lib/PXElator/syslogd.pm

package syslogd;

use warnings;
use strict;

use IO::Socket;
use Data::Dump qw/dump/;
use CouchDB;

use server;

our $port = 514;
our $MAXLEN = 1524;

sub start {

        my $sock = IO::Socket::INET->new(
                LocalPort => $port,
                Proto => 'udp',
                ReuseAddr => 1,
        ) || die "can't listen to $port: $!";

        CouchDB::audit('start', { port => $port });

        my $buf;
        while(1) {
                $sock->recv($buf, $MAXLEN);

                next unless $buf;

                my ($port, $ipaddr) = sockaddr_in($sock->peername);
                my $log = {
                        ip => join('.', unpack('C4',$ipaddr)),
                        buf => $buf,
                };

                if ( $buf =~ s/<(\d+)>// ) {
                        $log->{pri}    = $1 % 8;
                        $log->{facility} = ( $1 - $log->{pri} ) / 8;
                
                        $log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//;      # strip timestamp which some syslog servers insert here

                        if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
                                my $tag = $1;
                                if ( $tag =~ m{^(\S+)\s(\S+)} ) {
                                        $log->{tag} = $2;
                                        $log->{hostname} = $1;
                                } else {
                                        $log->{tag} = $tag;
                                }

                                if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
                                        $log->{pid} = $1;
                                } elsif ( $buf =~ s/^(\d+):\s*// ) {
                                        $log->{pid} = $1;
                                }
                        }

                        if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
                                $log->{cron} = {
                                        user => $1,
                                        command => $2,
                                        argument => $3,
                                };
                        }

                        $log->{message} = $buf;
                }

                warn "log ",dump( $log );
                CouchDB::audit( 'syslog', $log );

                server->refresh;
        }

}

1;
1	dpavlin	230	package syslogd;
2
3			use warnings;
4			use strict;
5
6			use IO::Socket;
7			use Data::Dump qw/dump/;
8			use CouchDB;
9
10	dpavlin	238	use server;
11
12	dpavlin	230	our $port = 514;
13			our $MAXLEN = 1524;
14
15			sub start {
16
17			my $sock = IO::Socket::INET->new(
18			LocalPort => $port,
19			Proto => 'udp',
20			ReuseAddr => 1,
21			) \|\| die "can't listen to $port: $!";
22
23			CouchDB::audit('start', { port => $port });
24
25			my $buf;
26			while(1) {
27			$sock->recv($buf, $MAXLEN);
28	dpavlin	238
29			next unless $buf;
30
31	dpavlin	230	my ($port, $ipaddr) = sockaddr_in($sock->peername);
32			my $log = {
33			ip => join('.', unpack('C4',$ipaddr)),
34	dpavlin	238	buf => $buf,
35	dpavlin	230	};
36
37	dpavlin	238	if ( $buf =~ s/<(\d+)>// ) {
38			$log->{pri} = $1 % 8;
39			$log->{facility} = ( $1 - $log->{pri} ) / 8;
40
41			$log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here
42	dpavlin	230
43	dpavlin	238	if ( $buf =~ s/^([^:]+)\s:\s// ) {
44			my $tag = $1;
45			if ( $tag =~ m{^(\S+)\s(\S+)} ) {
46			$log->{tag} = $2;
47			$log->{hostname} = $1;
48			} else {
49			$log->{tag} = $tag;
50			}
51	dpavlin	230
52	dpavlin	238	if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
53			$log->{pid} = $1;
54			} elsif ( $buf =~ s/^(\d+):\s*// ) {
55			$log->{pid} = $1;
56			}
57			}
58	dpavlin	230
59	dpavlin	238	if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
60			$log->{cron} = {
61			user => $1,
62			command => $2,
63			argument => $3,
64			};
65			}
66
67			$log->{message} = $buf;
68	dpavlin	230	}
69
70			warn "log ",dump( $log );
71			CouchDB::audit( 'syslog', $log );
72	dpavlin	238
73			server->refresh;
74	dpavlin	230	}
75
76			}
77
78			1;