2008-03-23 21:32:54 +00:00
< ? php
2011-05-14 21:51:58 +00:00
/**
* @ package syslog
*/
/**
* function process_syslog
*/
2011-05-12 23:15:56 +00:00
function process_syslog ( $entry , $update ) {
2008-03-23 21:32:54 +00:00
global $config ;
2011-05-13 00:13:57 +00:00
global $dev_cache ;
2008-03-23 21:32:54 +00:00
2011-05-12 23:15:56 +00:00
foreach ( $config [ 'syslog_filter' ] as $bi ) {
2011-05-13 00:13:57 +00:00
if ( strpos ( $entry [ 'msg' ], $bi ) !== FALSE ) {
2008-03-23 21:32:54 +00:00
$delete = 1 ;
}
}
2011-05-13 00:13:57 +00:00
if ( strpos ( $entry [ 'msg' ], " diskio.c: don't know how to handle " ) !== FALSE )
{
$delete = 1 ;
}
2008-03-23 21:32:54 +00:00
2011-05-13 00:13:57 +00:00
if ( $dev_cache [ $entry [ host ]])
{
$entry [ 'device_id' ] = $dev_cache [ $entry [ host ]];
2011-05-12 23:15:56 +00:00
} else {
2011-05-13 00:13:57 +00:00
$device_id_host = @ mysql_result ( mysql_query ( " SELECT device_id FROM devices WHERE `hostname` = ' " . $entry [ 'host' ] . " ' OR `sysName` = ' " . $entry [ 'host' ] . " ' " ), 0 );
if ( $device_id_host ) {
$dev_cache [ $entry [ host ]] = $device_id_host ;
$entry [ 'device_id' ] = $device_id_host ;
} else {
$device_id_ip = @ mysql_result ( mysql_query ( " SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE
A . ipv4_address = '" . $entry[' host ']."' AND I . interface_id = A . interface_id " ),0);
if ( $device_id_ip ) {
$entry [ 'device_id' ] = $device_id_ip ;
$dev_cache [ $entry [ host ]] = $device_id_ip ;
}
2008-03-23 21:32:54 +00:00
}
2011-05-12 23:15:56 +00:00
}
2008-03-23 21:32:54 +00:00
2011-05-12 23:15:56 +00:00
if ( $entry [ 'device_id' ] && ! $delete ) {
$os = mysql_result ( mysql_query ( " SELECT `os` FROM `devices` WHERE `device_id` = ' " . $entry [ 'device_id' ] . " ' " ), 0 );
2011-05-13 00:13:57 +00:00
2011-05-12 23:15:56 +00:00
if ( $os == " ios " || $os == " iosxe " ) {
2011-05-13 00:13:57 +00:00
if ( strpos ( $entry [ msg ], " % " ) !== FALSE ) {
# list(,$entry[msg]) = split(": %", $entry['msg'], 2);
# $entry['msg'] = "%" . $entry['msg'];
# $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']);
2011-05-12 23:15:56 +00:00
} else {
2009-04-11 19:10:48 +00:00
$entry [ 'msg' ] = preg_replace ( " /^.*[0-9]:/ " , " " , $entry [ 'msg' ]);
$entry [ 'msg' ] = preg_replace ( " /^[0-9][0-9] \ [A-Z] { 3}:/ " , " " , $entry [ 'msg' ]);
2011-05-13 00:13:57 +00:00
# $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);
2009-04-11 19:10:48 +00:00
}
2008-11-28 12:59:33 +00:00
$entry [ 'msg' ] = preg_replace ( " /^.+ \ .[0-9] { 3}:/ " , " " , $entry [ 'msg' ]);
2011-05-13 00:13:57 +00:00
$entry [ 'msg' ] = preg_replace ( " /^.+-Traceback=/ " , " Traceback: " , $entry [ 'msg' ]);
2008-11-28 12:59:33 +00:00
2011-05-13 00:13:57 +00:00
list ( $entry [ 'program' ], $entry [ 'msg' ]) = explode ( " : " , $entry [ 'msg' ], 2 );
$entry [ 'program' ] = str_replace ( " % " , " " , $entry [ 'program' ]);
2008-11-26 14:01:09 +00:00
$entry [ 'msg' ] = preg_replace ( " /^[0-9]+:/ " , " " , $entry [ 'msg' ]);
2008-11-28 12:59:33 +00:00
2011-05-12 23:15:56 +00:00
if ( ! $entry [ 'program' ]) {
2011-05-13 00:13:57 +00:00
#$entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1||", $entry['msg']);
list ( $entry [ 'program' ], $entry [ 'msg' ]) = explode ( " : " , $entry [ 'msg' ], 2 );
2008-11-28 12:59:33 +00:00
}
2011-05-12 23:15:56 +00:00
if ( ! $entry [ 'msg' ]) { $entry [ 'msg' ] = $entry [ 'program' ]; unset ( $entry [ 'program' ]); }
2008-11-28 12:59:33 +00:00
2011-05-12 23:15:56 +00:00
} else {
2011-05-13 00:13:57 +00:00
#$program = preg_quote($entry['program'],'/');
#$entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']);
2011-05-12 23:15:56 +00:00
# if(preg_match("/^[a-zA-Z\/]+\[[0-9]+\]:/", $entry['msg'])) {
2011-05-13 00:13:57 +00:00
#$entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1||", $entry['msg']);
#if(strpos($entry['msg'], "||") !== FALSE) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);}
#00:38:39.139606
if ( ! $entry [ 'program' ]) {
# list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2);
}
# $entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']);
2010-06-13 14:39:09 +00:00
# }
2008-03-23 21:32:54 +00:00
}
2011-05-13 00:13:57 +00:00
2010-06-13 14:39:09 +00:00
$entry [ 'program' ] = strtoupper ( $entry [ 'program' ]);
2011-05-12 23:15:56 +00:00
$x = " UPDATE `syslog` set `device_id` = ' " . $entry [ 'device_id' ] . " ', `program` = ' " . $entry [ 'program' ] . " ', `msg` = ' " . mres ( $entry [ 'msg' ]) . " ', processed = '1' WHERE `seq` = ' " . $entry [ 'seq' ] . " ' " ;
$x = " INSERT INTO `syslog` (`device_id`,`program`,`facility`,`priority`, `level`, `tag`, `msg`, `timestamp`) " ;
$x .= " VALUES (' " . $entry [ 'device_id' ] . " ',' " . $entry [ 'program' ] . " ',' " . $entry [ 'facility' ] . " ',' " . $entry [ 'priority' ] . " ', ' " . $entry [ 'level' ] . " ', ' " . $entry [ 'tag' ] . " ', ' " . $entry [ 'msg' ] . " ',' " . $entry [ 'timestamp' ] . " ') " ;
if ( $update && $entry [ 'device_id' ]) { mysql_query ( $x ); }
2008-03-23 21:32:54 +00:00
unset ( $fix );
2011-05-12 23:15:56 +00:00
} else { print_r ( $entry ); echo ( " D- $delete " );}
return $entry ;
2008-03-23 21:32:54 +00:00
}
2011-05-12 23:15:56 +00:00
2011-05-12 11:58:17 +00:00
?>
