LogwatchWindowsScript

From Devwiki
Jump to: navigation, search

Back 

#!/usr/bin/perl  
# Ffeil er mwn ddal pob peth o servers NT
#
# Ar hyn o bryd, just rhester o services NT mae hwn yn ddal, ac yna 
# gyrru yr output i logwatch 
#

my ($client,$class,$warnLevel,$message);
my %msg;
my %services;
my $debug=0;
$services{"em library"}="em library";
$services{"netlogon"}="netlogon";
$services{"ntsyslog"}="ntsyslog";
#$services{"snmp"}="snmp";
$services{"browser"}="browser";
$services{"raidservice"}="raidservice";
$services{"replistor"}="replistor";
$services{"eventlog"}="eventlog";
$services{"nmssvc"}="nmssvc";
$services{"service control manager"}="service control manager";
$services{"dcom"}="dcom";
$services{"msdtc"}="msdtc";
$services{"ipsec"}="ipsec";
$services{"tcpip"}="tcpip";
$services{"w32time"}="w32time";
$services{"sophos"}="sophos";
$services{"windows server update services"}="windows server update services";
$services{"loadperf"}="loadperf";
$services{"winhttpautoproxysvc"}="winhttpautoproxysvc";
$services{"msiinstaller"}="msiinstaller";

#Things to do:
# Split the line properly
# Remove date
# Allow checking on host and message (ignoring time)
# Format the output nicely.
# Figure out why other hosts aren't showing up in logwatch!

while(defined($line=<STDIN>))
{
	chomp $line;
	next if ($line eq '');
	foreach $name(keys %services)
	{
		if($line=~ m/$name/)
		{
			#The interesting match to see if I can do it
			$line=~ m/^... .. ..:..:.. ([a-z,A-Z,0-9,\.]+) ([\s\S]+)\[([\S]+)\](?:\:)?(?:[\s]+)?([\s\S]*)/;
#			$line=~ m/^... .. ..:..:.. [a-z,A-Z,0-9,\.]+ ([\s\S]*)/;
			$hostname=$1;
			$service=$2;
			$errorType=$3;
			$message = $4;
			if($msg{$service}{$message} eq $message)
			{
				$msg{$service}{$message}{0}++;
			}
			else
			{
				$msg{$service}{$message}=$message;
			}
			if($debug) {
				print "\n";
			#	print "$line";
				print "$hostname\n";
				#oprint "Message: $msg{$line}\n";
				print "$service\n";
				print "Message: $msg{$service}{$message}\n";
				$count=$msg{$service}{$message}{0};
				print "Count:$count\n\n";
			}
		}
	}
}

foreach $name(keys %msg)
{
	print "----------$name---------\n\n";
	
	foreach $notice(keys %{$msg{$name}})
	{
		print "$notice\n";
		$count=$msg{$name}{$notice}{0};
		if ($count> 0)
		{
			print "Message Repeated:$count times";
		}
		print"\n\n";
	}
}
Retrieved from "https://dev.llgc.org.uk/wiki/index.php?title=LogwatchWindowsScript&oldid=1542"