SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

tenshi 0.7 README
Copyright 2004, 2005, 2006, 2007 Andrea Barisani <andrea@inversepath.com>

Rob Holland <rob@inversepath.com>

  • What's tenshi?

tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients.

Please read the example tenshi.conf and tenshi.8 man page for usage instructions.

tenshi was formerly known as wasabi. The name was changed to tenshi after we were informed that wasabi is a registered trademark relating to another piece of software.

It should be noted that tenshi was initially a perl rewrite of Oak (http://www.ktools.org).

  • Examples:

Consider the following settings in tenshi.conf:

set hidepid on 

set queue mail     tenshi@localhost sysadmin@localhost [0 */12 * * *]
set queue misc     tenshi@localhost sysadmin@localhost [0 */24 * * *]

set queue critical tenshi@localhost sysadmin@localhost [now]

group ^ipop3d:

mail ^ipop3d: Login user=(.+)
mail ^ipop3d: Logout user=(.+)
mail ^ipop3d: pop3s SSL service init from (.+) mail ^ipop3d: pop3 service init from (.+) mail ^ipop3d: Command stream end of file, while reading.+ mail ^ipop3d: Command stream end of file while reading.+

critical ^ipop3d: Login failed.+

trash ^ipop3d:.+

group_end

critical ^sudo: (.+) : TTY=(.+) ; PWD=(.+) ; USER=root ; COMMAND=(.+)

misc .*

Every ipop3d message not matched by the regexps assigned to the queue mail or critical will be matched by the queue trash (a builtin null queue), any other message will be matched by queue misc. Fields enclosed in (.+) are masked.

This is a sample report for the mail queue (sent every 12 hours):

host1
79: ipop3d: Login user=___ 74: ipop3d: Logout user=___
host2
30: ipop3d: Login user=___ 30: ipop3d: Logout user=___ 19: ipop3d: pop3 service init from ___ 12: ipop3d: pop3s SSL service init from ___
  1. ipop3d: Command stream end of file while reading line user=??? host=bogus.domain.net [192.168.0.1]
  2. ipop3d: Command stream end of file, while reading authentication host=bogus1.domain.net [10.1.7.1]

These are sample reports for the critical queue (sent every time a message matches the regexp):

host1
  1. /usr/bin/sudo: ___ : TTY=___ ; PWD=___ ; USER=root ; COMMAND=/bin/dmesg
host1
  1. /usr/bin/sudo: ___ : TTY=___ ; PWD=___ ; USER=root ; COMMAND=/bin/bash
host2
  1. ipop3d: Login failed user=admin auth=admin host=bogus1.domain.net [10.1.7.1]
host2
  1. ipop3d: Autologout user=??? host=bogus.domain.net [192.168.0.1]
    • Requirements:

This is a perl program that uses 'tail' (when not using a FIFO) which should be included in your OS. It also requires Net::SMTP module for mailing reports which should be included in your perl installation, otherwise you can grab it at CPAN (http://www.cpan.org) or using the CPAN shell (perl -e shell -MCPAN).

  • Resources:

The tenshi project page is http://dev.inversepath.com/trac/tenshi

Please report any bugs you find at http://dev.inversepath.com/trac/tenshi/report or <tenshi@inversepath.com>.

Two mailing lists are also available:

<tenshi-user@lists.inversepath.com> for general discussion, subscribe by sending a message to <tenshi-user+subscribe@lists.inversepath.com>

<tenshi-announce@lists.inversepath.com> for announcements, subscribe by sending a message to <tenshi-announce+subscribe@lists.inversepath.com>


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.