96 lines
2.4 KiB
Plaintext
96 lines
2.4 KiB
Plaintext
|
#!/usr/bin/perl
|
||
|
|
||
|
# Copyright (C) 2009 Daniel Berteaud <daniel@firewall-services.com>
|
||
|
# Copyright (C) 2003 Jonathan Middleton <jjm@ixtab.org.uk
|
||
|
# Copyright (C) 2001 Paul Slootman <paul@debian.org>
|
||
|
|
||
|
# This file is part of Logcheck.
|
||
|
|
||
|
# Modifications for integration with smeserver-zabbix-agent
|
||
|
|
||
|
# Logcheck is free software; you can redistribute it and/or modify
|
||
|
# it under the terms of the GNU General Public License as published by
|
||
|
# the Free Software Foundation; either version 2 of the License, or
|
||
|
# (at your option) any later version.
|
||
|
|
||
|
# Logcheck is distributed in the hope that it will be useful,
|
||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
# GNU General Public License for more details.
|
||
|
|
||
|
# You should have received a copy of the GNU General Public License
|
||
|
# along with Foobar; if not, write to the Free Software
|
||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||
|
|
||
|
my ($logfile, $offsetfile) = @ARGV;
|
||
|
if (! -f $logfile) {
|
||
|
print "File $logfile cannot be read.\n";
|
||
|
exit 66;
|
||
|
}
|
||
|
unless ($offsetfile) {
|
||
|
# offsetfile not given, use .offset/$logfile in the same directory
|
||
|
$offsetfile = $logfile . '.offset';
|
||
|
}
|
||
|
|
||
|
unless (open(LOGFILE, $logfile)) {
|
||
|
print "File $logfile cannot be read.\n";
|
||
|
exit 66;
|
||
|
}
|
||
|
|
||
|
my ($inode, $offset) = (0, 0);
|
||
|
|
||
|
if (open(OFFSET, $offsetfile)) {
|
||
|
$_ = <OFFSET>;
|
||
|
unless (! defined $_) {
|
||
|
chomp $_;
|
||
|
$inode = $_;
|
||
|
$_ = <OFFSET>;
|
||
|
unless (! defined $_) {
|
||
|
chomp $_;
|
||
|
$offset = $_;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
my ($ino, $size);
|
||
|
unless ((undef,$ino,undef,undef,undef,undef,undef,$size) = stat $logfile) {
|
||
|
print "Cannot get $logfile file size.\n", $logfile;
|
||
|
exit 65;
|
||
|
}
|
||
|
|
||
|
if ($inode == $ino) {
|
||
|
exit 0 if $offset == $size; # short cut
|
||
|
if ($offset > $size) {
|
||
|
$offset = 0;
|
||
|
#print "***************\n";
|
||
|
#print "*** WARNING ***: Log file $logfile is smaller than last time checked!\n";
|
||
|
#print "*************** This could indicate tampering.\n";
|
||
|
}
|
||
|
}
|
||
|
if ($inode != $ino || $offset > $size) {
|
||
|
$offset = 0;
|
||
|
}
|
||
|
|
||
|
seek(LOGFILE, $offset, 0);
|
||
|
|
||
|
while (<LOGFILE>) {
|
||
|
print $_;
|
||
|
}
|
||
|
|
||
|
$size = tell LOGFILE;
|
||
|
close LOGFILE;
|
||
|
|
||
|
unless (open(OFFSET, ">$offsetfile")) {
|
||
|
print "File $offsetfile cannot be created. Check your permissions.\n";
|
||
|
exit 73;
|
||
|
}
|
||
|
unless (chmod 0600, $offsetfile) {
|
||
|
print "Cannot set permissions on file $offsetfile\n";
|
||
|
exit 65;
|
||
|
}
|
||
|
print OFFSET "$ino\n$size\n";
|
||
|
close OFFSET;
|
||
|
|
||
|
exit 0;
|
||
|
|