function ntpd_events()
{
$unix = new unix();
$syslog = $unix->LOCATE_SYSLOG_PATH();
$tmpf = $unix->FILE_TEMP();
$cmd = $unix->find_program("tail") . " -n 5000 {$syslog}|" . $unix->find_program("grep") . " ntpd >{$tmpf} 2>&1";
writelogs_framework($cmd, __FUNCTION__, __FILE__, __LINE__);
shell_exec($cmd);
$results = explode("\n", @file_get_contents($tmpf));
@unlink($tmpf);
writelogs_framework(count($results), __FUNCTION__, __FILE__, __LINE__);
echo "<articadatascgi>" . base64_encode(serialize($results)) . "</articadatascgi>";
}
function events_cicap()
{
$unix = new unix();
$syslog = $unix->LOCATE_SYSLOG_PATH();
$grep = $unix->find_program("grep");
$tail = $unix->find_program("tail");
$cmd = "{$grep} -i \"c-icap:\" {$syslog} 2>&1|{$tail} -n 500 >/usr/share/artica-postfix/ressources/logs/web/cicap.events 2>&1";
shell_exec("{$cmd}");
writelogs_framework("{$cmd} = " . count($results) . " rows", __FUNCTION__, __FILE__, __LINE__);
}
function ExportDrop()
{
if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
if ($GLOBALS["VERBOSE"]) {
echo "EnablePostfixAutoBlock={$GLOBALS["EnablePostfixAutoBlock"]}, aborting..\n";
}
return;
}
$pidpath = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidpath);
$unix = new unix();
if ($unix->process_exists($pid)) {
if ($GLOBALS["VERBOSE"]) {
echo "Already executed {$pid}\n";
}
return;
}
@file_put_contents($pidpath, getmypid());
$grep = $unix->find_program("grep");
$tail = $unix->find_program("tail");
$syslog = $unix->LOCATE_SYSLOG_PATH();
$NICE = $unix->EXEC_NICE();
$syslogSize = $unix->file_size($syslog);
if ($syslogSize > 512000000) {
include_once dirname(__FILE__) . "/ressources/class.templates.inc";
$unix->send_email_events("{$syslog} too big (" . str_replace(" ", " ", FormatBytes($syslogSize / 1024)) . "...", __FUNCTION__ . " is aborted from script " . basename(__FILE__), "system");
return;
}
$cmd = "{$NICE}{$grep} -E \"kernel.*?SMTP DROP\" {$syslog} |{$tail} -n 2000 >/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
@chmod("/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log", 0777);
}
function ExportDrop()
{
if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
if ($GLOBALS["VERBOSE"]) {
echo "EnablePostfixAutoBlock={$GLOBALS["EnablePostfixAutoBlock"]}, aborting..\n";
}
return;
}
$pidpath = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$oldpid = @file_get_contents($pidpath);
$unix = new unix();
if ($unix->process_exists($oldpid)) {
if ($GLOBALS["VERBOSE"]) {
echo "Already executed {$oldpid}\n";
}
return;
}
@file_put_contents($pidpath, getmypid());
$grep = $unix->find_program("grep");
$tail = $unix->find_program("tail");
$syslog = $unix->LOCATE_SYSLOG_PATH();
$cmd = "{$grep} -E \"kernel.*?SMTP DROP\" {$syslog} |{$tail} -n 2000 >/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
@chmod("/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log", 0777);
}
function stop_tail_instances()
{
$unix = new unix();
$tail = $unix->find_program("tail");
$syslog = $unix->LOCATE_SYSLOG_PATH();
$kill = $unix->find_program("kill");
$prefix = "{$tail} -f -n 0 {$syslog}";
$pid = $unix->PIDOF_PATTERN($prefix);
if (!$unix->process_exists($pid)) {
return;
}
for ($i = 0; $i < 15; $i++) {
$pid = $unix->PIDOF_PATTERN($prefix);
if (!$unix->process_exists($pid)) {
return;
}
if ($GLOBALS["OUTPUT"]) {
echo "Stopping......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} killing {$pid} tail instance\n";
}
unix_system_kill_force($pid);
}
}
function checksyslog()
{
$unix = new unix();
$syslogpath = $unix->LOCATE_SYSLOG_PATH();
$size = @filesize($syslogpath);
echo "Size:{$size}\n";
if ($size == 0) {
$unix->RESTART_SYSLOG(true);
}
}
function events()
{
$unix = new unix();
$syslog = $unix->LOCATE_SYSLOG_PATH();
}