|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
# This was written and is maintained by:
|
|
Packit |
57988d |
# Laurent DUFOUR <laurent.dufour@havas.com>,<dufour_l@hotmail.com>
|
|
Packit |
57988d |
# based on the work of
|
|
Packit |
57988d |
# Kirk Bauer <kirk@kaybee.org>
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Please send all comments, suggestions, bug reports,
|
|
Packit |
57988d |
# etc, to laurent.dufour@havas.com
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#####################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Laurent DUFOUR
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':all';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0);
|
|
Packit |
57988d |
$Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Avoid "Use of uninitialized value" warning messages.
|
|
Packit |
57988d |
sub ValueOrDefault {
|
|
Packit |
57988d |
my ($value, $default) = @_;
|
|
Packit |
57988d |
return ($value ? $value : $default);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "\n\nDEBUG: Inside NETSCREEN Filter \n\n";
|
|
Packit |
57988d |
$DebugCounter = 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my ($month,$day,$time,$host_ip,$host,$conn,$msg,$message);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
if ( $Debug >= 30 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG($DebugCounter): $ThisLine";
|
|
Packit |
57988d |
$DebugCounter++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
($month,$day,$time,$host_ip,$host,$msg)=split(/ +/,$ThisLine,7);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($ThisLine =~ /traffic/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Copyright/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /removed due to simultaneous rekey/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Responded to the first peer message/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /NBR change/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /accept udp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /accept tcp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /accept icmp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /accept ip/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /denied udp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /denied tcp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /denied icmp/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /denied ip/ )
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
# don't care about this, will code this later
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($interface) = ($ThisLine =~ /vpn "(.*)" is up./) ) {
|
|
Packit |
57988d |
$VPNUp{$host}{$interface}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($interface) = ($ThisLine =~ /vpn "(.*)" is down./) ) {
|
|
Packit |
57988d |
$VPNDown{$host}{$interface}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($src_ip,$dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> >> <(.+)> Phase 1: Initiated negotiations in aggressive mode. (.*)/) ) {
|
|
Packit |
57988d |
$InitAggMode{$host}{$src_ip," ",$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($src_ip,$dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> >> <(.+)> Phase 1: Initiated negotiations in main mode. (.*)/) ) {
|
|
Packit |
57988d |
$InitMainMode{$host}{$src_ip," ",$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 2: Initiated negotiation. (.*)/) ) {
|
|
Packit |
57988d |
$InitPh2{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 1: Completed Main mode negotiations (.*)/) ) {
|
|
Packit |
57988d |
$Ph1CompleteMainMode{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 1: Aborted negotiations because the time limit has elapsed. (.*)/) ) {
|
|
Packit |
57988d |
$Ph1Aborted{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 1: Completed Aggressive mode negotiations (.*)/) ) {
|
|
Packit |
57988d |
$Ph1CompleteAggMode{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Heartbeats have been disabled because the peer is not sending them. (.*)/) ) {
|
|
Packit |
57988d |
$HeartBeatDisabled{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Heartbeats have been lost (.*)/) ) {
|
|
Packit |
57988d |
$HeartBeatLost{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Received notify message for DOI (.*)/) ) {
|
|
Packit |
57988d |
$ReceiveDOI{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Missing heartbeats have exceeded the threshold. (.*)/) ) {
|
|
Packit |
57988d |
$HeartBeatMissing{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)>: Received a bad SPI (.*)/) ) {
|
|
Packit |
57988d |
$BadSPI{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 1: Responder starts AGGRESSIVE mode negotiations. (.*)/) ) {
|
|
Packit |
57988d |
$Ph1DstStartAggMode{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 1: Responder starts MAIN mode negotiations. (.*)/) ) {
|
|
Packit |
57988d |
$Ph1DstStartMainMode{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Added Phase 2 session tasks to the task list. (.*)/) ) {
|
|
Packit |
57988d |
$Ph2NegoAdded{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 2 negotiation request is already in the task list. (.*)/) ) {
|
|
Packit |
57988d |
$Ph2NegoAlready{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /System Config saved from host (\d+\.\d+\.\d+\.\d+) (.*)/) ) {
|
|
Packit |
57988d |
$SysCfgSaved{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /The system configuration was saved from host (.+) by (.*)/) ) {
|
|
Packit |
57988d |
$SysCfgSaved{$host}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /IKE<(.+)> Phase 2: Received a message but did not check a policy because id-mode is set to IP or policy-checking is disabled. (.*)/) ) {
|
|
Packit |
57988d |
$Ph2RcvMsg{$host}{$dst_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Compiled/) ) {
|
|
Packit |
57988d |
$Started{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Phase 1: Retransmission limit has been reached./) ) {
|
|
Packit |
57988d |
$RetransmissionReached{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Completed negotiations with SPI/) ) {
|
|
Packit |
57988d |
$NegoCompleted{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /DNS entries have been automatically refreshed./) ) {
|
|
Packit |
57988d |
$DNSRefreshed{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /DNS has been refreshed./) ) {
|
|
Packit |
57988d |
$DNSRefreshed{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Syslog host domain name has been changed/) ) {
|
|
Packit |
57988d |
$SyslogHost{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Syslog facility has been changed/) ) {
|
|
Packit |
57988d |
$SyslogFacility{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Syslog security facility has been changed/) ) {
|
|
Packit |
57988d |
$SyslogFacility{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /The system clock has been updated through NTP./) ) {
|
|
Packit |
57988d |
$NTPUpdated{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /failed to get clock through NTP/) ) {
|
|
Packit |
57988d |
$NTPFailed{$host}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /A DHCP- assigned IP address (.*)/) ) {
|
|
Packit |
57988d |
$DHCPAssigned{$host}{"A DHCP- assigned IP address"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /One or more DHCP-assigned IP addresses have been manually released. (.*)/) ) {
|
|
Packit |
57988d |
$DHCPReleased{$host}{"One or more DHCP-assigned IP addresses have been manually released."}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /RELOAD: (.*)/) ) {
|
|
Packit |
57988d |
$ReloadRequested{$host}{$message}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /RESTART: (.*)/) ) {
|
|
Packit |
57988d |
$Restarted{$host}{$message}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($interface) = ($ThisLine =~ /Admin User "(\S+)" logged in for Web\((\S+)\) management \(port (\d+)\) from (.+):(.+). (.*)/) ) {
|
|
Packit |
57988d |
if ($Debug >= 5) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -$1 logged in from $4 using $2\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ($Detail >= 20) {
|
|
Packit |
57988d |
$Users{$host}{$2}{$4}{$1}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$Users{$host}{$2}{$4}{"(all)"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/Admin user (\S+) login attempt for (\S+) management \(port (\d+)\) from (.+):(.+). failed. (.*)/ ) {
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -Failed login- line\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
my $name = LookupIP($4);
|
|
Packit |
57988d |
$BadLogins{$host}{"$1/$2 from $name"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
|
|
Packit |
57988d |
my $name = LookupIP($2);
|
|
Packit |
57988d |
$Temp = "SSH from $name";
|
|
Packit |
57988d |
$BadLogins{$host}{$Temp}++;
|
|
Packit |
57988d |
$IllegalUsers{$host}{$Temp}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
# Report any unmatched entries...
|
|
Packit |
57988d |
push @OtherList,$ThisLine;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Started) {
|
|
Packit |
57988d |
print "\nDevice started :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Started) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Started{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t Started" .$ThatOne . "\t: " . $Started{$ThisOne}{$ThatOne} . "{ Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %RetransmissionReached) {
|
|
Packit |
57988d |
print "\nDevice where retransmission limit has been reached:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %RetransmissionReached) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$RetransmissionReached{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $RetransmissionReached{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 15 ) and (keys %NegoCompleted) ) {
|
|
Packit |
57988d |
print "\nDevice wich completed negotiations with SPI:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NegoCompleted) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$NegoCompleted{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $NegoCompleted{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %NTPUpdated) {
|
|
Packit |
57988d |
print "\nDevice where The system clock has been updated through NTP :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NTPUpdated) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$NTPUpdated{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $NTPUpdated{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %NTPFailed) {
|
|
Packit |
57988d |
print "\nDevice where failed to get clock through NTP :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NTPFailed) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$NTPFailed{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $NTPFailed{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print "\nDevice where DNS have been refreshed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$DNSRefreshed{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $DNSRefreshed{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print "\nDevice where DNS have been refreshed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$DNSRefreshed{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $DNSRefreshed{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 15 ) and (keys %DHCPAssigned) ) {
|
|
Packit |
57988d |
print "\nDevice where DHCP have been assigned :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DHCPAssigned) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$DHCPAssigned{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $DHCPAssigned{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 15 ) and (keys %DHCPReleased) ) {
|
|
Packit |
57988d |
print "\nDevice where DHCP have been released :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DHCPReleased) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$DHCPReleased{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $DHCPReleased{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SyslogFacility) {
|
|
Packit |
57988d |
print "\nDevice where Syslog facility has been changed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SyslogFacility) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SyslogFacility{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SyslogFacility{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SyslogHost) {
|
|
Packit |
57988d |
print "\nDevice where Syslog host has been changed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SyslogHost) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SyslogHost{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SyslogHost{$ThisOne}{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Restarted) {
|
|
Packit |
57988d |
print "\nDevice restarted :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Restarted) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Restarted{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Restarted{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ReloadRequested) {
|
|
Packit |
57988d |
print "\nDevice reload requested :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ReloadRequested) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ReloadRequested{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ReloadRequested{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %HeartBeatDisabled) {
|
|
Packit |
57988d |
print "\nDevice where heartbeat have been disabled because of peer :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %HeartBeatDisabled) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$HeartBeatDisabled{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $HeartBeatDisabled{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %HeartBeatLost) {
|
|
Packit |
57988d |
print "\nDevice where heartbeat have been lost :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %HeartBeatLost) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$HeartBeatLost{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $HeartBeatLost{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %HeartBeatMissing) {
|
|
Packit |
57988d |
print "\nDevice where missing heartbeats have exceeded the threshold. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %HeartBeatMissing) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$HeartBeatMissing{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $HeartBeatMissing{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %BadSPI) {
|
|
Packit |
57988d |
print "\nDevice receiving a bad SPI :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %BadSPI) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$BadSPI{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $BadSPI{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ReceivedDOI) {
|
|
Packit |
57988d |
print "\nDevice where notify message for DOI hed been received :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ReceivedDOI) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ReceivedDOI{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ReceivedDOI{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %VPNUp) {
|
|
Packit |
57988d |
print "\nVPN Up on :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %VPNUp) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$VPNUp{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $VPNUp{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %VPNDown) {
|
|
Packit |
57988d |
print "\nVPN Down on :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %VPNDown) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$VPNDown{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $VPNDown{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($Detail >= 15) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %InitAggMode) {
|
|
Packit |
57988d |
print "\nDevice initiating phase 1 aggresive mode:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %InitAggMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$InitAggMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $InitAggMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %InitMainMode) {
|
|
Packit |
57988d |
print "\nDevice initiating phase 1 main mode:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %InitMainMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$InitMainMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $InitMainMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph1DstStartAggMode) {
|
|
Packit |
57988d |
print "\nDevice with Phase 1: Responder starts AGGRESSIVE mode negotiations. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph1DstStartAggMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph1DstStartAggMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph1DstStartAggMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph1DstStartMainMode) {
|
|
Packit |
57988d |
print "\nDevice with Phase 1: Responder starts MAIN mode negotiations. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph1DstStartMainMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph1DstStartMainMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph1DstStartMainMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph1CompleteAggMode) {
|
|
Packit |
57988d |
print "\nDevice with Phase 1: Completed Aggressive mode negotiations :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph1CompleteAggMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph1CompleteAggMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph1CompleteAggMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph1CompleteMainMode) {
|
|
Packit |
57988d |
print "\nDevice with Phase 1: Completed Main mode negotiations :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph1CompleteMainMode) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph1CompleteMainMode{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph1CompleteMainMode{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph1Aborted) {
|
|
Packit |
57988d |
print "\nDevice with Phase 1: Aborted negotiations because the time limit has elapsed. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph1Aborted) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph1Aborted{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph1Aborted{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %InitPh2) {
|
|
Packit |
57988d |
print "\nDevice initiating phase 2 :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %InitPh2) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$InitPh2{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $InitPh2{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph2NegoAdded) {
|
|
Packit |
57988d |
print "\nDevice with Added Phase 2 session tasks to the task list. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph2NegoAdded) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph2NegoAdded{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph2NegoAdded{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph2NegoAlready) {
|
|
Packit |
57988d |
print "\nDevice with Phase 2 negotiation request is already in the task list. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph2NegoAlready) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph2NegoAlready{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph2NegoAlready{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Ph2RcvMsg) {
|
|
Packit |
57988d |
print "\nDevice with Phase 2: Received a message but did not check a policy because id-mode is set to IP or policy-checking is disabled. :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Ph2RcvMsg) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Ph2RcvMsg{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Ph2RcvMsg{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SysCfgSaved) {
|
|
Packit |
57988d |
print "\nDevice where system config have been saved :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SysCfgSaved) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SysCfgSaved{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SysCfgSaved{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %BadLogins) {
|
|
Packit |
57988d |
print "\nFailed logins from these:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %BadLogins) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$BadLogins{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $BadLogins{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %IllegalUsers) {
|
|
Packit |
57988d |
print "\nIllegal users from these:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %IllegalUsers) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$IllegalUsers{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Users) {
|
|
Packit |
57988d |
print "\nUsers logging in through :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Users) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach $user (sort {$a cmp $b} keys %{$Users{$ThisOne}}) {
|
|
Packit |
57988d |
print " $user:\n";
|
|
Packit |
57988d |
my $totalSort = TotalCountOrder(%{$Users{$ThisOne}{$user}}, \&SortIP);
|
|
Packit |
57988d |
foreach my $ip (sort $totalSort keys %{$Users{$ThisOne}{$user}}) {
|
|
Packit |
57988d |
my $name = LookupIP($ip);
|
|
Packit |
57988d |
if ($Detail >= 20) {
|
|
Packit |
57988d |
print " $name:\n";
|
|
Packit |
57988d |
my $sort = CountOrder(%{$Users{$ThisOne}{$user}{$ip}});
|
|
Packit |
57988d |
foreach my $method (sort $sort keys %{$Users{$ThisOne}{$user}{$ip}}) {
|
|
Packit |
57988d |
my $val = $Users{$ThisOne}{$user}{$ip}{$method};
|
|
Packit |
57988d |
my $plural = ($val > 1) ? "s" : "";
|
|
Packit |
57988d |
print " $method: $val time$plural\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
my $val = (values %{$Users{$ThisOne}{$user}{$ip}})[0];
|
|
Packit |
57988d |
my $plural = ($val > 1) ? "s" : "";
|
|
Packit |
57988d |
print " $name: $val time$plural\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($#OtherList >= 0) {
|
|
Packit |
57988d |
print "\n**Unmatched Entries**\n";
|
|
Packit |
57988d |
print @OtherList;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|