#!/bin/ksh # # $Revision: 1.2 $ $Date: 2010-12-17 19:31:17-05 $ # $UUID: e55cf839-1444-3aa9-b2c6-397da5b4286e $ # # Driver for filter to check any syslog files for odd entries. PATH=/bin:/usr/bin:/usr/local/libexec export PATH umask 022 # Variables and functions. cfgdir=/usr/local/lib/checksyslog # directory holding rulesets rundir=/var/checksyslog # record of previous run host=$(hostname) # should pop up on your desktop. alert () { echo "$*" | mailx admin-urgent } die () { alert "$*" exit 1 } # Sanity checks. test -d "$cfgdir" || die $cfgdir directory not found cd $rundir || die $rundir chdir failed # Run each set of rules, compare output to previous run. for rfile in $cfgdir/* do b=$(basename $rfile) current="cur.$b" new="new.$b" logfile="/var/log/$b" test -f $current || touch $current checksyslog --rules $rfile --log $logfile --today > $new subject="$host: $logfile entries" if test -s $new then cmp -s $current $new case "$?" in 0) ;; *) alert "$subject" comm -23 $new $current | mailx -s "$subject" syslog ;; esac fi mv $new $current done exit 0