jiphex · June 30, 2011 11:24
diff --git a/distributionreport.py b/distributionreport.py
 # Tool for debugging syslog problems, prints logs to stdout with ansi colours
 # This version summarises the way that cookies are distributed between incoming servers/backends
 import socket
 import re
 import time

 tstart = time.time()

 host='localhost'
 port=514
 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 s.bind((host,port))
 xp = re.compile(r"^\<(\d+)\>(.*)$")
 sevmap = {0: "\033[91mEmergency \033[0m", 1: "\033[91mAlert \033[0m", 2: "\033[9                                                                             5mCritical \033[0m", 3: "\033[95mError \033[0m", 4: "\033[94mWarning \033[0m", 5                                                                             : "\033[94mNotice \033[0m", 6: "\033[97mInfo \33[0m", 7: "\033[98mDebug\033[0m"}
 facmap = {
        0: "Kernel",
        1: "User",
        2: "Mail",
        3: "System",
        4: "Security",
        5: "Syslog",
        6: "LPR",
        7: "NNTP",
        8: "UUCP",
        9: "Clock",
        10: "Security",
        11: "FTP",
        12: "NTP",
        13: "Log Audit",
        14: "Log Alert",
        15: "Clock",
        16: "Local 0",
        17: "Local 1",
        18: "Local 2",
        19: "Local 3",
        20: "Local 4",
        21: "Local 5",
        22: "Local 6",
        23: "Local 7"}

 inserts = {}
 requests = {}

 def processline(line):
    parts = line.split(" ")
    ip = parts[5].split(":",1)[0]
    be = parts[8].split("/",1)[1]
    rc = parts[10]
    cs = parts[14]
    r_cookie_inserted = re.compile(r"-..I")
    r_had_valid_cookie = re.compile(r"-.VN")
    if(r_cookie_inserted.match(cs)):
        if be in inserts:
            if ip in inserts[be]:
                inserts[be][ip] += 1
            else:
                inserts[be][ip] = 1
        else:
            inserts[be] = {}
            inserts[be][ip] = 1
    if(r_had_valid_cookie.match(cs)):
        if be in requests:
            if ip in requests[be]:
                requests[be][ip] += 1
            else:
                requests[be][ip] = 1
        else:
            requests[be] = {}
            requests[be][ip] = 1

 lastres = 0
 def results():
    global lastres
    if(time.time()-lastres < 1):
        return True
    else:
        lastres = time.time()
    print "===== Begin results..."
    print "----- Running for %d seconds" % (time.time()-tstart)
    print "Inserted N cookies for the following backends."
    for be in inserts:
        beuniq = len(inserts[be])
        inshtotal = 0
        for h in inserts[be]:
                inshtotal += inserts[be][h]
        print "\t%s: %4d (%4d hosts)" % (be,inshtotal,beuniq)
    print "Found requests with valid cookies as below."
    for be in requests:
        beuniq = len(requests[be])
        inshtotal = 0
        for h in requests[be]:
                inshtotal += requests[be][h]
        print "\t%s: %4d (%4d hosts)" % (be,inshtotal,beuniq)
    print "===== Done with results.\n\n"

 def main():
    try:
        lc = 0
        while True:
            telapsed = int(time.time()-tstart)
            data,addr = s.recvfrom(1024)
            data.strip()
            m = xp.match(data)
            primask = int(m.group(1))
            severity = primask%8
            facility = primask/8
            msg = str(m.group(2))
            if(facility == 16 and severity==6):
                lc += 1
                processline(msg)
            if(telapsed%5 == 0):
                results()
    finally:
        print "\033[0mDone."

 main()
diff --git a/logcat.py b/logcat.py
 # Tool for debugging syslog problems, prints logs to stdout with ansi colours
 # Basically a poor man's syslog, a nicer version of nc -u -l 514
 import socket
 import re

 host='localhost'
 port=514
 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 s.bind((host,port))
 xp = re.compile(r"^\<(\d+)\>(.*)$")
 sevmap = {0: "\033[91mEmergency \033[0m", 1: "\033[91mAlert \033[0m", 2: "\033[95mCritical \033[0m", 3: "\033[95mError \033[0m", 4: "\033[94mWarning \033[0m", 5: "\033[94mNotice \033[0m", 6: "\033[97mInfo \33[0m", 7: "\033[98mDebug\033[0m"}
 facmap = {
        0: "Kernel",
        1: "User",
        2: "Mail",
        3: "System",
        4: "Security",
        5: "Syslog",
        6: "LPR",
        7: "NNTP",
        8: "UUCP",
        9: "Clock",
        10: "Security",
        11: "FTP",
        12: "NTP",
        13: "Log Audit",
        14: "Log Alert",
        15: "Clock",
        16: "Local 0",
        17: "Local 1",
        18: "Local 2",
        19: "Local 3",
        20: "Local 4",
        21: "Local 5",
        22: "Local 6",
        23: "Local 7"}
 try:
    while True:
        data,addr = s.recvfrom(1024)
        data.strip()
        m = xp.match(data)
        primask = int(m.group(1))
        severity = primask%8
        facility = primask/8
        msg = str(m.group(2))
        print "%s %s\t%s" % (sevmap[severity],facmap[facility],msg)
 except KeyboardInterrupt:
    print "Exiting (Ctrl+C)..."
	# Tool for debugging syslog problems, prints logs to stdout with ansi colours
	# This version summarises the way that cookies are distributed between incoming servers/backends
	import socket
	import re
	import time

	tstart = time.time()

	host='localhost'
	port=514
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
	s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	s.bind((host,port))
	xp = re.compile(r"^\<(\d+)\>(.*)$")
	sevmap = {0: "\033[91mEmergency \033[0m", 1: "\033[91mAlert \033[0m", 2: "\033[9 5mCritical \033[0m", 3: "\033[95mError \033[0m", 4: "\033[94mWarning \033[0m", 5 : "\033[94mNotice \033[0m", 6: "\033[97mInfo \33[0m", 7: "\033[98mDebug\033[0m"}
	facmap = {
	0: "Kernel",
	1: "User",
	2: "Mail",
	3: "System",
	4: "Security",
	5: "Syslog",
	6: "LPR",
	7: "NNTP",
	8: "UUCP",
	9: "Clock",
	10: "Security",
	11: "FTP",
	12: "NTP",
	13: "Log Audit",
	14: "Log Alert",
	15: "Clock",
	16: "Local 0",
	17: "Local 1",
	18: "Local 2",
	19: "Local 3",
	20: "Local 4",
	21: "Local 5",
	22: "Local 6",
	23: "Local 7"}

	inserts = {}
	requests = {}

	def processline(line):
	parts = line.split(" ")
	ip = parts[5].split(":",1)[0]
	be = parts[8].split("/",1)[1]
	rc = parts[10]
	cs = parts[14]
	r_cookie_inserted = re.compile(r"-..I")
	r_had_valid_cookie = re.compile(r"-.VN")
	if(r_cookie_inserted.match(cs)):
	if be in inserts:
	if ip in inserts[be]:
	inserts[be][ip] += 1
	else:
	inserts[be][ip] = 1
	else:
	inserts[be] = {}
	inserts[be][ip] = 1
	if(r_had_valid_cookie.match(cs)):
	if be in requests:
	if ip in requests[be]:
	requests[be][ip] += 1
	else:
	requests[be][ip] = 1
	else:
	requests[be] = {}
	requests[be][ip] = 1

	lastres = 0
	def results():
	global lastres
	if(time.time()-lastres < 1):
	return True
	else:
	lastres = time.time()
	print "===== Begin results..."
	print "----- Running for %d seconds" % (time.time()-tstart)
	print "Inserted N cookies for the following backends."
	for be in inserts:
	beuniq = len(inserts[be])
	inshtotal = 0
	for h in inserts[be]:
	inshtotal += inserts[be][h]
	print "\t%s: %4d (%4d hosts)" % (be,inshtotal,beuniq)
	print "Found requests with valid cookies as below."
	for be in requests:
	beuniq = len(requests[be])
	inshtotal = 0
	for h in requests[be]:
	inshtotal += requests[be][h]
	print "\t%s: %4d (%4d hosts)" % (be,inshtotal,beuniq)
	print "===== Done with results.\n\n"

	def main():
	try:
	lc = 0
	while True:
	telapsed = int(time.time()-tstart)
	data,addr = s.recvfrom(1024)
	data.strip()
	m = xp.match(data)
	primask = int(m.group(1))
	severity = primask%8
	facility = primask/8
	msg = str(m.group(2))
	if(facility == 16 and severity==6):
	lc += 1
	processline(msg)
	if(telapsed%5 == 0):
	results()
	finally:
	print "\033[0mDone."

	main()
	# Tool for debugging syslog problems, prints logs to stdout with ansi colours
	# Basically a poor man's syslog, a nicer version of nc -u -l 514
	import socket
	import re

	host='localhost'
	port=514
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
	s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	s.bind((host,port))
	xp = re.compile(r"^\<(\d+)\>(.*)$")
	sevmap = {0: "\033[91mEmergency \033[0m", 1: "\033[91mAlert \033[0m", 2: "\033[95mCritical \033[0m", 3: "\033[95mError \033[0m", 4: "\033[94mWarning \033[0m", 5: "\033[94mNotice \033[0m", 6: "\033[97mInfo \33[0m", 7: "\033[98mDebug\033[0m"}
	facmap = {
	0: "Kernel",
	1: "User",
	2: "Mail",
	3: "System",
	4: "Security",
	5: "Syslog",
	6: "LPR",
	7: "NNTP",
	8: "UUCP",
	9: "Clock",
	10: "Security",
	11: "FTP",
	12: "NTP",
	13: "Log Audit",
	14: "Log Alert",
	15: "Clock",
	16: "Local 0",
	17: "Local 1",
	18: "Local 2",
	19: "Local 3",
	20: "Local 4",
	21: "Local 5",
	22: "Local 6",
	23: "Local 7"}
	try:
	while True:
	data,addr = s.recvfrom(1024)
	data.strip()
	m = xp.match(data)
	primask = int(m.group(1))
	severity = primask%8
	facility = primask/8
	msg = str(m.group(2))
	print "%s %s\t%s" % (sevmap[severity],facmap[facility],msg)
	except KeyboardInterrupt:
	print "Exiting (Ctrl+C)..."