forked from syslog-ng/syslog-ng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrelogger.pl
147 lines (109 loc) · 4.83 KB
/
relogger.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/usr/local/bin/perl -w
# take syslog messages from stdin - push them through syslog again
# by Ed Ravin <[email protected]>. Made available to the
# public courtesy of PANIX (http://www.panix.com).
# This script is licensed under the GPL.
# Requires Date::Parse and Time::HiRes modules
my $usage=
"relogger.pl [--facility fac] [--priority pri] [--replayspeed factor]\n";
use strict;
use Sys::Syslog qw(:DEFAULT setlogsock);
use Getopt::Long;
use Date::Parse; # for str2time
use Time::HiRes qw ( sleep );
my %opt;
die $usage unless
GetOptions (\%opt, "debug", "facility=s", "priority=s", "replayspeed=s");
setlogsock('unix')
if grep /^ $^O $/xo, ("linux", "openbsd", "freebsd", "netbsd");
my $facility= $opt{'facility'} || "mail";
my $priority= $opt{'priority'} || "info";
my $replayspeed= $opt{'replayspeed'} || 0;
my $debug= $opt{'debug'} || 0;
die "$0: Option 'replayspeed' must be a valid floating point number\n"
unless $replayspeed =~ /^[0-9]*\.?[0-9]*$/;
my $progname= "";
# Aug 5 20:28:17 grand-central postfix/qmgr[4389]: AC2BB7F9A: removed
# my $thistime= str2time($date);
# warn "$0: cannot parse date '$date'\n" if !$thistime;
my $lasttimestamp= 0;
my $timestamp;
my $timestep= 0;
while(<>)
{
if ( ((my ($timestr, $process, $msg))= /^(.*) \S+ ([^ []*)\[\d+\]: (.*)$/ ) == 3)
{
$timestamp= str2time($timestr) ||
warn "$0: cannot parse timestamp '$timestr'\n";
if ($progname ne $process)
{
closelog;
openlog "$process", 'ndelay,pid', $facility or die "$0: openlog: $!\n";
$progname= $process;
}
$timestep= $timestamp - $lasttimestamp;
if ($replayspeed and $timestep > 0 and $lasttimestamp > 0)
{
warn "sleeping for " . $timestep * $replayspeed . " seconds...\n" if $debug;
sleep( $timestep * $replayspeed);
}
syslog $priority, "%s", $msg unless $debug;
warn "$process $facility/$priority $msg\n" if $debug;
$lasttimestamp= $timestamp;
}
else
{
warn "$0: cannot parse input line $.: $_\n";
}
}
__END__
=head1 NAME
relogger.pl - re-inject syslog log files back into syslog
=head1 SYNOPSIS
B<relogger.pl> [I<--facility fac>] [I<--priority pri>] [I<--replayspeed factor>] [I<--debug]>]
=head1 DESCRIPTION
B<relogger.pl> takes syslog-formatted messages on standard input and re-sends
them via the default syslog mechanism. The existing timestamps are stripped
off the message before it is re-sent. Delays between messages can be enabled
with the I<--replayseed> option (see B<OPTIONS> below to simulate the
arrival times of the original messages.
<relogger.pl> was written to help test configurations for programs
like B<logsurfer> or B<swatch> that parse log output and take
actions based on what messages appear in the logs.
=head1 OPTIONS
=item B<--facility> I<fac> specify the syslog facility to log the messages
to. Standard syslog messages do not store the facility the message was
logged on, so this cannot be determined from the input. The default is the
B<mail> facility.
=item B<--priority> I<pri> specify the syslog priority to log the messages
to. The default is the B<info> priority. As with B<--facility>, this
information cannot be discovered from the input.
=item B<--replayspeed> I<factor> attempt to parse the timestamps
of the input messages, and simulate the original arrival times by sleeping
between each message. The sleep time is multiplied by I<factor>. To send
simulated log events with time spacing at the same time as the original
arrival times, use a I<factor> of 1. To send simulated log events at twice
the speed of the original logs, use a I<factor> of 0.5 (i.e. sleep only
half the original time between log messages).
=item B<--debug> send all output to standard error, rather than to syslog.
Also prints an extra diagnostic message or two.
=head1 BUGS
B<relogger.pl> is a beta-quality tool for testing logging configurations.
It is not yet recommended for production use.
It would be nice to be able to specify the input filename on the command
line, instead of requiring it to be on standard input.
It would be nice to be able to control the syslog mechanism on the
command line (i.e. specify whether to use a local or remote host)
rather than just using the system default.
The original PID in the message is replaced by the current PID of
B<relogger.pl> in the simulated message. Also, the PID of B<relogger.pl>
will appear in the simulated message even if the original one did not
supply a PID.
In spite of using Time::HiRes to enable sleeping in fractional seconds,
some environments seem to still round off to seconds. This needs a bit
more investigation.
=head1 AUTHOR
B<relogger.pl> was written by Ed Ravin <[email protected]>, and is made
available to the public by courtesy of PANIX (http://www.panix.com).
This script is licensed under the GPL. B<relogger.pl> requires the
Date::Parse and the Time::HiRes Perl modules.