| 1 |
#!/usr/bin/perl |
| 2 |
|
| 3 |
use warnings; |
| 4 |
use strict; |
| 5 |
|
| 6 |
use IO::Socket; |
| 7 |
use Data::Dump qw/dump/; |
| 8 |
use DBI; |
| 9 |
use Getopt::Long; |
| 10 |
|
| 11 |
our $port = 514; |
| 12 |
our $MAXLEN = 1524; |
| 13 |
|
| 14 |
our $dsn = 'DBI:Pg:dbname=syslog'; |
| 15 |
our $user = 'dpavlin'; |
| 16 |
our $log = '/tmp/sysplog.log'; |
| 17 |
|
| 18 |
my $config = $0; |
| 19 |
$config =~ s{/[^/]+$}{/conf.pl}; |
| 20 |
if ( -e $config ) { |
| 21 |
require $config; |
| 22 |
warn "# using $config ", -s $config, $/; |
| 23 |
} |
| 24 |
|
| 25 |
my $debug = 0; |
| 26 |
my $schema = 0; |
| 27 |
|
| 28 |
GetOptions( |
| 29 |
'debug+' => \$debug, |
| 30 |
'schema!' => \$schema, |
| 31 |
'log=s' => \$log, |
| 32 |
'port=i' => \$port, |
| 33 |
) || die "usage: $0 --debug --schema\n"; |
| 34 |
|
| 35 |
our $VERSION = '0.00'; |
| 36 |
|
| 37 |
my $sql_schema = q{ |
| 38 |
|
| 39 |
CREATE TABLE facilities ( |
| 40 |
id serial, |
| 41 |
name text, |
| 42 |
|
| 43 |
PRIMARY KEY(name) |
| 44 |
); |
| 45 |
|
| 46 |
CREATE TABLE log ( |
| 47 |
id serial, |
| 48 |
timestamp timestamp default now(), |
| 49 |
ip inet not null, |
| 50 |
message text, |
| 51 |
level int, |
| 52 |
facility int, |
| 53 |
program text, |
| 54 |
pid int, |
| 55 |
|
| 56 |
PRIMARY KEY (id) |
| 57 |
); |
| 58 |
|
| 59 |
}; |
| 60 |
|
| 61 |
|
| 62 |
my $dbh = DBI->connect( $dsn, $user, '', { RaiseError => 1 } ) || die $DBI::errstr; |
| 63 |
|
| 64 |
if ( $schema ) { |
| 65 |
$dbh->begin_work; |
| 66 |
|
| 67 |
$dbh->do( $_ ) foreach split(/;/, $sql_schema); |
| 68 |
|
| 69 |
my $sth = $dbh->prepare( q{ |
| 70 |
insert into facilities (name) values (?) |
| 71 |
}); |
| 72 |
|
| 73 |
$sth->execute( $_ ) foreach ( qw/ |
| 74 |
kernel user mail system security internal |
| 75 |
printer news uucp clock |
| 76 |
security2 |
| 77 |
ftp ntp |
| 78 |
audit alert |
| 79 |
clock2 |
| 80 |
local0 local1 local2 local3 local4 local5 local6 local7 |
| 81 |
/ ); |
| 82 |
|
| 83 |
warn "# created sql schema\n"; |
| 84 |
|
| 85 |
$dbh->commit; |
| 86 |
} |
| 87 |
|
| 88 |
my $sth_log_full = $dbh->prepare(qq{ |
| 89 |
insert into log |
| 90 |
(ip,message,level,facility,program,pid) |
| 91 |
values (?,?,?,?,?,?) |
| 92 |
}); |
| 93 |
|
| 94 |
my $sth_log_unparsed = $dbh->prepare(qq{ |
| 95 |
insert into log (ip,message) values (?,?) |
| 96 |
}); |
| 97 |
|
| 98 |
|
| 99 |
my $sock = IO::Socket::INET->new( |
| 100 |
LocalPort => $port, |
| 101 |
Proto => 'udp' |
| 102 |
# ReuseAddr => 1, |
| 103 |
) || die "can't listen to $port: $!"; |
| 104 |
|
| 105 |
open(my $log_fh, '>>', $log) || die "can't open log $log: $!"; |
| 106 |
$log_fh->autoflush(1); |
| 107 |
sub _log { |
| 108 |
warn 'LOG ',dump( @_ ), $/ if $debug; |
| 109 |
print $log_fh time() . '|' . join('|', @_), $/; |
| 110 |
} |
| 111 |
|
| 112 |
_log "INFO: listen on $port"; |
| 113 |
|
| 114 |
my $buf; |
| 115 |
while(1) { |
| 116 |
$sock->recv($buf, $MAXLEN); |
| 117 |
my ($port, $ipaddr) = sockaddr_in($sock->peername); |
| 118 |
# my $hostname = gethostbyaddr($ipaddr, AF_INET); |
| 119 |
my $ip = join('.', unpack('C4',$ipaddr)); |
| 120 |
my @values = ( $ip, $buf ); |
| 121 |
|
| 122 |
if ( $buf =~ s/<(\d+)>// ) { |
| 123 |
my $level = $1 % 8; |
| 124 |
my $facility = ( $1-$level ) / 8; |
| 125 |
|
| 126 |
$buf =~ s/^\w\w\w \d+ \d\d:\d\d:\d\d//; # strip timestamp which some syslog servers insert here |
| 127 |
|
| 128 |
my ( $program, $pid ); |
| 129 |
|
| 130 |
if ( $buf =~ s/^\s*([^:]+)\s*:\s*// ) { |
| 131 |
$program = $1; |
| 132 |
$pid = $1 if $program =~ s/\[(\d+)\]$//; |
| 133 |
} |
| 134 |
|
| 135 |
$values[1] = $buf; |
| 136 |
push @values, ( $level, $facility, $program, $pid ); |
| 137 |
$sth_log_full->execute( @values ); |
| 138 |
} else { |
| 139 |
$sth_log_unparsed->execute( @values ); |
| 140 |
} |
| 141 |
_log( @values ); |
| 142 |
} |
Parent Directory
| 
Revision Log