jabb3rd/LogTrap-Parse

## LogTrap-Parse
# tgSendMessage is set by tgSetEnvironment script which runs at startup by the scheduler,
# contains Telegram BotAPI string for sendMessage method.
:global tgSendMessage
:global tgID

# This is used to track already shown log entries
:global lastLogID

# Log buffer name
:local logName "LogTrap"

:local lastID
:local skip
:local buffer ""

:local identity [/system identity get name]

# Check if last ID is not set and trigger the skip flag
:if ([:typeof $lastLogID]="nothing") do={ :set skip false } else={ :set skip true }

# Run through the log buffer and parse entries
:foreach logEntry in=[/log print as-value where buffer=($logName)] do={
    :local id ($logEntry->".id")
    :set lastID $id

    :if (!$skip) do={
        :local topics ($logEntry->"topics")
        :local time ($logEntry->"time")
        :local message ($logEntry->"message")

        :local msg ""

# Wireless events
        :if ($topics="wireless;info") do={
            :local macAddress [:pick $message 0 17]
            :if ($message~"wlan1: connected") do={
                :set msg "$identity: $macAddress connected at $time"
            }
            :if ($message~"wlan1: disconnected") do={
                :set msg "$identity: $macAddress disconnected at $time"
            }
        }

# DHCP/firewall/system critical error events
        :if ($topics="dhcp;info" || \
              $topics="system;error;critical" || \
              $topics="firewall;info") do={
            :set msg "$identity: $message at $time"
        }

# L2TP events
        :if ($topics="l2tp;ppp;info;account") do={
            :set msg "$identity: L2TP: $message at $time"
        }

# SSTP events
        :if ($topics="sstp;ppp;info;account") do={
            :set msg "$identity: SSTP: $message at $time"
        }

# OpenVPN events
        :if ($topics="ovpn;info;account") do={
            :set msg "$identity: OpenVPN: $message at $time"
        }

# Logins/logouts to the router
        :if ($topics="system;info;account") do={
            :set msg "$identity: $message at $time"
        }

# Track DNS queries
        :if ($topics="dns") do={
            :if ($message~"query from" && ($message~" A\$" || $message~" AAAA\$")) do={
                :set msg $message
            }
        }

# Combine multiple messages into one
        :if ($msg!="") do={
            :if ($buffer!="") do={
                :set buffer ($buffer . "%0A")
            }
            :set buffer ($buffer . $msg)
        }
    }
# Have reached an unshown message, so don't skip then
    :if ($id=$lastLogID) do={ :set skip false }
}

# Update last ID global variable
:set lastLogID $lastID

# Consider the buffer for sending out only if it isn't empty
:if ($buffer!="") do={
    :local new ""

# Replace the specific characters
    :for i from=0 to=([:len $buffer]-1) do={
        :local char [:pick $buffer $i]
        :if ($char="#") do={ :set char "%23" }
        :set new ($new . $char)
     }
    $tgSendMessage $tgID $new
}
	# tgSendMessage is set by tgSetEnvironment script which runs at startup by the scheduler,
	# contains Telegram BotAPI string for sendMessage method.
	:global tgSendMessage
	:global tgID

	# This is used to track already shown log entries
	:global lastLogID

	# Log buffer name
	:local logName "LogTrap"

	:local lastID
	:local skip
	:local buffer ""

	:local identity [/system identity get name]

	# Check if last ID is not set and trigger the skip flag
	:if ([:typeof $lastLogID]="nothing") do={ :set skip false } else={ :set skip true }

	# Run through the log buffer and parse entries
	:foreach logEntry in=[/log print as-value where buffer=($logName)] do={
	:local id ($logEntry->".id")
	:set lastID $id

	:if (!$skip) do={
	:local topics ($logEntry->"topics")
	:local time ($logEntry->"time")
	:local message ($logEntry->"message")

	:local msg ""

	# Wireless events
	:if ($topics="wireless;info") do={
	:local macAddress [:pick $message 0 17]
	:if ($message~"wlan1: connected") do={
	:set msg "$identity: $macAddress connected at $time"
	}
	:if ($message~"wlan1: disconnected") do={
	:set msg "$identity: $macAddress disconnected at $time"
	}
	}

	# DHCP/firewall/system critical error events
	:if ($topics="dhcp;info" \|\| \
	$topics="system;error;critical" \|\| \
	$topics="firewall;info") do={
	:set msg "$identity: $message at $time"
	}

	# L2TP events
	:if ($topics="l2tp;ppp;info;account") do={
	:set msg "$identity: L2TP: $message at $time"
	}

	# SSTP events
	:if ($topics="sstp;ppp;info;account") do={
	:set msg "$identity: SSTP: $message at $time"
	}

	# OpenVPN events
	:if ($topics="ovpn;info;account") do={
	:set msg "$identity: OpenVPN: $message at $time"
	}

	# Logins/logouts to the router
	:if ($topics="system;info;account") do={
	:set msg "$identity: $message at $time"
	}

	# Track DNS queries
	:if ($topics="dns") do={
	:if ($message~"query from" && ($message~" A\$" \|\| $message~" AAAA\$")) do={
	:set msg $message
	}
	}

	# Combine multiple messages into one
	:if ($msg!="") do={
	:if ($buffer!="") do={
	:set buffer ($buffer . "%0A")
	}
	:set buffer ($buffer . $msg)
	}
	}
	# Have reached an unshown message, so don't skip then
	:if ($id=$lastLogID) do={ :set skip false }
	}

	# Update last ID global variable
	:set lastLogID $lastID

	# Consider the buffer for sending out only if it isn't empty
	:if ($buffer!="") do={
	:local new ""

	# Replace the specific characters
	:for i from=0 to=([:len $buffer]-1) do={
	:local char [:pick $buffer $i]
	:if ($char="#") do={ :set char "%23" }
	:set new ($new . $char)
	}
	$tgSendMessage $tgID $new
	}