CentOS-6 - LogWatch Cyrus-IMAPD script was CentOS-6 - LogWatch - Discuss

17 Sep 2015


      On Mon, September 14, 2015 14:51, James B. Byrne wrote:
...
The Logwatch imapd service script distributed with CentOS-6 does not
generate anything when I run logwatch --service all on a cyrus-imapd
host.  Is this expected behaviour?  Is there a separate script for
cyrus-imapd or are their configuration options required to get the
existing script to work.
I have found an ancient (2004) logwatch service script for cyrus-imapd
but I was sort of hoping that there was a more up-to-date and
officially supported version available somewhere.
Is there?
There was not, and so I wrote this.  Given I know little or nothing of
Perl beyond the bare fact of its existence no doubt there are better
ways to get the results I obtained.  But this is tested on CentOS-6
with
cyrus-imapd.2.3.16-13.el6_6,
It only handles IMAP logins so anyone using POP3 or Sieve needs to add
there own code for those.  And, because this is e-mail,
linewraps/breaks in the code below may not be exactly as required and
do need to be hand checked and corrected.
<pre>
#!/usr/bin/perl
###################################################################
# logwatch script for cyrus-imapd-2.3.16
# looks for imaps and lmtpunix services in /var/log/maillog
###################################################################
###################################################################
#     script: /etc/logwatch/scripts/services/cyrus-imapd
#     author: James B. Byrne byrnejb@harte-lyne.ca
#       date: 2015-09-16
#   revision: v1.0.1 - 2015-09-17
#
#   requires: /etc/logwatch/conf/services/cyrus-imapd.conf
# containing>
#
# > Title = "CYRUS IMAPD"
# > LogFile = maillog
# > *OnlyService = (imaps|lmtpunix)
# > *RemoveHeaders =
#
#  based on Sebastian Hagedorn Hagedorn@uni-koeln.de 2004
###################################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
#
#  Process log file on stdin
#
while ( defined( $ThisLine = <STDIN> ) ) {
  chomp( $ThisLine );
use feature "switch";
given( $ThisLine ) {
when ( /accepted connection/ ) {
      # Ignore
    }
when ( /^badlogin: (.+) [(.+)] (\w+) (.+) (SASL.*authentication
failure:.+)/ ) {
      #print( "Bad Login: " . $ThisLine . "\n" );
      #$ThisLine =~ /^badlogin: (.+) [(.+)] (\w+) (.+)
(SASL.*authentication failure:.+)/;
      #print( "BAD LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " :
" . $4 . " : " . $5 . "\n");
      $IMAPbadlogin++;
      $IMAPbadmech{$3}++;
      $IMAPbadip{$2}++;
      $IMAPbaduser{$4}++
    }
when ( /DBMSG:/ ) {
      # Ignore
    }
when ( /Delivered:/ ) {
      # Ignore
    }
when ( /dupelim:/ ) {
      # Ignore
    }
when ( /duplicate_check:/ ) {
      # Ignore
    }
when ( /duplicate_mark:/ ) {
      # Ignore
    }
when ( /executed/ ) {
      # Ignore
    }
when ( /Expunged/ ) {
      # Ignore
    }
when ( /imapd:Loading hard-coded DH parameters/ ) {
      # Ignore
    }
when ( /lmtp connection preauth/ ) {
      # Ignore
    }
when ( /^login: (.+) [(.+)] (\w+) (.+) User logged in/ ) {
#      print( "LOGIN PARSE: " . $1 . " : " . $2 . " : " . $3 . " : " .
$4 . "\n");
      $IMAPlogin++;
      $IMAPmech{$4}++;
      $IMAPuser{$3}++;
      $IMAPip{$2}++;
    }
when ( /IOERROR: fstating sieve script/ ) {
      # Ignore
    }
when ( /mystore: committing txn/ ) {
      $LMTPStore++;
    }
when ( /mystore: starting/ ) {
      # Ignore
    }
when ( /open: / ) {
      # Ignore
    }
when ( /seen_db: / ) {
      # Ignore
    }
when ( /skiplist: checkpointed/ ) {
      # Ignore
    }
when ( /SQUAT/ ) {
      # ignore
    }
when ( /SSL_accept/ ) {
      # ignore
    }
when ( /starttls/ ) {
        $IMAPTLS++;
    }
# Save this till the end
    when ( /ERROR/ ) {
      push @ErrorList, "$ThisLine\n";
    }
default {
      # Report any unmatched entries...
      push @OtherList, "$ThisLine\n";
    }
  }
# Process next stdin
  next;
}
# Report
if ( $LMTPStore ) {
    print "   Mails stored: " . $LMTPStore . "\n";
}
if ( $IMAPlogin ) {
    print "\n   IMAP:\n";
    print "     Number of logins: " . $IMAPlogin . "\n";
  if ( %IMAPmech ) {
    print( "\n       By mechanism\n" );
  }
    foreach $mech ( sort ( keys %IMAPmech ) ) {
      print( "       . . . using " . $mech . ": " . "$IMAPmech{$mech}\n" );
  }
  if ( %IMAPuser ) {
    print( "\n       By user\n" );
  }
  foreach $user ( sort ( keys %IMAPuser ) ) {
    print( "       . . . from " . $user . ": " . $IMAPuser{$user} .
"\n" );
  }
  if ( %IMAPip ) {
    print( "\n       By origin\n" );
  }
  foreach $addr ( sort ( keys %IMAPip ) ) {
    print( "       . . . from " . $addr . ": " . $IMAPip{$addr} . "\n" );
  }
if ( $IMAPbadlogin ) {
      print "\n     Number of failed logins: " . $IMAPbadlogin . "\n";
  if ( %IMAPbaduser ) {
    print( "\n       By user\n" );
  }
    foreach $user ( sort ( keys %IMAPbaduser ) ) {
      print( "       . . . from " . $user . ": " . $IMAPbaduser{$user}
. "\n" );
    }
  if ( %IMAPbadip ) {
    print( "\n       By origin\n" );
  }
    foreach $addr ( sort ( keys %IMAPbadip ) ) {
      print( "       . . . from " . $addr . ": " . $IMAPbadip{$addr} .
"\n" );
    }
  }
if ( $IMAPTLS ) {
        print "\n     Number of sessions using TLS: " . $IMAPTLS . "\n";
    }
}
if ( $#ErrorList >= 0 ) {
   print "\n**Error Messages**\n";
   print @ErrorList;
}
if ( $#OtherList >= 0 ) {
   print "\n**Unmatched Entries**\n";
   print @OtherList;
}
exit(0);
</pre>
-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3