1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
########################################################
# Please file all bug reports, patches, and feature
# requests under:
# https://sourceforge.net/p/logwatch/_list/tickets
# Help requests and discusion can be filed under:
# https://sourceforge.net/p/logwatch/discussion/
########################################################
#####################################################
## Copyright (c) 2008 Pawel Jarosz
## Covered under the included MIT/X-Consortium License:
## http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms. If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions. If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################
use strict;
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my %Conn_loginok;
my %Conn_loginfail;
my %Connections;
my %OtherList;
while (defined(my $ThisLine = <STDIN>)) {
chomp($ThisLine);
#Solaris ID filter -mgt
$ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //;
# next unless ( $ThisLine=~s/^... .. ..:..:.. [^ ]+ ipop3d\[\d+\]: //); #For testing only
next unless (defined($ThisLine));
if ( $ThisLine =~/^Command stream end of file/ ) {
next;
}
if ( $ThisLine =~/^(Autol|L)ogout/ ) {
next;
}
if ( $ThisLine =~/^Trying to get mailbox lock/ ) {
next;
}
if ( $ThisLine =~/^Connection reset by peer/ ) {
next;
}
if ( $ThisLine =~/^Error opening or locking/ ) {
next;
}
if ( $ThisLine =~/^Login failure user=(\S+) host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
$ThisLine =~/^Login failed user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
$ThisLine =~/^Login excessive login failures user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginfail{$1}{$2}++;
next;
}
if ( $ThisLine =~/service init from (\d+.\d+.\d+.\d+)$/ ) {
$Connections{$1}++;
next;
}
if ( $ThisLine =~/^(Login|Auth|APOP|Update) user=(\S+) host=[^\[]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginok{$2}{$3}++;
next;
}
if ( $ThisLine =~/^AUTHENTICATE (\S+) failure host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginfail{$1}{$2}++;
next;
}
# Report any unmatched entries...
$OtherList{$ThisLine}++;
}
if ( (keys %Connections) and ($Detail >= 15) ) {
print "\nInitialized Connections:\n";
foreach my $ThisOne (sort {$Connections{$b}<=>$Connections{$a}} keys %Connections) {
printf " %4i from %s\n" , $Connections{$ThisOne} , $ThisOne;
}
}
if ( (keys %Conn_loginfail) and ($Detail >= 5) ) {
print "\nFailed to log in:\n";
foreach my $user (keys %Conn_loginfail) {
print "User: $user from:\n";
foreach my $host ( sort keys %{ $Conn_loginfail{$user} } ) {
printf " %-35s %4i\n",$host,$Conn_loginfail{$user}{$host};
}
}
}
if ( (keys %Conn_loginok) and ($Detail >=15) ) {
print "\nSuccess in log in:\n";
foreach my $user (keys %Conn_loginok) {
print "User: $user from:\n";
foreach my $host ( sort keys %{ $Conn_loginok{$user} } ) {
printf " %-35s %4i\n",$host,$Conn_loginok{$user}{$host};
}
}
}
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
print " $line: $OtherList{$line} Time(s)\n";
}
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:
|
