnt = $dbms->fetch_object($r, 0);
+ UpdateStatistic($objectid, 'logs', $cnt->count);
}
-function notificationstats () {
+function match_log_patterns($logstart)
+{
+ global $dbms;
+
+ $notifications = array();
+
+ $log_limit = $logstart + BATCHSIZE;
+ $noqueue_res = $dbms->query("select logid, objectid, servicecode, rawdata from log
+ where logid > $logstart and logid <= $log_limit
+ order by logid");
+ for ($row = 0; $row < $dbms->num_rows($noqueue_res); $row++)
+ {
+ $logentry = $dbms->fetch_object($noqueue_res, $row);
+ //echo "\n----------\n" . $logentry->rawdata . "\n----------\n";
+ $service = $logentry->servicecode;
+ $pattern_res = $dbms->query("select * from service_pattern where service='$service'
+ OR service='ANY' order by rank");
+
+ $match_found = false;
+ for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
+ {
+ $srv_pat = $dbms->fetch_object($pattern_res, $patnr);
+ //echo " Checking with pattern " . $srv_pat->pattern . "\n";
+ if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
+ {
+ // Scan the argument for '$n' expressions and expand
+
+ $srv_pat->argument = expand_arguments($srv_pat->argument, $matches);
+ //echo " " . $srv_pat->pattern . " matches.\n";
+ //echo " Matched string: " . $matches[0] . "\n";
+ //echo " Action = " . $srv_pat->action . "(" . $srv_pat->argument . ")\n\n";
+ $match_found = true;
+
+ switch ($srv_pat->action)
+ {
+ case "ignore":
+ break;
+
+ case "notify":
+ $notif = $srv_pat->argument;
+ if (!isset($notifications[$logentry->objectid][$notif]))
+ {
+ //echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
+ $remark = "Notification generated from Gnucomo pattern match.";
+ $notifications[$logentry->objectid][$notif] =
+ $dbms->new_notification($logentry->objectid, $notif, $remark);
+ }
+ if (isset($notifications[$logentry->objectid][$notif]))
+ {
+ //echo "Notification $notif for object " . $logentry->objectid . " already created.\n";
+ $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
+ $insertion .= $notifications[$logentry->objectid][$notif] . "', '";
+ $insertion .= $logentry->logid . "')";
+ $dbms->query($insertion);
+ }
+ break;
+
+ case "abuse":
+ //echo "Recording abuse for address ", $srv_pat->argument, "\n Log entry:\n ";
+ //echo $logentry->rawdata, "\n Pattern:\n ", $srv_pat->pattern, "\n\n";
+
+ if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 32)
+ {
+ $source_ip = gethostbyname($srv_pat->argument);
+ $notif = 'abuses exceeded';
+ if (!isset($notifications[$logentry->objectid][$notif][$source_ip]))
+ {
+ echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
+ $remark = "Abuses from IP address $source_ip exceeded the limit.";
+ $notifid = $dbms->new_notification($logentry->objectid, $notif, $remark);
+ $notifications[$logentry->objectid][$notif][$source_ip] = $notifid;
+
+ // Add log entries from previously detected abuses
+
+ echo " Add log entries from previously detected abuses\n";
+ $abuses = $dbms->query("SELECT logid FROM log_abuse WHERE objectid = '" .
+ $logentry->objectid . "' AND source = '$source_ip'");
+ for ($abusenr = 0; $abusenr < $dbms->num_rows($abuses); $abusenr++)
+ {
+ $log_abuse = $dbms->fetch_object($abuses, $abusenr);
+ if ($log_abuse->logid != $logentry->logid)
+ {
+ $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
+ $insertion .= $notifid . "', '";
+ $insertion .= $log_abuse->logid . "')";
+ $dbms->query($insertion);
+ }
+ }
+ }
+ if (isset($notifications[$logentry->objectid][$notif][$source_ip]))
+ {
+ //echo "Notification $notif for object " . $logentry->objectid . " already created.\n";
+ $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
+ $insertion .= $notifications[$logentry->objectid][$notif][$source_ip] . "', '";
+ $insertion .= $logentry->logid . "')";
+ $dbms->query($insertion);
+ }
+ }
+ break;
+ case "forgive":
+ record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, -4);
+ break;
+ default:
+ echo "Error: unrecognized action in service pattern: " . $srv_pat->action . "\n";
+ break;
+ }
+ }
+ else
+ {
+ // echo " " . $srv_pat->pattern . " does not match.\n";
+ }
+ }
+
+ }
+}
-/* This routine will determine how many new notifications have arrived and will
- * update the statistics in the object-table to keep the performance acceptable
- * INPUT : NONE
- * OUTPUT : NONE
+/*
+ * Some IP address abused us. Record the event.
+ * Return the number of abuse points recorded so far for the address
*/
-
- global $dbms;
-
- //Find records in log that still have to be processed.
- $local_sql = "SELECT setting_value FROM db_value WHERE setting = 'last_notification'";
- $dbms->query($local_sql);
- $local_dbms = copy_db_class($dbms);
-
- //Determine the last notification
- if ($dbms->fetch_row() == "TRUE") {
- $last_notification = $dbms->db_result_row[0];
- }
-
- //Determine how many records we are going to analyse.
- $local_sql = "SELECT MAX(notificationid) FROM notification " .
- "WHERE notificationid > CAST ('" . $last_notification . "' AS BIGINT)";
- $dbms->query($local_sql);
-
- //Only process data if there are new notifications
- if ($dbms->fetch_row() == "TRUE") {
- if (intval($dbms->db_result_row[0])>0) {
- $local_upper = $dbms->db_result_row[0] + 1;
- $local_max = $dbms->db_result_row[0];
- $local_sql = "SELECT COUNT(objectid), objectid FROM notification " .
- "WHERE notificationid > CAST ('" . $last_notification ."' AS BIGINT) " .
- "AND notificationid < CAST ('" . $local_upper .
- "' AS BIGINT) GROUP BY objectid";
- $dbms->query($local_sql);
-
-
- for ($i=0; $i < $dbms->num_rows(); $i++) {
- $dbms->fetch_row();
-
- $local_sql = "UPDATE object SET notification_count = notification_count + " . $dbms->db_result_row[0] .
- " WHERE objectid = '" . $dbms->db_result_row[1] . "'";
- $local_dbms->query($local_sql);
- }
-
- $local_sql = "UPDATE db_value SET setting_value = '" . $local_max .
- "' WHERE setting = 'last_notification'";
- $dbms->query($local_sql);
- }
- }
+
+function record_abuse($logid, $objectid, $sourceip, $points)
+{
+ global $dbms;
+
+ $abuse_points = $points;
+
+ $ipaddress = gethostbyname($sourceip);
+ //echo " IP address for $sourceip is $ipaddress.\n";
+ $sourceip = $ipaddress;
+
+ $abres = $dbms->query("SELECT * FROM object_abuse WHERE objectid='$objectid' AND source='$sourceip'");
+
+ if (pg_numrows($abres) == 0 && $points > 0)
+ {
+ //echo "$sourceip is new.\n";
+ $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
+ }
+ else if (pg_numrows($abres) != 0)
+ {
+ $abuse = $dbms->fetch_object($abres, 0);
+ if ($abuse->status == '' || $abuse->status == 'dropped')
+ {
+ $abuse_points = $abuse->nr_abuses + $points;
+ if ($abuse_points < 0)
+ {
+ $abuse_points = 0;
+ }
+ //echo $sourceip . " will get " . $abuse_points . " abuse points, ";
+ //echo "Status was " . $abuse->status . "\n";
+ $dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
+ ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");
+
+ if ($points > 0)
+ {
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
+ }
+ if ($abuse_points >= 32)
+ {
+ //echo " BLOCK IP adrress $sourceip on the firewall.\n";
+ $dbms->query("UPDATE object_abuse SET status='dropped'" .
+ " WHERE objectid='$objectid' AND source='$sourceip'");
+ }
+ }
+ }
+
+ return $abuse_points;
+}
+
+
+/*
+ * Service_check - Check the log entries if there are any unknown
+ * services.
+ */
+
+function service_check()
+{
+ global $dbms;
+
+ $unknown_notification = array();
+ $unused_notification = array();
+ $last_log = 0;
+
+ // How far did we get last time ?
+
+ $lastlogres = $dbms->query("SELECT setting_value FROM db_value
+ WHERE setting = 'log_servicecheck'");
+
+ if ($dbms->num_rows($lastlogres) == 1)
+ {
+ $last_log = $dbms->Field($lastlogres, 0, 'setting_value');
+ }
+ else
+ {
+ $dbms->query("INSERT INTO db_value (setting, setting_value)
+ VALUES ('log_servicecheck', '0')");
+ }
+
+ echo "Running service check from log id $last_log.\n";
+ // Query the log-table
+
+ $log_limit = $last_log + BATCHSIZE;
+ $qry = "SELECT logid, objectid, servicecode FROM log
+ WHERE logid > CAST(".$last_log." AS BIGINT) AND logid <= $log_limit
+ ORDER BY logid";
+ $log_res = $dbms->query($qry);
+ //$log_res = $dbms->query("SELECT logid, objectid, servicecode,rawdata FROM log");
+
+ for ($log_row = 0; $log_row < $dbms->num_rows($log_res); $log_row++)
+ {
+ $log_entry = $dbms->fetch_object($log_res, $log_row);
+ $last_log = $log_entry->logid;
+
+ // Check if the service is used on the object.
+
+ $qry = "SELECT * FROM object_service WHERE objectid='";
+ $qry .= $log_entry->objectid . "' AND servicecode='";
+ $qry .= $log_entry->servicecode . "'";
+
+ $os_res = $dbms->query($qry);
+ if ($dbms->num_rows($os_res) == 0)
+ {
+ // Service is not found for the object, check if the service
+ // exists at all.
+
+ $qry = "SELECT * FROM service WHERE servicecode='";
+ $qry .= $log_entry->servicecode . "'";
+
+ if ($dbms->num_rows($dbms->query($qry)) == 0)
+ {
+ if (!isset($unknown_notification[$log_entry->objectid]))
+ {
+ $remark = "One or more log entries from a service that is not in the database";
+ $unknown_notification[$log_entry->objectid] =
+ $dbms->new_notification($log_entry->objectid, 'service unknown', $remark);
+ }
+ if (isset($unknown_notification[$log_entry->objectid]))
+ {
+ $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
+ $insertion .= $unknown_notification[$log_entry->objectid] . "', '";
+ $insertion .= $log_entry->logid . "')";
+ $dbms->query($insertion);
+ }
+ }
+ else
+ {
+ if (!isset($unused_notification[$log_entry->objectid]))
+ {
+ $remark = "One or more log entries from a service not running on this object";
+ $unused_notification[$log_entry->objectid] =
+ $dbms->new_notification($log_entry->objectid, 'service not used', $remark);
+ }
+ if (isset($unused_notification[$log_entry->objectid]))
+ {
+ $insertion = "INSERT INTO log_notification (notificationid, logid) VALUES ('";
+ $insertion .= $unused_notification[$log_entry->objectid] . "', '";
+ $insertion .= $log_entry->logid . "')";
+ $dbms->query($insertion);
+ }
+ }
+ }
+ }
+
+ $qry = "UPDATE db_value SET setting_value = '"
+ . $last_log . "' WHERE setting = 'log_servicecheck'";
+ $dbms->query($qry);
+}
+
+/*
+ * find open notifications and send an email to the object's users.
+ */
+
+function mail_notifications ()
+{
+ global $dbms;
+
+ $notifres = $dbms->query("SELECT notificationid, objectid, type_of_issueid FROM notification
+ WHERE statuscode != 'cls'");
+
+ for ($notifrow = 0; $notifrow < pg_numrows($notifres); $notifrow++)
+ {
+ $notification = pg_fetch_object($notifres, $notifrow);
+
+ $issue = pg_fetch_object($dbms->query("SELECT description FROM type_of_issue
+ WHERE type_of_issueid='" . $notification->type_of_issueid . "'"), 0);
+ echo "Mailing Notification for object id " . $notification->objectid . "\n";
+ $object = pg_fetch_object($dbms->query("SELECT objectname FROM object
+ WHERE objectid='" . $notification->objectid ."'"), 0);
+
+ $users = $dbms->query("SELECT username FROM object_user WHERE objectid='" . $notification->objectid . "'");
+
+ for ($userrow = 0; $userrow < pg_numrows($users); $userrow++)
+ {
+ $objusr = pg_fetch_object($users, $userrow);
+ $usr = pg_fetch_object($dbms->query("SELECT email FROM usr
+ WHERE username='" . $objusr->username . "'"), 0);
+
+ $message = "Notification " . $notification->notificationid . ": " . $issue->description;
+ $message .= " for object " . $object->objectname . "\n";
+
+ mail($usr->email, "GnuCoMo Notification", $message);
+ }
+ }
+}
+
+/*
+ * The 'command' may contain positional parameters such as '$1' and '$3',
+ * just like the shell. These parameters are replaced by content from
+ * the 'args' array.
+ */
+
+function expand_arguments($command, $args)
+{
+ while (ereg('\$([0-9]+)', $command, $match))
+ {
+ $index = $match[1];
+ if ($index >= count($args))
+ {
+ echo "Error: Argument $index not found for $command.\n";
+ $command = ereg_replace('\$' . $index, "", $command);
+ }
+ else
+ {
+ $command = ereg_replace('\$' . $index, $args[$index], $command);
+ }
+ }
+ return $command;
}
?>
projects / gnucomo.git / blobdiff