#!/usr/bin/perl -w
#
# $Id$
#
# Logwatch service for http error logs
# To be placed in 
#	/etc/logwatch/scripts/http-error
#
# Processes all messages and summarizes them
# Each message is given with a timestamp and RMS
#
########################################################
##(C) 2006 by Jeremias Reith <jr@terragate.net>
## Modified 2009 by Michael Baierl
## Covered under the included MIT/X-Consortium License:
##    http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms.  If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions.  If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
######################################################### 

use strict;
use Logwatch ':dates';
use Time::Local;
use POSIX qw(strftime);

my $date_format = '... %b %d %H:%M:%S %Y';
my $filter = TimeFilter($date_format);
my $detail = exists $ENV{'LOGWATCH_DETAIL_LEVEL'} ? $ENV{'LOGWATCH_DETAIL_LEVEL'} : 0;
my $Ignore_not_exist_all = $ENV{'ignore_not_exist_all'} || 0;
my $Ignore_not_exist_no_referer = $ENV{'ignore_not_exist_no_referer'} || 0;

# we do not use any Date:: package (or strptime) as they are probably not available
my %month2num = ( Jan => 0, Feb => 1, Mar => 2, Apr => 3,
		  May => 4, Jun => 5, Jul => 6, Aug => 7,
		  Sep => 8, Oct => 9, Nov => 10, Dec => 11 );

# array of message categories (we do not use a hash to keep the order)
# first element: catorory name 
# second element: matching regexp ($1 should contain the message)
# third element: anonymous hash ref (stores message  counts)
my @message_categories = (['Errors', qr/\[error\] (.*)$/o, {}],
			  ['Warnings', qr/\[warn\] (.*)$/o, {}],
			  ['Notices', qr/\[info\] (.*)$/o, {}]);

# skipping categories depending on detail level
pop(@message_categories) if $detail < 10;
pop(@message_categories) if $detail < 5;

# counting messages
while(<>) {
    my $line = $_;
    # skip PHP messages (have a separate script)
    next if $line =~ / PHP (Warning|Fatal error|Notice):/o;
    # Ignore does not exist messages if asked
    if ($line =~ /does not exist:/o) {
       next if $Ignore_not_exist_all;
       next if $Ignore_not_exist_no_referer and $line !~ /, referer: /o;
    }
    # skipping messages that are not within the requested range
    next unless $line =~ /^\[($filter)\]/o;
    $1 =~ /(\w+) (\w+) (\d+) (\d+):(\d+):(\d+) (\d+)/;
    my $time;

    {
	# timelocal is quite chatty
	local $SIG{'__WARN__'}  = sub {};
	$time = timelocal($6, $5, $4, $3, $month2num{$2}, $7-1900);
    }

    foreach my $cur_cat (@message_categories) {
	if($line =~ /$cur_cat->[1]/) {
	    my $msgs = $cur_cat->[2];
	    $msgs->{$1} = {count => '0',
			   first_occurrence => $time,
			   sum => 0, 
			   sqrsum => 0} unless exists $msgs->{$1};
	    $msgs->{$1}->{'count'}++;
	    # summing up timestamps and squares of timestamps
	    # in order to calculate the rms
	    # using first occurrence of message as offset in calculation to 
	    # prevent an integer overflow
	    $msgs->{$1}->{'sum'} += $time - $msgs->{$1}->{'first_occurrence'};
	    $msgs->{$1}->{'sqrsum'} += ($time - $msgs->{$1}->{'first_occurrence'}) ** 2;
	    last;
	}
    }
}


# generating summary
foreach my $cur_cat (@message_categories) {
    # skipping non-requested message types
    next unless keys %{$cur_cat->[2]};
    my ($name, undef, $msgs) = @{$cur_cat};
    print $name, ":\n";
    my $last_count = 0;

    # sorting messages by count
    my @sorted_msgs = sort { $msgs->{$b}->{'count'} <=> $msgs->{$a}->{'count'} } keys %{$msgs};

    foreach my $msg (@sorted_msgs) {
	# grouping messages by number of occurrence
	print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count == $msgs->{$msg}->{'count'};   
	my $rms = 0;


	# printing timestamp
        print '[';

	if($msgs->{$msg}->{'count'} > 1) {
	    # calculating rms
	    $rms = int(sqrt(
			   ($msgs->{$msg}->{'count'} * 
			    $msgs->{$msg}->{'sqrsum'} - 
			    $msgs->{$msg}->{'sum'}) / 
			   ($msgs->{$msg}->{'count'} * 
			    ($msgs->{$msg}->{'count'} - 1))));

	    print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}+int($rms/2)));

	    print ' +/-';
	    
	    # printing rms
	    if($rms > 86400) {
		print int($rms/86400) , ' day(s)';
	    } elsif($rms > 3600) {
		print int($rms/3600) , ' hour(s)';
	    } elsif($rms > 60) {
		print int($rms/60) , ' minute(s)';
	    } else {
		print $rms, ' seconds';
	    }
	} else {
	    # we have got this message a single time
	    print strftime($date_format, localtime($msgs->{$msg}->{'first_occurrence'}));
	}
	   
	print '] ', $msg, "\n";	
	$last_count = $msgs->{$msg}->{'count'};
    }

    print "\n";
}