7 use Data::Dump qw/dump/;
19 $sock->recv($buf, $MAXLEN);
23 my ($port, $ipaddr) = sockaddr_in($sock->peername);
25 ip => join('.', unpack('C4',$ipaddr)),
29 if ( $buf =~ s/<(\d+)>// ) {
31 $log->{facility} = ( $1 - $log->{pri} ) / 8;
33 $log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here
35 if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
37 if ( $tag =~ m{^(\S+)\s(\S+)} ) {
39 $log->{hostname} = $1;
44 if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
46 } elsif ( $buf =~ s/^(\d+):\s*// ) {
51 if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
59 $log->{message} = $buf;
62 warn "log ",dump( $log );
63 CouchDB::audit( 'syslog', $log );
68 my $sock = IO::Socket::INET->new(
72 ) || die "can't listen to $port: $!";
74 CouchDB::audit('start', { port => $port });