#!/usr/local/bin/perl -w # msg_log - A sysadmin tool... # Scans indicated files for indicated things... # NOTE: You NEED to READ The Code and SET Some Variables BEFORE Installing! # Those areas which need setting are INDICATED by the word 'Set ...'. # Version v0.08s - # Written by -Sneex- :] on Aug 22nd, 1999 at 09:30AM # Major rewrite on Sep 9th, 1999 at 08:00AM # Cleaned up on Sep 12th, 1999 at 07:00AM # Added xferlog & Cleaned up - on Aug 8th, 2000 at 11:00AM # Copyright (C) Sneex 1999; All Rights Rserved... use strict; use diagnostics; # Set your path to sendmail. Oops! That means "Here there be Unix..." my $SENDMAIL = '/usr/lib/sendmail'; # Set (pick) a reporting style... my $report = 1; # Note: 0 = Complete, 1 = Summary reporting... # WARNING: Selecting 0 (Complete reporting) can generate A LOT of data!!! # Set your locahost, default host; and localdomain, default domain: my $defaulthost = "localhost"; my $defaultdomain = "localdomain"; # I'll get your host and userID (who will get these reports?) # Or Set a recipient at the end of the first command here: chomp(my $userid = `/usr/ucb/whoami` || `/usr/bin/whoami` || 'root'); # Set as appropriate for your system. chomp(my $host = `/bin/hostname` || `/bin/uname -n` || $defaulthost); chomp(my $domain = `/bin/domainname` || $defaultdomain); # NOTE: Some of these logs may require root access to view... # Use with appropriate caution! You've been warned! # Where are your system logs? The defaults are for Solaris (the OpSys I use...) # Note: You can add other logs to scan here as needed... my $msgpath = '/var/adm/messages'; my $supath = '/var/adm/sulog'; # Requires root access to view... my $syspath = '/var/log/syslog'; my $ftppath = '/var/log/xferlog'; # What do you wish to scan the 'messages' log for? my $msglog = '(proftp|repeat|ssh|fail|snif|unkn|denied|root|inetd|warn|fatal)'; # What do you wish to scan the 'sulog' log for (requires r00t axces) ? my $sulog = '(su)'; # What do you wish to scan the 'syslog' log for? my $syslog = '(timeout|denied|unix|attack|writable|error|refused)'; # What do you wish to scan the 'xferlog' log for? #my $ftplog = '(htm|gif|jpg|mpg|mpeg|ssi|perl|cgi|pl)'; my $ftplog = '(.)'; # Everything... # Example of DATE: Tue Feb 2 19:34:24 EST 1999 my @months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); my @days = qw(Sun Mon Tue Wed Thu Fri Sat); my ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime; # ( 00 20 20 16 10 63 06 197 01); # Last two not used... # Ex: $days[$wday] $months[$mon] $mday $hour:$min:$sec $year my $today = $months[$mon] . " " . sprintf("%2d", $mday); # Get just today's Date... my $ntday = sprintf("%02d", $mon + 1) . '/' . sprintf("%02d", $mday); # Get just today's Numbers... my $xfday = $days[$wday] . " " . $months[$mon] . " " . sprintf("%2d", $mday); # xferlog Date format... # Troubleshooting: #print "Dates in this format:\n$today\n$ntday\n$xfday\n\n"; #print "$supath -\n"; #&process_log($supath, "SU $ntday", $sulog); #print "\n$msgpath -\n"; #&process_log($msgpath, $today, $msglog); #print "\n$syspath -\n"; #&process_log($syspath, $today, $syslog); #print "\n$ftppath -\n"; #&process_log($ftppath, $xfday, $ftplog); #exit; # End T/S Section... open (MAIL, "| $SENDMAIL $userid") || die ("$0: Can't open $SENDMAIL: $!\n"); print MAIL "Reply-to: root\@$domain\n"; print MAIL "From: \"$host.Message.Log\" \\n"; print MAIL "To: $userid\n"; print MAIL "Subject: MsgLog Report at ", scalar localtime, "\n"; print MAIL "\n"; print MAIL "=================================================================\n"; print MAIL "NOTE: This message was sent through the Msg.Monitor Perl System,\n"; print MAIL " Msg Monitor v0.08s (Beta) by -Sneex- :] (WC Jones), JaxPM\n"; print MAIL "=================================================================\n"; print MAIL "\n\n"; ($report) ? print MAIL "Summary" : print MAIL "Complete"; print MAIL " report from " . $host . $domain . ":\n"; print MAIL "\n .. . . . . . .\n\n"; # ..... Start Main Logic ..... # Add each path_to_log, Log_date_format, and search_data # here as previously defined above... print MAIL "$supath -\n"; &process_log($supath, "SU $ntday", $sulog); print MAIL "\n$msgpath -\n"; &process_log($msgpath, $today, $msglog); print MAIL "\n$syspath -\n"; &process_log($syspath, $today, $syslog); print MAIL "\n$ftppath -\n"; &process_log($ftppath, $xfday, $ftplog); # ..... End Main Logic ..... # Set: You may need to set the correct path to top... print MAIL "\n\nTop Status:\n"; print MAIL `/top -SbI`; print "\n\n"; print MAIL "\n\nDrive\(s\)Status:\n"; print MAIL `df -k`; print "\n\n"; print MAIL "\nSwap Area Status:\n"; print MAIL `swap -s`; print "\n"; print MAIL `swap -l`; print "\n\n"; print MAIL "\n\nEnd of Report...\n"; close (MAIL); exit; # End of program... ############################## ##### Subroutine Area... ##### ############################## # WARNING: The order in which the params are passed is important... sub process_log { my $target_log = shift; my $search_date = shift; my $search_data = shift; open (MY_LOGS, "$target_log") or die "Can't find $target_log: $!"; while () { chomp; # no newline... s/#.*//; # no comments... s/^\s+//; # no leading whitespace... s/\s+$//; # no trailing whitespace... next unless length; # anything to process? next unless /$search_date/; if ($report) { next unless /$search_data/i; } # Un/Comment as required for T/S... print MAIL "$_\n"; # print "$_\n"; } } __END__