| 12 |
our $port = 514; |
our $port = 514; |
| 13 |
our $MAXLEN = 1524; |
our $MAXLEN = 1524; |
| 14 |
|
|
| 15 |
sub start { |
sub message { |
| 16 |
|
my $sock = shift; |
|
my $sock = IO::Socket::INET->new( |
|
|
LocalPort => $port, |
|
|
Proto => 'udp', |
|
|
ReuseAddr => 1, |
|
|
) || die "can't listen to $port: $!"; |
|
|
|
|
|
CouchDB::audit('start', { port => $port }); |
|
| 17 |
|
|
| 18 |
my $buf; |
my $buf; |
| 19 |
while(1) { |
$sock->recv($buf, $MAXLEN); |
|
$sock->recv($buf, $MAXLEN); |
|
| 20 |
|
|
| 21 |
next unless $buf; |
next unless $buf; |
| 22 |
|
|
| 23 |
my ($port, $ipaddr) = sockaddr_in($sock->peername); |
my ($port, $ipaddr) = sockaddr_in($sock->peername); |
| 24 |
my $log = { |
my $log = { |
| 25 |
ip => join('.', unpack('C4',$ipaddr)), |
ip => join('.', unpack('C4',$ipaddr)), |
| 26 |
buf => $buf, |
buf => $buf, |
| 27 |
}; |
}; |
| 28 |
|
|
| 29 |
if ( $buf =~ s/<(\d+)>// ) { |
if ( $buf =~ s/<(\d+)>// ) { |
| 30 |
$log->{pri} = $1 % 8; |
$log->{pri} = $1 % 8; |
| 31 |
$log->{facility} = ( $1 - $log->{pri} ) / 8; |
$log->{facility} = ( $1 - $log->{pri} ) / 8; |
| 32 |
|
|
| 33 |
$log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here |
$log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here |
| 34 |
|
|
| 35 |
if ( $buf =~ s/^([^:]+)\s*:\s*// ) { |
if ( $buf =~ s/^([^:]+)\s*:\s*// ) { |
| 36 |
my $tag = $1; |
my $tag = $1; |
| 37 |
if ( $tag =~ m{^(\S+)\s(\S+)} ) { |
if ( $tag =~ m{^(\S+)\s(\S+)} ) { |
| 38 |
$log->{tag} = $2; |
$log->{tag} = $2; |
| 39 |
$log->{hostname} = $1; |
$log->{hostname} = $1; |
| 40 |
} else { |
} else { |
| 41 |
$log->{tag} = $tag; |
$log->{tag} = $tag; |
|
} |
|
|
|
|
|
if ( $log->{tag} =~ s/\[(\d+)\]$// ) { |
|
|
$log->{pid} = $1; |
|
|
} elsif ( $buf =~ s/^(\d+):\s*// ) { |
|
|
$log->{pid} = $1; |
|
|
} |
|
| 42 |
} |
} |
| 43 |
|
|
| 44 |
if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) { |
if ( $log->{tag} =~ s/\[(\d+)\]$// ) { |
| 45 |
$log->{cron} = { |
$log->{pid} = $1; |
| 46 |
user => $1, |
} elsif ( $buf =~ s/^(\d+):\s*// ) { |
| 47 |
command => $2, |
$log->{pid} = $1; |
|
argument => $3, |
|
|
}; |
|
| 48 |
} |
} |
| 49 |
|
} |
| 50 |
|
|
| 51 |
|
$log->{tag} =~ s{^/.+/([^/]+)$}{$1}; |
| 52 |
|
|
| 53 |
$log->{message} = $buf; |
if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) { |
| 54 |
|
$log->{cron} = { |
| 55 |
|
user => $1, |
| 56 |
|
command => $2, |
| 57 |
|
argument => $3, |
| 58 |
|
}; |
| 59 |
} |
} |
| 60 |
|
|
| 61 |
warn "log ",dump( $log ); |
if ( $buf =~ m{(init|error|mount|smart|usb|fs)}i ) { |
| 62 |
CouchDB::audit( 'syslog', $log ); |
$log->{category} = $1; |
| 63 |
|
} |
| 64 |
|
|
| 65 |
server->refresh; |
$log->{message} = $buf; |
| 66 |
} |
} |
| 67 |
|
|
| 68 |
|
warn "log ",dump( $log ); |
| 69 |
|
CouchDB::audit( $log->{tag}, $log ); |
| 70 |
|
} |
| 71 |
|
|
| 72 |
|
sub start { |
| 73 |
|
|
| 74 |
|
my $sock = IO::Socket::INET->new( |
| 75 |
|
LocalPort => $port, |
| 76 |
|
Proto => 'udp', |
| 77 |
|
ReuseAddr => 1, |
| 78 |
|
) || die "can't listen to $port: $!"; |
| 79 |
|
|
| 80 |
|
CouchDB::audit('start', { port => $port }); |
| 81 |
|
|
| 82 |
|
while(1) { |
| 83 |
|
message($sock); |
| 84 |
|
server->refresh; |
| 85 |
|
} |
| 86 |
} |
} |
| 87 |
|
|
| 88 |
1; |
1; |
Parent Directory
| 
Revision Log
| 
Patch