Gnucomo-0.0.8: September 4th 2003
$Log: gcm_daemon.php,v $
- Revision 1.21 2007-01-11 13:47:41 arjen
+ Revision 1.22 2007-10-23 11:23:52 arjen
+ Record the date when adding the number of abuses for an IP address
+ in the abuse list.
+
+ Revision 1.21 2007/01/11 13:47:41 arjen
Log_adv and derived tables removed.
Create notifications from log entries with pattern matching.
*/
-// $Id: gcm_daemon.php,v 1.21 2007-01-11 13:47:41 arjen Exp $
+// $Id: gcm_daemon.php,v 1.22 2007-10-23 11:23:52 arjen Exp $
ini_set('include_path', '.:./classes:../phpclasses');
ini_set('html_errors', 'false');
-define("BATCHSIZE", 2000);
+define("BATCHSIZE", 5000);
//Tell the log that we're up.
define_syslog_variables();
echo "Purging log entries before $purge_date\n";
- $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE logid < $purge_date");
+ $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE timestamp < '$purge_date'");
$dbms->query("SELECT logid FROM gcm_deamon_old_log");
echo $dbms->num_rows() . " log entries found.\n";
$r = $dbms->query("select notificationid from log_notification where logid in
for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
{
$srv_pat = $dbms->fetch_object($pattern_res, $patnr);
+ //echo " Checking with pattern " . $srv_pat->pattern . "\n";
if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
{
// Scan the argument for '$n' expressions and expand
break;
case "abuse":
- if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 6)
+ if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 32)
{
$source_ip = $srv_pat->argument;
$notif = 'abuses exceeded';
if (pg_numrows($abres) == 0 && $points > 0)
{
//echo "$sourceip is new.\n";
- $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points')");
+ $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
}
else if (pg_numrows($abres) != 0)
{
//echo $sourceip . " will get " . $abuse_points . " abuse points, ";
//echo "Status was " . $abuse->status . "\n";
$dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
- " WHERE objectid='$objectid' AND source='$sourceip'");
+ ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");
if ($points > 0)
{
$dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
}
- if ($abuse_points >= 6)
+ if ($abuse_points >= 32)
{
//echo " BLOCK IP adrress $sourceip on the firewall.\n";
$dbms->query("UPDATE object_abuse SET status='dropped'" .