Changeset 666 for server/fedora
- Timestamp:
- Feb 25, 2008, 11:29:16 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/fedora/config/etc/syslog-ng/d_zroot.pl
r665 r666 4 4 use warnings; 5 5 use Sys::Hostname; 6 use Time::HiRes qw(ualarm); 6 7 7 sub sendmsg($;$$) { 8 our $ZCLASS = "scripts-auto"; 9 our @USERS = qw/root logview/; 10 11 our %USERS; 12 @USERS{@USERS} = undef; 13 14 sub zwrite($;$$) { 8 15 my ($message, $class, $instance) = @_; 9 $class ||= "scripts-auto";16 $class ||= $ZCLASS; 10 17 $instance ||= 'root.'.hostname; 11 open(ZWRITE, "|-", qw|/usr/bin/zwrite -d - c|, $class, '-i', $instance, '-s', hostname) or die "Couldn't open zwrite";18 open(ZWRITE, "|-", qw|/usr/bin/zwrite -d -O log -c|, $class, '-i', $instance, '-s', hostname) or die "Couldn't open zwrite"; 12 19 print ZWRITE $message; 13 20 close(ZWRITE); 14 21 } 15 22 16 my $last;23 my %toclass; 17 24 18 while (my $message = <>) { 19 chomp $message; 20 $message =~ s/^(.*?): //; 21 if ($message =~ m|Accepted (\S+) for (\S+)|) { 22 my $send = $message; 23 if ($1 eq "gssapi-with-mic") { 24 $send = $last."\n".$send; 25 while (1) { 26 my @message = scalar(<>); 27 eval { 28 local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required 29 ualarm(500*1000); 30 while (<>) { push @message, $_; } 31 }; 32 chomp @message; 33 map { s/^(.*?): // } @message; 34 %toclass = (); 35 foreach my $message (@message) { 36 sub sendmsg ($;$) { 37 my ($message, $class) = @_; 38 $class ||= $ZCLASS; 39 $toclass{$class} .= $message."\n"; 25 40 } 26 if ($2 eq "root" or $2 eq "logview") { 27 sendmsg($send); 41 if ($message =~ m|Accepted (\S+) for (\S+)|) { 42 sendmsg($message) if exists $USERS{$2} 43 } elsif ($message =~ m|Authorized to (\S+),|) { 44 sendmsg($message) if exists $USERS{$1}; 45 } elsif ($message =~ m|Root (\S+) shell|) { 46 sendmsg($message); 47 } elsif ($message =~ m|session \S+ for user root\b|) { 48 sendmsg($message); 49 } elsif ($message =~ m|^Connection closed|) { 50 # Do nothing 51 } elsif ($message =~ m|^Invalid user|) { 52 } elsif ($message =~ m|^input_userauth_request: invalid user|) { 53 } elsif ($message =~ m|^Received disconnect from|) { 54 } else { 55 sendmsg($message, "scripts-spew"); 28 56 } 29 } elsif ($message =~ m|session \S+ for user root |) {30 sendmsg($message);31 57 } 32 58 33 $last = $message; 59 foreach my $class (keys %toclass) { 60 zwrite($toclass{$class}, $class); 61 } 34 62 }
Note: See TracChangeset
for help on using the changeset viewer.