includes/syslog.php

<?php

function process_syslog ($entry, $update)
{
  global $config;

  foreach($config['syslog_filter'] as $bi)
  {
    if (strstr($entry['msg'], $bi) !== FALSE)
    {
        $delete = 1;
    }
  }

  $device_id_host = @mysql_result(mysql_query("SELECT device_id FROM devices WHERE `hostname` = '".$entry['host']."' OR `sysName` = '".$entry['host']."'"),0);

  if($device_id_host)
  {
    $entry['device_id'] = $device_id_host;
  }
  else
  {
    $device_id_ip = @mysql_result(mysql_query("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE
    A.ipv4_address = '" . $entry['host']."' AND I.interface_id = A.interface_id"),0);
    if($device_id_ip)
    {
      $entry['device_id'] = $device_id_ip;
    }
  }

  if($entry['device_id'] && !$delete)
  {
    $os = mysql_result(mysql_query("SELECT `os` FROM `devices` WHERE `device_id` = '".$entry['device_id']."'"),0);
    if($os == "ios" || $os == "iosxe")
    {
      if(strstr($entry[msg], "%"))
      {
        $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']);
        list(,$entry[msg]) = split(": %", $entry['msg']);
        $entry['msg'] = "%" . $entry['msg'];
        $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']);
      } 
      else
      {
        $entry['msg'] = preg_replace("/^.*[0-9]:/", "", $entry['msg']);
        $entry['msg'] = preg_replace("/^[0-9][0-9]\ [A-Z]{3}:/", "", $entry['msg']);
        $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);
      }

      $entry['msg'] = preg_replace("/^.+\.[0-9]{3}:/", "", $entry['msg']);
      $entry['msg'] = preg_replace("/^.+-Traceback=/", "Traceback||", $entry['msg']);

      list($entry['program'], $entry['msg']) = explode("||", $entry['msg']);
      $entry['msg'] = preg_replace("/^[0-9]+:/", "", $entry['msg']);

      if(!$entry['program'])
      {
         $entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1||", $entry['msg']);
	 list($entry['program'], $entry['msg']) = explode("||", $entry['msg']);
      }

      if(!$entry['msg']) { $entry['msg'] = $entry['program']; unset ($entry['program']); }

    }
    else
    {
      $program = preg_quote($entry['program'],'/');
      $entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']);
#      if(preg_match("/^[a-zA-Z\/]+\[[0-9]+\]:/", $entry['msg'])) {
        $entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1||", $entry['msg']);
        if(!strstr($entry['msg'], "||")) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);}
        list($entry['program'], $entry['msg']) = explode("||", $entry['msg']);
        $entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']);
#      }
    }
    $entry['program'] = strtoupper($entry['program']);
    $x  = "UPDATE `syslog` set `device_id` = '".$entry['device_id']."', `program` = '".$entry['program']."', `msg` = '" . mres($entry['msg']) . "', processed = '1' WHERE `seq` = '" . $entry['seq'] . "'";
    $x  = "INSERT INTO `syslog` (`device_id`,`program`,`facility`,`priority`, `level`, `tag`, `msg`, `timestamp`) ";
    $x .= "VALUES ('".$entry['device_id']."','".$entry['program']."','".$entry['facility']."','".$entry['priority']."', '".$entry['level']."', '".$entry['tag']."', '".$entry['msg']."','".$entry['timestamp']."')";
    if($update && $entry['device_id']) { mysql_query($x); }
    unset ($fix);
  } else { print_r($entry); echo("D-$delete");}

  return $entry;

}

?>
missing file! 2008-03-23 21:32:54 +00:00			`<?php`

cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`function process_syslog ($entry, $update)`
			`{`
missing file! 2008-03-23 21:32:54 +00:00			`global $config;`

cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`foreach($config['syslog_filter'] as $bi)`
			`{`
			`if (strstr($entry['msg'], $bi) !== FALSE)`
			`{`
missing file! 2008-03-23 21:32:54 +00:00			`$delete = 1;`
			`}`
			`}`

clear $array at the start of each device. ignore fake cpus from net-snmpd. syslog additions. 2010-02-19 23:57:50 +00:00			$device_id_host = @mysql_result(mysql_query("SELECT device_id FROM devices WHERE `hostname` = '".$entry['host']."' OR `sysName` = '".$entry['host']."'"),0);
missing file! 2008-03-23 21:32:54 +00:00
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`if($device_id_host)`
			`{`
speedups to syslog page, caching of device_id 2010-01-29 21:10:05 +00:00			`$entry['device_id'] = $device_id_host;`
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`}`
			`else`
			`{`
			`$device_id_ip = @mysql_result(mysql_query("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE`
speedups to syslog page, caching of device_id 2010-01-29 21:10:05 +00:00			`A.ipv4_address = '" . $entry['host']."' AND I.interface_id = A.interface_id"),0);`
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`if($device_id_ip)`
			`{`
speedups to syslog page, caching of device_id 2010-01-29 21:10:05 +00:00			`$entry['device_id'] = $device_id_ip;`
missing file! 2008-03-23 21:32:54 +00:00			`}`
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`}`
missing file! 2008-03-23 21:32:54 +00:00
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`if($entry['device_id'] && !$delete)`
			`{`
speedups to syslog page, caching of device_id 2010-01-29 21:10:05 +00:00			$os = mysql_result(mysql_query("SELECT `os` FROM `devices` WHERE `device_id` = '".$entry['device_id']."'"),0);
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`if($os == "ios" \|\| $os == "iosxe")`
			`{`
			`if(strstr($entry[msg], "%"))`
			`{`
a million fixes. half way to 0.6.0! :D 2009-04-23 21:13:56 +00:00			`$entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1\|\|", $entry['msg']);`
better logon process 2008-11-26 14:01:09 +00:00			`list(,$entry[msg]) = split(": %", $entry['msg']);`
			`$entry['msg'] = "%" . $entry['msg'];`
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`$entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1\|\|", $entry['msg']);`
			`}`
			`else`
			`{`
add cisco processor polling and many other fixes 2009-04-11 19:10:48 +00:00			`$entry['msg'] = preg_replace("/^.*[0-9]:/", "", $entry['msg']);`
			`$entry['msg'] = preg_replace("/^[0-9][0-9]\ [A-Z]{3}:/", "", $entry['msg']);`
			`$entry['msg'] = preg_replace("/^(.+?):\ /", "\\1\|\|", $entry['msg']);`
			`}`

updates 2008-11-28 12:59:33 +00:00			`$entry['msg'] = preg_replace("/^.+\.[0-9]{3}:/", "", $entry['msg']);`
			`$entry['msg'] = preg_replace("/^.+-Traceback=/", "Traceback\|\|", $entry['msg']);`

missing file! 2008-03-23 21:32:54 +00:00			`list($entry['program'], $entry['msg']) = explode("\|\|", $entry['msg']);`
better logon process 2008-11-26 14:01:09 +00:00			`$entry['msg'] = preg_replace("/^[0-9]+:/", "", $entry['msg']);`
updates 2008-11-28 12:59:33 +00:00
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`if(!$entry['program'])`
			`{`
updates 2008-11-28 12:59:33 +00:00			`$entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1\|\|", $entry['msg']);`
			`list($entry['program'], $entry['msg']) = explode("\|\|", $entry['msg']);`
			`}`

add cisco processor polling and many other fixes 2009-04-11 19:10:48 +00:00			`if(!$entry['msg']) { $entry['msg'] = $entry['program']; unset ($entry['program']); }`
updates 2008-11-28 12:59:33 +00:00
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`}`
			`else`
			`{`
missing file! 2008-03-23 21:32:54 +00:00			`$program = preg_quote($entry['program'],'/');`
			`$entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']);`
some graph cleanups and minor improvements 2010-06-13 14:39:09 +00:00			`# if(preg_match("/^[a-zA-Z\/]+\[[0-9]+\]:/", $entry['msg'])) {`
missing file! 2008-03-23 21:32:54 +00:00			`$entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1\|\|", $entry['msg']);`
some graph cleanups and minor improvements 2010-06-13 14:39:09 +00:00			`if(!strstr($entry['msg'], "\|\|")) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1\|\|", $entry['msg']);}`
missing file! 2008-03-23 21:32:54 +00:00			`list($entry['program'], $entry['msg']) = explode("\|\|", $entry['msg']);`
some graph cleanups and minor improvements 2010-06-13 14:39:09 +00:00			`$entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']);`
			`# }`
missing file! 2008-03-23 21:32:54 +00:00			`}`
some graph cleanups and minor improvements 2010-06-13 14:39:09 +00:00			`$entry['program'] = strtoupper($entry['program']);`
cleanups 2010-02-21 11:58:07 +00:00			$x = "UPDATE `syslog` set `device_id` = '".$entry['device_id']."', `program` = '".$entry['program']."', `msg` = '" . mres($entry['msg']) . "', processed = '1' WHERE `seq` = '" . $entry['seq'] . "'";
migrate from reprocessing syslog from sql to native sql injector. changes dateime to timestamp in database. will break existing syslog dates! BEWARE 2010-02-19 01:40:38 +00:00			$x = "INSERT INTO `syslog` (`device_id`,`program`,`facility`,`priority`, `level`, `tag`, `msg`, `timestamp`) ";
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`$x .= "VALUES ('".$entry['device_id']."','".$entry['program']."','".$entry['facility']."','".$entry['priority']."', '".$entry['level']."', '".$entry['tag']."', '".$entry['msg']."','".$entry['timestamp']."')";`
clear $array at the start of each device. ignore fake cpus from net-snmpd. syslog additions. 2010-02-19 23:57:50 +00:00			`if($update && $entry['device_id']) { mysql_query($x); }`
missing file! 2008-03-23 21:32:54 +00:00			`unset ($fix);`
syslog fix + device_fanspeeds graph for health main page 2010-02-25 01:52:32 +00:00			`} else { print_r($entry); echo("D-$delete");}`
missing file! 2008-03-23 21:32:54 +00:00
cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`return $entry;`
missing file! 2008-03-23 21:32:54 +00:00
			`}`

cleanups, reindents, etc 2011-03-11 18:03:49 +00:00			`?>`