Member Avatar for john_prince

Hi,

We're trying to monitor our logs, and would like to be alerted in case of repeated occurrence of a certain field ( ie PY1011 ). We'd like the script to be run every half hour, which will scan the log file, look out for repeated of any user, if the occurrence is above a threshold value, a alert should be sent immediately. The script we're looking should be designed in perl , as we cannot utilized grep or awk for this. If i had an option to utilize these utilities, i would have written up a shell script. This script would be run on a window box, where we have perl module installed.

Here is one of the line from the log file, i have bolden field, that should be scanned for repeated occurence. The value "PY1011" is not certain, as it will change.

20100217 11:05:18 0da0fbd0 <EDMV:NOTES> From MV Modify <uid=[B]PY1011[/B],ou=Internal,ou=people,dc=eis,dc=example,dc=com>

Please help me with this.

Thanks, Prince

  • 2 Contributors
  • 1 Reply
  • 134 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by d5e5
Member Avatar for d5e5

For example, if your file were called "logins.txt" and contained data like this:

20100217 11:05:18 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100218 11:07:20 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1014,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100219 11:09:22 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100220 11:11:24 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1014,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100221 11:13:26 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100222 11:15:28 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1015,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100223 11:17:30 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100224 11:19:32 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1017,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100225 11:21:34 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1018,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100226 11:23:36 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1014,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100227 11:25:38 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100228 11:27:40 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1014,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100229 11:29:42 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100230 11:31:44 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1014,ou=Internal,ou=people,dc=eis,dc=example,dc=com>				
20100231 11:33:46 0da0fbd0 <EDMV:NOTES> From MV Modify	<uid=PY1011,ou=Internal,ou=people,dc=eis,dc=example,dc=com>

The following would print the login counts that exceed a certain threshold (3, in this script).

#!/usr/bin/perl
use strict;
use warnings;
my $threshold = 3; # If user logs in more than 3 times, you want an alert
my $log = 'C:\users\david\programming\perl\logins.txt'; #My test log file
my %count;
open (FIN, '<', $log); #Open file for reading
while (<FIN>) {
    if (m/<uid=(\w+)/) {
        $count{$1}++;
    }
}
close FIN;
foreach my $user (sort (keys %count)) {
    if ($count{$user} > $threshold) {
        send_alert($user, $count{$user});
    }
    print "$user login count is $count{$user}\n";
}

sub send_alert {
    #This subroutine should send an alert somehow.
    #I don't know how to send an email from Perl
    my ($id, $c) = @_; #Save the two parameters passed to subroutine
    print "*************** $id logged in $c times! ***************\n"
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.