function Parseline($buffer)
{
$buffer = trim($buffer);
if ($buffer == null) {
return null;
}
if (strpos($buffer, "init urllist") > 0) {
return;
}
if (strpos($buffer, "init expressionlist") > 0) {
return;
}
if (strpos($buffer, "init domainlist") > 0) {
return;
}
if (preg_match('#INFO: loading dbfile (.+)#', $buffer, $re)) {
events("LOADING {$re['1']}");
$GLOBALS[__FILE__]["DBFILE"] = trim($re[1]);
return null;
}
if (preg_match("#FATAL: Error db_open: Unknown error#", $buffer, $re)) {
events("ERROR ON {$GLOBALS[__FILE__]["DBFILE"]} : {$buffer}");
if (basename($GLOBALS[__FILE__]["DBFILE"]) == "urls.db") {
events("urls.db -> create " . dirname($GLOBALS[__FILE__]["DBFILE"]) . "/urls it and recompile it");
@file_put_contents(dirname($GLOBALS[__FILE__]["DBFILE"]) . "/urls", "www." . md5(time()) . ".bv");
}
$file = "/etc/artica-postfix/croned.1/squidguard." . md5($GLOBALS[__FILE__]["DBFILE"]) . ".error";
if (IfFileTime($file)) {
$cmd = LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.squidguard.php --compile-single \"{$GLOBALS[__FILE__]["DBFILE"]}\" &";
events("{$cmd}");
shell_exec($cmd);
WriteFileCache($file);
}
return null;
}
if (preg_match("#\\]\\s+(.+?):\\s+Cannot allocate memory#", $buffer, $re)) {
events("ERROR ON {$re[1]} : Cannot allocate memory -> create it");
@file_put_contents($re[1], "www." . md5(time()) . ".bv");
shell_exec("squid -k reconfigure");
return null;
}
if (preg_match("#\\]\\s+(.+?):\\s+No such file or directory#", $buffer, $re)) {
events("ERROR ON {$re[1]} : No such file or directory -> create it");
@file_put_contents($re[1], "www.nodomain.bv");
shell_exec("squid -k reconfigure");
return null;
}
if (strpos($buffer, "ERROR: Going into emergency mode") > 0) {
events("ERROR: Going into emergency mode");
send_email_events("squidguard: squidguard turn to emergency mode", "SquidGuard claim\n{$buffer}\nPlease contact your support to fix this problem\ncurrently, no filtering urls will be enabled", "proxy");
return;
}
events("Not filtered: {$buffer}");
}
function Parseline($buffer){
$buffer=trim($buffer);
if($buffer==null){return null;}
if(strpos($buffer,"init urllist")>0){return ;}
if(strpos($buffer,"init expressionlist")>0){return ;}
if(strpos($buffer,"init domainlist")>0){return ;}
if(preg_match('#INFO: loading dbfile (.+)#',$buffer,$re)){
events("LOADING $re[1]");
$GLOBALS[__FILE__]["DBFILE"]=trim($re[1]);
return null;
}
if(preg_match("#FATAL: Error db_open: Unknown error#",$buffer,$re)){
events("ERROR ON {$GLOBALS[__FILE__]["DBFILE"]}");
$file="/etc/artica-postfix/croned.1/squidguard.". md5($GLOBALS[__FILE__]["DBFILE"]).".error";
if(IfFileTime($file)){
shell_exec(LOCATE_PHP5_BIN2()." /usr/share/artica-postfix/exec.squidguard.php --compile-single \"{$GLOBALS[__FILE__]["DBFILE"]}\" &");
WriteFileCache($file);
}
return null;
}
if(strpos($buffer,"ERROR: Going into emergency mode")>0){
events("ERROR: Going into emergency mode");
send_email_events("squidguard: squidguard turn to emergency mode","SquidGuard claim\n$buffer\nPlease contact your support to fix this problem\ncurrently, no filtering urls will be enabled","proxy");
return ;
}
events("Not filtered: $buffer");
}
function nss_parser($buffer){
if(preg_match('#nss_wins.+?failed to bind to server\s+(.+?)\s+with\s+dn="(.+?)"\s+Error:\s+Invalid credentials#',$buffer,$re)){
$file="/etc/artica-postfix/croned.1/nss_parser.Invalidcredentials.error";
events("nss_wins:: Invalid credentials");
if(IfFileTime($file)){
email_events("System error NSS cannot bind to {$re[1]}: Invalid credentials","NSS Wins claim \"$buffer\"",'system');
}
WriteFileCache($file);
return;
}
events_not_filtered("nss_wins:: Not Filtered:\"$buffer\"");
}
function haarp_remove()
{
if ($GLOBALS["HAARP_FATAL"] < 5) {
squid_admin_mysql(0, "Haarp Fatal: {$GLOBALS["HAARP_FATAL"]}/5 waiting 5 times..", "after 5 times, the service will be disabled\n", __FILE__, __LINE__);
return false;
}
$file = "/etc/artica-postfix/croned.1/haarp.haarp_remove";
if ($GLOBALS["HAARP_FATAL"] < 8) {
if (IfFileTime($file, 5)) {
return;
}
}
squid_admin_mysql(0, "Haarp Fatal: Too many errors on this service, disable it", "Too many errors as been detected on StreamCache system.\nArtica will disable this service in order to continue production\n", __FILE__, __LINE__);
$GLOBALS["CLASS_SOCKET"]->SET_INFO("EnableHaarp", "0");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.php --build --force >/dev/null 2>&1 &");
$GLOBALS["HAARP_FATAL"] = 0;
WriteFileCache($file);
}
function Parseline($buffer)
{
$buffer = trim($buffer);
if (preg_match("#artica-filter#", $buffer)) {
return true;
}
if (preg_match("#postfix\\/#", $buffer)) {
return true;
}
if (preg_match("#CRON\\[#", $buffer)) {
return true;
}
if (preg_match("#: CACHEMGR:#", $buffer)) {
return true;
}
if (preg_match("#exec\\.postfix-logger\\.php:#", $buffer)) {
return true;
}
if (preg_match("#artica-install\\[#", $buffer)) {
return true;
}
if (preg_match("#monitor action done#", $buffer)) {
return true;
}
if (preg_match("#monitor service.+?on user request#", $buffer)) {
return true;
}
if (preg_match("#CRON\\[.+?\\(root\\).+CMD#", $buffer)) {
return true;
}
if (preg_match("#winbindd\\[.+?winbindd_listen_fde_handler#", $buffer)) {
return true;
}
if (preg_match('#smbd\\[.+Ignoring unknown parameter\\s+"hide_unwriteable_files"#', $buffer, $re)) {
events("SAMBA unknown parameter hide_unwriteable_files");
$file = "/etc/artica-postfix/croned.1/hide_unwriteable_files";
if (IfFileTime($file)) {
email_events("Samba unknown parameter hide_unwriteable_files", "Samba claim \"{$buffer}\" Artica will correct the configuration file", 'system');
shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.php --fix-HideUnwriteableFiles &");
@file_put_contents($file, "#");
}
return true;
}
if (preg_match('#load_usershare_shares: directory\\s+(.+?)\\s+is not owned by root or does not have the sticky bit#', $buffer, $re)) {
events("SAMBA load_usershare_shares {$re[1]}");
$file = "/etc/artica-postfix/croned.1/load_usershare_shares";
if (IfFileTime($file)) {
email_events("Samba load_usershare_shares permissions issues", "Samba claim \"{$buffer}\" Artica will correct the filesystem directory", 'system');
shell_exec("chmod 1775 {$re['1']}/ &");
shell_exec("chmod chmod +t {$re['1']}/ &");
@file_put_contents($file, "#");
}
return true;
}
if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)TROUBLE\\s+in child_init_hook:#", $buffer, $re)) {
events("AMAVIS TROUBLE in child_init_hook");
$file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook");
if (IfFileTime($file)) {
email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix');
shell_exec('/etc/init.d/artica-postfix restart amavis &');
@file_put_contents($file, "#");
}
return true;
}
if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)_DIE:\\s+Suicide in child_init_hook#", $buffer, $re)) {
events("AMAVIS TROUBLE in child_init_hook");
$file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook");
if (IfFileTime($file)) {
email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix');
shell_exec('/etc/init.d/artica-postfix restart amavis &');
@file_put_contents($file, "#");
}
return true;
}
if (preg_match("#smbd_audit:\\s+(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\$#", $buffer, $re)) {
events("{$re[5]}/{$re[8]} in xapian queue");
WriteXapian("{$re[5]}/{$re[8]}");
return true;
}
if (preg_match("#squid\\[.+?comm_old_accept:\\s+FD\\s+15:.+?Invalid argument#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/comm_old_accept.FD15";
if (IfFileTime($file)) {
events("comm_old_accept FD15 SQUID");
email_events("Squid File System error", "SQUID claim \"{$buffer}\" the squid service will be restarted", 'system');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart squid-cache');
WriteFileCache($file);
return;
} else {
events("comm_old_accept FD15 SQUID");
return;
}
}
if (preg_match("#dansguardian.+?:\\s+Error connecting to proxy#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/squid.tostart.error";
if (IfFileTime($file, 2)) {
events("Squid not available...! Artica will start squid");
email_events("Proxy error", "DansGuardian claim \"{$buffer}\", Artica will start squid ", 'system');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart squid-cache');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix start dansguardian');
WriteFileCache($file);
return;
} else {
events("Proxy error, but take action after 10mn");
return;
}
}
if (preg_match("#zarafa-server.+?INNODB engine is disabled#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/zarafa.INNODB.engine";
if (IfFileTime($file, 2)) {
events("Zarafa innodb errr");
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart mysql');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart zarafa');
WriteFileCache($file);
return;
} else {
events("Zarafa innodb err, but take action after 10mn");
return;
}
}
if (preg_match("#(.+?)\\[.+?segfault at.+?error.+?in.+?\\[#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/segfault.{$re[1]}";
if (IfFileTime($file, 10)) {
events("{$re[1]}: segfault");
email_events("{$re[1]}: segfault", "Kernel claim \"{$buffer}\" ", 'system');
WriteFileCache($file);
return;
}
}
if (preg_match("#kernel:.+?Out of memory:\\s+kill\\s+process\\s+#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kernel.Out.of.memory";
if (IfFileTime($file, 1)) {
events("Out of memory -> REBOOT !!!");
email_events("Out of memory ! server will be rebooted", "Kernel claim \"{$buffer}\" the server will be rebooted", 'system');
WriteFileCache($file);
shell_exec("/etc/init.d/artica-postfix stop");
shell_exec("reboot");
return;
}
}
if (preg_match("#winbindd\\[.+?failed to bind to server\\s+(.+?)\\s+with dn.+?Error: Can.+?contact LDAP server#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/winbindd.ldap.failed";
if (IfFileTime($file, 10)) {
events("winbindd -> LDAP FAIELD");
email_events("LDAP server is unavailable", "Samba claim \"{$buffer}\" artica will try to restart LDAP server ", 'system');
WriteFileCache($file);
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart ldap');
return;
}
}
if (preg_match("#winbindd\\[.+?resolve_name: unknown name switch type lmhost#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/winbindd.lmhost.failed";
if (IfFileTime($file, 10)) {
events("winbindd -> lmhost failed");
WriteFileCache($file);
THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-lmhost");
return;
}
}
if (preg_match("#nmbd\\[.+?become_logon_server_success: Samba is now a logon server for workgroup (.+?)\\s+on subnet\\s+([A-Z0-9\\._-]+)#", $buffer, $re)) {
email_events("Samba (file sharing) started domain {$re[1]}/{$re[2]}", "Samba notice: \"{$buffer}\"", 'system');
return;
}
if (preg_match("#zarafa-server.+?Unable to connect to database.+?MySQL server on.+?([0-9\\.]+)#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/zarafa.MYSQL.CONNECT";
if (IfFileTime($file, 2)) {
events("Zarafa Mysql Error errr");
email_events("MailBox server unable connect to database", "Zarafa server claim \"{$buffer}\" ", 'mailbox');
WriteFileCache($file);
return;
} else {
events("MailBox server unable connect to database but take action after 10mn");
return;
}
}
if (preg_match("#winbindd:\\s+Exceeding\\s+[0-9]+\\s+client\\s+connections.+?no idle connection found#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/Winbindd.connect.error";
if (IfFileTime($file, 2)) {
events("winbindd Error connections");
email_events("Winbindd exceeding connections", "Samba server claim \"{$buffer}\" \nArtica will restart samba", 'system');
shell_exec('/etc/init.d/artica-postfix restart samba &');
WriteFileCache($file);
return;
} else {
events("Winbindd exceeding connections take action after 10mn");
return;
}
}
// -------------------------------------------------------------------- MONIT
if (preg_match("#'(.+?)'\\s+total mem amount of\\s+([0-9]+).+?matches resource limit#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/mem.{$re[1]}.monit";
if (IfFileTime($file, 15)) {
events("{$re[1]} limit memory exceed");
email_events("{$re[1]}: memory limit", "Monitor claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("{$re[1]} limit memory exceed, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?'(.+?)'\\s+trying to restart#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit";
if (IfFileTime($file, 5)) {
events("{$re[1]} was restarted");
email_events("{$re[1]}: stopped, try to restart", "Monitor claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("{$re[1]}: stopped, try to restart, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?'(.+?)'\\s+process is not running#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit";
if (IfFileTime($file, 5)) {
events("{$re[1]} was stopped");
email_events("{$re[1]}: stopped", "Monitor claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("{$re[1]}: stopped, but take action after 10mn");
return;
}
}
if (preg_match("#pdns\\[.+?:\\s+binding UDP socket to.+?Address already in use#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.pdns.bind.error";
if (IfFileTime($file, 5)) {
events("PowerDNS: Unable to bind UDP socket");
email_events("PowerDNS: Unable to bind UDP socket", "Artica will restart PowerDNS", 'system');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart pdns');
WriteFileCache($file);
return;
} else {
events("PowerDNS: Unable to bind UDP socket: but take action after 10mn");
return;
}
}
if (preg_match("#cpu system usage of ([0-9\\.]+)% matches#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cpu.system.monit";
if (IfFileTime($file, 15)) {
events("cpu exceed");
email_events("cpu warning {$re[1]}%", "Monitor claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("cpu exceed, but take action after 10mn");
return;
}
}
if (preg_match("#monit.+?'(.+)'\\s+start:#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/monit.start.{$re[1]}";
if (IfFileTime($file, 5)) {
events("{$re[1]} start");
email_events("{$re[1]} starting", "Monitor currently starting service {$re[1]}", 'system');
WriteFileCache($file);
return;
} else {
events("{$re[1]} start, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?:\\s+'(.+?)'\\s+process is running with pid\\s+([0-9]+)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/monit.run.{$re[1]}";
if (IfFileTime($file, 5)) {
events("{$re[1]} running");
email_events("{$re[1]} now running pid {$re[2]}", "Monitor report {$buffer}", 'system');
WriteFileCache($file);
return;
} else {
events("{$re[1]} running, but take action after 10mn");
return;
}
}
if (preg_match("#nmbd.+?:\\s+Cannot sync browser lists#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba.CannotSyncBrowserLists.error";
if (IfFileTime($file)) {
events("Samba cannot sync browser list, remove /var/lib/samba/wins.dat");
@unlink("/var/lib/samba/wins.dat");
WriteFileCache($file);
} else {
events("Samba error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#freshclam.+?:\\s+Database updated \\(([0-9]+)\\s+signatures\\) from .+?#", $buffer, $re)) {
email_events("ClamAV Database Updated {$re[1]} signatures", "{$buffer}", 'update');
return;
}
if (preg_match("#squid.+?:\\s+essential ICAP service is down after an options fetch failure:\\s+icap:\\/\\/:1344\\/av\\/respmod#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/squid.icap1.error";
if (IfFileTime($file)) {
email_events("Kaspersky for Squid Down", "{$buffer}", 'system');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix start kav4proxy');
THREAD_COMMAND_SET('squid -k reconfigure');
WriteFileCache($file);
return;
} else {
events("KAV4PROXY error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#KASERROR.+?NOLOGID.+?Can.+?find user mailflt3#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/KASERROR.NOLOGID.mailflt3";
if (IfFileTime($file)) {
THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --mailflt3');
WriteFileCache($file);
return;
} else {
events("KASERROR error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#lmtp.+?status=deferred.+?lmtp\\]:.+?(No such file or directory|Too many levels of symbolic links)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cyrus.lmtp.failed";
if (IfFileTime($file)) {
email_events("cyrus-imapd socket error", "Postfix claim \"{$buffer}\", Artica will restart cyrus", 'system');
THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --cyrus-checkconfig');
THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart imap');
THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.postfix.main.cf.php --imap-sockets");
cyrus_socket_error($buffer, $re[1] . "lmtp");
WriteFileCache($file);
return;
} else {
events("CYRUS error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#dhcpd: DHCPREQUEST for (.+?)\\s+from\\s+(.+?)\\s+\\((.+?)\\)\\s+via#", $buffer, $re)) {
events("DHCPD: IP:{$re[1]} MAC:({$re[2]}) computer name={$re[3]}-> exec.dhcpd-leases.php");
THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.dhcpd-leases.php --single-computer {$re[1]} {$re[2]} {$re[3]}");
return;
}
if (preg_match("#rsyncd\\[.+?:\\s+recv.+?\\[(.+?)\\].+?([0-9]+)\$#", $buffer, $re)) {
$file = md5($buffer);
@mkdir('/var/log/artica-postfix/rsync', null, true);
$f["IP"] = $re[1];
$f["DATE"] = date('Y-m-d H:00:00');
$f["SIZE"] = $re[2];
@file_put_contents("/var/log/artica-postfix/rsync/{$file}", serialize($f));
}
if (preg_match("#kavmilter.+?Can.+?t load keys: No active key#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.key.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail license error", "KavMilter claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmd.+?Can.+?t load keys:.+?#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmd.key.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail license error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmd.+?ERROR Engine problem#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmd.engine.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail Engine error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail Engine error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?WARNING.+?Your AV signatures are older than#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.upd.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail AV signatures are older", "KavMilter claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus update license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#dansguardian.+?Error compiling regexp#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/dansguardian.compiling.regexp";
if (IfFileTime($file)) {
email_events("Dansguardian failed to start", "Dansguardian claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Dansguardian failed to start:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?Invalid value specified for SendmailPath#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.SendmailPath.Invalid";
if (IfFileTime($file)) {
events("Check SendmailPath for kavmilter");
THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --SendmailPath");
WriteFileCache($file);
return;
} else {
events("Check SendmailPath for kavmilter:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#KAVMilter Error.+?Group.+?Default.+?has error#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.Default.error";
if (IfFileTime($file)) {
events("Check Group default for kavmilter");
THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --default-group");
WriteFileCache($file);
return;
} else {
events("Check Group default for kavmilter:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?Message INFECTED from (.+?)\\(remote:\\[(.+?)\\).+?with\\s+(.+?)\$#", $buffer, $re)) {
events("KAVMILTER INFECTION <{$re[1]}> {$re[2]}");
infected_queue("kavmilter", trim($re[1]), trim($re[2]), trim($re[3]));
return;
}
if (preg_match("#pdns\\[.+?\\[LdapBackend.+?Ldap connection to server failed#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/pdns.ldap.error";
if (IfFileTime($file)) {
events("PDNS LDAP FAILED");
email_events("PowerDNS ldap connection failed", "PowerDNS claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("PDNS FAILED:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#master.+?cannot find executable for service.+?sieve#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cyrus.sieve.error";
if (IfFileTime($file)) {
events("Check sieve path");
THREAD_COMMAND_SET("/usr/share/artica-postfix/bin/artica-install --reconfigure-cyrus");
WriteFileCache($file);
return;
} else {
events("Check sieve path error :{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#smbd\\[.+?write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba.Error.Connection.reset.by.peer.error";
if (IfFileTime($file)) {
events("Check sieve Error Connection reset by peer");
$text[] = "Your MS Windows computers should not have access to the server cause network generic errors";
$text[] = "- Check these parameters:";
$text[] = "- Check if Apparmor or SeLinux are disabled on the server.";
$text[] = "- Check your hard drives by this command-line: hdparm -tT /dev/sda(0-9)";
$text[] = "- Check that 137|138|139|445 ports is open from workstation to this server";
$text[] = "- Check network switch or hub connection between this server and your workstations.";
$text[] = "- Try to add this registry key [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Disk]\n\t\"TimeOutValue\"=dword:0000003c";
email_events("Samba network error", "Samba claim \"{$buffer}\"\n" . implode("\n", $text), 'system');
WriteFileCache($file);
return;
} else {
events("Check sieve Error Connection reset by peer :{$buffer}, but take action after 10mn");
return;
}
}
events("Not Filtered:\"{$buffer}\"");
}
