albanpeignier/logheck-rule.sh

## logheck-rule.sh
#!/bin/sh -e

command=$1
shift

if [ $# == 0 ]; then
    set -- `ls files/logcheck/ignore.d/* | grep -v "~$"`
fi

egrep_files=""
while [ $# -gt 0 ]; do
    name=$1
    shift
    if [ -f $name ]; then
        file=$name
    else
        file="files/logcheck/ignore.d/$name"
    fi
    egrep_files="$egrep_files $file"
done

rules_file=`mktemp`
trap "rm -f $rules_file" ERR EXIT

egrep -hv "(^#|^[ ]*$)" $egrep_files | sort -u > $rules_file

case $command in
    update)
        ssh monitor.tryphon.priv tar -cjf - -C /var/log/ syslog auth.log | tar -xvjf -
    ;;
    test)
        cat syslog auth.log | sed -e 's/[[:space:]]*$//' | egrep -v -f $rules_file
    ;;
    display)
        cat syslog auth.log | sed -e 's/[[:space:]]*$//' | egrep -f $rules_file
    ;;
    filter)
        sed -e 's/[[:space:]]*$//' | egrep --line-buffered -v -f $rules_file
    ;;
esac

## rivendell
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: alsaStopTimerData\(0\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: finished event: Line: [0-9]  Cart: [0-9]+  Cut: [0-9] Card: [0-9]  Stream: [0-9]  Port: [0-9]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: UnloadPlayback - Card: [0-9]  Stream: [0-9]  Handle: [0-9]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: LoadPlayback  Card: [0-9]  Stream: [0-9]  Name: /var/snd/[0-9_]+\.wav  Handle: [0-9]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: PlaybackPosition - Card: [0-9]  Stream: [0-9]  Pos: [0-9]+  Handle: [0-9]+
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: Play - Card: [0-9]  Stream: [0-9]  Handle: [0-9]+  Length: [0-9]+  Speed: [0-9]+  Pitch: [0-9]+
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: started audio cart: Line: [0-9]+  Cart: [0-9]+  Cut: [0-9]+ Pos: [0-9]  Card: [0-9]  Stream: [0-9]  Port: [0-9]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: FadeLevel: [0-9]+$

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: chained to log: Line: [0-9]+  Log: [[:alnum:]_]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: received rml: 'LL 1 [[:alnum:]_]+ -2!' from 127\.0\.0\.2$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: loaded log '[[:alnum:]_]+' in Main Log$

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: ran local maintenance routines$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: ran system-wide maintenance routines$
	#!/bin/sh -e

	command=$1
	shift

	if [ $# == 0 ]; then
	set -- `ls files/logcheck/ignore.d/* \| grep -v "~$"`
	fi

	egrep_files=""
	while [ $# -gt 0 ]; do
	name=$1
	shift
	if [ -f $name ]; then
	file=$name
	else
	file="files/logcheck/ignore.d/$name"
	fi
	egrep_files="$egrep_files $file"
	done

	rules_file=`mktemp`
	trap "rm -f $rules_file" ERR EXIT

	egrep -hv "(^#\|^[ ]*$)" $egrep_files \| sort -u > $rules_file

	case $command in
	update)
	ssh monitor.tryphon.priv tar -cjf - -C /var/log/ syslog auth.log \| tar -xvjf -
	;;
	test)
	cat syslog auth.log \| sed -e 's/[[:space:]]*$//' \| egrep -v -f $rules_file
	;;
	display)
	cat syslog auth.log \| sed -e 's/[[:space:]]*$//' \| egrep -f $rules_file
	;;
	filter)
	sed -e 's/[[:space:]]*$//' \| egrep --line-buffered -v -f $rules_file
	;;
	esac
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: alsaStopTimerData\(0\)$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: finished event: Line: [0-9] Cart: [0-9]+ Cut: [0-9] Card: [0-9] Stream: [0-9] Port: [0-9]$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: UnloadPlayback - Card: [0-9] Stream: [0-9] Handle: [0-9]+$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: LoadPlayback Card: [0-9] Stream: [0-9] Name: /var/snd/[0-9_]+\.wav Handle: [0-9]+$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: PlaybackPosition - Card: [0-9] Stream: [0-9] Pos: [0-9]+ Handle: [0-9]+
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: Play - Card: [0-9] Stream: [0-9] Handle: [0-9]+ Length: [0-9]+ Speed: [0-9]+ Pitch: [0-9]+
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: started audio cart: Line: [0-9]+ Cart: [0-9]+ Cut: [0-9]+ Pos: [0-9] Card: [0-9] Stream: [0-9] Port: [0-9]$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ caed: FadeLevel: [0-9]+$

	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: chained to log: Line: [0-9]+ Log: [[:alnum:]_]+$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: received rml: 'LL 1 [[:alnum:]_]+ -2!' from 127\.0\.0\.2$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rdairplay: loaded log '[[:alnum:]_]+' in Main Log$

	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: ran local maintenance routines$
	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ripcd: ran system-wide maintenance routines$