diff --git a/logwatch.8 b/logwatch.8 index 6e9e378..47f1010 100644 --- a/logwatch.8 +++ b/logwatch.8 @@ -35,7 +35,7 @@ logwatch \- system log analyzer and reporter .I report format .B ] [--encode .I encoding to use -.B ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage] +.B ] [--numeric] [--version] [--help|--usage] .SH DESCRIPTION .B Logwatch is a customizable, pluggable log-monitoring system. It will go @@ -111,9 +111,6 @@ then only logs from this hostname will be processed (where appropriate). Number of characters that html output should be wrapped to. Default is 80. .IP "\fB--numeric\fR" Inhibits additional name lookups, displaying IP addresses numerically. -.IP "\fB--no-oldfiles-log\fR" -Suppress the logwatch log, which informs about the -old files in logwatch tmpdir. .IP "\fB--usage\fR" Displays usage information .IP "\fB--help\fR" diff --git a/scripts/logwatch.pl b/scripts/logwatch.pl index 790abcf..6fcb5cb 100755 --- a/scripts/logwatch.pl +++ b/scripts/logwatch.pl @@ -187,7 +187,6 @@ my @TempLogFileList = (); my @TempServiceList = (); my $Help = 0; my $ShowVersion = 0; -my $NoOldfilesLog = 0; my ($tmp_mailto, $tmp_savefile); &GetOptions ("d|detail=s" => \$Config{'detail'}, @@ -210,7 +209,6 @@ my ($tmp_mailto, $tmp_savefile); "hostformat=s" => \$Config{'hostformat'}, "hostlimit=s" => \$Config{'hostlimit'}, "html_wrap=s" => \$Config{'html_wrap'}, - "no-oldfiles-log" => \$NoOldfilesLog, "subject=s" => \$Config{'subject'} ) or &Usage(); @@ -634,7 +632,7 @@ if ($Config{'debug'} > 7) { opendir(TMPDIR, $Config{'tmpdir'}) or die "$Config{'tmpdir'} $!"; my @old_dirs = grep { /^logwatch\.\w{8}$/ && -d "$Config{'tmpdir'}/$_" } readdir(TMPDIR); -if ((@old_dirs) && ($NoOldfilesLog==0)) { +if (@old_dirs) { print "You have old files in your logwatch tmpdir ($Config{'tmpdir'}):\n\t"; print join("\n\t", @old_dirs); print "\nThe directories listed above were most likely created by a\n"; @@ -807,16 +805,11 @@ foreach $LogFile (@LogFileList) { my $FilterText = " "; foreach (sort keys %{$LogFileData{$LogFile}}) { my $cmd = $_; - if ($cmd =~ s/^\d+-\*//) { if (-f "$ConfigDir/scripts/shared/$cmd") { $FilterText .= ("| $PerlVersion $ConfigDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); } elsif (-f "$BaseDir/scripts/shared/$cmd") { - if ($LogFile =~ /^vsftpd$/ ) { - $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/applyvsftpddate '$LogFileData{$LogFile}{$_}'" ); - } else { - $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); - } + $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); } else { die "Cannot find shared script $cmd\n"; } @@ -1087,7 +1080,7 @@ sub ReadConfigFile { sub Usage () { # Show usage for this program print "\nUsage: $0 [--detail ] [--logfile ] [--output ]\n" . - " [--format ] [--encode ] [--numeric] [--no-oldfiles-log]\n" . + " [--format ] [--encode ] [--numeric]\n" . " [--mailto ] [--archives] [--range ] [--debug ]\n" . " [--filename ] [--help|--usage] [--version] [--service ]\n" . " [--hostformat ] [--hostlimit ] [--html_wrap ]\n\n"; @@ -1098,8 +1091,6 @@ sub Usage () { print "--output : Report Output - stdout [default], mail, file.\n"; #8.0 print "--format : Report Format - text [default], html.\n"; #8.0 print "--encode : Enconding to use - none [default], base64.\n"; #8.0 - print "--no-oldfiles-log: Suppress the logwatch log, which informs about the\n"; - print " old files in logwatch tmpdir.\n"; print "--mailto : Mail report to .\n"; print "--archives: Use archived log files too.\n"; print "--filename : Used to specify they filename to save to. --filename [Forces output to file].\n"; diff --git a/scripts/services/postfix b/scripts/services/postfix index b9b82a5..aabf440 100755 --- a/scripts/services/postfix +++ b/scripts/services/postfix @@ -1355,7 +1355,7 @@ sub print_summary_report (\@) { my ($numfmt, $desc, $divisor) = ($sref->{FMT}, $sref->{TITLE}, $sref->{DIVISOR}); my $fmt = '%8'; - my $extra = ' %9s'; + my $extra = ' %25s'; my $total = $Totals{$keyname}; # Z format provides unitized or unaltered totals, as appropriate @@ -1378,7 +1378,7 @@ sub print_summary_report (\@) { } else { push @{$lines[$cur_level]}, - sprintf "$fmt %-39s $extra\n", $total, $desc, commify ($Totals{$keyname}); + sprintf "$fmt %-23s $extra\n", $total, $desc, commify ($Totals{$keyname}); } } } diff --git a/scripts/services/secure b/scripts/services/secure index b64d882..31f7ba6 100755 --- a/scripts/services/secure +++ b/scripts/services/secure @@ -844,13 +844,8 @@ if (keys %Executed_app) { print "\nUserhelper executed applications:\n"; foreach (keys %Executed_app) { ($longapp,$asuser,$user) = split ","; - $longapp_orig = $longapp; - $i = index($longapp, " "); - if ($i > 0) { - $longapp = substr($longapp, 0, $i); - } $app = substr($longapp,rindex($longapp,"/")+1); - print " $user -> $app as $asuser: ".$Executed_app{"$longapp_orig,$asuser,$user"}." Time(s)\n"; + print " $user -> $app as $asuser: ".$Executed_app{"$longapp,$asuser,$user"}." Time(s)\n"; } } diff --git a/scripts/services/sshd b/scripts/services/sshd index a204263..e238863 100755 --- a/scripts/services/sshd +++ b/scripts/services/sshd @@ -297,9 +297,7 @@ while (defined(my $ThisLine = )) { ($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or ($ThisLine =~ /Found matching \w+ key:/ ) or ($ThisLine =~ /User child is on pid \d/ ) or - ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or - ($ThisLine =~ /Exiting on signal .*$/) or - ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/) + ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) ) { # Ignore these } elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) { @@ -389,9 +387,7 @@ while (defined(my $ThisLine = )) { $RefusedConnections{$1}++; } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) { $RefusedAuthentication{$Reason}++; - # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user - # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user - } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) { + } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) { # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;} } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) { diff --git a/scripts/services/syslog-ng b/scripts/services/syslog-ng old mode 100644 new mode 100755 index d78c835..dcd1692 --- a/scripts/services/syslog-ng +++ b/scripts/services/syslog-ng @@ -1,5 +1,5 @@ ########################################################################### -# $Id: syslog-ng 280 2014-12-24 15:29:13Z stefjakobs $ +# $Id$ ########################################################################### ########################################################################### @@ -168,7 +168,7 @@ while (defined($ThisLine = )) { $Stats_dest{$processed[$i+1]} = $Stats_dest{$processed[$i+1]} + $processed[$i+2]; } elsif ($processed[$i] eq "source" || $processed[$i] eq "src.internal" || - $processed[$i] eq 'src.none' || $processed[$i] eq 'src.journald') { + $processed[$i] eq 'src.none' ) { $Stats_source{$processed[$i+1]} = $Stats_source{$processed[$i+1]} + $processed[$i+2]; } elsif ($processed[$i] eq "global") { @@ -366,8 +366,7 @@ if (keys %Stats_center || keys %Stats_dest || keys %Stats_source || $lost_rcvd = 0 - $Stats_center{received}; map { # skip 'src#X' as this seams to be aggregated into 'src' - # skip 'journal' as this is not counted. - $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /(?:src#\d+|journal)/); + $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /src#\d+/); } keys %Stats_source; } if ($Stats_center{queued} && %Stats_dest) { diff --git a/scripts/shared/applyvsftpddate b/scripts/shared/applyvsftpddate deleted file mode 100644 index 0046d0e..0000000 --- a/scripts/shared/applyvsftpddate +++ /dev/null @@ -1,34 +0,0 @@ -########################################################################## -# $Id: applystddate,v 1.18 2005/10/22 00:19:56 bjorn Exp $ -########################################################################## - -######################################################## -# This was written and is maintained by: -# Kirk Bauer -# -# Please send all comments, suggestions, bug reports, -# etc, to logwatch-devel@logwatch.org -######################################################## - -use Logwatch ':dates'; - -my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; - -$SearchDate = TimeFilter('%b %e %H:%M:%S 20%y'); - -# The date might be "Dec 09", but it needs to be "Dec 9"... -#$SearchDate =~ s/ 0/ /; -# The format of Fri Nov 29 20:59:09 2005 - -if ( $Debug > 5 ) { - print STDERR "DEBUG: Inside ApplyStdDate...\n"; - print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; -} - -while (defined($ThisLine = )) { - if ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate/o) { - print "$ThisLine"; - } -} - -# vi: shiftwidth=3 syntax=perl tabstop=3 et diff --git a/scripts/shared/journalctl b/scripts/shared/journalctl deleted file mode 100755 index 1627fd4..0000000 --- a/scripts/shared/journalctl +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/perl -# -# The purpose of this script is to pass the output of the journalctl -# command to the logwatch parsers. The corresponding conf/logfile -# can be simple. The following example shows a logfile with two lines: -# LogFile = /dev/null -# *JournalCtl = "--output=cat --unit=service_name.service" -# -# In the example above, the arguments to the JournalCtl command are -# passed to the journalctl system command. It is advised to delimit -# the arguments in double quotes to preserve mixed case, if -# applicable. - -use strict; -use warnings; - -eval "use Date::Manip"; -my $hasDM = $@ ? 0 : 1; - -# logwatch passes arguments as one string delimited by single quotes -my @args = split(" ", $ARGV[0]); -my @range = get_range( $ENV{LOGWATCH_DATE_RANGE} ); - -my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; - -if ($Debug > 5) { - warn join " ", 'journalctl', @args, @range, "\n"; -} - -system( 'journalctl', @args, @range ); - -sub get_range { - my $range = lc( shift || 'all' ); - my @range; - - if ( !$range || $range eq 'all' ) { - @range = (); - } elsif ( $range eq 'yesterday' ) { - push @range, '--since', 'yesterday', '--until', 'today'; - } elsif ( $range eq 'today' ) { - push @range, '--since', 'today', '--until', 'tomorrow'; - } elsif ($hasDM) { - - # Strip off any period - $range =~ - s/for\s+(?:those|that|this)\s+((year|month|day|hour|minute|second)s?)\s*$//; - - # Look for between x and y - my ( $range1, $range2 ) = - ( $range =~ /^between\s+(.*)\s+and\s+(.*)\s*$/ ); - - # Look for since x - if ( $range =~ /^\s*since\s+/ ) { - ($range1) = ( $range =~ /\s*since\s+(.*)/ ); - $range2 = "now"; - } - - # Now convert to journalctl friendly dates - if ( $range1 && $range2 ) { - - # Parse dates - my $date1 = ParseDate($range1); - my $date2 = ParseDate($range2); - - # Switch if date2 is before date1 - if ( $date1 && $date2 and Date_Cmp( $date1, $date2 ) > 0 ) { - my $switch_date = $date1; - $date1 = $date2; - $date2 = $switch_date; - } - - # If we ask for 1/1 to 1/2, we mean 1/2 inclusive. DM returns - # 1/2 00:00:00. So we add 1 day to the end time. - $date2 = DateCalc( $date2, '1 day' ); - - my $fmt = "%Y-%m-%d %H:%M:%S"; - push @range, '--since', UnixDate( $date1, $fmt ), '--until', - UnixDate( $date2, $fmt ); - } - } - - return @range; -}