Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A syslog daemon written in C/Lua
Lua C
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
modules
LICENSE
README
brevard.lua
debug.lua
loglines.txt
minsys.lua
northlauderdale.lua
realtime.lua
realtimeraw.lua
redhat.lua
relay.lua
royal-oak.lua
sys.lua
syslogintr.c
testbed.lua
using.lua

README

There's more documentation here: http://boston.conman.org/2010/02/09.1 but
most of the documentation exists in the source code.  A good place to start
is with syslogintr.c to get a feel for how the code works.  Included are
quite a few sample scripts, some of which are in production.  These scripts
are:

	brevard.lua	

			The script running on my personal server.  It
			maintains the original syslogd logfiles, plus it
			relays everything to my home server (as part of the
			syslogintr debugging process).  It also checks to
			see if the webserver and nameserver are running, and
			if not, sends an email notification (I've had issues
			with both just stopping---I know why it happens; I
			can't fix the why though---long story).  If the
			webserver is running, it will collect some stats and
			log those.

			This script will also collect messages from postfix
			until all the logs for a single email transaction
			have been collected, then logs a single one-line
			summary.

	debug.lua

			Simple script to make sure the table passed to Lua
			contains the proper information.  

	minsys.lua

			Simple script to show a minimal, but fully
			functional, script that uses all the optional
			calls.

	northlauderdale.lua

			The script running on an application server. 
			Again, this logs to the orginal syslogd logfiles,
			but this script also checks to make sure the
			webserver is running (it's prone to crash due to
			a resource limitation) and like brevard.lua, either
			send an email notification if the webserver isn't
			running, or log the current webserver stats.  It
			will also check the kernel resources and logs any
			information it finds.

	realtime.lua

			This script is meant to be run with syslogintr in
			the foreground.  It displays the messages it
			receives in realtime.  Fun to watch.

	redhat.lua

			A script to act as a (more-or-less) drop-in
			replacement for syslogd on RedHat derived Linux
			distributions.  

	relay.lua

			A script to test the relay() function.

	royal-oak.lua

			This one is running on a server that monitors
			a network using Cacti and Nagios.  There are 
			routers configured to send their information to
			this host, so when any OSPF changes happen, an
			email notification is sent.  This too, also logs
			to the original syslogd logfiles.

			This system is also running Postfix, so the same
			Postfix summary that is done in brevard.lua is
			done here.

	sys.lua

			Another testing script.

	testbed.lua

			Used to test the various scripts here.  It does not
			require syslogintr to be running---instead it feeds
			192 test messages (each facility, each priority) to
			the user supplied log() function, and calls
			cleanup() if it exists.

	using.lua

			This is the script running on my workstation.  I
			didn't bother using the original syslogd logfiles
			here so I log the information in one large file
			using a non-standard format that I happen to like.

			This script will check for failed ssh login
			attempts, and if there are 5 or more, it will add
			the IP address of the otherside to the firewall
			(iptables) so further attempts are blocked.  It
			keeps a log of such entries and every hour it will
			remove the oldest entry (this to keep the iptables
			from growing uncontrollably) as the attacker will
			have moved on by then.

			This is also the recipient of the remote logging
			messages, although at this time, I don't really do
			any processing of the received messages.

The various modules undet the modules/ directory:

	I_log.lua

		Supplies a few routines to log from within the scripts
		themselves.

	check_apache.lua

		Logs stats from Apache (requires mod_status), othersise,
		sends an email notification that Apache isn't running.

	check_bind.lua

		Checks to see if named is running (uses the Linux /proc
		filesystem for this), and if it isn't, sends an email
		notification that named isn't running.

	check_ospf.lua

		Checks to see if the message is from a Cisco router and is
		an OSPF neighbor state change.  Sends an email notification
		if that is indeed the case.

	colortty.c

		Lua module to cut strings to the width of the tty.  Used by
		realtime.lua to implement a realtime display of syslog
		messages.

	deltatime.lua

		Utility routine to format a time difference.

	hostcounts.lua

		Keeps track of hosts that send log messages.

	log_beancounter.lua

		Logs stats from an OpenVZ instance.

	postfix-mailsummary.lua

		Convert multiple Postfix log messages into one summary log
		message.

	proftp-iptables.lua

		Linux specific:  block ProFTPd attempts using iptables.  If
		you are using this, please make sure you run

			iptables -N proftp-block
			iptables -A INPUT -p tcp --dport 21 -j ssh-block

	sendmail.lua

		Module to send an email.

	ssh-iptables.lua

		Linux specific:  block SSH attempts using iptables.  If you
		are using this, please make sure you run

			iptables -N ssh-block
			iptables -A INPUT -p tcp --dport 22 -j ssh-block

	template.lua

		Utility routine to format output according to a 
		template.

Something went wrong with that request. Please try again.