--- lib/PXElator/syslogd.pm	2009/08/16 22:23:55	230
+++ lib/PXElator/syslogd.pm	2009/08/18 08:57:47	247
@@ -7,9 +7,66 @@
 use Data::Dump qw/dump/;
 use CouchDB;
 
+use server;
+
 our $port = 514;
 our $MAXLEN = 1524;
 
+sub message {
+	my $sock = shift;
+
+	my $buf;
+	$sock->recv($buf, $MAXLEN);
+
+	next unless $buf;
+
+	my ($port, $ipaddr) = sockaddr_in($sock->peername);
+	my $log = {
+		ip => join('.', unpack('C4',$ipaddr)),
+		buf => $buf,
+	};
+
+	if ( $buf =~ s/<(\d+)>// ) {
+		$log->{pri}    = $1 % 8;
+		$log->{facility} = ( $1 - $log->{pri} ) / 8;
+	
+		$log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//;	# strip timestamp which some syslog servers insert here
+
+		if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
+			my $tag = $1;
+			if ( $tag =~ m{^(\S+)\s(\S+)} ) {
+				$log->{tag} = $2;
+				$log->{hostname} = $1;
+			} else {
+				$log->{tag} = $tag;
+			}
+
+			if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
+				$log->{pid} = $1;
+			} elsif ( $buf =~ s/^(\d+):\s*// ) {
+				$log->{pid} = $1;
+			}
+		}
+
+		if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
+			$log->{cron} = {
+				user => $1,
+				command => $2,
+				argument => $3,
+			};
+		}
+
+		if ( $buf =~ m{(init|error|mount|smart|usb|fs)}i ) {
+			$log->{category} = $1;
+		}
+
+		$log->{message} = $buf;
+	}
+
+	warn "log ",dump( $log );
+	CouchDB::audit( 'syslog', $log );
+}
+
 sub start {
 
 	my $sock = IO::Socket::INET->new(
@@ -20,35 +77,10 @@
 
 	CouchDB::audit('start', { port => $port });
 
-	my $buf;
 	while(1) {
-		$sock->recv($buf, $MAXLEN);
-		my ($port, $ipaddr) = sockaddr_in($sock->peername);
-		my $log = {
-			ip => join('.', unpack('C4',$ipaddr)),
-			hostname => gethostbyaddr($ipaddr, AF_INET),
-			message => $buf,
-		};
-
-		if ( $buf =~ /<(\d+)>\s*(\S*)\s*:\s*(.*)/ ) {
-			my $level = $1 % 8;
-
-			my $overlay = {
-				message => $3,
-				level   => $level,
-				facility => ( $1-$level ) / 8,
-				program  => $2,
-			};
-
-			$log->{$_} = $overlay->{$_} foreach keys %$overlay;
-
-			$log->{pid} = $1 if $log->{program} =~ s/\[(\d+)\]$//;
-		}
-
-		warn "log ",dump( $log );
-		CouchDB::audit( 'syslog', $log );
+		message($sock);
+		server->refresh;
 	}
-
 }
 
 1;