#!/usr/local/perl -w use strict; use warnings; use diagnostics; use Net::SMTP; use File::Tail; our $logfile=("/pix/pix.log"); # PIX Log File our $criticallog=("/pix/critical_log"); # Critical Message Log File our $datestamp; # Global Time Variables our $timestamp; our $readline; # File::Tail Working Variable our $maxlogsize=("10000000"); # Max Log Size (bytes) our $emailpriority; # E-Mail Priority for Paging our $messagebody; # Text Of E-Mail Alert our $size; # Current Log File Size # main { # Process PIX Log File in infinite loop of tail checking # Start 'Tailing' the log file for changes my $workingfile=File::Tail->new(name=>$logfile, maxinterval=>30, adjustafter=>5, maxbuf=>16384); # Evaluation Loop - NOTE: Activates only on changes to logfile while (defined($readline=$workingfile->read)) { # Sets evaluation parsing to look for ACTIVE and Down # ACTIVE - triggered on firewall failover # Down - triggered on interface shutdown or failure if (($readline=~/ACTIVE/) || ($readline=~/Down/)) { TimeStamping ($datestamp,$timestamp); $messagebody=("$readline"); $emailpriority=("2"); EMailAlert ($datestamp,$timestamp, $messagebody,$emailpriority); CriticalLogging ($datestamp,$timestamp,$readline); } # Evaluate the log size against established maximum (my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid, my $rdev,$size,my $atime,my $mtime,my $ctime, my $blksize,my $blocks)=stat($logfile); if ($size>$maxlogsize) { LogRollover ($size); $workingfile=File::Tail->new(name=>$logfile, maxinterval=>30, adjustafter=>5, maxbuf=>16384); } # Signal handlers for an attempted clean exit $SIG{INT}=\&CleanExit; $SIG{QUIT}=\&CleanExit; $SIG{ABRT}=\&CleanExit; $SIG{TERM}=\&CleanExit; } } exit; sub TimeStamping { # Dynamically assigns a human readable date/time variable for stamping (my $sec, my $min, my $hour, my $day, my $mon, my $year) =localtime(time); $year=sprintf("%04d",($year+1900)); # Year correction $mon=sprintf("%02d",($mon+1)); # Month correction $day=sprintf("%02d",$day); $hour=sprintf("%02d",$hour); $min=sprintf("%02d",$min); $sec=sprintf("%02d",$sec); $datestamp=("$year-$mon-$day"); # Friendly file date $timestamp=("$hour:$min:$sec"); # Friendly file time } sub LogRollover { # Rollover of logs to an archived datestamped file TimeStamping ($datestamp,$timestamp); my $archivename=("pix.$datestamp.$timestamp.archive"); rename "/pix/pix.log","/pix/pix.$datestamp.$timestamp.archive"; system "/etc/init.d/syslog restart"; # Restart Syslogd $messagebody=("Log at: $size/n Archived to: $archivename"); $emailpriority=("1"); # Low Priority EMailAlert ($messagebody,$emailpriority); } sub EMailAlert { # E-Mail or Page the Administrator of critical alerts and failures # SMTP Relay Server Information my $smtp=Net::SMTP->new('mail..com' , Hello => '.com' , Timeout => 60, , Debug => 0, ); $smtp->mail( "" ); # Evaluate priority for alphanumeric paging if ($emailpriority=="2") { $smtp->to("\@wireless.net"); } $smtp->to("\@.com"); $smtp->data(); $smtp->datasend("From: PIX Syslog Parser\n"); $smtp->datasend("Subject: PIX Alert Notification\n"); $smtp->datasend("To: Network Administrator\n"); $smtp->datasend("BCC: \n"); $smtp->datasend("\n"); $smtp->datasend("Alert: $datestamp $timestamp\n"); $smtp->datasend("\n"); $smtp->datasend("$messagebody\n"); $smtp->datasend("\n"); $smtp->dataend(); $smtp->quit(); $emailpriority=("1"); } sub CriticalLogging { # Writes critical notifications to seperate log file open (CRITICALLOGFILE, ">>$criticallog") or die "Unable to write critical notification to file\n"; print CRITICALLOGFILE "$datestamp $timestamp\n"; print CRITICALLOGFILE "$readline\n"; close (CRITICALLOGFILE); } sub CleanExit { # Subroutine for a clean exit from script close (CRITICALLOGFILE); close ($logfile); print ("Terminating Script\n"); exit; }