#!Perl sub handle_syslog() { my($arg) = @_; my($result); my($pid)=0; my($prog); my $evtid=0; my $user = 0; my $category; die "the argument of syslog is empty" if ($arg eq ""); $arg=~/^\d{1,2}/; my $facility = $&; $arg=~/ \d{1} /; $&=~/\d{1}/; my $severity=$&; $arg=~/\b\d[\d{1,3}\.]+\b\d{1,3}/; my $ip=$&; $arg=substr($arg, index($arg,$ip)+length($ip)+1); my @tmp=&parse_time($arg); my $tm=@tmp[0]; my $s=@tmp[1]; $arg=$s; if ($arg=~/[A-Z a-z\/]+[:\[][ \d]+\b[:\]]/) { $&=~/[A-Z a-z\/]+/; $prog=$&; if(length($prog) < 64) { $arg=substr($arg, index($arg,$prog)+length($prog)); }else { $prog=""; } } if($prog && $arg=~/[:\[][ \d]+\b[:\]]/){ $&=~/\d+/; $pid=substr($&, 0, 6); if($pid > 65536) { $pid = 0; }else { $arg=substr($arg, index($arg,$pid)+length($pid)); } } if($prog && $arg=~/: \d+\b:/){ $&=~/\d+/; $evtid=substr($&, 0, 6); if($evtid > 65536) { $evtid = 0; } else { $arg=substr($arg, index($arg,$evtid)+length($evtid)); } } if($arg=~/: [a-z]+:|: [a-z]+\\[a-z]+:|: [a-z]+ [a-z]+\\[a-z]+:/i){ $&=~/[^:]+/; $user=$&; if(length($user) < 64) { $arg=substr($arg, index($arg, $user)+length($user)); }else { $user = ""; } } if($arg=~/: .+\b:/i){ $&=~/[^:]+/i; $category = $&; if(length($category) > 64) { $category = ""; }else { $arg=substr($arg, index($arg, $category)+length($category)+2); } } my $content=$arg; if(length($content) > 1024) { $arg=substr($content, 0, 1023); $content=$arg; } my @facilitys=("kernel messages", "user-level messages", "mail system", "system daemons", "security/authorization messages (note 1)", "messages generated internally by syslogd", "line printer subsystem", "network news subsystem", "UUCP subsystem", "clock daemon (note 2)", "security/authorization messages (note 1)", "FTP daemon", "NTP subsystem", "log audit (note 1)", "log alert (note 1)", "clock daemon (note 2)", "local use 0 (local0)", "local use 1 (local1)", "local use 2 (local2)", "local use 3 (local3)", "local use 4 (local4)", "local use 5 (local5)", "local use 6 (local6)", "local use 7 (local7)"); my @severitys=("Emergency", "Alert", "Critical", "Error", "Warning", "Notice", "Informational", "Debug"); print "@facilitys[$facility], $severity, $ip, $tm, $prog, $pid, $evtid, $user, $category, $content\n"; $content=~s/'/''/g; my $ret = "@facilitys[$facility]\n$severity\n$ip\n$tm\n$prog\n$pid\n$evtid\n$user\n$category\n$content"; undef @tmp; undef @facilitys; undef @serveritys; undef $content; undef $arg; undef $ip; undef $tm; undef $severity; undef $facility; undef $prog; undef $pid; undef $evtid; undef $user; undef $category; undef $dbh; undef $sth; return $ret; } sub parse_time() { my($arg)=@_; my(@month)=("Jan","Feb", "Mar", "Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); my ($sec, $min, $hour, $day, $mon, $year, $wday, $yday, $isdst) = localtime(); $year+=1900; $mon+=1; my($tm)="$hour:$min:$sec"; if($arg=~/\b[A-Z][a-z]{2} +\d{1,2} [\d{2}:]+\b\d{2}/){ $arg=substr($arg, index($arg,$&)+length($&)+1); $date=$&; $date=~/\b[A-Z][a-z]{2}/; for($n=0; $n<@month; $n++){ if($month[$n]=~/$&/){ $mon=$n+1; last; } } $date=~/\d{1,2}/; $day=$&; $date=~/[\d{2}:]+\b\d{2}/; $tm=$&; }elsif($arg=~/\b[A-Z][a-z]{2} +\d{1,2} +\d{2,4} [\d{2}:]+\b\d{2}/) { $arg=substr($arg, index($arg,$&)+length($&)+1); $date=$&; $date=~/\b[A-Z][a-z]{2}/; for($n=0; $n<@month; $n++){ if($month[$n]=~/$&/){ $mon=$n+1; last; } } $date=~/\d{1,2}/; $day=$&; $date=~/\d{1,2} +\d{2,4}/; $&=~/\d{2,4}\z/; $year=$&; $date=~/[\d{2}:]+\b\d{2}/; $tm=$&; }elsif($arg=~/\b\d{2,4}-\d{1,2}-\d{1,2} +[\d{2}:]+\b\d{2}/) { $arg=substr($arg, index($arg,$&)+length($&)+1); $date=$&; $date=~/\b\d{2,4}/; $year=$&; $date=~/-\d{1,2}-/; $&=~/\d{1,2}/; $mon=$&; $date=~/-\d{1,2} +/; $&=~/\d{1,2}/; $day=$&; $date=~/[\d{2}:]+\b\d{2}/; $tm=$&; } $tm="$year-$mon-$day $tm"; my @tmp; @tmp[0]=$tm; @tmp[1]=$arg; undef @month; return @tmp; }