185 lines
2.8 KiB
Perl
185 lines
2.8 KiB
Perl
package OSSEC::Log;
|
|
|
|
# ABSTRACT: Module/class for simplifying logging of OSSEC log messages
|
|
use strict;
|
|
use warnings;
|
|
use Moose;
|
|
use DateTime;
|
|
use File::Basename;
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This Module/Class is part of the OSSEC distribution.
|
|
It simplifies logging to files, e.g. for active response. You are able
|
|
to use different logging types (info,error,fatal,debug) and select the file to log
|
|
to. See the methods below.
|
|
|
|
=cut
|
|
|
|
=attr ossecPath
|
|
|
|
base path to the ossec installation B<default> /var/ossec
|
|
|
|
Type: String
|
|
|
|
=cut
|
|
has 'ossecPath' => (is => 'rw', isa => 'Str' , default => "/var/ossec" );
|
|
|
|
=attr file
|
|
|
|
In which file to log the messages. The file should be given as the path relative to the
|
|
OSSEC configuration file.
|
|
|
|
Type: String
|
|
|
|
=cut
|
|
has 'file' => (is => 'rw', isa => 'Str');
|
|
|
|
|
|
=method error
|
|
|
|
log error message
|
|
|
|
=over
|
|
|
|
=item B<Param1>=I<program name which is logging>
|
|
|
|
=item B<Param2>=I<the message to log>
|
|
|
|
=back
|
|
|
|
log->error("OSSEC-Jabber","alert not found");
|
|
|
|
=cut
|
|
sub error
|
|
{
|
|
my $self = shift;
|
|
my $programm = shift;
|
|
my $message = shift;
|
|
|
|
$self->log("ERROR",$programm, $message);
|
|
}
|
|
|
|
=method fatal
|
|
|
|
log fatal message and die
|
|
|
|
=over
|
|
|
|
=item B<Param1>=I<program name which is logging>
|
|
|
|
=item B<Param2>=I<the message to log>
|
|
|
|
=back
|
|
|
|
log->fatal("OSSEC-Jabber","could not connect to mysql server");
|
|
|
|
=cut
|
|
sub fatal
|
|
{
|
|
my $self = shift;
|
|
my $programm = shift;
|
|
my $message = shift;
|
|
|
|
$self->log("FATAL",$programm, $message);
|
|
die;
|
|
}
|
|
|
|
=method info
|
|
|
|
log info message
|
|
|
|
=over
|
|
|
|
=item B<Param1>=I<program name which is logging>
|
|
|
|
=item B<Param2>=I<the message to log>
|
|
|
|
=back
|
|
|
|
log->info("OSSEC-Jabber","alert send");
|
|
|
|
=cut
|
|
sub info
|
|
{
|
|
my $self = shift;
|
|
my $programm = shift;
|
|
my $message = shift;
|
|
|
|
$self->log("INFO",$programm, $message);
|
|
}
|
|
|
|
=method debug
|
|
|
|
log debug message
|
|
|
|
=over
|
|
|
|
=item B<Param1>=I<program name which is logging>
|
|
|
|
=item B<Param2>=I<the message to log>
|
|
|
|
=back
|
|
|
|
log->error("OSSEC-Jabber","found alert in database");
|
|
|
|
=cut
|
|
sub debug
|
|
{
|
|
my $self = shift;
|
|
my $programm = shift;
|
|
my $message = shift;
|
|
|
|
$self->log("DEBUG",$programm, $message);
|
|
}
|
|
|
|
|
|
=method log
|
|
|
|
log messages to the logfile
|
|
|
|
=over
|
|
|
|
=item B<Param1>=I<Type of log message>
|
|
|
|
=item B<Param2>=I<program name which is logging>
|
|
|
|
=item B<Param3>=I<the message to log>
|
|
|
|
=back
|
|
|
|
=cut
|
|
sub log
|
|
{
|
|
my $self = shift;
|
|
my $type = shift;
|
|
my $programm = shift;
|
|
my $message = shift;
|
|
|
|
# a logfile is required
|
|
die("no logfile selected") unless $self->file();
|
|
|
|
# create the full path to the file
|
|
my $file = $self->ossecPath() . "/" . $self->file();
|
|
my $dir = dirname($file);
|
|
|
|
readpipe("mkdir -p $dir");
|
|
|
|
my $dt = DateTime->now;
|
|
|
|
# create the full log message
|
|
my $msg = sprintf("%10s %8s - %5s - %20s - %s\n",$dt->ymd(), $dt->hms(), $type, $programm, $message);
|
|
|
|
|
|
# open the logfile
|
|
open(my $fh, ">>", $file);
|
|
|
|
print $fh $msg;
|
|
|
|
close $fh;
|
|
|
|
}
|
|
|
|
1;
|