|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
##########################################################################
|
|
Packit Bot |
ea69bd |
# $Id$
|
|
Packit Bot |
ea69bd |
##########################################################################
|
|
Packit Bot |
ea69bd |
# $Log: kernel,v $
|
|
Packit Bot |
ea69bd |
# Revision 1.35 2008/03/24 23:31:26 kirk
|
|
Packit Bot |
ea69bd |
# added copyright/license notice to each script
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.34 2008/02/14 19:01:51 mike
|
|
Packit Bot |
ea69bd |
# Patch for OOM from Orion Poplawski -mgt
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.33 2006/01/16 18:40:31 kirk
|
|
Packit Bot |
ea69bd |
# fixed name to Logwatch (how I like it now)
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.32 2005/11/30 05:35:11 bjorn
|
|
Packit Bot |
ea69bd |
# Replaced compStr, by Markus Lude.
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.31 2005/11/08 20:34:49 bjorn
|
|
Packit Bot |
ea69bd |
# Fixed reporting of RAID errors and added 'use strict'. Adds support for
|
|
Packit Bot |
ea69bd |
# reporting various execution/memory access errors. These are errors on
|
|
Packit Bot |
ea69bd |
# 2.6.5-7 kernels, x86_64 and IA64 architectures, SuSE 9 distro.
|
|
Packit Bot |
ea69bd |
# All these changes by David Baldwin.
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.30 2005/07/25 22:17:31 bjorn
|
|
Packit Bot |
ea69bd |
# Moved iptables (and ipchains, ipfwadm) code to its own service (iptables).
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Revision 1.29 2005/06/07 18:14:50 bjorn
|
|
Packit Bot |
ea69bd |
# Filtering out audit statements, since we now have an "audit" service.
|
|
Packit Bot |
ea69bd |
##########################################################################
|
|
Packit Bot |
ea69bd |
# Kernel script for Logwatch
|
|
Packit Bot |
ea69bd |
#
|
|
Packit Bot |
ea69bd |
# Visit the Logwatch website at
|
|
Packit Bot |
ea69bd |
# http://www.logwatch.org
|
|
Packit Bot |
ea69bd |
##########################################################################
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
#####################################################
|
|
Packit Bot |
ea69bd |
## Copyright (c) 2008 Kirk Bauer
|
|
Packit Bot |
ea69bd |
## Covered under the included MIT/X-Consortium License:
|
|
Packit Bot |
ea69bd |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit Bot |
ea69bd |
## All modifications and contributions by other persons to
|
|
Packit Bot |
ea69bd |
## this script are assumed to have been donated to the
|
|
Packit Bot |
ea69bd |
## Logwatch project and thus assume the above copyright
|
|
Packit Bot |
ea69bd |
## and licensing terms. If you want to make contributions
|
|
Packit Bot |
ea69bd |
## under your own copyright or a different license this
|
|
Packit Bot |
ea69bd |
## must be explicitly stated in the contribution an the
|
|
Packit Bot |
ea69bd |
## Logwatch project reserves the right to not accept such
|
|
Packit Bot |
ea69bd |
## contributions. If you have made significant
|
|
Packit Bot |
ea69bd |
## contributions to this script and want to claim
|
|
Packit Bot |
ea69bd |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit Bot |
ea69bd |
#########################################################
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
use strict;
|
|
Packit Bot |
ea69bd |
use Logwatch ':ip';
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit Bot |
ea69bd |
my $Ignore_faults = $ENV{'ignore_faults'};
|
|
Packit Bot |
ea69bd |
my $Ignore_rpcsec_expired = $ENV{'ignore_rpcsec_expired'} || 0;
|
|
Packit Bot |
ea69bd |
my $Ignore_messages = $ENV{'kernel_ignore_messages'} || '^$';
|
|
Packit Bot |
ea69bd |
my %SYNflood = ();
|
|
Packit Bot |
ea69bd |
my %RAIDErrors = ();
|
|
Packit Bot |
ea69bd |
my %DRBDErrors = ();
|
|
Packit Bot |
ea69bd |
my %SegFaults = ();
|
|
Packit Bot |
ea69bd |
my %GPFaults = ();
|
|
Packit Bot |
ea69bd |
my %TrapInt3s = ();
|
|
Packit Bot |
ea69bd |
my %UnalignedErrors = ();
|
|
Packit Bot |
ea69bd |
my %FPAssists = ();
|
|
Packit Bot |
ea69bd |
my %OOM = ();
|
|
Packit Bot |
ea69bd |
my %Errors = ();
|
|
Packit Bot |
ea69bd |
my %Kernel = ();
|
|
Packit Bot |
ea69bd |
my %EDACs = ();
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
while (defined(my $ThisLine = <STDIN>)) {
|
|
Packit Bot |
ea69bd |
chomp($ThisLine);
|
|
Packit Bot |
ea69bd |
next if ($ThisLine eq '');
|
|
Packit Bot |
ea69bd |
# Remove timestamp if present
|
|
Packit Bot |
ea69bd |
$ThisLine =~ s/^\[\s*\d+\.\d+\]\s*//;
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (
|
|
Packit Bot |
ea69bd |
# filter out audit messages - these should be parsed by the audit
|
|
Packit Bot |
ea69bd |
# service
|
|
Packit Bot |
ea69bd |
($ThisLine =~ /^\s*(type=\d+\s+)?audit\(/)
|
|
Packit Bot |
ea69bd |
# following now in iptables service
|
|
Packit Bot |
ea69bd |
or ($ThisLine =~ /^Packet log: .*PROTO=/)
|
|
Packit Bot |
ea69bd |
or ($ThisLine =~ /IN=.*OUT=.*SRC=.*DST=.*PROTO=/)
|
|
Packit Bot |
ea69bd |
# user specified ignore messages, lower cased
|
|
Packit Bot |
ea69bd |
or ($ThisLine =~ /$Ignore_messages/i)
|
|
Packit Bot |
ea69bd |
) { # ignore the above strings
|
|
Packit Bot |
ea69bd |
} elsif ( my ($from,$on) = ( $ThisLine =~ /^Warning: possible SYN flood from ([^ ]+) on ([^ ]+):.+ Sending cookies/ ) ) {
|
|
Packit Bot |
ea69bd |
my $Fullfrom = LookupIP($from);
|
|
Packit Bot |
ea69bd |
my $Fullon = LookupIP($on);
|
|
Packit Bot |
ea69bd |
$SYNflood{$Fullon}{$Fullfrom}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /continuing in degraded mode/) {
|
|
Packit Bot |
ea69bd |
$RAIDErrors{$ThisLine}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /([^(]*)\[\d+\]: segfault at/) {
|
|
Packit Bot |
ea69bd |
$SegFaults{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /([^(]*)\[\d+\] general protection/) {
|
|
Packit Bot |
ea69bd |
$GPFaults{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /([^(]*)\[\d+\] trap int3 /) {
|
|
Packit Bot |
ea69bd |
$TrapInt3s{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /([^(]*)\(\d+\): unaligned access to/) {
|
|
Packit Bot |
ea69bd |
$UnalignedErrors{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /([^(]*)\(\d+\): floating-point assist fault at ip/) {
|
|
Packit Bot |
ea69bd |
$FPAssists{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /Out of memory: Killed process \d+ \((.*)\)/) {
|
|
Packit Bot |
ea69bd |
$OOM{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /(\S+) invoked oom-killer/) {
|
|
Packit Bot |
ea69bd |
$OOM{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /(EDAC (MC|PCI)\d:.*)/) {
|
|
Packit Bot |
ea69bd |
# Standard boot messages
|
|
Packit Bot |
ea69bd |
next if $ThisLine =~ /Giving out device to /;
|
|
Packit Bot |
ea69bd |
$EDACs{$1}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /(block drbd\d+): Online verify found (\d+) \d+k block out of sync/) {
|
|
Packit Bot |
ea69bd |
$DRBDErrors{$1}{"$2 block(s) out of sync"} = 1;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /(block drbd\d+): \[.*\] sock_sendmsg time expired/) {
|
|
Packit Bot |
ea69bd |
$DRBDErrors{$1}{"sock_sendmsg time expired"}++;
|
|
Packit Bot |
ea69bd |
} elsif ($ThisLine =~ /(block drbd\d+): Began resync as (SyncSource|SyncTarget)/) {
|
|
Packit Bot |
ea69bd |
$DRBDErrors{$1}{"Began resync as $2"}++;
|
|
Packit Bot |
ea69bd |
} elsif ( ( my $errormsg ) = ( $ThisLine =~ /(.*?error.{0,17})/i ) ) {
|
|
Packit Bot |
ea69bd |
# filter out smb open/read errors cased by insufficient permissions
|
|
Packit Bot |
ea69bd |
my $SkipError = 0;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/;
|
|
Packit Bot |
ea69bd |
# filter out error_exit in stack traces caused by OOM conditions
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /\[<[\da-f]+>\] error_exit\+0x/;
|
|
Packit Bot |
ea69bd |
# These are informative, not errors
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /ACPI _OSC request failed \(AE_ERROR\), returned control mask: 0x1d/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /ERST: Error Record Serialization Table \(ERST\) support is initialized/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /GHES: Generic hardware error source: \d+ notified via .* is not supported/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/;
|
|
Packit Bot |
ea69bd |
# These happen when kerberos tickets expire, which can be normal
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
|
|
Packit Bot |
ea69bd |
# filter out mount options
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /errors=(?:continue|remount-ro|panic)/;
|
|
Packit Bot |
ea69bd |
$Errors{$errormsg}++ if ( (! $SkipError) || ($Detail > 8));
|
|
Packit Bot |
ea69bd |
} elsif ( ( my $errormsg ) = ( $ThisLine =~ /((BUG|WARNING|INFO):.{0,40})/ ) ) {
|
|
Packit Bot |
ea69bd |
$Errors{$errormsg}++;
|
|
Packit Bot |
ea69bd |
# OTHER
|
|
Packit Bot |
ea69bd |
} else {
|
|
Packit Bot |
ea69bd |
# XXX For now, going to ignore all other kernel messages as there
|
|
Packit Bot |
ea69bd |
# XXX are practically an infinite number and most of them are obviously
|
|
Packit Bot |
ea69bd |
# XXX not parsed here at this time.
|
|
Packit Bot |
ea69bd |
# filter out smb open/read errors cased by insufficient permissions
|
|
Packit Bot |
ea69bd |
my $SkipError = 0;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_readpage_sync: .*open failed, error=-13/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /block drbd\d+: Out of sync: start=\d+/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /block drbd\d+: updated( sync)? UUIDs?/i;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /block drbd\d+: Resync done/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /block drbd\d+: cs:(?:Ahead|Behind) rs_left/;
|
|
Packit Bot |
ea69bd |
$SkipError = 1 if $ThisLine =~ /block drbd\d+: \d+ % had equal checksums, eliminated:/;
|
|
Packit Bot |
ea69bd |
$Kernel{$ThisLine}++ if ( (! $SkipError) || ($Detail > 8)) ;
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %SYNflood) {
|
|
Packit Bot |
ea69bd |
print "\nWarning: SYN flood on:\n";
|
|
Packit Bot |
ea69bd |
foreach my $ThisOne (sort {$a cmp $b} keys %SYNflood) {
|
|
Packit Bot |
ea69bd |
print " " . $ThisOne . " from:\n";
|
|
Packit Bot |
ea69bd |
foreach my $Next (sort {$a cmp $b} keys %{$SYNflood{$ThisOne}}) {
|
|
Packit Bot |
ea69bd |
print " " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %RAIDErrors) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: RAID Errors Present\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %RAIDErrors ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone ...: $RAIDErrors{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %DRBDErrors) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: DRBD Errors Present\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %DRBDErrors ) {
|
|
Packit Bot |
ea69bd |
foreach my $Msg (sort {$a cmp $b} keys %{$DRBDErrors{$Thisone}}) {
|
|
Packit Bot |
ea69bd |
print " $Thisone: $Msg";
|
|
Packit Bot |
ea69bd |
print " : $DRBDErrors{$Thisone}{$Msg} Time(s)" if $DRBDErrors{$Thisone}{$Msg} > 1;
|
|
Packit Bot |
ea69bd |
print "\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %SegFaults) {
|
|
Packit Bot |
ea69bd |
my $header_printed=0;
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %SegFaults ) {
|
|
Packit Bot |
ea69bd |
if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
|
|
Packit Bot |
ea69bd |
if (!$header_printed) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Segmentation Faults in these executables\n";
|
|
Packit Bot |
ea69bd |
$header_printed=1;
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
print " $Thisone : $SegFaults{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %GPFaults) {
|
|
Packit Bot |
ea69bd |
my $header_printed=0;
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %GPFaults ) {
|
|
Packit Bot |
ea69bd |
if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
|
|
Packit Bot |
ea69bd |
if (!$header_printed) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: General Protection Faults in these executables\n";
|
|
Packit Bot |
ea69bd |
$header_printed=1;
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
print " $Thisone : $GPFaults{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %TrapInt3s) {
|
|
Packit Bot |
ea69bd |
my $header_printed=0;
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %TrapInt3s ) {
|
|
Packit Bot |
ea69bd |
if ($Ignore_faults =~ /\b\Q$Thisone\E\b/i) { next; }
|
|
Packit Bot |
ea69bd |
if (!$header_printed) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Trap int3 in these executables\n";
|
|
Packit Bot |
ea69bd |
$header_printed=1;
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
print " $Thisone : $TrapInt3s{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %UnalignedErrors) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Unaligned Errors in these executables\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %UnalignedErrors ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone : $UnalignedErrors{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %FPAssists) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Floating-Point Assists in these executables\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %FPAssists ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone : $FPAssists{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %OOM) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Out of memory killer killed these executables\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %OOM ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone : $OOM{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %Errors) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Kernel Errors Present\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %Errors ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone ...: $Errors{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
if (keys %EDACs) {
|
|
Packit Bot |
ea69bd |
print "\nWARNING: Kernel EDAC Messages\n";
|
|
Packit Bot |
ea69bd |
foreach my $Thisone ( sort {$a cmp $b} keys %EDACs ) {
|
|
Packit Bot |
ea69bd |
print " $Thisone ...: $EDACs{$Thisone} Time(s)\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
# OTHER
|
|
Packit Bot |
ea69bd |
if ( ($Detail >= 5) and (keys %Kernel) ) {
|
|
Packit Bot |
ea69bd |
print "\n";
|
|
Packit Bot |
ea69bd |
foreach my $ThisOne (sort {$a cmp $b} keys %Kernel) {
|
|
Packit Bot |
ea69bd |
print $Kernel{$ThisOne} . " Time(s): " . $ThisOne . "\n";
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
}
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
exit(0);
|
|
Packit Bot |
ea69bd |
|
|
Packit Bot |
ea69bd |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit Bot |
ea69bd |
# Local Variables:
|
|
Packit Bot |
ea69bd |
# mode: perl
|
|
Packit Bot |
ea69bd |
# perl-indent-level: 3
|
|
Packit Bot |
ea69bd |
# indent-tabs-mode: nil
|
|
Packit Bot |
ea69bd |
# End:
|