1#!%TCLSH% 2 3# 4# This script is called from syslogd daemon, with a line such as: 5# 6# local2.* |exec %SBINDIR%/detectconfmod 7# 8# This script reads informations on a line by line basis, detects 9# configuration modification events and sends them to the DNS database. 10# It looks for these patterns: 11# - Cisco 12# Sep 30 10:56:33 crc-cg1 373: Sep 30 10:56:31: %SYS-5-CONFIG_I: Configured from console by jean on vty0 (172.16.202.1) 13# - Juniper : 14# Sep 30 10:57:55 espla-rc1 mgd[91730]: UI_COMMIT: User 'jean' requested 'commit' operation (comment: none) 15# - Cisco ASA : 16# Nov 18 07:29:34 vpn %ASA-5-111008: User 'bcollet' executed the 'write' command 17# 18# 19# History: 20# 2010/10/14 : pda/jean : design 21# 2010/12/20 : pda : reworked installation 22# 2015/11/18 : bcollet : adding support for Cisco ASA 23# 24 25source %LIBNETMAGIS% 26 27proc main {argv0 argv} { 28 29 # 30 # Initialization 31 # 32 33 set msg [d init-script dbfd $argv0 true tabcor] 34 if {$msg ne ""} then { 35 puts stderr "$msg" 36 puts stderr "Aborted." 37 return 1 38 } 39 40 set defdomain [dnsconfig get "defdomain"] 41 42 # 43 # Main loop 44 # 45 46 while {[gets stdin line] >= 0} { 47 # 48 # Extract host name 49 # 50 51 if {[regexp {^\S+\s+\d+\s+\d+:\d+:\d+\s+(\S+)} $line dummy host]} then { 52 53 set found 0 54 55 if {[regexp {.*Configured from \S+ by (\S+)} $line dummy login]} then { 56 # 57 # Cisco 58 # 59 60 set found 1 61 } elseif {[regexp {.*User '(\S+)' requested 'commit'} $line dummy login]} then { 62 # 63 # Juniper 64 # 65 66 set found 1 67 } elseif {[regexp {.*ASA-5-111008: User '(\S+)' executed the 'write' command} $line dummy login]} then { 68 # 69 # Cisco ASA 70 # 71 set found 1 72 } 73 74 if {$found} then { 75 # 76 # If host name is not fully qualified, qualify it. 77 # The case of a not fully qualified host name occurs if 78 # - either the originating syslog do not send a FQDN 79 # (not a best practice according to RFC 5424) 80 # - or the originating syslog do not send a hostname 81 # and the local syslog daemon performs a reverse-lookup 82 # and strips the domain part. 83 # 84 85 if {! [regexp {\.} $host]} then { 86 # 87 # Append the default domain 88 # 89 append host ".$defdomain" 90 } 91 92 93 # 94 # Insert this entry in the database 95 # 96 97 set qhost [::pgsql::quote $host] 98 set qlogin [::pgsql::quote $login] 99 set sql "INSERT INTO topo.modeq (eq, login) VALUES ('$qhost', '$qlogin')" 100 if {! [::pgsql::execsql $dbfd $sql msg]} then { 101 puts stderr "$argv0: cannot write '$eq/$login' to database ($msg)" 102 return 1 103 } 104 } 105 } 106 } 107} 108 109exit [main $argv0 $argv] 110