[Logwatch-Devel] labrea script

Nick Drage nickd at metastasis.org.uk
Wed Dec 28 04:38:17 MST 2005


Hi,

Please find attached a Labrea script that works for me on the one Debian
box that I use Labrea on.  Please let me know if you think this is worth
pursuing further and I'll tidy it up a bit for general use.

Thank you.

-- 
When the going gets tough, the tough call for close air support.
-------------- next part --------------
#!/usr/bin/perl
##########################################################################
# $Id: labrea,v 0.1 2005/12/28 Nick Drage
##########################################################################
# $Log: labrea,v $
# version for own use by NickD
#
##########################################################################

########################################################
#
# VERY heavily based on the dhcpd script
#
########################################################

my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;

my %data;


# used to grab the output being received by this
# while (my $line = <STDIN>) {
#  print $line;
#}
#exit(0);

while (my $line = <STDIN>) {
   chomp $line;
   $line =~ s/^\s+//;
   $line =~ s/\s+$//;
   next unless $line;
   if ($line =~ /^Labrea started/ ) {
    $data{'Labrea started'}{$line}++;     
   } elsif ($line =~ /^Labrea exiting/) {
    $data{'Labrea exiting'}{$line}++;
   } elsif ($line =~ s/^Capturing local IP ([\d\.]+)$/Captured Local IP address $1/) {
       if ($Detail >= 5) {
       $data{'IP addresses captured'}{$line}++;
       }
   } elsif ($line =~ s/^Additional Activity ([\d\.]+)$/Additional Activity on Local IP address $1/) {
       if ($Detail >= 10) {
       $data{'IP addresses captured'}{$line}++;
       }
   # Yes, this should do something smarter
   } elsif ($line =~ s/Current average bw: ([\d]+)/Bandwidth listed as $1/) {
       if ($Detail >= 10) {
       $data{'Bandwidth listings'}{$line}++;
       }
   # only grab the source IP
   } elsif ($line =~ s/Initial Connect - tarpitting: ([\d\.]+)/Remote tarpitted IP $1/) {
       if ($Detail >= 10) {
       $data{'Remote Tarpitted IPs'}{$1}++;
       }
   }

}

if (keys %data) {
   foreach my $type (keys %data) {
      print "$type:\n";
      foreach my $entry (sort {$a cmp $b} keys %{$data{$type}}) {
         print "   $entry: $data{$type}{$entry} Time(s)\n";
      }
      print "\n";
   }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et

# NOTES
# Lines currently ignored
# Dec 28 09:30:05 hostname : Current average bw: 0 (Kb/sec)
# Dec 28 09:32:47 hostname labrea: 130/0 packets (received/dropped) by filter
# Linux Persist Activity: 198.41.0.4 34078 -> 192.168.1.1 23 *
# Persist Trapping: 198.41.0.4 34078 -> 192.168.1.1 23 *
# 
# Only grab the IP address from this line
# Initial Connect - tarpitting: 198.41.0.4 34078 -> 192.168.1.1 23 *

-------------- next part --------------
###########################################################################
# $Id: labrea.conf,v 0.1 2005/12/28 Nick Drage
###########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "labrea"

# Which logfile group...
LogFile = syslog

# Labrea doesn't prefix lines so we need to look at all of them
# Which I think this does
*RemoveHeaders

########################################################
#
########################################################

# vi: shiftwidth=3 tabstop=3 et



More information about the Logwatch-Devel mailing list