[ARGUS] contrib/Argus-perl-2.00
Russell Fulton
r.fulton at auckland.ac.nz
Mon Mar 29 18:26:30 EST 2004
My stuff should work with either 1.8 or 2.0x. I have not touched it for
a long time. I'd really like to get back to work on watcher but between
all the patches worms and viruses I don't get much (read any) time for
doing interesting stuff these days :(
I'll pull the stuff out of the contrib dir and go through it in the next
few days and tidy up and loose ends I find and repost it to the list.
Peter: I am taking a few days off before I head to Vancouver so if I
don't get to it before then I will do it at home. I'd be happy to help
you set up stuff when I'm visiting.
Russell.
On Tue, 2004-03-30 at 10:50, Peter Van Epp wrote:
> Is the perl code in contrib thought to be up to date? I'm moving
> (very slowly :-)) towards 2.0.6 and figured on using Russell's archive
> stuff instead of re inventing the wheel, but doing
>
> %look_for -D /data/archive "host 142.58.1.234"
> defined(@array) is deprecated at /usr/local/bin/look_for line 53.
> (Maybe you should just omit the defined()?)
> Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE argus*/ at /usr/local/lib/perl5/site_perl/5.8.3/Argus/Archive.pm line 183.
>
>
> Doesn't look to work correctly. Digging throught this with perl -d
> seems to indicate it possibly doesn't know what to do with the default value
> "yesterday" (although thats far from sure :-)). The archive looks like:
>
> %ls -lR /data/archive
> total 2
> drwxr-xr-x 3 root wheel 512 Mar 29 11:32 2004
>
> /data/archive/2004:
> total 2
> drwxr-xr-x 5 root wheel 512 Mar 29 12:21 03
>
> /data/archive/2004/03:
> total 6
> drwxr-xr-x 2 root wheel 1024 Mar 29 12:30 27
> drwxr-xr-x 2 root wheel 1024 Mar 29 12:16 28
> drwxr-xr-x 2 root wheel 512 Mar 29 11:37 29
>
> /data/archive/2004/03/27:
> total 1499600
> -rw-r--r-- 1 root wheel 52800604 Mar 29 12:21 argus.2004.03.27.00.00.00.gz
> ...
>
> and Argus.PM looks like:
>
> %cat Argus.pm
> use Date::Manip;
>
> Date_Init("DateFormat = US"); #change to US for mm/dd
>
> package Argus;
> use Argus::Support;
>
> use vars qw ($Client_bin $RA $Local_IP_re $LocalTimeZone_re $Local_domain
> $Local_domain_re $Def_Host $Def_Port $Archive_root $Error
> @Errors $Accuracy $Notify $Home $Client_path
> $Archive_dir_template $Archive_file_template);
>
>
> # Installation specific vars
> if( defined $ENV{ARGUSHOME} ) {
> $Home = $ENV{ARGUSHOME};
> } else {
> $Home = $ENV{HOME};
> }
>
> $Client_path = "/usr/local/bin";
>
> if( defined $ENV{ARGUSARCHIVE} ) {
> $Archive_root = $ENV{ARGUSARCHIVE};
> } else {
> $Archive_root = "$Home/data";
> }
>
> # Template for directory stucture where archived data is stored.
> # By default Argus::Archive assumes a directory stucture of the form
> # "$Archive_root/$Archive_dir_template/ where $Archive_dir_template
> # is and strftime format string.
> #
>
> $Archive_dir_template = "%Y/%m/%d"; # eg 2001/03/05
> #$Archive_dir_template = "%Y.%m.%d"; # eg 2001.03.05
>
> # an RE that will match all argus log files (you may have other file
> # stored in the directory -- I do) Argus::Archive assumes (by default)
> # that sorting the filenames lexically will yeild the files in time
> # order
> $Archive_file_template = "*argus*";
>
> # If your archive tree does not conform to the above assumptions you
> # will need to modify the Argus/Archive.pm file to do 'the right thing'
> # with your archive structure.
>
> $Def_Host = 'localhost';
> $Def_Port = '561';
>
> # Logger of errors and warnings. This variable sets the default destination
> # for errors and warnings produced by the scripts. They may be overridden in the
> # config modules for the individual scripts
> # defaults to STDERR
>
> $LOG_TO = 'SYSLOG:Argus:deamon:warning:unix';
> #$LOG_TO = 'Filename';
>
> # site specific vars
>
> $Local_IP = '142.58';
> $Local_IP_re = '^192\.168|202\.37\.88\.';
> # domains with same timezone - useful in NZ ;-) less useful elsewhere
> # used to decide whether to report times in local time or UTC.
> $LocalTimeZone_re = '\.ca$';
> $Local_domain_re = 'sfu\.ca$';
> $Local_domain = 'sfu.ca';
>
> # who gets reports ?
>
> $Notify = "vanepp\@$Local_domain";
>
> # How accurate are log times ?
> $Accuracy = "GPS synchronized";
>
>
> ########################################################################
> # determine OS stuff Based on Date::Manip.pm
> #
> # Copyright (c) 1995-2000 Sullivan Beck. All rights reserved.
> # This program is free software; you can redistribute it and/or modify it
> # under the same terms as Perl itself.
> #
> ###########################################################################
> ###########################################################################
>
> use vars qw($OS %Lang %Curr %Cnf);
>
>
> # Determine the type of OS...
> $OS="Unix";
> $OS="Windows" if ((defined $^O and
> $^O =~ /MSWin32/i ||
> $^O =~ /Windows_95/i ||
> $^O =~ /Windows_NT/i) ||
> (defined $ENV{OS} and
> $ENV{OS} =~ /MSWin32/i ||
> $ENV{OS} =~ /Windows_95/i ||
> $ENV{OS} =~ /Windows_NT/i));
> $OS="Mac" if ((defined $^O and
> $^O =~ /MacOS/i) ||
> (defined $ENV{OS} and
> $ENV{OS} =~ /MacOS/i));
> $OS="MPE" if (defined $^O and
> $^O =~ /MPE/i);
> $OS="OS2" if (defined $^O and
> $^O =~ /os2/i);
> $OS="VMS" if (defined $^O and
> $^O =~ /VMS/i);
>
> # Determine if we're doing taint checking
> $NoTaint = eval { local $^W; unlink "$^X$^T"; 1 };
>
>
> 1;
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
--
Russell Fulton /~\ The ASCII
Network Security Officer \ / Ribbon Campaign
The University of Auckland X Against HTML
New Zealand / \ Email!
More information about the argus
mailing list