Tue May 7 08:49:28 2013 UTC ()
Import logrider-0.2 as sysutils/logrider, packaged for wip by Franck Lesage.
LogRider is my attempt to improve a popular LogCheck/LogSentry utility.
LogCheck uses egrep for periodically scanning system logs for specific
alert/hacking signatures based on set of static filters. LogRider is
rewritten from scratch with lot of important features added:
1. Strings caught by any filter are excluded from processing by next filters.
2. Actual filters are composed from the set of small sub-filters located
in directories that name is given as filter name. Each subfilter
contains messages generated by one service. You can easily put additional
filters for checking additional services without modification of
already existing program and configuration.
3. Configuration is separated from program and moved to standalone file.
This means that LogRider may be easily adopted to new platform without
modification of program core, and may be easily used for checking multiple
logfiles by different filters.
(wiz)
diff -r0 -r1.1 pkgsrc/sysutils/logrider/DESCR
diff -r0 -r1.1 pkgsrc/sysutils/logrider/MESSAGE
diff -r0 -r1.1 pkgsrc/sysutils/logrider/Makefile
diff -r0 -r1.1 pkgsrc/sysutils/logrider/PLIST
diff -r0 -r1.1 pkgsrc/sysutils/logrider/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/logrider/patches/patch-logtail.sh
LogRider is my attempt to improve a popular LogCheck/LogSentry utility.
LogCheck uses egrep for periodically scanning system logs for specific
alert/hacking signatures based on set of static filters. LogRider is
rewritten from scratch with lot of important features added:
1. Strings caught by any filter are excluded from processing by next filters.
2. Actual filters are composed from the set of small sub-filters located
in directories that name is given as filter name. Each subfilter
contains messages generated by one service. You can easily put additional
filters for checking additional services without modification of
already existing program and configuration.
3. Configuration is separated from program and moved to standalone file.
This means that LogRider may be easily adopted to new platform without
modification of program core, and may be easily used for checking multiple
logfiles by different filters.
===========================================================================
$NetBSD: MESSAGE,v 1.1 2013/05/07 08:49:28 wiz Exp $
Don't forget to add a crontab line to run logrider.sh.
===========================================================================
# $NetBSD: Makefile,v 1.1 2013/05/07 08:49:28 wiz Exp $
#
DISTNAME= logrider-0.2
CATEGORIES= sysutils
MASTER_SITES= http://ilya-evseev.narod.ru/posix/logrider/
EXTRACT_SUFX= .zip
MAINTAINER= francksys@free.fr
HOMEPAGE= http://ilya-evseev.narod.ru/posix/logrider/
COMMENT= Monitor system logs for alerts
LICENSE= gnu-gpl-v2
NO_CHECKSUM=yes
EXTRACT_DIR= ${WRKDIR}/${DISTNAME}
USE_LANGUAGES= # none
NO_BUILD= YES
USE_TOOLS+= bash
REPLACE_BASH= logrider.sh logtail.sh
PATCH_STRIP= -p1
SUBST_CLASSES+= config_dir
SUBST_STAGE.config_dir= post-extract
SUBST_MESSAGE.config_dir= Replacing directories
SUBST_FILES.config_dir= logrider.conf logrider.sh
SUBST_SED.config_dir= -E -e 's|CONF_DIR(:?)=/etc|CONF_DIR\1=${PKG_SYSCONFDIR}|'
SUBST_CLASSES+= conf_bin_tail
SUBST_STAGE.conf_bin_tail= post-extract
SUBST_MESSAGE.conf_bin_tail= Replacing directories
SUBST_FILES.conf_bin_tail= logrider.conf logrider.sh
SUBST_SED.conf_bin_tail= -E -e 's|LOGTAIL(:?)=/usr|LOGTAIL\1=${PREFIX}|'
BUILD_DEFS+= VARBASE
EGDIR= ${PREFIX}/share/examples/logrider
INSTALLATION_DIRS= bin ${EGDIR} ${EGDIR}/violations_ignore
OWN_DIRS= ${PKG_SYSCONFDIR}/logrider ${PKG_SYSCONFDIR}/logrider/violations_ignore ${VARBASE}/lib/logrider
CONF_FILES= ${EGDIR}/logrider.conf ${PKG_SYSCONFDIR}/logrider/logrider.conf
CONF_FILES+= ${EGDIR}/hacking ${PKG_SYSCONFDIR}/logrider/hacking
CONF_FILES+= ${EGDIR}/ignore ${PKG_SYSCONFDIR}/logrider/ignore
CONF_FILES+= ${EGDIR}/violations ${PKG_SYSCONFDIR}/logrider/violations
CONF_FILES+= ${EGDIR}/violations_ignore/cvspserver ${PKG_SYSCONFDIR}/logrider/violations_ignore/cvspserver
CONF_FILES+= ${EGDIR}/violations_ignore/ftp ${PKG_SYSCONFDIR}/logrider/violations_ignore/ftp
CONF_FILES+= ${EGDIR}/violations_ignore/misc ${PKG_SYSCONFDIR}/logrider/violations_ignore/misc
CONF_FILES+= ${EGDIR}/violations_ignore/nsfbackup ${PKG_SYSCONFDIR}/logrider/violations_ignore/nsfbackup
CONF_FILES+= ${EGDIR}/violations_ignore/postfix ${PKG_SYSCONFDIR}/logrider/violations_ignore/postfix
CONF_FILES+= ${EGDIR}/violations_ignore/drweb-postfix ${PKG_SYSCONFDIR}/logrider/violations_ignore/drweb-postfix
CONF_FILES+= ${EGDIR}/violations_ignore/microbackup ${PKG_SYSCONFDIR}/logrider/violations_ignore/microbackup
CONF_FILES+= ${EGDIR}/violations_ignore/named ${PKG_SYSCONFDIR}/logrider/violations_ignore/named
CONF_FILES+= ${EGDIR}/violations_ignore/pam ${PKG_SYSCONFDIR}/logrider/violations_ignore/pam
CONF_FILES+= ${EGDIR}/violations_ignore/sshd ${PKG_SYSCONFDIR}/logrider/violations_ignore/sshd
V_IGNORE= ${WRKSRC}/violations_ignore
do-install:
${INSTALL_SCRIPT} ${WRKSRC}/logtail.sh ${DESTDIR}${PREFIX}/bin
${INSTALL_SCRIPT} ${WRKSRC}/logrider.sh ${DESTDIR}${PREFIX}/bin
${INSTALL_DATA} ${WRKSRC}/ignore ${DESTDIR}${EGDIR}
${INSTALL_DATA} ${WRKSRC}/logrider.conf ${DESTDIR}${EGDIR}
${INSTALL_DATA} ${WRKSRC}/hacking ${DESTDIR}${EGDIR}
${INSTALL_DATA} ${WRKSRC}/violations ${DESTDIR}${EGDIR}
cd ${V_IGNORE} && for example in *; do \
${INSTALL_DATA} "$${example}" ${DESTDIR}${EGDIR}/violations_ignore; \
done
.include "../../mk/bsd.pkg.mk"
@comment $NetBSD: PLIST,v 1.1 2013/05/07 08:49:28 wiz Exp $
bin/logrider.sh
bin/logtail.sh
share/examples/logrider/ignore
share/examples/logrider/hacking
share/examples/logrider/violations
share/examples/logrider/logrider.conf
share/examples/logrider/violations_ignore/cvspserver
share/examples/logrider/violations_ignore/drweb-postfix
share/examples/logrider/violations_ignore/ftp
share/examples/logrider/violations_ignore/microbackup
share/examples/logrider/violations_ignore/misc
share/examples/logrider/violations_ignore/named
share/examples/logrider/violations_ignore/nsfbackup
share/examples/logrider/violations_ignore/pam
share/examples/logrider/violations_ignore/postfix
share/examples/logrider/violations_ignore/sshd
$NetBSD: distinfo,v 1.1 2013/05/07 08:49:28 wiz Exp $
SHA1 (logrider-0.2.zip) = d23c030d29f5776a8897a393cb4f61f37cde128d
RMD160 (logrider-0.2.zip) = 5f63fea34cf322b28f30eb291f6409178f489f4a
Size (logrider-0.2.zip) = 12242 bytes
SHA1 (patch-logtail.sh) = cdf37c97607654124b8bdd341606e25e47444e0e
$NetBSD: patch-logtail.sh,v 1.1 2013/05/07 08:49:28 wiz Exp $
# Replace stat arguments with NetBSD ones
--- work/logtail.sh.orig 2003-04-14 00:56:00.000000000 +0000
+++ work/logtail.sh 2013-05-05 07:23:46.000000000 +0000
@@ -29,9 +29,9 @@
[ -z "$SAVED_INODE" ] && SAVED_INODE=0
[ -z "$SAVED_POS" ] && SAVED_POS=0
- set abc `stat -lt $LOGFILE`
- ACTUAL_LOGSIZE=$3
- ACTUAL_INODE=$9
+ set abc `stat -f "%z %i" $LOGFILE`
+ ACTUAL_LOGSIZE=$2
+ ACTUAL_INODE=$3
$doit : $2, logsize=$ACTUAL_LOGSIZE, inode=$ACTUAL_INODE
[ -z "$ACTUAL_LOGSIZE" ] && ACTUAL_LOGSIZE=0