Perl extracts wtmpx logs and writes Recent user logon information to syslogs.

Background:

1. Perl reads wtmpx log files;
2. Logger command;
3. Syslog log;
4. Crontab command;

Reference books:

• Perl Network Programming

Help:

• SYS: syslog module processes system logs compilation warning: Your vendor has not defined the SYS: syslog macro _ path_log...
  I am very grateful to you for your understanding.

The source code is as follows:

#! /Usr/bin/perl-W ################################ ######################################## ################ file: wtmpx2.pl # function: Find the most recent logon information from the wtmpx log and write it to the system log; # Author: Half idle # Time: Happy Singles Day at 11: 11: 11 # system: sco_sv scosysv 3.2 5.0.6 i386 perl5.6.0 built for i486-pc-sco3.2v5.0 # Note, write the login information extracted to # Into the system log. at the same time, the data center uses the "centralized log server" to receive all the logs sent to the remote end for centralized analysis # analysis. # further explanation: # The system is outdated, because the production machine cannot be upgraded and cannot be changed now. SYS: When the syslog module processes system logs, # The normal code in Ubuntu + perl5.14 cannot be edited on the local machine. The prompt is: # Your vendor has not defined the SYS :: syslog macro _ path_log... # <Perl network programming> here is a message: syslog is required to run this module before perl5.6. pH header file, # This file is not provided with the Perl release version, and must be manually generated using the h2ph tool. before using SYS: syslog, You Should # upgrade to version 5.6 or later. # My Perl version meets the requirements described in the book. Is it a good thing for me! Think of the famous Perl saying "tmotwtdi" # The log part is temporarily handed over to the shell logger command for processing. # errors # modification: 2012-11-12 # bug1: duplicate records due to missing time precision; # bug statement: # My ($ sec, $ min, $ hour, $ mday, $ Mon, $ year_off) = (localtime) [0 .. 5]; # ($ sec, $ min, $ hour, $ mday, $ Mon, $ year_off) = (localtime $ TV _sec) [0 .. 5]; # Impact Statement: Next if ($ first_time >=$ TV _time); # Description: if the current time is 11:00:00, When a number is used for file writing, it is 1100, if a user logs on to the wtmpx file The time is 10:01:01 # will cause (1100> = 100101) to return a false value. # correction: all operations are performed in character mode # $ sec = sprintf "% 02d", $ sec; # less than 2 digits fill 0 # $ min = sprintf "% 02d", $ min; # $ hour = sprintf "% 02d", $ hour; # modify the following statement simultaneously: # Next if ($ current_date ne $ TV _date ); # Next if ($ first_time Ge $ TV _time ); ######################################## ######################################## ####### use strict; $ sig {__ warn __}=\& log_warn; sub log_warn () {# warn information is also written into the log; System "Echo '@ _ '| Logger-It wtmpx-P auth.info ";} My $ wtmpx_file ='/var/adm/wtmpx'; my $ first_file ="/var/adm/First "; # record the time of the previous query my $ template = 'a32 A4 A32 s l x20 s z257 x '; # scounix5 template my $ recordsize = length (pack ($ template, (); my ($ sec, $ min, $ hour, $ mday, $ Mon, $ year_off) = (localtime) [0 .. (5); my $ current_date = $ year_off + 1900. $ mon + 1. $ mday; $ sec = sprintf "% 02d", $ sec; # Fill in 0 for less than 2 digits $ min = sprintf "% 0 2d ", $ min; $ hour = sprintf" % 02d ", $ hour; my $ session = open first_file, '+ <', $ first_file or warn "unable to open $ first_file: $! \ N "; my $ first_time; # Time of the previous query if ($ session) {$ first_time = <first_file>; # obtain the previous time seek first_file, 0, 0; # Move to the file header print first_file "$ hour $ min $ sec"; close first_file or warn "unable to close $ first_file: $! \ N ";} else {$ first_time =" $ hour $ min $ sec "; # use the current time $ session = open first_file, '>', $ first_file or warn" err2: unable to open $ first_file: $! \ N "; if ($ session) {print first_file $ first_time; close first_file or warn" err2: unable to close $ first_file: $! \ N ";}} open wtmp, '<', $ wtmpx_file or die" unable to open wtmpx: $! \ N "; my ($ ut_user, $ ut_id, $ ut_line, $ ut_pid, $ ut_type, $ ut_e_termination, $ ut_e_exit, $ TV _sec, $ TV _usec, $ ut_session, $ ut_syslen, $ ut_host) = (); my $ record; while (read (wtmp, $ record, $ recordsize) {($ ut_user, $ ut_id, $ ut_line, $ ut_pid, $ ut_type, $ ut_e_termination, $ ut_e_exit, $ TV _sec, $ TV _usec, $ ut_session, $ ut_syslen, $ ut_host) = unpack ($ template, $ record ); next if $ ut_type = 8; # ignore exited users ($ sec, $ min, $ hour, $ mday, $ Mon, $ year_off) = (localtime $ TV _sec) [0 .. (5); my $ TV _date = $ year_off + 1900. $ mon + 1. $ mday; $ sec = sprintf "% 02d", $ sec; $ min = sprintf "% 02d", $ min; $ hour = sprintf "% 02d", $ hour; my $ TV _time = "$ hour $ min $ sec"; next if ($ current_date ne $ TV _date); # Skip records of non-current system dates (when strings are compared) next if ($ first_time Ge $ TV _time); # Skip the record queried previously (this sentence can only be placed after the date comparison) if ($ ut_id EQ 'ftp ') {$ ut_user = "FTP login $ ut_user";} else {$ ut_user = "Login $ ut_user";} My $ format_record = "$ ut_user: $ ut_id: $ ut_line: PID: $ ut_pid: Type: $ ut_type: Host: $ ut_host: $ TV _date $ hour: $ min: $ sec "; system "Echo '$ format_record' | logger-It wtmpx-P auth.info";} Close wtmp;

Write Syslog logs:

Log Server receiving: