#!/usr/local/bin/perl -w # msg_log - A sysadmin tool... # Scans indicated files for indicated things... # NOTE: You NEED to READ The Code and SET Some Variables BEFORE Installing! # Those areas which need setting are INDICATED by the word 'Set ...'. # Version v0.05s - # Written by -Sneex- :] on Aug 22nd, 1999 at 09:30AM # Major rewrite on Sep 9th, 1999 at 08:00AM # Cleaned up - on Sep 12th, 1999 at 07:00AM # Copyright (C) Sneex 1999; All Rights Rserved... use strict; use diagnostics; # Set your path to sendmail. Oops! That means "Here there be Unix..." my $SENDMAIL = '/usr/lib/sendmail'; # Set (pick) a reporting style... my $report = 1; # Note: 0 = Complete, 1 = Summary reporting... # WARNING: Selecting 0 (Complete reporting) can generate A LOT of data!!! # Set your locahost, default host; and localdomain, default domain: my $defaulthost = "localhost"; my $defaultdomain = "localdomain"; # I'll get your host and userID (who will get these reports?) # Or Set a recipient at the end of the first command here: chomp(my $userid = `/usr/ucb/whoami` || `/usr/bin/whoami` || 'root'); # Set as appropriate for your system. chomp(my $host = `/bin/hostname` || `/bin/uname -n` || $defaulthost); chomp(my $domain = `/bin/domainname` || $defaultdomain); # NOTE: Some of these logs may require root access to view... # Use with appropriate caution! You've been warned! # Where are your system logs? The defaults are for Solaris (the OpSys I use...) # Note: You can add other logs to scan here as needed... my $msgpath = '/var/adm/messages'; #my $supath = '/var/adm/sulog'; # Requires root access to view... my $syspath = '/var/log/syslog'; # What do you wish to scan the 'messages' log for? my $msglog = '(fail|snif|unkn|denied|root|inetd|warn|fatal)'; # What do you wish to scan the 'sulog' log for (requires r00t axces) ? #my $sulog = '(su)'; # What do you wish to scan the 'syslog' log for? my $syslog = '(denied|unix)'; # Example of DATE: Tue Feb 2 19:34:24 EST 1999 my @months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); my @days = qw(Sun Mon Tue Wed Thu Fri Sat); my ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime; # ( 00 20 20 16 10 63 06 197 01); # Last two not used... # Ex: $days[$wday] $months[$mon] $mday $hour:$min:$sec $year my $today = $months[$mon] . " " . sprintf("%2d", $mday); # Get just today's Date... my $ntday = sprintf("%02d", ++$mon) . '/' . sprintf("%02d", $mday); # Get just today's Numbers... open (MAIL, "| $SENDMAIL $userid") || die ("$0: Can't open $SENDMAIL: $!\n"); print MAIL "Reply-to: root\@$domain\n"; print MAIL "From: \"$host.Message.Log\" \\n"; print MAIL "To: $userid\n"; print MAIL "Subject: MsgLog Report at ", scalar localtime, "\n"; print MAIL "\n"; print MAIL "=================================================================\n"; print MAIL "NOTE: This message was sent through the Msg.Monitor Perl System,\n"; print MAIL " Msg Monitor v0.05s (Alpha) by -Sneex- :] (WC Jones), JaxPM\n"; print MAIL "=================================================================\n"; print MAIL "\n\n"; ($report) ? print MAIL "Summary" : print MAIL "Complete"; print MAIL " report from " . $host . $domain . ":\n"; print MAIL "\n .. . . . . . .\n\n"; # ..... Start Main Logic ..... # Add each path_to_log, Log_date_format, and search_data here as # previsouly defined above... #print MAIL "$supath -\n"; #&process_log($supath, $ntday, $sulog); print MAIL "\n$msgpath -\n"; &process_log($msgpath, $today, $msglog); print MAIL "\n$syspath -\n"; &process_log($syspath, $today, $syslog); # ..... End Main Logic ..... print MAIL "\n\nEnd of Report...\n"; close (MAIL); exit; # End of program... ############################## ##### Subroutine Area... ##### ############################## sub process_log { my $target_log = shift; my $search_date = shift; my $search_data = shift; open (MY_LOGS, "$target_log") or die "Can't find $target_log: $!"; while () { chomp; # no newline... s/#.*//; # no comments... s/^\s+//; # no leading whitespace... s/\s+$//; # no trailing whitespace... next unless length; # anything to process? next unless /$search_date/; if ($report) { next unless /$search_data/i; } print MAIL "$_\n"; } } __END__