1#!%TCLSH%
2
3#
4# This script is called from syslogd daemon, with a line such as:
5#
6#     local2.*       |exec %SBINDIR%/detectconfmod
7#
8# This script reads informations on a line by line basis, detects
9# configuration modification events and sends them to the DNS database.
10# It looks for these patterns:
11# - Cisco
12#	Sep 30 10:56:33 crc-cg1 373: Sep 30 10:56:31: %SYS-5-CONFIG_I: Configured from console by jean on vty0 (172.16.202.1)
13# - Juniper :
14#	Sep 30 10:57:55 espla-rc1 mgd[91730]: UI_COMMIT: User 'jean' requested 'commit' operation (comment: none)
15#	- Cisco ASA :
16#	Nov 18 07:29:34 vpn %ASA-5-111008: User 'bcollet' executed the 'write' command
17#
18#
19# History:
20#   2010/10/14 : pda/jean : design
21#   2010/12/20 : pda      : reworked installation
22#   2015/11/18 : bcollet  : adding support for Cisco ASA
23#
24
25source %LIBNETMAGIS%
26
27proc main {argv0 argv} {
28
29    #
30    # Initialization
31    #
32
33    set msg [d init-script dbfd $argv0 true tabcor]
34    if {$msg ne ""} then {
35	puts stderr "$msg"
36	puts stderr "Aborted."
37	return 1
38    }
39
40    set defdomain [dnsconfig get "defdomain"]
41
42    #
43    # Main loop
44    #
45
46    while {[gets stdin line] >= 0} {
47	#
48	# Extract host name
49	#
50
51	if {[regexp {^\S+\s+\d+\s+\d+:\d+:\d+\s+(\S+)} $line dummy host]} then {
52
53	    set found 0
54
55	    if {[regexp {.*Configured from \S+ by (\S+)} $line dummy login]} then {
56		#
57		# Cisco
58		#
59
60		set found 1
61	    } elseif {[regexp {.*User '(\S+)' requested 'commit'} $line dummy login]} then {
62		#
63		# Juniper
64		#
65
66		set found 1
67	    } elseif {[regexp {.*ASA-5-111008: User '(\S+)' executed the 'write' command} $line dummy login]} then {
68    #
69    # Cisco ASA
70    #
71    set found 1
72    }
73
74	    if {$found} then {
75		#
76		# If host name is not fully qualified, qualify it.
77		# The case of a not fully qualified host name occurs if
78		# - either the originating syslog do not send a FQDN
79		#	(not a best practice according to RFC 5424)
80		# - or the originating syslog do not send a hostname
81		#	and the local syslog daemon performs a reverse-lookup
82		#	and strips the domain part.
83		#
84
85		if {! [regexp {\.} $host]} then {
86		    #
87		    # Append the default domain
88		    #
89		    append host ".$defdomain"
90		}
91
92
93		#
94		# Insert this entry in the database
95		#
96
97		set qhost [::pgsql::quote $host]
98		set qlogin [::pgsql::quote $login]
99		set sql "INSERT INTO topo.modeq (eq, login) VALUES ('$qhost', '$qlogin')"
100		if {! [::pgsql::execsql $dbfd $sql msg]} then {
101		    puts stderr "$argv0: cannot write '$eq/$login' to database ($msg)"
102		    return 1
103		}
104	    }
105	}
106    }
107}
108
109exit [main $argv0 $argv]
110