our $port = 514;
our $MAXLEN = 1524;
+sub message {
+ my $sock = shift;
+
+ my $buf;
+ $sock->recv($buf, $MAXLEN);
+
+ next unless $buf;
+
+ my ($port, $ipaddr) = sockaddr_in($sock->peername);
+ my $log = {
+ ip => join('.', unpack('C4',$ipaddr)),
+ buf => $buf,
+ };
+
+ if ( $buf =~ s/<(\d+)>// ) {
+ $log->{pri} = $1 % 8;
+ $log->{facility} = ( $1 - $log->{pri} ) / 8;
+
+ $log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here
+
+ if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
+ my $tag = $1;
+ if ( $tag =~ m{^(\S+)\s(\S+)} ) {
+ $log->{tag} = $2;
+ $log->{hostname} = $1;
+ } else {
+ $log->{tag} = $tag;
+ }
+
+ if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
+ $log->{pid} = $1;
+ } elsif ( $buf =~ s/^(\d+):\s*// ) {
+ $log->{pid} = $1;
+ }
+ }
+
+ if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
+ $log->{cron} = {
+ user => $1,
+ command => $2,
+ argument => $3,
+ };
+ }
+
+ $log->{message} = $buf;
+ }
+
+ warn "log ",dump( $log );
+ CouchDB::audit( 'syslog', $log );
+}
+
sub start {
my $sock = IO::Socket::INET->new(
CouchDB::audit('start', { port => $port });
- my $buf;
while(1) {
- $sock->recv($buf, $MAXLEN);
-
- next unless $buf;
-
- my ($port, $ipaddr) = sockaddr_in($sock->peername);
- my $log = {
- ip => join('.', unpack('C4',$ipaddr)),
- buf => $buf,
- };
-
- if ( $buf =~ s/<(\d+)>// ) {
- $log->{pri} = $1 % 8;
- $log->{facility} = ( $1 - $log->{pri} ) / 8;
-
- $log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here
-
- if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
- my $tag = $1;
- if ( $tag =~ m{^(\S+)\s(\S+)} ) {
- $log->{tag} = $2;
- $log->{hostname} = $1;
- } else {
- $log->{tag} = $tag;
- }
-
- if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
- $log->{pid} = $1;
- } elsif ( $buf =~ s/^(\d+):\s*// ) {
- $log->{pid} = $1;
- }
- }
-
- if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
- $log->{cron} = {
- user => $1,
- command => $2,
- argument => $3,
- };
- }
-
- $log->{message} = $buf;
- }
-
- warn "log ",dump( $log );
- CouchDB::audit( 'syslog', $log );
-
+ message($sock);
server->refresh;
}
-
}
1;