SyslogScan::Daemon - Watch log files
syslogscand [-f] [-c config] {start|stop|reload|restart|check} @ISA = qw(SyslogScan::Daemon); newdaemon()
SyslogScan::Daemon is a framework on which to hang log file watchers. SyslogScan::Daemon is a subclass of Daemon::Generic and uses Plugins to create the framework.
The configuration prefix for plugins for SyslogScan::Daemon is ''. Use plugin to load plugins.
plugin
SyslogScan::Daemon defines the following configuration parameters which may be given in indented lines that follow plugin SyslogScan::Daemon or anywhere in the configuration file.
plugin SyslogScan::Daemon
(default 0) Turn on debugging.
(default /etc/syslogscand.conf). The location of the configuration file for the plugins or SyslogScan::Daemon.
/etc/syslogscand.conf
Plugins for SyslogScan::Daemon should subclass SyslogScan::Daemon::Plugin. The following methods will be invoked by SyslogScan::Daemon:
Called from Plugins and %args will come from the configuration file. An object of the type of the plugin is expected as the return value. It's okay to die here.
%args
die
Called right after new() and when a reload is requested. Return value is a %hash that is then passed into postconfig(). It's okay to die here.
new()
reload
postconfig()
Called after all plugin's preconfig()s are called. No return value is expected.
preconfig()
Called after postconfig(). The return value of get_logs() is a hash: the keys are log file names and the values are lists of regular expressions to match. For example:
get_logs()
sub get_logs { return ( '/var/log/mail.log' => [ qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(bounced).*\b(?i:blacklist(ed)?|spamming|spam list|removal|remove|block list|blocked for abuse)\b}, qr{postfix/smtp\[\d+\]: \w+: to=<([^@]+@([^>]+))>, .*, status=(deferred).*Rejected: \S+ listed at http}, ], ); }
The default implementation of get_logs() checks to see if there is a $self-{plugins}> member and if there is, it re-dispatches the get_logs() call to its plugins. It keeps track of the regular expressions returned by its plugins that in matched_line(), callbacks can be redistributed to the appropriate plugin:
$self-
matched_line()
sub matched_line { my ($self, $logfile, $rx) = @_; for my $plugin (@{$self->{logs}{$logfile}{$rx}}) { my @ret = $plugin->invoke('parse_logs', $logfile, $rx); # your stuff here... } }
Called after one of the regular expressions returned by get_logs() matched a log line. The arguments are the log filename where the match was found and the regular expression that matched. Passed implicitly are the line that was matched ($_) and any of the numbered regular expression submatches ($1, $2, etc). No return value is expected.
$_
$1
$2
Called once per second or so (or however of the config file says).
The default implementation of periodic() checks to see if there is a $self-{plugins}> member and if there is calls $self-{plugins}->invoke('periodic')> to send the heartbeat down the plugin tree.
periodic()
Using Plugins::SimpleConfig to write the plugins make the job much easier.
For plugins that in turn have plugins, a helper function is provided in SyslogScan::Daemon::Plugin:
sub set_api { my ($self, $ssd_configfile, @api) = @_; my $config = $self->{configfile} || $ssd_configfile; $self->{myapi} = Plugins::API->new; $self->{myapi}->api(@api); $self->{myapi}->autoregister($self); $self->{myapi}->register(undef, parentapi => sub { return $self->{api} }); $self->{plugins} = new Plugins context => $self->{context}; $self->{plugins}->readconfig($config, self => $self); $self->{plugins}->api($self->{myapi}); $self->{myapi}->plugins($self->{plugins}); $self->{plugins}->initialize(); $self->{plugins}->invoke('preconfig', $config); }
To use it, define your preconfig() as follows:
sub preconfig { my ($self, $ssd_configfile, @api) = @_; $self->set_api($ssd_configfile, stuff for Plugins::API::api() ); ... more initialization if needed }
Plugins Plugins::Style1 Plugins::API SyslogScan::Daemon::BlacklistDetector SyslogScan::Daemon::SpamDetector
Copyright (C) 2006, David Muir Sharnoff <muir@idiom.com> This module may be used and copied on the same basis as Perl itself.
If you find this useful, please thank me by giving me a chance to bid on your next Internet transit purchase of T1 or larger. I have good prices for T1s, T3s, OC3s and such. Thank you.
To install SyslogScan::Daemon, copy and paste the appropriate command in to your terminal.
cpanm
cpanm SyslogScan::Daemon
CPAN shell
perl -MCPAN -e shell install SyslogScan::Daemon
For more information on module installation, please visit the detailed CPAN module installation guide.