#!/bin/ksh #ident "@(#)mlogmailer 1.4 97/05/20 PCB" /* SVr5.0 1.6 */ # mlogmailer (c) 1997 Peter Beckman # All Rights Released to the world # THIS IS PUBLISHED PROPRIETARY SOURCE CODE OF Purple Cow Industries # The copyright notice above does not evidence any # actual copyright on this code. It just looks cool. # # The Multiple Log Mailer # written by Peter Beckman # # usage: mlogmailer [ debug ] # # This command is used to send mail to the administrators of a # remote machine containing system logs for monitoring/security # purposes. It was written with the intent that it would run # nightly as a cron job. Here is the line I added to my crontab: # # 30 1 * * * /usr/local/sbin/mlogmailer # # This works for: # Solaris 2.5.1 # Type A: # /var/log/syslog # /var/adm/messages # /var/adm/idled.log (see www.darkwing.com/idled) # /var/adm/vold.log # # Type B: # /var/adm/sulog ################### ## User Settings ## ################### # log files -- Seperate with a space # Log Type A: i.e. May 24 # Log Type B: i.e. 05/24 # NOTE TYPE B: This uses the 05/08 method, so it will not grab stuff with # a pretty date like 5/8. LOGS_A="/var/log/syslog /var/log/syslog.0 /var/adm/messages /var/adm/vold.log /var/log/idled.log" LOGS_B="/var/adm/sulog" # If the log is syslog, do you want the named messages? 0=no, 1=yes SENDMAIL=0 # The temp file (default /tmp/mlogmailer.$$ - $$ = pid) TMP=/tmp/mlogmailer.$$ A_DATE="/usr/local/sbin/.a-yesterday" B_DATE="/usr/local/sbin/.b-yesterday" ######################################################################## ##################### DO NOT EDIT BELOW THIS LINE!!! ################### ######################################################################## #set umask umask 022 # set debug case $1 in 'debug') DEBUG=1 ;; *) DEBUG=0 ;; esac #set path PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb # Get hostname MACHINE=`hostname` DOMAIN=`grep domain /etc/resolv.conf | cut -f2 -d" "` if [ "$DOMAIN" != "" ]; then HOSTNAME="$MACHINE.$DOMAIN"; else HOSTNAME="$MACHINE"; fi # Set yesterday's date DATE_A=`/usr/bin/cat $A_DATE` DATE_B=`/usr/bin/cat $B_DATE` # Format the Mail echo "=============================================================================" >> $TMP echo "mlogmailer 1.0 (c) Peter Beckman" >> $TMP echo "Host: $HOSTNAME" >> $TMP echo "=============================================================================" >> $TMP # Grab the data from the Logs of format 'Monthname Daynum' # (i.e. May 19) for log in $LOGS_A do if [ -f $log ]; then if [ $log = "/var/log/syslog" ] || [ $log = "/var/log/syslog.0" ]; then FILESIZE=`grep "$DATE_A" $log | grep -v "named" | wc -l` else FILESIZE=`grep "$DATE_A" $log | wc -l` fi # FILESIZE=`du -a $log | cut -f1` if [ $FILESIZE -ne 0 ]; then echo "$log" >> $TMP echo "=============================================================================" >> $TMP if [ $SENDMAIL = 0 ] && [ $log = "/var/log/syslog" ] || [ $log = "/var/log/syslog.0" ]; then grep "$DATE_A" $log | grep -v "named" >> $TMP; else grep "$DATE_A" $log >> $TMP; fi echo "" >> $TMP echo "=============================================================================" >> $TMP fi fi done # Grab the data from the Logs of format MM/DD for log in $LOGS_B do if [ -f $log ]; then FILESIZE=`grep "$DATE_A" $log | wc -l` # FILESIZE=`du -a $log | cut -f1` if [ $FILESIZE -ne 0 ]; then echo "$log" >> $TMP echo "=============================================================================" >> $TMP grep "$DATE_A" $log >> $TMP echo "" >> $TMP echo "=============================================================================" >> $TMP fi fi done if [ $DEBUG -ne 1 ]; then Mail -s "$HOSTNAME: Logs for $DATE_A" root < $TMP else cat $TMP; fi rm -rf $TMP;