patch against git master I had to changed my rsyslog format recently and logcheck is near to unusable if I need to change/duplicate/transform all the rules
From 9fa05bd1202418da3a279c9f3bfe2a7c192e43c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Droz?= <raphael.droz+fl...@gmail.com> Date: Wed, 3 May 2017 22:45:02 -0300 Subject: [PATCH] added a MACRO expand system. Just add bash-style variable definition inside $RULEDIR/macros. logcheck-test -r support using a -m flag
--- src/logcheck | 12 ++++++++++++ src/logcheck-test | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/src/logcheck b/src/logcheck index a8c58ea..4a70773 100755 --- a/src/logcheck +++ b/src/logcheck @@ -223,6 +223,11 @@ cleanrules() { error "Couldn't read $x" fi done + + if [[ -n $RULEDIR/macros ]]; then + { cat "$RULEDIR/macros" && echo "read -r -d '' str <<__EOF__"; } > "$cleaned/$rulefile" + fi + for rulefile in $(run-parts --list "$dir"); do rulefile="$(basename "$rulefile")" if [ -f "${dir}/${rulefile}" ]; then @@ -233,6 +238,13 @@ cleanrules() { || error "Couldn't append to $cleaned/$rulefile." fi done + + if [[ -n $RULEDIR/macros ]]; then + echo -e '__EOF__\necho "$str";' >> "$cleaned/$rulefile"; + /usr/bin/env bash "$cleaned/$rulefile" > "$cleaned/$rulefile.tmp" + mv -f "$cleaned/$rulefile.tmp" "$cleaned/$rulefile" + fi + elif [ -f "$dir" ]; then error "cleanrules: '$dir' is a file, not a directory" elif [ -z "$dir" ]; then diff --git a/src/logcheck-test b/src/logcheck-test index 288fbb8..e84c76a 100755 --- a/src/logcheck-test +++ b/src/logcheck-test @@ -24,6 +24,7 @@ FILE= PREFIX= SUFFIX= RULEFILE= +MACROFILE= INVERT= RULE= @@ -48,6 +49,7 @@ usage: logcheck-test -S|--prepend-suffix SUFFIX : Prepend SUFFIX to rule suffix -r|--rule-file RULEFILE : Use file RULEFILE for rule input +-m|--macro-file MACROFILE : Use file MACROFILE for macros (only with --rule-file) EOF } @@ -79,6 +81,22 @@ while [ -n "${1:-}" ]; do shift fi ;; + -m|--macro-file) + if [ -z "${1:-}" ] ; then + err "$ARGUMENT needs an rule file as argument" + exit 4 + else + MACROFILE="$1" + if ! [ -f "$MACROFILE" -o -L "$MACROFILE" ] ; then + err "'$MACROFILE' is nor a regular file nor a symbolic link" + exit 5 + elif ! [ -r "$MACROFILE" ] ; then + err "'$MACROFILE' permission denied" + exit 6 + fi + shift + fi + ;; -l|--log-file) if [ -z "${1:-}" ] ; then err "$ARGUMENT needs a log file as argument" @@ -178,7 +196,19 @@ else if [ -n "$RULEFILE" ] ; then CLEANRULE="$(mktemp "${TMPDIR:-/tmp}/logcheck-test.XXXXXXXXXX")" cleanup() { rm -rf $CLEANRULE; } + + if [ -n "$MACROFILE" ]; then + { cat "$MACROFILE" && echo "read -r -d '' str <<__EOF__"; } > "$CLEANRULE" + fi + egrep --text -v '^[[:space:]]*$|^#' "$RULEFILE" >> $CLEANRULE + + if [ -n "$MACROFILE" ]; then + /bin/echo -e '__EOF__\necho "$str";' >> "$CLEANRULE" + /usr/bin/env bash "$CLEANRULE" > "$CLEANRULE.tmp" + mv -f "$CLEANRULE.tmp" "$CLEANRULE" + fi + sed -e 's/[[:space:]]*$//' $FILE | egrep $INVERT -f "$CLEANRULE" GREP="$?" cleanup -- 2.1.4