/[sysplogd]/sysplogd
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /sysplogd

Parent Directory Parent Directory | Revision Log Revision Log


Revision 18 - (show annotations)
Tue Apr 14 14:19:59 2009 UTC (14 years, 11 months ago) by dpavlin
File size: 2735 byte(s)
better parsing of syslog messages, now works with
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

1 #!/usr/bin/perl
2
3 use warnings;
4 use strict;
5
6 use IO::Socket;
7 use Data::Dump qw/dump/;
8 use DBI;
9 use Getopt::Long;
10
11 our $port = 514;
12 our $MAXLEN = 1524;
13
14 our $dsn = 'DBI:Pg:dbname=syslog';
15 our $user = 'dpavlin';
16 our $log = '/tmp/sysplog.log';
17
18 my $config = $0;
19 $config =~ s{/[^/]+$}{/conf.pl};
20 if ( -e $config ) {
21 require $config;
22 warn "# using $config ", -s $config, $/;
23 }
24
25 my $debug = 0;
26 my $schema = 0;
27
28 GetOptions(
29 'debug+' => \$debug,
30 'schema!' => \$schema,
31 'log=s' => \$log,
32 'port=i' => \$port,
33 ) || die "usage: $0 --debug --schema\n";
34
35 our $VERSION = '0.00';
36
37 my $sql_schema = q{
38
39 CREATE TABLE facilities (
40 id serial,
41 name text,
42
43 PRIMARY KEY(name)
44 );
45
46 CREATE TABLE log (
47 id serial,
48 timestamp timestamp default now(),
49 ip inet not null,
50 hostname text,
51 message text,
52 level int,
53 facility int,
54 program text,
55 pid int,
56
57 PRIMARY KEY (id)
58 );
59
60 };
61
62
63 my $dbh = DBI->connect( $dsn, $user, '', { RaiseError => 1 } ) || die $DBI::errstr;
64
65 if ( $schema ) {
66 $dbh->begin_work;
67
68 $dbh->do( $_ ) foreach split(/;/, $sql_schema);
69
70 my $sth = $dbh->prepare( q{
71 insert into facilities (name) values (?)
72 });
73
74 $sth->execute( $_ ) foreach ( qw/
75 kernel user mail system security internal
76 printer news uucp clock
77 security2
78 ftp ntp
79 audit alert
80 clock2
81 local0 local1 local2 local3 local4 local5 local6 local7
82 / );
83
84 warn "# created sql schema\n";
85
86 $dbh->commit;
87 }
88
89 my $sth_log_full = $dbh->prepare(qq{
90 insert into log
91 (ip,hostname,message,level,facility,program,pid)
92 values (?,?,?,?,?,?,?)
93 });
94
95 my $sth_log_unparsed = $dbh->prepare(qq{
96 insert into log (ip,hostname,message) values (?,?,?)
97 });
98
99
100 my $sock = IO::Socket::INET->new(
101 LocalPort => $port,
102 Proto => 'udp'
103 # ReuseAddr => 1,
104 ) || die "can't listen to $port: $!";
105
106 open(my $log_fh, '>>', $log) || die "can't open log $log: $!";
107 $log_fh->autoflush(1);
108 sub _log {
109 warn 'LOG ',dump( @_ ), $/ if $debug;
110 print $log_fh time() . '|' . join('|', @_), $/;
111 }
112
113 _log "INFO: listen on $port";
114
115 my $buf;
116 while(1) {
117 $sock->recv($buf, $MAXLEN);
118 my ($port, $ipaddr) = sockaddr_in($sock->peername);
119 my $hostname = gethostbyaddr($ipaddr, AF_INET);
120 my $ip = join('.', unpack('C4',$ipaddr));
121 my @values = ( $ip, $hostname, $buf );
122
123 if ( $buf =~ s/<(\d+)>// ) {
124 my $level = $1 % 8;
125 my $facility = ( $1-$level ) / 8;
126
127 $buf =~ s/^\w\w\w \d+ \d\d:\d\d:\d\d//; # strip timestamp which some syslog servers insert here
128
129 my ( $program, $pid );
130
131 if ( $buf =~ s/^\s*([^:]+)\s*:\s*// ) {
132 $program = $1;
133 $pid = $1 if $program =~ s/\[(\d+)\]$//;
134 }
135
136 $values[2] = $buf;
137 push @values, ( $level, $facility, $program, $pid );
138 $sth_log_full->execute( @values );
139 } else {
140 $sth_log_unparsed->execute( @values );
141 }
142 _log( @values );
143 }

Properties

Name Value
svn:executable

  ViewVC Help
Powered by ViewVC 1.1.26