PageRenderTime 61ms CodeModel.GetById 33ms RepoModel.GetById 0ms app.codeStats 0ms

/syslog2loggly.pl

https://github.com/xme/syslog2loggly
Perl | 209 lines | 159 code | 18 blank | 32 comment | 30 complexity | ace521de8813f25c4b80e94628bb545f MD5 | raw file
    

  1. #!/usr/bin/perl
    2. 

  2. #
    3. 

  3. # syslog2loggly.pl
    4. 

  4. # Forward received syslog events to a Loggly Input using HTTPS
    5. 

  5. #
    6. 

  6. # Usage: syslog2loggly.pl [-D] [-h] [-p port] [-v] [-f keyfile]
    7. 

  7. #
    8. 

  8. # Default configuration file: /etc/syslog2loggly.cong
    9. 

  9. #   apikey=xxxxx
    10. 

  10. #   port=xxxxx
    11. 

  11. #
    12. 

  12. # Original script: http://wiki.nil.com/Syslog_Server_in_Perl
    13. 

  13. #
    14. 

  14. # Note: 
    15. 

  15. # LWP will support https URLs if the Crypt::SSLeay module is installed.
    16. 

  16. #
    17. 

  17. 

  18. use strict;
    19. 

  19. use Getopt::Std;
    20. 

  20. use HTTP::Request::Common qw(POST);
    21. 

  21. use LWP::UserAgent;
    22. 

  22. use Net::SSLGlue;
    23. 

  23. use IO::Socket;
    24. 

  24. use POSIX qw(setsid);
    25. 

  25. 

  26. # We don't care about ended child (to avoid zombies)
    27. 

  27. $SIG{CHLD} = "IGNORE";
    28. 

  28. 

  29. # Variables and Constants
    30. 

  30. my $MAXLEN  = 1524;
    31. 

  31. my @facilities = ("kernel", "user", "mail", "daemon", "auth", "syslog", "lpr",
    32. 

  32.                   "news", "uucp", "cron", "authpriv", "ftp", "local0", "local1",
    33. 

  33.                   "local2", "local3", "local4", "local5", "local6", "local7");
    34. 

  34. my @severities = ("emergency", "alert", "critical", "error", "warning", "notice",
    35. 

  35.                   "info", "debug");
    36. 

  36. 

  37. my $buf;
    38. 

  38. my $pid;
    39. 

  39. my $rin     = '';
    40. 

  40. my $daemon  = 0;
    41. 

  41. my $verbose = 0;
    42. 

  42. my $port    = 5140;
    43. 

  43. my $apikey  = '';
    44. 

  44. my $config  = "/etc/syslog2loggly.conf";
    45. 

  45. my %opt     = ();
    46. 

  46. 

  47. # Process arguments
    48. 

  48. getopts('Dhvp:f:', \%opt);
    49. 

  49. if (defined($opt{D})) { $daemon++; }
    50. 

  50. if (defined($opt{h})) { usage(); }
    51. 

  51. if (defined($opt{v})) { $verbose++; }
    52. 

  52. if (defined($opt{p})) {	$port = $opt{p}; }
    53. 

  53. 

  54. if (defined($opt{f})) { $config = $opt{f}; }
    55. 

  55. 	
    56. 

  56. # Read the config file
    57. 

  57. if (! -r $config) {
    58. 

  58. 	print STDERR "ERROR: Cannot read the configuration file $config.\n";
    59. 

  59. 	exit 1;
    60. 

  60. }
    61. 

  61. else {
    62. 

  62. 	open(CONF, "$config");
    63. 

  63. 	while(<CONF>)
    64. 

  64. 	{
    65. 

  65. 		chomp($_);
    66. 

  66. 		$_=~s/\s//g;
    67. 

  67. 		my ($keyword, $value) = split("=", $_);
    68. 

  68. 		$keyword =~ tr/A-Z/a-z/;
    69. 

  69. 		SWITCH: {
    70. 

  70. 			if ($keyword eq "apikey") {
    71. 

  71. 				$apikey = $value;
    72. 

  72. 				last SWITCH;
    73. 

  73. 			}
    74. 

  74. 			if ($keyword eq "port") {
    75. 

  75. 				$port = $value;
    76. 

  76. 				last SWITCH;
    77. 

  77. 			}
    78. 

  78. 		}
    79. 

  79. 	}
    80. 

  80. 	close(CONF);
    81. 

  81. }
    82. 

  82. if (length($apikey) != 36) {
    83. 

  83. 	print STDERR "ERROR: Invalid or not found API key. Check loggly.com.\n";
    84. 

  84. 	exit 1;
    85. 

  85. }
    86. 

  86. if ($port < 1 || $port > 65535)
    87. 

  87. {
    88. 

  88. 	print STDERR "ERROR: Invalid port number: $port.\n";
    89. 

  89. 	exit 1;
    90. 

  90. }
    91. 

  91. 

  92. if ($daemon) 
    93. 

  93. {
    94. 

  94. 	if ($verbose) 
    95. 

  95. 	{
    96. 

  96. 		print STDERR "ERROR: -D and -v options are mutually exclusive.\n";
    97. 

  97. 		exit 1;
    98. 

  98. 	}
    99. 

  99. 

  100. 	# Detach us
    101. 

  101. 	if (!defined($pid = fork))
    102. 

  102. 	{
    103. 

  103. 		print STDERR "ERROR: Cannot fork. Aborted.\n";
    104. 

  104. 		exit 1;
    105. 

  105. 	}
    106. 

  106. 	exit if $pid;
    107. 

  107. 

  108. 	if (POSIX::setsid == -1)
    109. 

  109. 	{
    110. 

  110. 		print STDERR "ERROR: setsid: $!\n";
    111. 

  111. 		exit 1;
    112. 

  112. 	}
    113. 

  113. 

  114. 	if (!chdir("/tmp")) {
    115. 

  115. 		print STDERR "ERROR: Cannot chdir to /tmp.\n";
    116. 

  116. 		exit 1;
    117. 

  117. 	}
    118. 

  118. 	close(STDERR);
    119. 

  119. 	close(STDOUT);
    120. 

  120. 	close(STDIN);
    121. 

  121. }
    122. 

  122. 

  123. # Start Listening on UDP port the given port (default 54100)
    124. 

  124. ($verbose) && print STDERR "Binding to port $port\n";
    125. 

  125. my $sock = IO::Socket::INET->new(LocalPort => $port, Proto => 'udp')||die("Socket: $@");
    126. 

  126. 

  127. ($verbose) && print STDERR "Ready to accept events\n";
    128. 

  128. 

  129. # ---------
    130. 

  130. # Main loop
    131. 

  131. # ---------
    132. 

  132. while(1)
    133. 

  133. {
    134. 

  134. 	$sock->recv($buf, $MAXLEN);
    135. 

  135. 	my ($port, $ipaddr) = sockaddr_in($sock->peername);
    136. 

  136. 	my $hn = gethostbyaddr($ipaddr, AF_INET);
    137. 

  137. 	$buf=~/<(\d+)>(.*)/;
    138. 

  138. 	my $pri=$1;
    139. 

  139. 	my $msg=$2;
    140. 

  140. 	my $sev=$pri % 8;
    141. 

  141. 	my $fac=($pri-$sev) / 8;
    142. 

  142. 

  143. 	# Fork ourself to process the received event
    144. 

  144. 	$pid = fork;
    145. 

  145. 	if ($pid == -1) 
    146. 

  146. 	{
    147. 

  147. 		print STDERR "ERROR: Cannot fork. Aborting.\n";
    148. 

  148. 		exit 1;
    149. 

  149. 	} elsif ($pid) {
    150. 

  150. 		#  We are the parent
    151. 

  151. 		next;
    152. 

  152. 	}
    153. 

  153. 	else {
    154. 

  154. 		# We are the child
    155. 

  155. 		logsys($fac,$sev,$msg);
    156. 

  156. 		exit(0);
    157. 

  157. 	}
    158. 

  158. }
    159. 

  159. 

  160. # Logs Syslog messages
    161. 

  161. sub logsys
    162. 

  162. {
    163. 

  163. 	my $facility=shift;
    164. 

  164. 	my $severity=shift;
    165. 

  165. 	my $msg=shift;
    166. 

  166.         my $maxretries = 3;
    167. 

  167. 	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
    168. 

  168. 	$year+=1900; $mon++;
    169. 

  169. 	$msg=~/.*Location: \(.*\) (\d+.\d+.\d+.\d+)/;
    170. 

  170. 	my $ip = $1;
    171. 

  171. 	my $newmsg = sprintf "%04d-%02d-%02dT%02d:%02d:%02d %s facility=%s,severity=%s %s\n", $year, $mon, $mday, $hour, $min, $sec, $ip, $facilities[$facility], $severities[$severity], $msg;
    172. 

  172. 	($verbose) && print STDERR "Message: $newmsg\n";
    173. 

  173. 

  174. 	while ($maxretries > 0) 
    175. 

  175. 	{
    176. 

  176. 		# Post the event to Loggly
    177. 

  177. 		my $ua = LWP::UserAgent->new(
    178. 

  178. 			agent => 'syslog2loggly.pl');
    179. 

  179. 		my $url = "https://logs.loggly.com/inputs/$apikey";
    180. 

  180. 		my $req = POST $url, 
    181. 

  181. 			Content_Type => 'text/plain',
    182. 

  182. 			Content => $newmsg;
    183. 

  183. 		my $res = $ua->request($req);
    184. 

  184. 		# Template: {"response":"ok"}
    185. 

  185. 		$res->decoded_content=~/\{\"response\":\"(.*)\"\}/;
    186. 

  186. 		if ($1 != "ok") {
    187. 

  187. 			print STDERR "Cannot post event (PID $$). Retrying ...\n";
    188. 

  188. 			sleep(15);
    189. 

  189. 			$maxretries--;
    190. 

  190. 		}
    191. 

  191. 		else {
    192. 

  192. 			# Event successfully sent
    193. 

  193. 			$maxretries=0;
    194. 

  194. 		}
    195. 

  195. 	}
    196. 

  196. }
    197. 

  197. 

  198. sub usage()
    199. 

  199. {
    200. 

  200. 	print STDERR <<EOF;
    201. 

  201. syslog2loggly.pl [-f keyfile] [-D] [-h] [-v] [-p port]
    202. 

  202.   -D          : Run as a daemon
    203. 

  203.   -h          : This help
    204. 

  204.   -f keyfile  : Configuration file (default: /etc/syslog2loggly.conf)
    205. 

  205.   -p port     : Bind to port (default 5140)
    206. 

  206.   -v          : Increase verbosity
    207. 

  207. EOF
    208. 

  208. 	exit 1;
    209. 

  209. }
    210. 

  210.