From 304127cdec228e72ea3b12d3ee1bcd3fc5f0e893 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff Date: Fri, 10 Feb 2017 11:38:21 +0200 Subject: Initial commit --- syslogck | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 syslogck diff --git a/syslogck b/syslogck new file mode 100644 index 0000000..c59cb6d --- /dev/null +++ b/syslogck @@ -0,0 +1,109 @@ +#!/usr/bin/perl + +use strict; +use Sys::Syslog qw(:standard :macros); +use Data::Dumper; + +my $facility = 'user'; + +my %prio_order = ('debug' => 0, + 'info' => 1, + 'notice' => 2, + 'warn' => 3, + 'warning' => 3, + 'err' => 4, + 'error' => 4, + 'crit' => 5, + 'alert' => 6, + 'emerg' => 7, + 'panic' => 7); + +my $priority = $prio_order{info}; + +sub match_selector { + my ($sel) = @_; + my $match; + $sel =~ s/\s+//g; + print "matching $sel\n"; + foreach my $ent (split /;/, $sel) { + print " ent=$ent\n"; + if ($ent =~ /^(?.+)\.(?.*)$/) { + print " f=$+{fac},p=$+{pri}\n"; + if (match_facility($+{fac})) { + if ($+{pri} eq 'none') { + $match = 0; + } elsif (match_priority($+{pri})) { + $match = 1; + } + } + } + print "M $match\n" + } + print ($match ? "+MATCH\n" : "-NOPE\n"); + return $match; +} + +sub match_facility { + my ($arg) = @_; + foreach my $f (split /,/, $arg) { + $f =~ s/\..*//; + print " f=$f\n"; + return 1 if $f eq '*' || $f eq $facility; + } + return 0; +} + +sub match_priority { + my ($pri) = @_; + my $match = 0; + + print " p=$pri :: "; + my $neg = $pri =~ s/^!(.+)/$1/; + print " not " if ($neg); + my $eq = $pri =~ s/^=(.+)/$1/; + if ($pri eq '*') { + print "*"; + $match = 1; + } else { + next unless exists($prio_order{$pri}); + if ($eq) { + print $prio_order{$pri}." == $priority"; + $match = $prio_order{$pri} == $priority; + } else { + print $prio_order{$pri}." <= $priority"; + $match = $prio_order{$pri} <= $priority; + } + } + $match = !$match if $neg; + print ":: $match\n"; + return $match; +} + +sub find_actions { + my $file = shift; + my @actions; + if (open(my $fd, '<', $file)) { + while (<$fd>) { + chomp; + s/^\s+//; + next if /^#/; + if (/\\$/) { + chop; + $_ .= <$fd>; + redo; + } + if (/^(?.+?)\s+(?-?)(?[^\s]+)$/) { + push @actions, $+{stream} if match_selector($+{sel}); + } + } + } else { + warn "can't open $file: $!"; + return undef; + } + return @actions; +} + +my @act = find_actions("/etc/syslog.conf"); +print Dumper([ @act ]); + + -- cgit v1.2.1