Example #1
0
function ntpd_events()
{
    $unix = new unix();
    $syslog = $unix->LOCATE_SYSLOG_PATH();
    $tmpf = $unix->FILE_TEMP();
    $cmd = $unix->find_program("tail") . " -n 5000 {$syslog}|" . $unix->find_program("grep") . " ntpd >{$tmpf} 2>&1";
    writelogs_framework($cmd, __FUNCTION__, __FILE__, __LINE__);
    shell_exec($cmd);
    $results = explode("\n", @file_get_contents($tmpf));
    @unlink($tmpf);
    writelogs_framework(count($results), __FUNCTION__, __FILE__, __LINE__);
    echo "<articadatascgi>" . base64_encode(serialize($results)) . "</articadatascgi>";
}
Example #2
0
function events_cicap()
{
    $unix = new unix();
    $syslog = $unix->LOCATE_SYSLOG_PATH();
    $grep = $unix->find_program("grep");
    $tail = $unix->find_program("tail");
    $cmd = "{$grep} -i \"c-icap:\" {$syslog} 2>&1|{$tail} -n 500 >/usr/share/artica-postfix/ressources/logs/web/cicap.events 2>&1";
    shell_exec("{$cmd}");
    writelogs_framework("{$cmd} = " . count($results) . " rows", __FUNCTION__, __FILE__, __LINE__);
}
function ExportDrop()
{
    if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
        if ($GLOBALS["VERBOSE"]) {
            echo "EnablePostfixAutoBlock={$GLOBALS["EnablePostfixAutoBlock"]}, aborting..\n";
        }
        return;
    }
    $pidpath = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    $pid = @file_get_contents($pidpath);
    $unix = new unix();
    if ($unix->process_exists($pid)) {
        if ($GLOBALS["VERBOSE"]) {
            echo "Already executed {$pid}\n";
        }
        return;
    }
    @file_put_contents($pidpath, getmypid());
    $grep = $unix->find_program("grep");
    $tail = $unix->find_program("tail");
    $syslog = $unix->LOCATE_SYSLOG_PATH();
    $NICE = $unix->EXEC_NICE();
    $syslogSize = $unix->file_size($syslog);
    if ($syslogSize > 512000000) {
        include_once dirname(__FILE__) . "/ressources/class.templates.inc";
        $unix->send_email_events("{$syslog} too big (" . str_replace("&nbsp;", " ", FormatBytes($syslogSize / 1024)) . "...", __FUNCTION__ . " is aborted from script " . basename(__FILE__), "system");
        return;
    }
    $cmd = "{$NICE}{$grep} -E \"kernel.*?SMTP DROP\" {$syslog} |{$tail} -n 2000 >/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    @chmod("/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log", 0777);
}
Example #4
0
function ExportDrop()
{
    if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
        if ($GLOBALS["VERBOSE"]) {
            echo "EnablePostfixAutoBlock={$GLOBALS["EnablePostfixAutoBlock"]}, aborting..\n";
        }
        return;
    }
    $pidpath = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    $oldpid = @file_get_contents($pidpath);
    $unix = new unix();
    if ($unix->process_exists($oldpid)) {
        if ($GLOBALS["VERBOSE"]) {
            echo "Already executed {$oldpid}\n";
        }
        return;
    }
    @file_put_contents($pidpath, getmypid());
    $grep = $unix->find_program("grep");
    $tail = $unix->find_program("tail");
    $syslog = $unix->LOCATE_SYSLOG_PATH();
    $cmd = "{$grep} -E \"kernel.*?SMTP DROP\" {$syslog} |{$tail} -n 2000 >/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    @chmod("/usr/share/artica-postfix/ressources/logs/iptables-smtp-drop.log", 0777);
}
Example #5
0
function stop_tail_instances()
{
    $unix = new unix();
    $tail = $unix->find_program("tail");
    $syslog = $unix->LOCATE_SYSLOG_PATH();
    $kill = $unix->find_program("kill");
    $prefix = "{$tail} -f -n 0 {$syslog}";
    $pid = $unix->PIDOF_PATTERN($prefix);
    if (!$unix->process_exists($pid)) {
        return;
    }
    for ($i = 0; $i < 15; $i++) {
        $pid = $unix->PIDOF_PATTERN($prefix);
        if (!$unix->process_exists($pid)) {
            return;
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Stopping......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} killing {$pid} tail instance\n";
        }
        unix_system_kill_force($pid);
    }
}
function checksyslog()
{
    $unix = new unix();
    $syslogpath = $unix->LOCATE_SYSLOG_PATH();
    $size = @filesize($syslogpath);
    echo "Size:{$size}\n";
    if ($size == 0) {
        $unix->RESTART_SYSLOG(true);
    }
}
Example #7
0
function events()
{
    $unix = new unix();
    $syslog = $unix->LOCATE_SYSLOG_PATH();
}