remote logchecker

Category:	Net
Author/Contact Info	ackme
Description:	Uses Activeperl to check logs on a unix box from an NT machine. It tails the log, grabs the last line, and posts it into a logfile I create on the NT box. The log on the Unix box is in the form eod.log.mmddyy. Also logs a warning if the last line of the log is not the expected one.
use Net::Telnet (); $username = "ackme"; $password = "XXXXXXXXX"; $t = new Net::Telnet (Timeout => 60); $t->open("some.otherbox.com"); $t->login($username, $password); @d = $t->cmd("date +%m%d%y"); chop(@d); @lines = $t->cmd("tail -1 /home/ackme/eod.log.$d[0]"); $->logout; open (LOG, ">>I:/perl/testlog") \|\| "cannot create testlog! $!"; print LOG "the date: $d[0]\n"; chop @lines[0]; $correct = "eod complete exit status = 0"; if (${lines}[0] ne $correct) { print LOG "WARNING LOG NOT CORRECT!!"; } else { print LOG "the last line of the EOD log is: \"$lines[0]\"\n"; } close (LOG) \|\| "can't close testlog: $!"

Comment on remote logchecker Download Code

Replies are listed 'Best First'.
Re: remote logchecker by Tomte (Priest) on Aug 02, 2002 at 08:25 UTC
Due to my recent readings (including Intrusion Detection An Analyst's Handbook) and general paranoia I can't help but comment: Do not use Telnet! Even inside a firewalled network it compromises security a lot. You may want to check Net-SSH-W32Perl and its requirements to see if you can get the same functionality out of it. Otherwise a cool idea :-) regards, tomte	[reply]
Re: remote logchecker by crenz (Priest) on Aug 02, 2002 at 08:14 UTC
This way, your password is transferred in plain text over the net! You could use a CGI script to give you the last line of the file; there is no need to use telnet. `use strict; use warnings; my $correct = "eod complete exit status = 0"; use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTTP::Request GET => "http://server.net/obscure-url/loglastline.cgi"; $res = $ua->request($req); if ($res->is_success) { warn "Log not correct: " . $res->content . "\n" unless ($res->content =~ /$correct/; } else { die "Ooops. something went wrong:\n" . $res->as_string() . "\n"; }` [download] Update: Sorry -- maybe I shouldn't just assume that the Unix server has a webserver installed. I do recommend using `ssh`, though. You could even set up a user that upon login is presented with the last line of the shell script (set the login shell to a shell script that does that), then logs out. Set up a key pair for this user on the NT box and the Unix box, then call `ssh` using perl and catch the output. This should be much more secure.	[reply] [d/l] [select]
Re: remote logchecker by ackme (Scribe) on Aug 02, 2002 at 08:54 UTC
Thanks. If only I could! The unix box a) has no web service, and b) has no ssh service! And I, being a lowly "support engineer," at a remote location, have no juice with the admin. I was told that the "eod" script didn't run one day and no one noticed until too late, so I better be sure I check it. I wrote this and set up an "at" process on NT so that, even if I forgot, I would have a record of it running (or not). In fact, the perl on the unix box is 5.005, with almost no modules and the OS is Solaris 4.something (7?). ~Scary~	[reply]
Re: Re: remote logchecker by Anonymous Monk on Aug 02, 2002 at 12:01 UTC
Then perhaps you ought to just create a cron job to scan the log and email an appropriate excerpt to you periodically. This way you don't need to expose your password over the net.	[reply]
Re: Re: Re: remote logchecker by ackme (Scribe) on Aug 02, 2002 at 14:55 UTC
I was wanting to be cleverly Perlish, but that is a much safer way to do it. Thx, Bro!	[reply]


Perl-Sensitive Sunglasses
	PerlMonks