#!/usr/bin/perl
##########################################################################
# $Id: cron,v 1.17 2004/06/21 15:07:21 kirk Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.17  2004/06/21 15:07:21  kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16  2004/06/21 14:59:05  kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15  2004/06/21 14:24:46  kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14  2004/02/03 03:36:39  kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13  2004/02/03 02:45:26  kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
########################################################

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;

$Startups = 0;
$Reloads = 0;
$MailErrors = 0;

while (defined($ThisLine = <STDIN>)) {
   chomp($ThisLine);
   if ( 
      ($ThisLine =~ /Updated timestamp for job/)
   ) {
      # Ignore
   } elsif (
      ($ThisLine =~ s/^([^ ]+) \([^ ]+\)\s+//) or
      ($ThisLine =~ s/^\S+\s+\S+\s+..:..:..\s+\S+\s+\S+\[\d+\]:\s+\((\S+)\)\s+//)
   ) {
      $User = $1;
      
      if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) {
         $Runs->{$User}->{$ThisLine}++;
      } elsif ($ThisLine =~ /ORPHAN \(no passwd entry\)/) {
         $Orphans++;
      } elsif ($ThisLine =~ s/^(BEGIN|END) EDIT \((.+)\)\s*$/$2/) {
         $Runs->{$ThisLine}->{'personal crontab edited'} += 0.5;
      } elsif ($ThisLine =~ s/^REPLACE \((.+)\)\s*$/$1/) {
         $Runs->{$ThisLine}->{'personal crontab replaced'}++;
      } elsif ($ThisLine =~ s/^LIST \((.+)\)\s*$/$1/) {
         $Runs->{$ThisLine}->{'personal crontab listed'}++;
      } elsif ($ThisLine =~ s/^DELETE \((.+)\)\s*$/$1/) {
         $Runs->{$User}->{'personal crontab deleted'}++;
      } elsif ($ThisLine =~ /^STARTUP \(fork ok\)\s*$/ ) {
         $Startups++;
      } elsif ($ThisLine =~ m/^STARTUP \(\d+ jobs to catch up\)/ ) {
         $Startups++;
      } elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
         $Runs->{$User}->{'personal crontab reloaded'}++;
      } elsif ( $ThisLine =~ /^MAIL \(mailed \d+ bytes of output but got status [^ ]+/) {
         $MailErrors++;
      } elsif ( $ThisLine =~ /^AUTH \(crontab command not allowed\)/) {
         $CronDeny{$User}++;
      } elsif ( $ThisLine =~ /^WRONG INODE INFO \([^ ]+\)/) {
         $InodeError{$User}++;
      } elsif ( ($Reason) = ($ThisLine =~ /^error \((.+)\)$/) ) {
         $Errors{$Reason}++;
      } else {
         # Report any unmatched entries...
         push @OtherList, "$ThisLine\n";
      }
   } elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
      $Reloads++;
   } elsif ( $User = ($ThisLine =~ /^(.*) \([^ ]+\) RELOAD \(.*\)$/ ) ) {
      $UserReloads{$User}++;
   } else {
      # Report any unmatched entries...
      push @OtherList, "$ThisLine\n";
   }
}

#######################################

if (%CronDeny) {
   print "Attempt to use crontab by unauthorized users:\n";
   foreach $User (sort {$a cmp $b} keys %CronDeny) {
      print "   $User : $CronDeny{$User} Time(s)\n";
   }
}

if (%InodeError) {
   print "\nInode errors in crontab files of users:\n";
   foreach $User (sort {$a cmp $b} keys %InodeError) {
      print "   $User : $InodeError{$User} Time(s)\n";
   }
}

if (keys %Errors) {
   print "Errors when running cron:\n";
   foreach $Reason (sort {$a cmp $b} keys %Errors) {
      print "   $Reason: $Errors{$Reason} Time(s)\n";
   }
}

if (keys %{$Runs} and ($Detail >= 5)) {
   print "\n\nCommands Run:\n";
   foreach $i (sort {$a cmp $b} keys %{$Runs}) {
      print "   User $i:\n";
      foreach $j (sort {$a cmp $b} keys %{$Runs->{$i}}) {
         print "      $j: " . $Runs->{$i}->{$j} . " Time(s)\n";
      }
   }
}

if ($Detail >= 10) {
   if (keys %UserReloads) {
      print "   User crontabs reloaded:\n";
      foreach $i (keys %UserReloads) {
         print "      $i $UserReloads{$i} Time(s)\n";
      }
   }

   if ($Orphans) {
      print "   ORPHAN entries: $Orphans\n";
   }

   if ($Startups > 0) {
      print "\nCRON Restarted $Startups Time(s)\n";
   }

   if ($Reloads > 0) {
      print "\nCRON Reloaded system crontab $Reloads Time(s)\n";
   }

   if ($MailErrors > 0) {
      print "\nMAIL sending errors $MailErrors Time(s)\n";
   }
}

if ($#OtherList >= 0) {
   print "\n**Unmatched Entries**\n";
   print @OtherList;
}

exit(0);

# vi: shiftwidth=3 tabstop=3 et

