If you program in Perl, Please read this post!

[sd-slider 0]

I'm trying to setup a script for filtering syslog entries and filter based on content and mail to the appropriate group or forum...this is what I have so far and I'm getting multiple messages for the same syslog entry...aaarrrgh!

For example:
The following line produces a notification from both the Port UP/Down AND PPP notifier sub-routines.....

May 15 14:18:15 ntc-ssr NTC %STP-I-PORT_STATUS, Port status change detected: et.1.6 - Port Down

Script listed below...

==================================
#!/usr/bin/perl

while (<>) {
if ($_ =~ /-ssr/) {
while (<>) {
chomp;
if ($_ =~ /\sPort\sDown/) {
$state = "Down";
$body = $_;
&send_email_SsrNoc();
}
if ($_ =~ /\sexecuted/) {
$state = "LoginActivity";
$body = $_;
&send_email_LoginActivity();
}
if ($_ =~ /\TEMPTOOHIGH/) {
$state = "TempHighAlert";
$body = $_;
&send_email_TempAlert();
}
if ($_ =~ /\sPort\sUp/) {
$state = "Up";
$body = $_;
&send_email_SsrNoc();
}
if ($_ =~ /\PPP/) {
$state = "PPP";
$body = $_;
&send_email_PppAlert();
}
}
}
}


sub send_email_SsrNoc {
$mailprog = "/usr/lib/sendmail -oi -t";
$recipient = "lbnoc ";
$sender = "Syslog Notify ";
$subject = "ALERT: A port or server on the SSR is $state";

open (MAIL, "|$mailprog");
print MAIL "To: $recipient\n";
print MAIL "From: $sender\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$body";
close (MAIL);
}

sub send_email_TempAlert {
$mailprog = "/usr/lib/sendmail -oi -t";
$recipient = "lbnoc ";
$sender = "Syslog Notify ";
$subject = "SSR High Temperature Alert";

open (MAIL, "|$mailprog");
print MAIL "To: $recipient\n";
print MAIL "From: $sender\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$body";
close (MAIL);
}

sub send_email_PppAlert {
$mailprog = "/usr/lib/sendmail -oi -t";
$recipient = "lbnoc ";
$sender = "Syslog Notify ";
$subject = "SSR PPP Link Activity Detected - $state";


open (MAIL, "|$mailprog");
print MAIL "To: $recipient\n";
print MAIL "From: $sender\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$body";
close (MAIL);
}

sub send_email_LoginActivity {
$mailprog = "/usr/lib/sendmail -oi -t";
$recipient = "lbnoc ";
$sender = "Syslog Notify ";
$subject = "SSR Login Activity";

open (MAIL, "|$mailprog");
print MAIL "To: $recipient\n";
print MAIL "From: $sender\n";
print MAIL "Subject: $subject\n\n";
print MAIL "$body";
close (MAIL);
}


=====================================

Any advice would be appreciated....

=SEric

Anvil Brother #69

Sidelined with a 5mm C5-C6 herniated disk...
Back2Back slammers and 40yr old fat guys don't mix!

[Icon134 0]

I know *what* Perl is but I don't know how to program in it...

sorry...

Livin' on the Edge... sleeping with my rigger's wife...

[airtwardo 6]

I'd like to help ya..but I just found something shiney on the ground!

~ If you choke a Smurf, what color does it turn? ~

[narcimund 0]

Your sequential IFs are all getting executed. If you want it to stop checking after finding its first TRUE condition, change the succeeding IFs to ELSIFs.

while (<>) {

if ($_ =~ /-ssr/) {

while (<>) {

chomp;

if ($_ =~ /\sPort\sDown/) {

$state = "Down";

$body = $_;

&send_email_SsrNoc();

}

elsif ($_ =~ /\sexecuted/) {

$state = "LoginActivity";

$body = $_;

&send_email_LoginActivity();

}

elsif ($_ =~ /\TEMPTOOHIGH/) {

$state = "TempHighAlert";

$body = $_;

&send_email_TempAlert();

}

elsif ($_ =~ /\sPort\sUp/) {

$state = "Up";

$body = $_;

&send_email_SsrNoc();

}

elsif ($_ =~ /\PPP/)       {

$state = "PPP";

$body = $_;

&send_email_PppAlert();

} 

} 

}

}

First Class Citizen Twice Over

[sd-slider 0]

Please hold.....

Anvil Brother #69

Sidelined with a 5mm C5-C6 herniated disk...
Back2Back slammers and 40yr old fat guys don't mix!

[sd-slider 0]

Still no-go...I'm getting less notifications but they still are not accurate..

I'll try a couple more things and kick it around a little bit.

Goota run! There's a 1600 load going up..WooHoo.
Thanks.

Anvil Brother #69

Sidelined with a 5mm C5-C6 herniated disk...
Back2Back slammers and 40yr old fat guys don't mix!

[LyraM45 0]

Quote

Your sequential IFs are all getting executed. If you want it to stop checking after finding its first TRUE condition, change the succeeding IFs to ELSIFs.

I would go with what he said, but if thats not working I can't really see anything that is jumping out at me. What kind of work do you do that has you use perl? It's a programming favorite among us Meteorologists.

Apologies for the spelling (and grammar).... I got a B.S, not a B.A. :)

[narcimund 0]

Quote

I would go with what he said, but if thats not working I can't really see anything that is jumping out at me. What kind of work do you do that has you use perl? It's a programming favorite among us Meteorologists.

I own a web development company that does a lot of work in e-commerce. We also write all sorts of custom website apps and generally use perl (unless the client has some special requirements.)

It looks like the OP was doing data center work. Perl's pretty common for sysadmins.

I can see why meteorologists would like perl. You guys get tons of formatted text data don't you? Perl just loves chewing on that.

--

To the OP: Some of your regexes look funny to me. What's the "\" doing at the start of your PPP test (and did you mean "\s"?) Are you sure you've got the case right in your tests? If not, toss on a "i" to be case-insensitive.)

First Class Citizen Twice Over

[mcrocker 0]

Save yourself a LOT of trouble and get syslog-ng which will dump to a MySQL database. Or, get logwatch which is a script that will to the syslog (or any log) parsing that you need. Just launch logwatch from cron every so often.

no need to re-invent the wheel, it has been done before

http://www2.logwatch.org:81/
http://www.balabit.com/products/syslog-ng/