Sophie

Sophie

distrib > Mandriva > 2008.1 > i586 > by-pkgid > e28667f4e1cf50e0b002c8a83e0e0d6f > files > 199

logwatch-7.3.6-2mdv2008.1.noarch.rpm


##########################################################################
# $Id: kernel,v 1.33 2006/01/16 18:40:31 kirk Exp $
##########################################################################
# $Log: kernel,v $
# Revision 1.33  2006/01/16 18:40:31  kirk
# fixed name to Logwatch (how I like it now)
#
# Revision 1.32  2005/11/30 05:35:11  bjorn
# Replaced compStr, by Markus Lude.
#
# Revision 1.31  2005/11/08 20:34:49  bjorn
# Fixed reporting of RAID errors and added 'use strict'. Adds support for
# reporting various execution/memory access errors. These are errors on
# 2.6.5-7 kernels, x86_64 and IA64 architectures, SuSE 9 distro.
# All these changes by David Baldwin.
#
# Revision 1.30  2005/07/25 22:17:31  bjorn
# Moved iptables (and ipchains, ipfwadm) code to its own service (iptables).
#
# Revision 1.29  2005/06/07 18:14:50  bjorn
# Filtering out audit statements, since we now have an "audit" service.
##########################################################################
# Kernel script for Logwatch 
#
# Visit the Logwatch website at
#   http://www.logwatch.org
##########################################################################

use strict;
use Logwatch ':ip';

my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my %SYNflood = ();
my %RAIDErrors = ();
my %SegFaults = ();
my %GPFaults = ();
my %UnalignedErrors = ();
my %FPAssists = ();
my %Errors = ();
my %Kernel = ();

while (defined(my $ThisLine = <STDIN>)) {
   chomp($ThisLine);
   next if ($ThisLine eq '');

   if (
      # filter out audit messages - these should be parsed by the audit
      # service
      ($ThisLine =~ /^\s*audit\(/)
      # following now in iptables service
      or ($ThisLine =~ /^Packet log: .*PROTO=/)
      or ($ThisLine =~ /IN=.*OUT=.*SRC=.*DST=.*PROTO=/)
      ) { # ignore the above strings
   } elsif ( my ($from,$on) = ( $ThisLine =~ /^Warning: possible SYN flood from ([^ ]+) on ([^ ]+):.+ Sending cookies/ ) ) {
      my $Fullfrom = LookupIP($from);
      my $Fullon = LookupIP($on);
      $SYNflood{$Fullon}{$Fullfrom}++;
   } elsif ($ThisLine =~ /continuing in degraded mode/) {
      $RAIDErrors{$ThisLine}++;
   } elsif ($ThisLine =~ /([^(]*)\[\d+\]: segfault at/) {
      $SegFaults{$1}++;
   } elsif ($ThisLine =~ /([^(]*)\[\d+\] general protection/) {
      $GPFaults{$1}++;
   } elsif ($ThisLine =~ /([^(]*)\(\d+\): unaligned access to/) {
      $UnalignedErrors{$1}++;
   } elsif ($ThisLine =~ /([^(]*)\(\d+\): floating-point assist fault at ip/) {
      $FPAssists{$1}++;
   } elsif ( ( my $errormsg ) = ( $ThisLine =~ /(.*?[Ee]rror.{0,17})/ ) ) {
      # filter out smb open/read errors cased by insufficient permissions
      my $SkipError = 0;
      $SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/;
      $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/;
      $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/;
      $Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8));
   }
   # OTHER  
   else {
      # XXX For now, going to ignore all other kernel messages as there
      # XXX are practically an infinite number and most of them are obviously
      # XXX not parsed here at this time.
      # filter out smb open/read errors cased by insufficient permissions
      my $SkipError = 0;
      $SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/;
      $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/;
      $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/;
      $Kernel{$ThisLine}++ if ( (! $SkipError) || ($Detail > 8)) ;
   }
}

if (keys %SYNflood) {
   print "\nWarning: SYN flood on:\n";
   foreach my $ThisOne (sort {$a cmp $b} keys %SYNflood) {
      print "   " . $ThisOne . " from:\n";
      foreach my $Next (sort {$a cmp $b} keys %{$SYNflood{$ThisOne}}) {
         print "      " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n";   
      }      
   }
}

if (keys %RAIDErrors) {
   print "\nWARNING:  RAID Errors Present\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %RAIDErrors ) {
      print "   $Thisone ...:  $RAIDErrors{$Thisone} Time(s)\n";
   }
}

if (keys %SegFaults) {
   print "\nWARNING:  Segmentation Faults in these executables\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %SegFaults ) {
      print "   $Thisone :  $SegFaults{$Thisone} Time(s)\n";
   }
}

if (keys %GPFaults) {
   print "\nWARNING:  General Protection Faults in these executables\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %GPFaults ) {
      print "   $Thisone :  $GPFaults{$Thisone} Time(s)\n";
   }
}

if (keys %UnalignedErrors) {
   print "\nWARNING:  Unaligned Errors in these executables\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %UnalignedErrors ) {
      print "   $Thisone :  $UnalignedErrors{$Thisone} Time(s)\n";
   }
}

if (keys %FPAssists) {
   print "\nWARNING:  Floating-Point Assists in these executables\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %FPAssists ) {
      print "   $Thisone :  $FPAssists{$Thisone} Time(s)\n";
   }
}

if (keys %Errors) {
   print "\nWARNING:  Kernel Errors Present\n";
   foreach my $Thisone ( sort {$a cmp $b} keys %Errors ) {
      print "   $Thisone ...:  $Errors{$Thisone} Time(s)\n";
   }
}

# OTHER
if ( ($Detail >= 5) and (keys %Kernel) ) {
   print "\n";
   foreach my $ThisOne (sort {$a cmp $b} keys %Kernel) {
      print $Kernel{$ThisOne} . " Time(s): " . $ThisOne . "\n";
   }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional