Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

PIX Syslog Parser

by salsa (Acolyte)
on Nov 07, 2001 at 02:22 UTC ( #123707=sourcecode: print w/replies, xml ) Need Help??
Category: Networking Code
Author/Contact Info salsa
Description: This is actually my first PERL program. It uses File::Tail and Net::SMTP to watch your PIX firewall log for changes, evaluates the changes based on keywords and then e-mails/alpha pages on a match as well as logging the entry into a critical_log file. In addition, it evaulates the growing log size and rolls it into a date and time stamped archive when it hits a certain size. Keep in my mind, that this is my first program! if you have any questions or constructive (<--- NOTE) criticism, please feel free to e-mail me.
#!/usr/local/perl -w

use strict;
use warnings;
use diagnostics;
use Net::SMTP;
use File::Tail;

our $logfile=("/pix/pix.log");        # PIX Log File
our $criticallog=("/pix/critical_log");    # Critical Message Log File
our $datestamp;                    # Global Time Variables
our $timestamp;
our $readline;                    # File::Tail Working Variable
our $maxlogsize=("10000000");            # Max Log Size (bytes)
our $emailpriority;                # E-Mail Priority for Paging
our $messagebody;                    # Text Of E-Mail Alert
our $size;                        # Current Log File Size

# main
   # Process PIX Log File in infinite loop of tail checking
    # Start 'Tailing' the log file for changes
    my $workingfile=File::Tail->new(name=>$logfile,
    # Evaluation Loop - NOTE: Activates only on changes to logfile
    while (defined($readline=$workingfile->read))
        # Sets evaluation parsing to look for ACTIVE and Down
        # ACTIVE - triggered on firewall failover
        # Down - triggered on interface shutdown or failure
        if (($readline=~/ACTIVE/) || ($readline=~/Down/))
            TimeStamping ($datestamp,$timestamp);
            EMailAlert ($datestamp,$timestamp,
            CriticalLogging ($datestamp,$timestamp,$readline);
        # Evaluate the log size against established maximum
        (my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,
            my $rdev,$size,my $atime,my $mtime,my $ctime,
            my $blksize,my $blocks)=stat($logfile);
        if ($size>$maxlogsize)
            LogRollover ($size);
        # Signal handlers for an attempted clean exit

sub TimeStamping
   # Dynamically assigns a human readable date/time variable for stamp
    (my $sec, my $min, my $hour, my $day, my $mon, my $year)
    $year=sprintf("%04d",($year+1900));        # Year correction
    $mon=sprintf("%02d",($mon+1));        # Month correction
    $datestamp=("$year-$mon-$day");        # Friendly file date
    $timestamp=("$hour:$min:$sec");        # Friendly file time

sub LogRollover
   # Rollover of logs to an archived datestamped file
    TimeStamping ($datestamp,$timestamp);
    my $archivename=("pix.$datestamp.$timestamp.archive");
    rename "/pix/pix.log","/pix/pix.$datestamp.$timestamp.archive";
    system "/etc/init.d/syslog restart";    # Restart Syslogd
    $messagebody=("Log at: $size/n Archived to: $archivename");
    $emailpriority=("1");                # Low Priority
    EMailAlert ($messagebody,$emailpriority);

sub EMailAlert
   # E-Mail or Page the Administrator of critical alerts and failures

   # SMTP Relay Server Information
    my $smtp=Net::SMTP->new('mail.<somedomain>.com'
                , Hello => '<somedomain>.com'
                , Timeout => 60,
                , Debug => 0,

    $smtp->mail( "" );
    # Evaluate priority for alphanumeric paging
    if ($emailpriority=="2")
    $smtp->datasend("From: PIX Syslog Parser\n");
    $smtp->datasend("Subject: PIX Alert Notification\n");
    $smtp->datasend("To: Network Administrator\n");
    $smtp->datasend("BCC: \n");
    $smtp->datasend("Alert: $datestamp $timestamp\n");

sub CriticalLogging
   # Writes critical notifications to seperate log file
    open (CRITICALLOGFILE, ">>$criticallog")
        or die "Unable to write critical notification to file\n";
    print CRITICALLOGFILE "$datestamp  $timestamp\n";
    print CRITICALLOGFILE "$readline\n";

sub CleanExit
   # Subroutine for a clean exit from script
    close ($logfile);
    print ("Terminating Script\n");
Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://123707]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (8)
As of 2018-05-25 21:28 GMT
Find Nodes?
    Voting Booth?