1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#!/usr/bin/perl
use strict;
use Sys::Syslog qw(:standard :macros);
use Data::Dumper;
my $facility = 'user';
my %prio_order = ('debug' => 0,
'info' => 1,
'notice' => 2,
'warn' => 3,
'warning' => 3,
'err' => 4,
'error' => 4,
'crit' => 5,
'alert' => 6,
'emerg' => 7,
'panic' => 7);
my $priority = $prio_order{info};
sub match_selector {
my ($sel) = @_;
my $match;
$sel =~ s/\s+//g;
print "matching $sel\n";
foreach my $ent (split /;/, $sel) {
print " ent=$ent\n";
if ($ent =~ /^(?<fac>.+)\.(?<pri>.*)$/) {
print " f=$+{fac},p=$+{pri}\n";
if (match_facility($+{fac})) {
if ($+{pri} eq 'none') {
$match = 0;
} elsif (match_priority($+{pri})) {
$match = 1;
}
}
}
print "M $match\n"
}
print ($match ? "+MATCH\n" : "-NOPE\n");
return $match;
}
sub match_facility {
my ($arg) = @_;
foreach my $f (split /,/, $arg) {
$f =~ s/\..*//;
print " f=$f\n";
return 1 if $f eq '*' || $f eq $facility;
}
return 0;
}
sub match_priority {
my ($pri) = @_;
my $match = 0;
print " p=$pri :: ";
my $neg = $pri =~ s/^!(.+)/$1/;
print " not " if ($neg);
my $eq = $pri =~ s/^=(.+)/$1/;
if ($pri eq '*') {
print "*";
$match = 1;
} else {
next unless exists($prio_order{$pri});
if ($eq) {
print $prio_order{$pri}." == $priority";
$match = $prio_order{$pri} == $priority;
} else {
print $prio_order{$pri}." <= $priority";
$match = $prio_order{$pri} <= $priority;
}
}
$match = !$match if $neg;
print ":: $match\n";
return $match;
}
sub find_actions {
my $file = shift;
my @actions;
if (open(my $fd, '<', $file)) {
while (<$fd>) {
chomp;
s/^\s+//;
next if /^#/;
if (/\\$/) {
chop;
$_ .= <$fd>;
redo;
}
if (/^(?<sel>.+?)\s+(?<buf>-?)(?<stream>[^\s]+)$/) {
push @actions, $+{stream} if match_selector($+{sel});
}
}
} else {
warn "can't open $file: $!";
return undef;
}
return @actions;
}
my @act = find_actions("/etc/syslog.conf");
print Dumper([ @act ]);
|
