#############################################################################
# $Id$
#############################################################################
# $Log: dnssec,v $
# Revision 1.1 2005/10/19 05:57:40 bjorn
# dnssec and resolver scripts, written by Lindy Foster
#
#############################################################################
#Copyright (c) 2004, Sparta, Inc
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are met:
#
#* Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
#* Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
#* Neither the name of Sparta, Inc nor the names of its contributors may
# be used to endorse or promote products derived from this software
# without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
#IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
#THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
#PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
#CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
#EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#############################################################################
#############################################################################
# These scripts were created as part of the dnssec-tools project.
# For more information, see http://sourceforge.net/dnssec-tools.
# Detailed instructions for setting up BIND 9.3.* to use these logwatch
# configuration files and scripts are containted in the README file
# on sourceforge.
#############################################################################
use strict;
my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $valFail;
my $valOK;
my $attPosRespVal;
my $attNegRespVal;
my $attInsecurityProof;
my $insecurityProofFail;
my $rdataFail;
my $rdataSuccess;
my $markingAsSecure;
my $nonExtProof;
my $noValidSig;
while (defined(my $ThisLine = <STDIN>)) {
if ($ThisLine =~ /validation failed/) {
$valFail++;
} elsif ($ThisLine =~ /validation OK/) {
$valOK++;
} elsif ($ThisLine =~ /attempting positive response validation/) {
$attPosRespVal++;
} elsif ($ThisLine =~ /attempting negative response validation/) {
$attNegRespVal++;
} elsif ($ThisLine =~ /attempting insecurity proof/) {
$attInsecurityProof++;
} elsif ($ThisLine =~ /insecurity proof failed/) {
$insecurityProofFail++;
} elsif ($ThisLine =~ /verify rdataset: RRSIG failed to verify/) {
$rdataFail++;
} elsif ($ThisLine =~ /verify rdataset: success/) {
$rdataSuccess++;
} elsif ($ThisLine =~ /marking as/) {
$markingAsSecure++;
} elsif ($ThisLine =~ /nonexistence proof found/) {
$nonExtProof++;
} elsif ($ThisLine =~ /no valid signature found/) {
$noValidSig++;
}
}
if ($noValidSig > 0) {
print "No Valid Signature received " . $noValidSig . " time(s)\n";
}
my %msgHash = ();
if ($detail >= 5) {
print "\nDetail >= 5 log messages:\n";
if ($markingAsSecure > 0) {
$msgHash{"Marking as secure"} = $markingAsSecure;
}
if ($rdataSuccess > 0) {
$msgHash{"Verified rdataset succeeded"} = $rdataSuccess;
}
if ($rdataFail > 0) {
$msgHash{"Verified rdataset failed"} = $rdataFail;
}
if ($insecurityProofFail > 0) {
$msgHash{"Insecurity proof failed"} = $insecurityProofFail;
}
if ($attInsecurityProof > 0) {
$msgHash{"Insecurity proof attempted"} = $attInsecurityProof;
}
if ($valFail > 0) {
$msgHash{"Validation failed"} = $valFail;
}
if ($valOK > 0) {
$msgHash{"Validation OK"} = $valOK;
}
if ($attPosRespVal > 0) {
$msgHash{"Attempted positive response validation"} = $attPosRespVal;
}
if ($attNegRespVal > 0) {
$msgHash{"Attempted negative response validation"} = $attNegRespVal;
}
if ($nonExtProof > 0) {
$msgHash{"Nonexistence proof found"} = $nonExtProof;
}
# sort all the non-zero message types and print them in descending order
# of number of occurrences
my $key;
foreach $key (sort { $msgHash{$b} <=> $msgHash{$a} } keys %msgHash) {
print " " . $key . " " . $msgHash{$key} . " time(s)\n";
}
}
exit (0);
# vi: shiftwidth=3 tabstop=3 et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End: