|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /usr/share/logwatch/scripts/services/ |
Upload File : |
##########################################################################
# $Id: ipop3d,v 1.11 2005/02/24 17:08:04 kirk Exp $
##########################################################################
# Revision 0.3 2002/06/16 Kirk Bauer <kirk@kaybee.org>
# - Only outputs separator lines if there are logs on which to report
# Revision 0.2 2002/05/29 Pawel Jarosz <pj@rsi.pl>
# - More flexible output
# Revision 0.1 2002/05/27 Pawel Jarosz <pj@rsi.pl>
# - Removed unneded things
# - New lookout, more sorted data
##########################################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my %Conn_loginok;
my %Conn_loginfail;
my %Connections;
my %OtherList;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
#Solaris ID filter -mgt
$ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //;
# next unless ( $ThisLine=~s/^... .. ..:..:.. [^ ]+ ipop3d\[\d+\]: //); #For testing only
next unless (defined($ThisLine));
if ( $ThisLine =~/^Command stream end of file/ ) {
next;
}
if ( $ThisLine =~/^(Autol|L)ogout/ ) {
next;
}
if ( $ThisLine =~/^Trying to get mailbox lock/ ) {
next;
}
if ( $ThisLine =~/^Connection reset by peer/ ) {
next;
}
if ( $ThisLine =~/^Error opening or locking/ ) {
next;
}
if ( $ThisLine =~/^Login failure user=(\S+) host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
$ThisLine =~/^Login failed user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ||
$ThisLine =~/^Login excessive login failures user=(\S+) auth=\S+ host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginfail{$1}{$2}++;
next;
}
if ( $ThisLine =~/service init from (\d+.\d+.\d+.\d+)$/ ) {
$Connections{$1}++;
next;
}
if ( $ThisLine =~/^(Login|Auth|APOP) user=(\S+) host=[^\[]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginok{$2}{$3}++;
next;
}
if ( $ThisLine =~/^AUTHENTICATE (\S+) failure host=[\w\. 0-9\-]*\[(\d+.\d+.\d+.\d+)\]/ ) {
$Conn_loginfail{$1}{$2}++;
next;
}
# Report any unmatched entries...
$OtherList{$ThisLine}++;
}
if ( (keys %Connections) and ($Detail >= 15) ) {
print "\nInitialized Connections:\n";
foreach $ThisOne (sort {$Connections{$b}<=>$Connections{$a}} keys %Connections) {
printf " %4i from %s\n" , $Connections{$ThisOne} , $ThisOne;
}
}
if ( (keys %Conn_loginfail) and ($Detail >= 5) ) {
print "\nFailed to log in:\n";
foreach my $user (keys %Conn_loginfail) {
print "User: $user from:\n";
foreach my $host ( sort keys %{ $Conn_loginfail{$user} } ) {
printf " %-35s %4i\n",$host,$Conn_loginfail{$user}{$host};
}
}
}
if ( (keys %Conn_loginok) and ($Detail >=15) ) {
print "\nSuccess in log in:\n";
foreach my $user (keys %Conn_loginok) {
print "User: $user from:\n";
foreach my $host ( sort keys %{ $Conn_loginok{$user} } ) {
printf " %-35s %4i\n",$host,$Conn_loginok{$user}{$host};
}
}
}
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
print " $line: $OtherList{$line} Time(s)\n";
}
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et