sub searchFileForString {
my $fileName = $_[0];
my $searchString = $_[1];
my $SEMAPHORE = $fileName . '.lck';
my $found = 0;
open(LOCKFILE, ">$SEMAPHORE") or die "$SEMAPHORE: $!";
flock(LOCKFILE, LOCK_EX) or die "flock() failed for $SEMAPHORE: $!"
+;
open(SEARCHFILE,"+<$fileName") or die "Failed to open $fileName: $!
+";
if (grep{/$searchString/} <SEARCHFILE>)
{
$found = 1;
}
close SEARCHFILE;
close LOCKFILE;
return $found;
}
sub does_action_exist()
{
my $src_ip = $_[0];
my $dst_ip = $_[1];
my $src_port_or_icmp_type = $_[2];
my $dst_port_or_icmp_code = $_[3];
my $protocol = $_[4];
my $flags = $_[5];
my $src_ip_mask = $_[6];
my $dst_ip_mask = $_[7];
my $src_port_or_icmp_type_mask = $_[8];
my $dst_port_or_icmp_code_mask = $_[9];
my $protocol_mask = $_[10];
my $flags_mask = $_[11];
my $action = $_[12];
my $dbh;
my $sql;
my $sth;
my $time_left;
$dbh = &connect_to_db();
$sql = "select (unix_timestamp(start_date) + (duration * 60)) - " .
"unix_timestamp(NOW()) as time_left from actions where src_ip = " .
"$src_ip and dst_ip = $dst_ip and src_port_or_icmp_type = " .
"$src_port_or_icmp_type and dst_port_or_icmp_code = " .
"$dst_port_or_icmp_code and protocol = $protocol and flags = $flags
+and " .
"src_ip_mask = $src_ip_mask and dst_ip_mask = $dst_ip_mask and " .
"src_port_or_icmp_type_mask = $src_port_or_icmp_type_mask and " .
"dst_port_or_icmp_code_mask = $dst_port_or_icmp_code_mask and " .
"protocol_mask = $protocol_mask and flags_mask = $flags_mask and " .
"action = '$action' and unix_timestamp(start_date) + (duration * 60)
+ > " .
"unix_timestamp(NOW()) and end_date is NULL";
$sth = $dbh->prepare($sql);
$sth->execute();
$sth->bind_columns(undef, \$time_left);
$sth->fetch();
$sth->finish();
&disconnect_from_db($dbh);
return(int($time_left / 60)) if($time_left ne "");
return(0);
}
<code>
<code>
Original Config
-----------------------------------------------------------
# [EVENT TEMPLATE]
$template sample, "%timereported:::date-mysql% %HOSTNAME\n"
# [EVENT PROCESSING]
if $programname == 'sample_event' then | tmp/meh;sample
if $programname == 'sample_event' then ~
Destination config
-----------------------------------------------------------
# [EVENT TEMPLATE]
$template foo, "this is template stuff % meh bar\n"
$template bar, "more template stuff. Did the sox win %meh\n"
$template aquabuda "rand Paul is %funny\n"
#Comments
#Comments
#Other random comments
# [EVENT PROCESSING]
if $programname == 'somename' then /tmp/foo;meh
if $programname == 'somename' then ~
if $programname == 'super' then /tmp/super;meh
if $programname == 'another' then /tmp/another;meh
if $programname == 'direct' then /var/log/messages;direct
# Debug
if $programname == 'generic' then /var/log/messages
if $programname == 'other' then ~
#!/usr/bin/perl -w
use strict;
use warnings;
my $file = shift;
my $numcopies = shift;
my $numchildren = 10;
my $load = ($numcopies/$numchildren);
my $count = 0;
my $pid;
for(1..$numchildren) {
for(1..$load) {
$pid = fork();
die "Cannot fork: $!" if (! defined $pid);
if (! $pid) {
exec ("cp '$file' '$count'.file");
die "Could not exec: !\$";
}
$count++;
}
}
|