#!/usr/local/perl -w
use strict;
use warnings;
use diagnostics;
use Net::SMTP;
use File::Tail;
our $logfile=("/pix/pix.log"); # PIX Log File
our $criticallog=("/pix/critical_log"); # Critical Message Log File
our $datestamp; # Global Time Variables
our $timestamp;
our $readline; # File::Tail Working Variable
our $maxlogsize=("10000000"); # Max Log Size (bytes)
our $emailpriority; # E-Mail Priority for Paging
our $messagebody; # Text Of E-Mail Alert
our $size; # Current Log File Size
# main
{
# Process PIX Log File in infinite loop of tail checking
# Start 'Tailing' the log file for changes
my $workingfile=File::Tail->new(name=>$logfile,
maxinterval=>30,
adjustafter=>5,
maxbuf=>16384);
# Evaluation Loop - NOTE: Activates only on changes to logfile
while (defined($readline=$workingfile->read))
{
# Sets evaluation parsing to look for ACTIVE and Down
# ACTIVE - triggered on firewall failover
# Down - triggered on interface shutdown or failure
if (($readline=~/ACTIVE/) || ($readline=~/Down/))
{
TimeStamping ($datestamp,$timestamp);
$messagebody=("$readline");
$emailpriority=("2");
EMailAlert ($datestamp,$timestamp,
$messagebody,$emailpriority);
CriticalLogging ($datestamp,$timestamp,$readline);
}
# Evaluate the log size against established maximum
(my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,
my $rdev,$size,my $atime,my $mtime,my $ctime,
my $blksize,my $blocks)=stat($logfile);
if ($size>$maxlogsize)
{
LogRollover ($size);
$workingfile=File::Tail->new(name=>$logfile,
maxinterval=>30,
adjustafter=>5,
maxbuf=>16384);
}
# Signal handlers for an attempted clean exit
$SIG{INT}=\&CleanExit;
$SIG{QUIT}=\&CleanExit;
$SIG{ABRT}=\&CleanExit;
$SIG{TERM}=\&CleanExit;
}
}
exit;
sub TimeStamping
{
# Dynamically assigns a human readable date/time variable for stamp
+ing
(my $sec, my $min, my $hour, my $day, my $mon, my $year)
=localtime(time);
$year=sprintf("%04d",($year+1900)); # Year correction
$mon=sprintf("%02d",($mon+1)); # Month correction
$day=sprintf("%02d",$day);
$hour=sprintf("%02d",$hour);
$min=sprintf("%02d",$min);
$sec=sprintf("%02d",$sec);
$datestamp=("$year-$mon-$day"); # Friendly file date
$timestamp=("$hour:$min:$sec"); # Friendly file time
}
sub LogRollover
{
# Rollover of logs to an archived datestamped file
TimeStamping ($datestamp,$timestamp);
my $archivename=("pix.$datestamp.$timestamp.archive");
rename "/pix/pix.log","/pix/pix.$datestamp.$timestamp.archive";
system "/etc/init.d/syslog restart"; # Restart Syslogd
$messagebody=("Log at: $size/n Archived to: $archivename");
$emailpriority=("1"); # Low Priority
EMailAlert ($messagebody,$emailpriority);
}
sub EMailAlert
{
# E-Mail or Page the Administrator of critical alerts and failures
# SMTP Relay Server Information
my $smtp=Net::SMTP->new('mail.<somedomain>.com'
, Hello => '<somedomain>.com'
, Timeout => 60,
, Debug => 0,
);
$smtp->mail( "" );
# Evaluate priority for alphanumeric paging
if ($emailpriority=="2")
{
$smtp->to("<phonenumber>\@<some>wireless.net");
}
$smtp->to("<administrator-type>\@<somedomain>.com");
$smtp->data();
$smtp->datasend("From: PIX Syslog Parser\n");
$smtp->datasend("Subject: PIX Alert Notification\n");
$smtp->datasend("To: Network Administrator\n");
$smtp->datasend("BCC: \n");
$smtp->datasend("\n");
$smtp->datasend("Alert: $datestamp $timestamp\n");
$smtp->datasend("\n");
$smtp->datasend("$messagebody\n");
$smtp->datasend("\n");
$smtp->dataend();
$smtp->quit();
$emailpriority=("1");
}
sub CriticalLogging
{
# Writes critical notifications to seperate log file
open (CRITICALLOGFILE, ">>$criticallog")
or die "Unable to write critical notification to file\n";
print CRITICALLOGFILE "$datestamp $timestamp\n";
print CRITICALLOGFILE "$readline\n";
close (CRITICALLOGFILE);
}
sub CleanExit
{
# Subroutine for a clean exit from script
close (CRITICALLOGFILE);
close ($logfile);
print ("Terminating Script\n");
exit;
}
|