/[sysplogd]/sysplogd
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /sysplogd

Parent Directory Parent Directory | Revision Log Revision Log


Revision 5 - (hide annotations)
Sat Apr 11 08:30:33 2009 UTC (12 years, 6 months ago) by dpavlin
File size: 1356 byte(s)
better parsing of messages, save unparsed messages

1 dpavlin 1 #!/usr/bin/perl
2    
3     use warnings;
4     use strict;
5    
6     use IO::Socket;
7     use Data::Dump qw/dump/;
8 dpavlin 3 use DBI;
9 dpavlin 1
10     my $port = 514;
11    
12     my $MAXLEN = 1524;
13    
14 dpavlin 5 my $dsn = 'DBI:Pg:dbname=syslog;host=llin.lan';
15 dpavlin 3 my $user = 'dpavlin';
16     my $debug = 0;
17    
18 dpavlin 1 my @facilities = ( qw/
19     kernel user mail system security internal printer news uucp clock security2
20     FTP NTP audit alert clock2 local0 local1 local2 local3 local4 local5 local6 local7
21     / );
22    
23     # Start Listening on UDP port 514
24     my $sock = IO::Socket::INET->new(
25     LocalPort => $port,
26     Proto => 'udp'
27     # ReuseAddr => 1,
28     ) || die "can't listen to $port: $!";
29    
30 dpavlin 3 my $dbh = DBI->connect( $dsn, $user, '', { RaiseError => 1 } ) || die $DBI::errstr;
31    
32     my $sth = $dbh->prepare(qq{
33     insert into log
34     (ip,hostname,facility,priority,level,program,message) values
35     (? ,? ,? ,? ,? ,? ,? )
36     });
37    
38 dpavlin 1 print "INFO: listen on $port",$/;
39    
40     my $rin = '';
41     my $buf;
42     while(1) {
43     $sock->recv($buf, $MAXLEN);
44     my ($port, $ipaddr) = sockaddr_in($sock->peername);
45     my $hostname = gethostbyaddr($ipaddr, AF_INET);
46     my $ip = join('.', unpack('C4',$ipaddr));
47     warn "# ",dump( $port, $ipaddr, $hostname, $buf );
48 dpavlin 2
49 dpavlin 5 if ( $buf =~ /<(\d+)>\s*(\S*)\s*:\s*(.*)/ ) {
50 dpavlin 3 my $level=$1 % 8;
51     my $fac=($1-$level) / 8;
52     $sth->execute( $ip, $hostname, $fac, $1, $level, $2, $3 );
53 dpavlin 5 } else {
54     $sth->execute( $ip, $hostname, undef, undef, undef, undef, $buf );
55 dpavlin 1 }
56     }

Properties

Name Value
svn:executable

  ViewVC Help
Powered by ViewVC 1.1.26