Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

PIX Syslog Parser

by salsa (Acolyte)
on Nov 07, 2001 at 02:22 UTC ( #123707=sourcecode: print w/ replies, xml ) Need Help??

Category: Networking Code
Author/Contact Info salsa
Description: This is actually my first PERL program. It uses File::Tail and Net::SMTP to watch your PIX firewall log for changes, evaluates the changes based on keywords and then e-mails/alpha pages on a match as well as logging the entry into a critical_log file. In addition, it evaulates the growing log size and rolls it into a date and time stamped archive when it hits a certain size. Keep in my mind, that this is my first program! if you have any questions or constructive (<--- NOTE) criticism, please feel free to e-mail me.
#!/usr/local/perl -w

use strict;
use warnings;
use diagnostics;
use Net::SMTP;
use File::Tail;


our $logfile=("/pix/pix.log");        # PIX Log File
our $criticallog=("/pix/critical_log");    # Critical Message Log File
our $datestamp;                    # Global Time Variables
our $timestamp;
our $readline;                    # File::Tail Working Variable
our $maxlogsize=("10000000");            # Max Log Size (bytes)
our $emailpriority;                # E-Mail Priority for Paging
our $messagebody;                    # Text Of E-Mail Alert
our $size;                        # Current Log File Size

# main
{
   # Process PIX Log File in infinite loop of tail checking
    # Start 'Tailing' the log file for changes
    my $workingfile=File::Tail->new(name=>$logfile,
                    maxinterval=>30,
                    adjustafter=>5,
                    maxbuf=>16384);
    # Evaluation Loop - NOTE: Activates only on changes to logfile
    while (defined($readline=$workingfile->read))
    {
        # Sets evaluation parsing to look for ACTIVE and Down
        # ACTIVE - triggered on firewall failover
        # Down - triggered on interface shutdown or failure
        if (($readline=~/ACTIVE/) || ($readline=~/Down/))
        {
            TimeStamping ($datestamp,$timestamp);
            $messagebody=("$readline");
            $emailpriority=("2");
            EMailAlert ($datestamp,$timestamp,
                    $messagebody,$emailpriority);
            CriticalLogging ($datestamp,$timestamp,$readline);
        }
        # Evaluate the log size against established maximum
        (my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,
            my $rdev,$size,my $atime,my $mtime,my $ctime,
            my $blksize,my $blocks)=stat($logfile);
        if ($size>$maxlogsize)
        {
            LogRollover ($size);
            $workingfile=File::Tail->new(name=>$logfile,
                        maxinterval=>30,
                        adjustafter=>5,
                        maxbuf=>16384);
        }
        # Signal handlers for an attempted clean exit
        $SIG{INT}=\&CleanExit;
        $SIG{QUIT}=\&CleanExit;
        $SIG{ABRT}=\&CleanExit;
        $SIG{TERM}=\&CleanExit;
    }
}
exit;


sub TimeStamping
{
   # Dynamically assigns a human readable date/time variable for stamp
+ing
    (my $sec, my $min, my $hour, my $day, my $mon, my $year)
        =localtime(time);
    $year=sprintf("%04d",($year+1900));        # Year correction
    $mon=sprintf("%02d",($mon+1));        # Month correction
    $day=sprintf("%02d",$day);
    $hour=sprintf("%02d",$hour);
    $min=sprintf("%02d",$min);
    $sec=sprintf("%02d",$sec);
    $datestamp=("$year-$mon-$day");        # Friendly file date
    $timestamp=("$hour:$min:$sec");        # Friendly file time
}


sub LogRollover
{
   # Rollover of logs to an archived datestamped file
    TimeStamping ($datestamp,$timestamp);
    my $archivename=("pix.$datestamp.$timestamp.archive");
    rename "/pix/pix.log","/pix/pix.$datestamp.$timestamp.archive";
    system "/etc/init.d/syslog restart";    # Restart Syslogd
    $messagebody=("Log at: $size/n Archived to: $archivename");
    $emailpriority=("1");                # Low Priority
    EMailAlert ($messagebody,$emailpriority);
}


sub EMailAlert
{
   # E-Mail or Page the Administrator of critical alerts and failures

   # SMTP Relay Server Information
    my $smtp=Net::SMTP->new('mail.<somedomain>.com'
                , Hello => '<somedomain>.com'
                , Timeout => 60,
                , Debug => 0,
                );


    $smtp->mail( "" );
    # Evaluate priority for alphanumeric paging
    if ($emailpriority=="2")
    {
        $smtp->to("<phonenumber>\@<some>wireless.net");
    }
    $smtp->to("<administrator-type>\@<somedomain>.com");
    $smtp->data();
    $smtp->datasend("From: PIX Syslog Parser\n");
    $smtp->datasend("Subject: PIX Alert Notification\n");
    $smtp->datasend("To: Network Administrator\n");
    $smtp->datasend("BCC: \n");
    $smtp->datasend("\n");
    $smtp->datasend("Alert: $datestamp $timestamp\n");
    $smtp->datasend("\n");
    $smtp->datasend("$messagebody\n");
    $smtp->datasend("\n");
    $smtp->dataend();
    $smtp->quit();
    $emailpriority=("1");
}


sub CriticalLogging
{
   # Writes critical notifications to seperate log file
    open (CRITICALLOGFILE, ">>$criticallog")
        or die "Unable to write critical notification to file\n";
    print CRITICALLOGFILE "$datestamp  $timestamp\n";
    print CRITICALLOGFILE "$readline\n";
    close (CRITICALLOGFILE);
}


sub CleanExit
{
   # Subroutine for a clean exit from script
    close (CRITICALLOGFILE);
    close ($logfile);
    print ("Terminating Script\n");
    exit;
}

Comment on PIX Syslog Parser
Download Code

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://123707]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2014-09-21 14:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (172 votes), past polls