--- ldap-stats.pl.orig 2007-04-28 05:25:34.000000000 +0200 +++ ldap-stats.pl 2013-04-17 12:53:18.000000000 +0200 @@ -10,6 +10,8 @@ # # Revision History: # +# - add support for rsyslog log format -- Joerg Steffens, dass II GmbH +# # Version 5.2 # Perl::Tidy and Perl::Critic -- Gavin Henry, Suretec Systems Ltd. # @@ -315,10 +317,18 @@ FIELD => '%4s', }; +# slapd log file can use different date formats: +# rsyslog: 2013-04-17T10:45:15.576386+02:00 +# syslog: Mar 23 09:54:34 +# We check the first lone of the log file +# and use the first date regex that matches. +my @date_formats=('\d\d\d\d-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)\.\d\d\d\d\d\d\+\d\d:\d\d', '(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)'); +my $regex_date; + ################################################### ### Open the logfile and process all of the entries ################################################### -for my $file (@ARGV) { +FILE: for my $file (@ARGV) { $logfile = $file; my $lines = 0; @@ -359,11 +369,25 @@ while ( my $line = ) { - ### check start and end dates - if ( $line =~ /^(\w+\s+\d+\s+\d+:\d+:\d+)/mx ) { - if ( !$logarray{$logfile}{SDATE} ) { - $logarray{$logfile}{SDATE} = $1; + # first line + if ( !$logarray{$logfile}{SDATE} ) { + # check date format in logfile + for my $regex (@date_formats) { + print "regex: $regex\n"; + if ( $line =~ /^($regex)/mx ) { + $logarray{$logfile}{SDATE} = $1; + $regex_date = $regex; + last; + } } + if( ! $regex_date ) { + print "ERROR: unable to determine date format in '$logfile'\n"; + next FILE; + } + } + + ### check start and end dates + if ( $line =~ /^($regex_date)/mx ) { $logarray{$logfile}{EDATE} = $1; } @@ -375,7 +399,7 @@ ### Check for a new connection if ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+).*conn=(\d+) [ ] fd=\d+ [ ] (?:ACCEPT|connection) [ ] from/mx +/^$regex_date .*conn=(\d+) [ ] fd=\d+ [ ] (?:ACCEPT|connection) [ ] from/mx ) { my $month = $1; @@ -483,13 +507,13 @@ ### Check for anonymous binds } elsif ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+ [ ] BIND [ ] dn="" [ ] method=128/mx +/^$regex_date .*conn=(\d+) [ ] op=\d+ [ ] BIND [ ] dn="" [ ] method=128/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; + my $conn = $6; ### Increment the counters if ( defined $conns{$conn} @@ -508,14 +532,14 @@ ### Check for non-anonymous binds } elsif ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+ [ ] BIND [ ] dn="([^"]+)" [ ] mech=/mx +/^$regex_date .*conn=(\d+) [ ] op=\d+ [ ] BIND [ ] dn="([^"]+)" [ ] mech=/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; - my $binddn = lc $5; + my $conn = $6; + my $binddn = lc $7; ### Increment the counters if ( defined $conns{$conn} @@ -566,13 +590,13 @@ ### Check for SEARCHES } elsif ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+ [ ] SEARCH [ ] RESULT/mx +/^$regex_date .*conn=(\d+) [ ] op=\d+ [ ] SEARCH [ ] RESULT/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; + my $conn = $6; ### Increment the counters if ( defined $conns{$conn} @@ -588,13 +612,13 @@ ### Check for unbinds } elsif ( $line =~ - /^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+ [ ] UNBIND/mx + /^$regex_date .*conn=(\d+) [ ] op=\d+ [ ] UNBIND/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; + my $conn = $6; ### Increment the counters if ( defined $conns{$conn} @@ -611,13 +635,13 @@ ### TODO: Add other err=X values from contrib/ldapc++/src/LDAPResult.h } elsif ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+(?: SEARCH)? [ ] RESULT [ ]/mx +/^$regex_date .*conn=(\d+) [ ] op=\d+(?: SEARCH)? [ ] RESULT [ ]/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; + my $conn = $6; if ( $line =~ /\berr=49\b/mx ) { ### Increment the counters @@ -635,14 +659,14 @@ ### Check for entry changes: add, modify modrdn, delete } elsif ( $line =~ -/^(\w+)\s+(\d+)\s+(\d+):\d+:\d+.*conn=(\d+) [ ] op=\d+ [ ] (ADD|CMP|MOD|MODRDN|DEL) [ ] dn=/mx +/^$regex_date .*conn=(\d+) [ ] op=\d+ [ ] (ADD|CMP|MOD|MODRDN|DEL) [ ] dn=/mx ) { my $month = $1; my $day = $2; my $hour = $3; - my $conn = $4; - my $type = $5; + my $conn = $6; + my $type = $7; ### Increment the counters if ( defined $conns{$conn}