Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

PIX Syslog Parser

by salsa (Acolyte)
on Nov 07, 2001 at 02:22 UTC ( #123707=sourcecode: print w/ replies, xml ) Need Help??

Category: Networking Code
Author/Contact Info salsa
Description: This is actually my first PERL program. It uses File::Tail and Net::SMTP to watch your PIX firewall log for changes, evaluates the changes based on keywords and then e-mails/alpha pages on a match as well as logging the entry into a critical_log file. In addition, it evaulates the growing log size and rolls it into a date and time stamped archive when it hits a certain size. Keep in my mind, that this is my first program! if you have any questions or constructive (<--- NOTE) criticism, please feel free to e-mail me.
#!/usr/local/perl -w

use strict;
use warnings;
use diagnostics;
use Net::SMTP;
use File::Tail;


our $logfile=("/pix/pix.log");        # PIX Log File
our $criticallog=("/pix/critical_log");    # Critical Message Log File
our $datestamp;                    # Global Time Variables
our $timestamp;
our $readline;                    # File::Tail Working Variable
our $maxlogsize=("10000000");            # Max Log Size (bytes)
our $emailpriority;                # E-Mail Priority for Paging
our $messagebody;                    # Text Of E-Mail Alert
our $size;                        # Current Log File Size

# main
{
   # Process PIX Log File in infinite loop of tail checking
    # Start 'Tailing' the log file for changes
    my $workingfile=File::Tail->new(name=>$logfile,
                    maxinterval=>30,
                    adjustafter=>5,
                    maxbuf=>16384);
    # Evaluation Loop - NOTE: Activates only on changes to logfile
    while (defined($readline=$workingfile->read))
    {
        # Sets evaluation parsing to look for ACTIVE and Down
        # ACTIVE - triggered on firewall failover
        # Down - triggered on interface shutdown or failure
        if (($readline=~/ACTIVE/) || ($readline=~/Down/))
        {
            TimeStamping ($datestamp,$timestamp);
            $messagebody=("$readline");
            $emailpriority=("2");
            EMailAlert ($datestamp,$timestamp,
                    $messagebody,$emailpriority);
            CriticalLogging ($datestamp,$timestamp,$readline);
        }
        # Evaluate the log size against established maximum
        (my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,
            my $rdev,$size,my $atime,my $mtime,my $ctime,
            my $blksize,my $blocks)=stat($logfile);
        if ($size>$maxlogsize)
        {
            LogRollover ($size);
            $workingfile=File::Tail->new(name=>$logfile,
                        maxinterval=>30,
                        adjustafter=>5,
                        maxbuf=>16384);
        }
        # Signal handlers for an attempted clean exit
        $SIG{INT}=\&CleanExit;
        $SIG{QUIT}=\&CleanExit;
        $SIG{ABRT}=\&CleanExit;
        $SIG{TERM}=\&CleanExit;
    }
}
exit;


sub TimeStamping
{
   # Dynamically assigns a human readable date/time variable for stamp
+ing
    (my $sec, my $min, my $hour, my $day, my $mon, my $year)
        =localtime(time);
    $year=sprintf("%04d",($year+1900));        # Year correction
    $mon=sprintf("%02d",($mon+1));        # Month correction
    $day=sprintf("%02d",$day);
    $hour=sprintf("%02d",$hour);
    $min=sprintf("%02d",$min);
    $sec=sprintf("%02d",$sec);
    $datestamp=("$year-$mon-$day");        # Friendly file date
    $timestamp=("$hour:$min:$sec");        # Friendly file time
}


sub LogRollover
{
   # Rollover of logs to an archived datestamped file
    TimeStamping ($datestamp,$timestamp);
    my $archivename=("pix.$datestamp.$timestamp.archive");
    rename "/pix/pix.log","/pix/pix.$datestamp.$timestamp.archive";
    system "/etc/init.d/syslog restart";    # Restart Syslogd
    $messagebody=("Log at: $size/n Archived to: $archivename");
    $emailpriority=("1");                # Low Priority
    EMailAlert ($messagebody,$emailpriority);
}


sub EMailAlert
{
   # E-Mail or Page the Administrator of critical alerts and failures

   # SMTP Relay Server Information
    my $smtp=Net::SMTP->new('mail.<somedomain>.com'
                , Hello => '<somedomain>.com'
                , Timeout => 60,
                , Debug => 0,
                );


    $smtp->mail( "" );
    # Evaluate priority for alphanumeric paging
    if ($emailpriority=="2")
    {
        $smtp->to("<phonenumber>\@<some>wireless.net");
    }
    $smtp->to("<administrator-type>\@<somedomain>.com");
    $smtp->data();
    $smtp->datasend("From: PIX Syslog Parser\n");
    $smtp->datasend("Subject: PIX Alert Notification\n");
    $smtp->datasend("To: Network Administrator\n");
    $smtp->datasend("BCC: \n");
    $smtp->datasend("\n");
    $smtp->datasend("Alert: $datestamp $timestamp\n");
    $smtp->datasend("\n");
    $smtp->datasend("$messagebody\n");
    $smtp->datasend("\n");
    $smtp->dataend();
    $smtp->quit();
    $emailpriority=("1");
}


sub CriticalLogging
{
   # Writes critical notifications to seperate log file
    open (CRITICALLOGFILE, ">>$criticallog")
        or die "Unable to write critical notification to file\n";
    print CRITICALLOGFILE "$datestamp  $timestamp\n";
    print CRITICALLOGFILE "$readline\n";
    close (CRITICALLOGFILE);
}


sub CleanExit
{
   # Subroutine for a clean exit from script
    close (CRITICALLOGFILE);
    close ($logfile);
    print ("Terminating Script\n");
    exit;
}

Comment on PIX Syslog Parser
Download Code

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://123707]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2014-08-20 13:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (113 votes), past polls