######################################################## # $Id: dovecot,v 1.6 2007/03/17 19:13:13 bjorn Exp $ ######################################################## # $Log: dovecot,v $ # Revision 1.6 2007/03/17 19:13:13 bjorn # Now handling dovecot starts/kills. # # Revision 1.5 2006/12/20 15:25:09 bjorn # Additional filtering, by Ivana Varekova. # # Revision 1.4 2006/08/13 22:02:31 bjorn # IPv4 addresses displayed in native format, and don't display user totals # if user connects from only one IP address; changes by Patrick Vande Walle. # # Revision 1.3 2006/08/13 21:06:33 bjorn # Added support for Dovecot 1.0 based on patches from Mark Nienberg, and # IP addresses displayed without brackets for consistency across versions; # modifications by Patrick Vande Walle. # # Revision 1.2 2005/12/07 04:31:44 bjorn # Added $dovecot_ignore_host. # # Revision 1.1 2005/09/18 17:01:05 bjorn # Dovecot filters written by Patrick Vande Walle. # ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@logwatch.org ######################################################## # The Dovecot script was written by: # Patrick Vande Walle <patrick@isoc.lu> # Based on previous work by # Pawel Golaszewski <blues@gda.pl> # # TODO: # - use printf features to align text in table # ######################################################## my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my $IgnoreHost = $ENV{'dovecot_ignore_host'} || ""; my $Restarts = 0; my $End = 0; if ( $Debug >= 5 ) { print STDERR "\n\nDEBUG \n\n"; } while (defined($ThisLine = <STDIN>)) { # remove timestamp. We can't use *RemoveHeaders because we need the # service name $ThisLine =~ s/^\w{3} .\d \d\d:\d\d:\d\d [^ ]* //; if ($ThisLine =~ /ssl-build-param: SSL parameters regeneration completed/) { # We don't care about these } elsif ( $ThisLine =~ /Killed with signal /) { $End++; } elsif ( $ThisLine =~ /Dovecot starting up$/) { $Restarts++; $End = 0; } elsif ( ($User, $Host) = ( $ThisLine =~ /^pop3-login: Login: (.*?) \[(.*)\]/ ) ) { if ($Host !~ /$IgnoreHost/) { $Login{$User}{$Host}++; $ConnectionPOP3{$Host}++; $Connection{$Host}++; } } elsif ( ($User, $Host) = ( $ThisLine =~ /^imap-login: Login: (.*?) \[(.*)\]/ ) ) { if ($Host !~ /$IgnoreHost/) { $Login{$User}{$Host}++; $ConnectionIMAP{$Host}++; $Connection{$Host}++; } # This is for Dovecot 1.0 series } elsif ( ($User, $Host) = ( $ThisLine =~ /^dovecot: pop3-login: Login: user=\<(.*?)\>.*rip=(.*)\, lip=/ ) ) { if ($Host !~ /$IgnoreHost/) { $Login{$User}{$Host}++; $ConnectionPOP3{$Host}++; $Connection{$Host}++; } } elsif ( ($User, $Host) = ( $ThisLine =~ /^dovecot: imap-login: Login: user=\<(.*?)\>.*rip=(.*)\, lip=/) ) { if ($Host !~ /$IgnoreHost/) { $Login{$User}{$Host}++; $ConnectionIMAP{$Host}++; $Connection{$Host}++; } } elsif ($ThisLine =~ /Disconnected \[/) { $Disconnected{"no reason"}++; } elsif (($Reason) = ($ThisLine =~ /Disconnected: (.*) \[/) ) { $Disconnected{$Reason}++; } elsif (($Reason, $Host) = ($ThisLine =~ /TLS initialization failed/) ) { $TLSInitFail++; } elsif (($Host) = ($ThisLine =~ /Aborted login \[(.*)\]/) ) { $Aborted{$Host}++; # This is for Dovecot 1.0 series } elsif ($ThisLine =~ /Disconnected for inactivity/) { $Disconnected{"Inactivity"}++; } elsif ($ThisLine =~ /Disconnected in IDLE/) { $Disconnected{"in IDLE"}++; } elsif ($ThisLine =~ /Disconnected$/) { $Disconnected{"no reason"}++; } elsif (($Reason) = ($ThisLine =~ /pop3-login: Disconnected: (.+)/) ) { $Disconnected{"no reason"}++; } elsif (($Reason) = ($ThisLine =~ /imap-login: Disconnected: (.+)/) ) { $Disconnected{"no reason"}++; } elsif (($Reason) = ($ThisLine =~ /IMAP.+: Disconnected: (.+)/) ) { $Disconnected{$Reason}++; } elsif (($Reason) = ($ThisLine =~ /POP3.+: Disconnected: (.+) top/) ) { $Disconnected{$Reason}++; } else { # Report any unmatched entries... chomp($ThisLine); $OtherList{$ThisLine}++; } } ################################################ if ( $End ) { print "\nDovecot was killed, and not restarted afterwards.\n"; } if ( ( $Detail >=5 ) and $Restarts ) { print "\nDovecot restarted $Restarts time(s)."; } if ( ( $Detail >= 5 ) and (keys %Connection)) { print "\n[Dovecot IMAP and POP3] Connections:". "\n====================================". "\n Host | POP3 | IMAP | Total ". "\n-------------------------- | ----------- |--------- | ---------"; $TLSInitFail = 0; foreach $Host (sort keys %Connection) { $Total = $Connection{$Host}; if (defined ($ConnectionPOP3{$Host})) { $Conns = $ConnectionPOP3{$Host}; } else { $Conns = 0; } if (defined ($ConnectionIMAP{$Host})) { $IMAP = $ConnectionIMAP{$Host}; } else { $IMAP = 0; } # Cleanly display IPv4 addresses $Host=~ s/::ffff://; $HostLength = length($Host); $HostSpaceLength = 26 - $HostLength; $CountLength = length("$Conns"); $CountSpaceLength = 12 - $CountLength; $IMAPLength = length("$IMAP"); $IMAPSpaceLength = 9 - $IMAPLength; $TotalLenght = length("$Total"); $TotalSpaceLength = 10 - $TotalLenght; print "\n" ." " x $HostSpaceLength . $Host . " |" . " " x $CountSpaceLength . $Conns . " |" . " " x $IMAPSpaceLength . $IMAP . " |" . " " x $TotalSpaceLength . $Total; $POP3Count += $Conns; $IMAPCount += $IMAP; $TotalCount += $Total; } $POP3Length = length("$POP3Count"); $POP3SpaceLength = 40 - $POP3Length; $IMAPLength = length("$IMAPCount"); $IMAPSpaceLength = 9 - $IMAPLength; $TotalLength = length("$TotalCount"); $totalSpaceLength = 10 - $TotalLength; print "\n" . "-" x 63; print "\n" . " " x $POP3SpaceLength . $POP3Count . " |" . " " x $IMAPSpaceLength . $IMAPCount . " |" . " " x $totalSpaceLength . $TotalCount . "\n"; } if ( ( $Detail >= 10 ) and (keys %Login)) { print "\n\nDovecot IMAP and POP3 Successful Logins:"; $LoginCount = 0; foreach my $User (keys %Login) { print "\n\n User $User:"; $UserCount = 0; $NumHosts = 0; foreach $Host (keys %{$Login{$User}}) { $NumHosts++; $HostCount = $Login{$User}{$Host}; # Cleanly display IPv4 addresses $Host=~ s/::ffff://; print "\n From $Host: $HostCount Time(s)"; $UserCount += $HostCount; } $LoginCount += $UserCount; if ($NumHosts > 1) { print "\n Total: $UserCount Time(s)"; } } print "\n\nTotal: $LoginCount successful logins"; } if (keys %Disconnected) { print "\n\nDovecot disconnects:"; foreach my $Reason (sort keys %Disconnected) { print "\n $Reason: $Disconnected{$Reason} Time(s)"; } } if ((keys %Aborted) && ($Detail >= 10)) { print "\n\nLogout/aborts:"; foreach my $Host (sort keys %Aborted) { print "\n $Host: $Aborted{$Host} Time(s)"; } } if ($TLSInitFail > 0) { print "\n\nTLS Initialization failed $TLSInitFail Time(s)"; } if (keys %OtherList) { print "\n\n**Unmatched Entries**\n"; foreach $line (sort {$a cmp $b} keys %OtherList) { print " $line: $OtherList{$line} Time(s)\n"; } } exit(0); # vi: shiftwidth=3 tabstop=3 syntax=perl et