Created
March 5, 2019 04:10
-
-
Save trydofor/fed080345f200b65abb87a7ef85b4b8f to your computer and use it in GitHub Desktop.
通常日志和程序监控
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ####################################### | |
| ##RuntimeConf.sh | |
| #NOTICE_PROC(){ | |
| # echo $MAIL_SUBJ | |
| # echo $MAIL_TO | |
| # echo $1 | |
| # echo $2 | |
| #} | |
| # | |
| #MAIL_SUBJ="[DEER] ALL ALERT" | |
| #MAIL_TO=dev@deerex.com | |
| # | |
| ## conf | |
| #PATH_CONF=./conf | |
| #LINE_SEND=100 | |
| # | |
| ## scan | |
| ## empty value means do nothing | |
| # | |
| ## a file or single command's output(no pipe) to scan | |
| #SCAN_FILE_OR_CMND= | |
| ## TRUE|FALSE:send warnning mail if $SCAN_FILE_OR_CMND does not have new lines. | |
| #SCAN_WARN_IF_STOP= | |
| # | |
| ## SCAN_RULE_IF_* | |
| ## file : execute each line on $SCAN_FILE_OR_CMND | |
| ## line format:description=command | |
| ## command: execute command on $SCAN_FILE_OR_CMND | |
| ## SCAN_CMND_IF_* | |
| ## command: will be executed if $SCAN_RULE_IF_* matched | |
| ## _HAVE: $SCAN_RULE_IF_* get output | |
| ## _LOST: $SCAN_RULE_IF_* get no output | |
| # | |
| ## $RULE_RESULT_* for rule result | |
| # | |
| #SCAN_RULE_IF_HAVE= | |
| #SCAN_CMND_IF_HAVE= | |
| #SCAN_RULE_IF_LOST= | |
| #SCAN_CMND_IF_LOST= | |
| ############## functions ############## | |
| SCAN_RULE_MATCH() { | |
| scan_rule=$1 | |
| file_scan=$2 | |
| file_made=$3 | |
| file_result=$4 | |
| file_temp=temp_scan_rule_match | |
| echo ""> $file_result | |
| if [ -f "$scan_rule" ]; then | |
| cat $scan_rule | egrep -v '^#|^[ \t]{0,}$'| while read line;do | |
| name=$(echo "$line"|sed 's:=.*$::g') | |
| cmnd=$(echo "$line"|sed 's:^[^=]*=::g') | |
| cat $file_scan |eval "$cmnd" > $file_temp | |
| echo "RULE_RESULT_$name=\"`sed 's/"/\\\\\"/g' $file_temp`\"">>$file_result | |
| if [ -s "$file_temp" ];then | |
| echo "matched rule:$line" >>$file_log | |
| echo "=== $name ===" >>$file_made | |
| cat $file_temp >> $file_made | |
| fi | |
| done | |
| else | |
| cat $file_scan |eval "$scan_rule" > $file_temp | |
| echo "RULE_RESULT_=\"`sed 's/"/\\\\\"/g' $file_temp`\"">>$file_result | |
| if [ -s "$file_temp" ];then | |
| echo "matched rule:$scan_rule" >>$file_log | |
| echo "=== $scan_rule ===" >>$file_made | |
| cat $file_temp >> $file_made | |
| fi | |
| fi | |
| rm -rf $file_temp | |
| } | |
| #### | |
| SEND_WARN_NOTICE(){ | |
| echo "send warn notice" >>$file_log | |
| echo "COINFIG: $conf" >> $report_mail | |
| echo "">> $report_mail | |
| echo "TARGET: $SCAN_FILE_OR_CMND">> $report_mail | |
| cat $report_conf >> $report_mail | |
| rm -rf $report_conf | |
| NOTICE_PROC "$conf" "$report_mail" && rm -f $report_mail | |
| } | |
| ####################################### | |
| export LANG=en_US | |
| cd $(dirname "$0") | |
| path_data=./data | |
| path_log=./log | |
| date_time=$(date +"%Y%m%d_%H%M%S") | |
| mkdir -p $path_data | |
| mkdir -p $path_log | |
| file_log=$path_log/$(date +"%Y%m%d").log | |
| ########### LOAD PARAMETERS ########### | |
| source ./RuntimeConf.sh | |
| ####################################### | |
| echo "">>$file_log | |
| echo "[ $date_time ]" >>$file_log | |
| confs="$1" | |
| if [ "$confs" == "" ];then | |
| confs=$(find $PATH_CONF -type f) | |
| fi | |
| for conf_file in $confs; do | |
| echo "== $conf_file" >>$file_log | |
| conf=$(basename "$conf_file") | |
| if [ "$(echo $conf|egrep '^\.')" != "" ];then | |
| echo "skip an hidden config">>$file_log | |
| continue; | |
| fi | |
| # reload config | |
| source ./RuntimeConf.sh | |
| source $conf_file | |
| # pre-check | |
| if [ "$?" != "0" ];then | |
| echo "skip an error config">>$file_log | |
| continue; | |
| fi | |
| if [ "$SCAN_FILE_OR_CMND" == "" ]; then | |
| echo "skip an empty SCAN_FILE_OR_CMND" >>$file_log | |
| continue; | |
| fi | |
| # make report path | |
| report_conf=$path_data/report_conf.$conf.$date_time | |
| report_mail=$path_data/report_mail.$conf.$date_time | |
| rm -rf $report_conf $report_mail | |
| # check stop | |
| line_mark=$path_data/LINE.$conf | |
| if [ -f "$SCAN_FILE_OR_CMND" -a -f "$line_mark" ]; then | |
| if [ "$line_mark" -nt "$SCAN_FILE_OR_CMND" ]; then | |
| if [ "$SCAN_WARN_IF_STOP" == "TRUE" ]; then | |
| echo "">> $report_conf | |
| echo "scan-stop:no more new lines" >>$file_log | |
| echo "=== SCAN-STOP:NO MORE NEW LINES ===" >> $report_conf | |
| cat -n $SCAN_FILE_OR_CMND|tail -n $LINE_SEND >> $report_conf | |
| SEND_WARN_NOTICE | |
| else | |
| echo "skip an scaned file" >>$file_log | |
| fi | |
| continue; | |
| fi | |
| fi | |
| # make text to scan | |
| text_scan=$path_data/TEXT.$conf | |
| if [ -f "$SCAN_FILE_OR_CMND" ]; then | |
| cat -n $SCAN_FILE_OR_CMND>$text_scan | |
| else | |
| eval "$SCAN_FILE_OR_CMND">$text_scan | |
| if [ "$?" != "0" ];then | |
| echo "skip an error command $SCAN_FILE_OR_CMND">>$file_log | |
| continue; | |
| fi | |
| fi | |
| # scan log | |
| line_have=$(wc -l <$text_scan) | |
| line_done=0 | |
| if [ -f "$line_mark" ]; then | |
| line_done=$(cat $line_mark) | |
| fi | |
| if [ $(($line_done - $line_have)) -gt 0 ]; then | |
| echo "maybe log reset" >>$file_log | |
| line_done=0 | |
| fi | |
| line_done=$(($line_done + 1)) | |
| text_toscan=$path_data/temp_text_scan.$conf | |
| sed -n "$line_done,$line_have p" $text_scan > $text_toscan | |
| rm -rf $text_scan | |
| if [ ! -f "$text_toscan" ];then | |
| echo "maybe error: line_have=$line_have,line_done=$line_done" >>$file_log | |
| continue; | |
| fi | |
| # do have | |
| text_ifhave=$path_data/temp_text_have.$conf | |
| text_result=$path_data/temp_text_result.$conf | |
| if [ "$SCAN_RULE_IF_HAVE" != "" ];then | |
| SCAN_RULE_MATCH "$SCAN_RULE_IF_HAVE" "$text_toscan" "$text_ifhave" "$text_result" | |
| source $text_result && rm -rf $text_result | |
| if [ -s "$text_ifhave" ];then | |
| echo "">> $report_conf | |
| echo "got rule-have" >>$file_log | |
| echo "=== RULE-HAVE:$SCAN_RULE_IF_HAVE ===" >> $report_conf | |
| cat $text_ifhave >> $report_conf | |
| if [ "$SCAN_CMND_IF_HAVE" != "" ];then | |
| echo "execute command:$SCAN_CMND_IF_HAVE" >>$file_log | |
| echo "EXECUTE COMMAND:$SCAN_CMND_IF_HAVE" >> $report_conf | |
| eval "$SCAN_CMND_IF_HAVE" >> $report_conf 2>&1 | |
| fi | |
| fi | |
| fi | |
| rm -rf $text_ifhave | |
| # do lost | |
| text_iflost=$path_data/temp_text_lost.$conf | |
| text_result=$path_data/temp_text_result.$conf | |
| if [ "$SCAN_RULE_IF_LOST" != "" ];then | |
| SCAN_RULE_MATCH "$SCAN_RULE_IF_LOST" "$text_toscan" "$text_iflost" "$text_result" | |
| source $text_result && rm -rf $text_result | |
| if [ ! -s "$text_iflost" ];then | |
| echo "">> $report_conf | |
| echo "got rule-lost" >>$file_log | |
| echo "=== RULE-LOST:$SCAN_RULE_IF_LOST ===" >> $report_conf | |
| if [ "$SCAN_CMND_IF_LOST" != "" ];then | |
| echo "execute command:$SCAN_CMND_IF_LOST" >>$file_log | |
| echo "EXECUTE COMMAND:$SCAN_CMND_IF_LOST" >> $report_conf | |
| eval "$SCAN_CMND_IF_LOST" >> $report_conf 2>&1 | |
| fi | |
| fi | |
| fi | |
| rm -rf $text_iflost | |
| if [ -f "$SCAN_FILE_OR_CMND" ];then | |
| echo "$line_have">$line_mark | |
| fi | |
| if [ -s "$report_conf" ];then | |
| echo "" >> $report_conf | |
| echo "============= SCANED TEXT =============" >> $report_conf | |
| if [ $(($line_have - $LINE_SEND)) -gt 0 ]; then | |
| line=$(( $LINE_SEND / 2 )) | |
| head -n $line $text_toscan >> $report_conf | |
| echo "... ... ... ..." >> $report_conf | |
| tail -n $line $text_toscan >> $report_conf | |
| else | |
| cat $text_toscan >> $report_conf | |
| fi | |
| SEND_WARN_NOTICE | |
| fi | |
| rm -rf $text_toscan | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment