1
0
Fork 0
scripts-admin-quickndirty-p.../nagios/check_apache_access_log.pl
2019-10-02 01:53:39 +02:00

263 lines
8.1 KiB
Perl
Executable file

#!/usr/bin/perl
# This perl script is an adaptation of logtail2 to parse
# Apache access logs.
# I know it's generally preferrable to require and call
# the original instead of forking and risking of not maintaining
# it but logtail is fairly simple and, since logtail2 is not always
# installed and somtimes not even packaged in distributions,
# it simplify deployment.
# TODO: call logtail2 if available ?
# Copyright (C) 2003 Jonathan Middleton <jjm@ixtab.org.uk
# Copyright (C) 2001 Paul Slootman <paul@debian.org>
# This file is part of Logcheck.
# Logcheck is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# Logcheck is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with Logcheck; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
use strict;
use warnings;
use Getopt::Long;
use File::Basename;
use Digest::MD5 qw(md5_hex);
my ($size, $logfile, $offsetfile, @listingLogfiles, @listingOffsetfiles, $key, $firstTimeReading);
# (problems with including utils.pm)
my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
my $TMP_DIR = '/tmp';
my %opts = ();
my %outputCpt = (
'2XX' => 0,
'3XX' => 0,
'403' => 0,
'404' => 0,
'4XX' => 0,
'500' => 0,
'5XX' => 0,
'others' => 0, # other (1XX) and strange things
);
my ($outputTotalCpt) = 0;
my ($outputTotalBandwith) = 0;
# process args and switches
my ($TEST_MODE) = 0;
# When we discover a file for the first time,
# we don't do the count and just mark the position
# for the next time
my ($COUNT_FIRST_READ_CATCHING_UP) = 0;
GetOptions(
'file=s' => \@listingLogfiles,
'even-catch-up' => \$COUNT_FIRST_READ_CATCHING_UP,
'test-mode' => \$TEST_MODE,
);
sub print_from_offset {
my ($filename, $offset) = @_;
# this subroutine prints the contents of the file named $filename,
# starting offset $offset.
#print "print_from_offset $filename, $offset\n";
unless (open(LOGFILE, $filename)) {
print "File $logfile cannot be read: $!\n";
exit $ERRORS{UNKNOWN};
}
seek(LOGFILE, $offset, 0);
while (<LOGFILE>) {
if ($_ =~ /^([[:xdigit:].:]+) (.+) (.+) (\[[[:alnum:]\/:]+ \+[[:digit:]]{4}\]) (".*") ([[:digit:]]{3}) ([[:digit:]]+) "(.*)" "(.*)"$/) {
#We ignore some IP address
next if ($1 eq '::1' or $1 eq '127.0.0.1');
if ($6 >= 200 && $6 < 300) {
++$outputCpt{'2XX'};
} elsif ($6 >= 300 && $6 < 400) {
++$outputCpt{'3XX'};
} elsif ($6 == 403) {
++$outputCpt{'403'};
} elsif ($6 == 404) {
++$outputCpt{'404'};
} elsif ($6 >= 400 && $6 < 500) {
++$outputCpt{'4XX'};
} elsif ($6 == 500) {
++$outputCpt{'500'};
} elsif ($6 >= 500 && $6 < 600) {
++$outputCpt{'5XX'};
} else {
++$outputCpt{'others'};
}
$outputTotalBandwith += $7;
} else {
++$outputCpt{'others'};
}
}
$size = tell LOGFILE;
close LOGFILE;
return $size;
}
sub mtime {
my ($filename) = @_;
my $mtime = 0;
unless (-e $filename && ($mtime = ((stat($filename))[8])) ) {
print STDERR "Cannot get $filename mtime: $!\n";
exit 65;
}
return $mtime;
}
sub inode {
my ($filename) = @_;
my $inode = 0;
unless (-e $filename && ($inode = ((stat($filename))[1])) ) {
print STDERR "Cannot get $filename inode: $!\n";
exit 65;
}
return $inode;
}
sub get_directory_contents {
my ($filename) = @_;
my $dirname = dirname($filename);
unless (opendir(DIR, $dirname)) {
print STDERR "Cannot open directory $dirname: $!\n";
exit 65;
}
my @direntries = readdir(DIR);
closedir DIR;
return @direntries;
}
sub determine_rotated_logfile {
my ($filename,$inode) = @_;
my $rotated_filename;
# this subroutine tries to guess to where a given log file was
# rotated. Its magic is mainly taken from logcheck's logoutput()
# function with dateext magic added.
#print "determine_rotated_logfile $filename $inode\n";
for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
my $func = do $codefile;
if (!$func) {
print STDERR "cannot compile $codefile: $!";
exit 68;
}
$rotated_filename = $func->($filename);
last if $rotated_filename;
}
#if ($rotated_filename) {
# print "rotated_filename $rotated_filename (". inode($rotated_filename). ")\n";
#} else {
# print "no rotated file found\n";
#}
if ($rotated_filename && -e "$rotated_filename" && inode($rotated_filename) == $inode) {
return $rotated_filename;
} else {
return "";
}
}
foreach $logfile (@listingLogfiles) {
my ($inode, $ino, $offset) = (0, 0, 0);
if (! -f $logfile) {
print "File $logfile cannot be read: $!\n";
exit $ERRORS{UNKNOWN};
}
# We generate a unique offset filename
$offsetfile = $TMP_DIR . '/nagios-logtail.' . md5_hex($logfile) . '.offset';
$firstTimeReading = 0;
if (! -f $offsetfile) {
open(OFFSET, ">", $offsetfile);
chmod 0600, $offsetfile;
if (($ino,$size) = (stat($logfile))[1,7]) {
# Unless we care about the historic before the
# first call of this script, we just skip it.
if ($COUNT_FIRST_READ_CATCHING_UP) {
$size = 0;
}
print OFFSET "$ino\n$size\n";
}
close OFFSET;
}
if ($offsetfile) {
# If offset file exists, open and parse it.
if (open(OFFSET, $offsetfile)) {
$_ = <OFFSET>;
if (defined $_) {
chomp $_;
$inode = $_;
$_ = <OFFSET>;
if (defined $_) {
chomp $_;
$offset = $_;
}
}
}
# determine log file inode and size
unless (($ino,$size) = (stat($logfile))[1,7]) {
print "Cannot get $logfile file size: $!\n";
exit $ERRORS{UNKNOWN};
}
if ($inode == $ino) {
# inode is still the same
next if $offset == $size; # short cut
if ($offset > $size) {
$offset = 0;
print "(warning: possible tampering on $logfile) "
}
}
if ($inode != $ino) {
# this is the interesting case: inode has changed.
# So the file might have been rotated. We need to print the
# entire file.
# Additionally, we might want to see whether we can find the
# previous instance of the file and to process it from here.
#print "inode $inode, ino $ino\n";
my $rotatedfile = determine_rotated_logfile($logfile,$inode);
if ( $rotatedfile && ! $firstTimeReading) {
print_from_offset($rotatedfile,$offset);
}
# print the actual file from beginning
$offset = 0;
}
}
$size = print_from_offset($logfile,$offset);
# update offset, unless test mode
unless ($TEST_MODE) {
unless (open(OFFSET, ">", $offsetfile)) {
print STDERR "File $offsetfile cannot be created. Check your permissions: $!\n";
exit 73;
}
print OFFSET "$ino\n$size\n";
close OFFSET;
}
}
# printing results
print "OK|";
foreach $key (sort keys %outputCpt) {
print "'" . $key . "'=" . $outputCpt{$key} . ";;;; "
}
print "'total bandwidth'=" . $outputTotalBandwith . "B;;;;\n";
exit $ERRORS{'OK'};