librenms/includes/syslog.php

<?php

function get_cache($host, $value){
  global $dev_cache;
  if(!isset($dev_cache[$host][$value])){
    switch($value){
      case 'device_id':
        //Try by hostname
        $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname`=\''.$host.'\' OR `sysName`=\''.$host.'\'');
        //If failed, try by IP
        if($dev_cache[$host]['device_id'] == null)
          $dev_cache[$host]['device_id'] = dbFetchCell('SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = \'' . $entry['host'].'\' AND I.interface_id = A.interface_id');
        break;
      case 'os':
        $dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
        break;
      case 'version':
        $dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
        break;
      default:
        return null;
    }
  }
  return $dev_cache[$host][$value];
}

function process_syslog ($entry, $update) {
  global $config;
  global $dev_cache;

  foreach($config['syslog_filter'] as $bi)
    if(strpos($entry['msg'], $bi) !== FALSE){
      print_r($entry);
      echo('D-'.$bi);
      return $entry;
    }
    
  $entry['device_id'] = get_cache($entry['host'], 'device_id');
  if($entry['device_id']) {
    $os = get_cache($entry['host'], 'os');
    if(in_array($os, array('ios', 'iosxe', 'catos'))){
      $matches = array();
      if(preg_match('#%(?P<program>.*):( ?)(?P<msg>.*)#', $entry['msg'], $matches)){
        $entry['msg'] = $matches['msg'];
        $entry['program'] = $matches['program'];
      }
      unset($matches);
    } elseif($os == 'linux' and get_cache($entry['host'], 'version') == 'Point'){
      //Cisco WAP200 and similar
      $matches = array();
      if(preg_match('#Log: \[(?P<program>.*)\] - (?P<msg>.*)#', $entry['msg'], $matches)){
        $entry['msg'] = $matches['msg'];
        $entry['program'] = $matches['program'];
      }
      unset($matches);
    } elseif($os == 'linux'){
      $matches = array();
      //User_CommonName/123.213.132.231:39872 VERIFY OK: depth=1, /C=PL/ST=Malopolska/O=VLO/CN=v-lo.krakow.pl/emailAddress=root@v-lo.krakow.pl
      if($entry['facility'] == 'daemon' and preg_match('#/([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]{4,} ([A-Z]([A-Za-z)+( ?)){2,}:#', $entry['msg'])){
        $entry['program'] = 'OpenVPN';
      }
      //pop3-login: Login: user=<username>, method=PLAIN, rip=123.213.132.231, lip=123.213.132.231, TLS
      //POP3(username): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=2802
      elseif($entry['facility'] == 'mail' and preg_match('#^(((pop3|imap)\-login)|((POP3|IMAP)\(.*\))):', $entry['msg'])){
        $entry['program'] = 'Dovecot';
      }
      //pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
      //pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
      elseif(preg_match('#^(?P<program>(.*((\(|\[).*(\)|\])))):(?P<msg>.*)$#', $entry['msg'], $matches)){
        $entry['msg'] = $matches['msg'];
        $entry['program'] = $matches['program'];
      }
      //SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'
      //pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
      elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')){
        $entry['program'] = substr($entry['msg'], 0, $pos);
        $entry['msg'] = substr($entry['msg'], $pos+1);
      }
      //fallback, better than nothing...
      elseif(empty($entry['program']) and !empty($entry['facility'])){
        $entry['program'] = $entry['facility'];
      }
      unset($matches);
    }
    if(!isset($entry['program'])){
      $entry['program'] = $entry['msg'];
      unset($entry['msg']);
    }
    $entry['program'] = strtoupper($entry['program']);
    array_walk($entry, 'trim');
    if($update)
      dbInsert(
        array(
          'device_id' => $entry['device_id'],
          'program' => $entry['program'], 
          'facility' => $entry['facility'],
          'priority' => $entry['priority'],
          'level' => $entry['level'],
          'tag' => $entry['tag'],
          'msg' => $entry['msg'],
          'timestamp' => $entry['timestamp']
        ),
        'syslog'
      );
    unset($os);
  }
  return $entry; 
}

?>
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00			`<?php`

delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`function get_cache($host, $value){`
			`global $dev_cache;`
			`if(!isset($dev_cache[$host][$value])){`
			`switch($value){`
			`case 'device_id':`
			`//Try by hostname`
			$dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname`=\''.$host.'\' OR `sysName`=\''.$host.'\'');
			`//If failed, try by IP`
			`if($dev_cache[$host]['device_id'] == null)`
			`$dev_cache[$host]['device_id'] = dbFetchCell('SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = \'' . $entry['host'].'\' AND I.interface_id = A.interface_id');`
			`break;`
			`case 'os':`
			$dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
			`break;`
			`case 'version':`
			$dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
			`break;`
			`default:`
			`return null;`
			`}`
			`}`
			`return $dev_cache[$host][$value];`
			`}`
more db git-svn-id: http://www.observium.org/svn/observer/trunk@2317 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-14 21:51:58 +00:00
revert something that broke syslog 2 months ago... git-svn-id: http://www.observium.org/svn/observer/trunk@2293 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:15:56 +00:00			`function process_syslog ($entry, $update) {`
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00			`global $config;`
sort of fix syslog. ish. git-svn-id: http://www.observium.org/svn/observer/trunk@2295 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-13 00:13:57 +00:00			`global $dev_cache;`
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`foreach($config['syslog_filter'] as $bi)`
			`if(strpos($entry['msg'], $bi) !== FALSE){`
			`print_r($entry);`
			`echo('D-'.$bi);`
			`return $entry;`
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00			`}`
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00
			`$entry['device_id'] = get_cache($entry['host'], 'device_id');`
			`if($entry['device_id']) {`
			`$os = get_cache($entry['host'], 'os');`
			`if(in_array($os, array('ios', 'iosxe', 'catos'))){`
			`$matches = array();`
			`if(preg_match('#%(?P<program>.):( ?)(?P<msg>.)#', $entry['msg'], $matches)){`
			`$entry['msg'] = $matches['msg'];`
			`$entry['program'] = $matches['program'];`
sort of fix syslog. ish. git-svn-id: http://www.observium.org/svn/observer/trunk@2295 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-13 00:13:57 +00:00			`}`
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`unset($matches);`
			`} elseif($os == 'linux' and get_cache($entry['host'], 'version') == 'Point'){`
			`//Cisco WAP200 and similar`
			`$matches = array();`
			`if(preg_match('#Log: \[(?P<program>.)\] - (?P<msg>.)#', $entry['msg'], $matches)){`
			`$entry['msg'] = $matches['msg'];`
			`$entry['program'] = $matches['program'];`
add cisco processor polling and many other fixes git-svn-id: http://www.observium.org/svn/observer/trunk@402 61d68cd4-352d-0410-923a-c4978735b2b8 2009-04-11 19:10:48 +00:00			`}`
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`unset($matches);`
			`} elseif($os == 'linux'){`
			`$matches = array();`
			`//User_CommonName/123.213.132.231:39872 VERIFY OK: depth=1, /C=PL/ST=Malopolska/O=VLO/CN=v-lo.krakow.pl/emailAddress=root@v-lo.krakow.pl`
			`if($entry['facility'] == 'daemon' and preg_match('#/([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]{4,} ([A-Z]([A-Za-z)+( ?)){2,}:#', $entry['msg'])){`
			`$entry['program'] = 'OpenVPN';`
updates git-svn-id: http://www.observium.org/svn/observer/trunk@328 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-28 12:59:33 +00:00			`}`
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`//pop3-login: Login: user=<username>, method=PLAIN, rip=123.213.132.231, lip=123.213.132.231, TLS`
			`//POP3(username): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=2802`
			`elseif($entry['facility'] == 'mail' and preg_match('#^(((pop3\|imap)\-login)\|((POP3\|IMAP)\(.*\))):', $entry['msg'])){`
			`$entry['program'] = 'Dovecot';`
			`}`
			`//pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231`
			`//pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231`
			`elseif(preg_match('#^(?P<program>(.((\(\|\[).(\)\|\])))):(?P<msg>.*)$#', $entry['msg'], $matches)){`
			`$entry['msg'] = $matches['msg'];`
			`$entry['program'] = $matches['program'];`
			`}`
			`//SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'`
			`//pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231`
			`elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')){`
			`$entry['program'] = substr($entry['msg'], 0, $pos);`
			`$entry['msg'] = substr($entry['msg'], $pos+1);`
			`}`
			`//fallback, better than nothing...`
			`elseif(empty($entry['program']) and !empty($entry['facility'])){`
			`$entry['program'] = $entry['facility'];`
			`}`
			`unset($matches);`
			`}`
			`if(!isset($entry['program'])){`
			`$entry['program'] = $entry['msg'];`
			`unset($entry['msg']);`
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00			`}`
some graph cleanups and minor improvements git-svn-id: http://www.observium.org/svn/observer/trunk@1161 61d68cd4-352d-0410-923a-c4978735b2b8 2010-06-13 14:39:09 +00:00			`$entry['program'] = strtoupper($entry['program']);`
delete users (and all perms) fixed git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:27:40 +00:00			`array_walk($entry, 'trim');`
			`if($update)`
			`dbInsert(`
			`array(`
			`'device_id' => $entry['device_id'],`
			`'program' => $entry['program'],`
			`'facility' => $entry['facility'],`
			`'priority' => $entry['priority'],`
			`'level' => $entry['level'],`
			`'tag' => $entry['tag'],`
			`'msg' => $entry['msg'],`
			`'timestamp' => $entry['timestamp']`
			`),`
			`'syslog'`
			`);`
			`unset($os);`
			`}`
revert something that broke syslog 2 months ago... git-svn-id: http://www.observium.org/svn/observer/trunk@2293 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:15:56 +00:00			`return $entry;`
missing file! git-svn-id: http://www.observium.org/svn/observer/trunk@199 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-23 21:32:54 +00:00			`}`

move includes/billing.php includes/syslog.php and includes/functions.php to dbFacile git-svn-id: http://www.observium.org/svn/observer/trunk@2278 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 11:58:17 +00:00			`?>`