|
Packit |
57988d |
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# Revision 0.3 2002/06/16 Kirk Bauer <kirk@kaybee.org>
|
|
Packit |
57988d |
# - Only outputs separator lines if there are logs on which to report
|
|
Packit |
57988d |
# Revision 0.2 2002/05/29 Pawel Jarosz <pj@rsi.pl>
|
|
Packit |
57988d |
# - More flexible output
|
|
Packit |
57988d |
# Revision 0.1 2002/05/27 Pawel Jarosz <pj@rsi.pl>
|
|
Packit |
57988d |
# - Removed unneded things
|
|
Packit |
57988d |
# - New lookout, more sorted data
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#####################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Pawel Jarosz
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my %Conn_loginok;
|
|
Packit |
57988d |
my %Conn_loginfail;
|
|
Packit |
57988d |
my %Connections;
|
|
Packit |
57988d |
my %OtherList;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
#Solaris ID filter -mgt
|
|
Packit |
57988d |
$ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //;
|
|
Packit |
57988d |
# next unless ( $ThisLine=~s/^... .. ..:..:.. [^ ]+ ipop3d\[\d+\]: //); #For testing only
|
|
Packit |
57988d |
next unless (defined($ThisLine));
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^Command stream end of file/ ) {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^(Autol|L)ogout/ ) {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^Trying to get mailbox lock/ ) {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^Connection reset by peer/ ) {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^Error opening or locking/ ) {
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^Login failure user=(\S+) host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
|
|
Packit |
57988d |
$ThisLine =~/^Login failed user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
|
|
Packit |
57988d |
$ThisLine =~/^Login excessive login failures user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
|
|
Packit |
57988d |
$Conn_loginfail{$1}{$2}++;
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/service init from (\d+.\d+.\d+.\d+)$/ ) {
|
|
Packit |
57988d |
$Connections{$1}++;
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^(Login|Auth|APOP|Update) user=(\S+) host=[^\[]*\[(\d+.\d+.\d+.\d+)\]/ ) {
|
|
Packit |
57988d |
$Conn_loginok{$2}{$3}++;
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $ThisLine =~/^AUTHENTICATE (\S+) failure host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
|
|
Packit |
57988d |
$Conn_loginfail{$1}{$2}++;
|
|
Packit |
57988d |
next;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Report any unmatched entries...
|
|
Packit |
57988d |
$OtherList{$ThisLine}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( (keys %Connections) and ($Detail >= 15) ) {
|
|
Packit |
57988d |
print "\nInitialized Connections:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$Connections{$b}<=>$Connections{$a}} keys %Connections) {
|
|
Packit |
57988d |
printf " %4i from %s\n" , $Connections{$ThisOne} , $ThisOne;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( (keys %Conn_loginfail) and ($Detail >= 5) ) {
|
|
Packit |
57988d |
print "\nFailed to log in:\n";
|
|
Packit |
57988d |
foreach my $user (keys %Conn_loginfail) {
|
|
Packit |
57988d |
print "User: $user from:\n";
|
|
Packit |
57988d |
foreach my $host ( sort keys %{ $Conn_loginfail{$user} } ) {
|
|
Packit |
57988d |
printf " %-35s %4i\n",$host,$Conn_loginfail{$user}{$host};
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( (keys %Conn_loginok) and ($Detail >=15) ) {
|
|
Packit |
57988d |
print "\nSuccess in log in:\n";
|
|
Packit |
57988d |
foreach my $user (keys %Conn_loginok) {
|
|
Packit |
57988d |
print "User: $user from:\n";
|
|
Packit |
57988d |
foreach my $host ( sort keys %{ $Conn_loginok{$user} } ) {
|
|
Packit |
57988d |
printf " %-35s %4i\n",$host,$Conn_loginok{$user}{$host};
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %OtherList) {
|
|
Packit |
57988d |
print "\n**Unmatched Entries**\n";
|
|
Packit |
57988d |
foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
|
|
Packit |
57988d |
print " $line: $OtherList{$line} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|