Re: (ASCEND) MAX log parsing

[Cyril Jaouich <twiggy@twiggy.spider.org>]

On Wed, 18 Mar 1998, Forrest Houston wrote:

> I just checked the FAQ and didn't see anything of too much help there. 
> What I'm looking for is a script (shell or perl) that I can setup as a
> cron job to go through the syslog file and come up with something that is
> a little more "useful".  I don't need it for billing purposes, I just want
> to know who was on when and how to help debug problems that come up.  If
> someone has something that they use and like I would appreciate it,
> otherwise I guess I'll "reinvent the wheel" :)  (which probably isn't a
> bad idea since my scripting needs some work ;-) ).

	I wrote such a tool, but, it's best used when looking for a
specific user. With a bit of hacking you could easaly get it to do what
you want. (I included it with this mail).

	I'll talk to the owner of the FAQ page to get it out there :)

Cyril Jaouich [CJ837]
---------------------
ACC DATA OPERATIONS EASTERN CANADA
----------------------------------
#!/usr/bin/perl

#### Change this here below
$ascend_log="/var/log/support/ascend/all";

$ver="v2.0Export";
$raw=0;

print "Running FILTER $ver...\n\n";

if((@ARGV[0]=~ m/-/) eq 1){
	printf("Error: %s is not a valid username\n",@ARGV[0]);
	exit();
}else{
$userid=@ARGV[0];
}

$dump=@ARGV[0];
if($dump eq ""){ 
	&display_usage();
}


if( (@ARGV[1] ne "") && ((@ARGV[1]=~ m/-raw/)ne 1) ){
print "Error: Second argument not valid!\n";
exit();
}else{
	if((@ARGV[1]=~ m/-raw/)eq 1){
	$raw=1;
	}
}

print "------------------------------------------------------\n";
if($raw eq 1){
print "Displaying raw syslog information!\n";
}
print "------------------------------------------------------\n";
sleep (1);

print "Analysing Ascend log file... please wait\n\n";
$tout_asc=`grep $userid $ascend_log`;
if ($tout_asc eq ""){
print "No information on $userid found.\n";
}else{
if($raw eq 1){
print $tout_asc;
}else{
&filter($tout_asc);
}}

print "\n------------------------------------------------------\n";


print "\nFilter terminating!\n";

sub filter{
##################
@codes[0]="No Reason"; @prog[0]="No Progress";
@codes[1]="Not Applicable"; @prog[1]="Unknown  ";
@codes[2]="Unknown"; @prog[2]="Unknown";
@codes[3]="Call Disconnected"; @prog[3]="";
@codes[4]="CLID Authentication Failed"; @prog[4]="";
@codes[5]="CLID Radius Timeout"; @prog[5]="";
@codes[10]="Modem never detected DCD"; @prog[10]="Call Up";
@codes[11]="DCD detected but went inactive"; @prog[11]="";
@codes[12]="Modem result codes parse fail"; @prog[12]="";
@codes[20]="TermSrv - user quit"; @prog[20]="";
@codes[21]="TermSrv - idle timeout"; @prog[21]="";
@codes[22]="TermSrv - exit Telnet"; @prog[22]="";
@codes[23]="TermSrv - no IP Addr"; @prog[23]="";
@codes[24]="TermSrv - exit Raw TCP"; @prog[24]="";
@codes[25]="TermSrv - login failed"; @prog[25]="";
@codes[26]="TermSrv - Raw TCP disabled"; @prog[26]="";
@codes[27]="TermSrv - CTRL-C during login"; @prog[27]="";
@codes[28]="TermSrv - Destroyed"; @prog[28]="";
@codes[29]="TermSrv - user closed VirtConn"; @prog[29]="";
@codes[30]="TermSrv - VirtConn destroyed"; @prog[30]="Modem Up";
@codes[31]="TermSrv - exit Rlogin"; @prog[31]="Modem awaiting DCD";
@codes[32]="TermSrv - bad Rlogin option"; @prog[32]="Modem awaiting Codes";
@codes[33]="TermSrv - not enough resources"; @prog[33]="";
@codes[35]="MPP - no NULL msg timeout"; @prog[35]="";
@codes[40]="PPP - LCP Timeout"; @prog[40]="Terminal Server started";
@codes[41]="PPP - LCP Negotiation failed"; @prog[41]="Raw TCP started";
@codes[42]="PPP - PAP Auth failed"; @prog[42]="Telnet started";
@codes[43]="PPP - CHAP Auth failed"; @prog[43]="Raw TCP connected";
@codes[44]="PPP - Remote Auth failed"; @prog[44]="Telnet connected";
@codes[45]="PPP - Connection closed"; @prog[45]="Rlogin started";
@codes[46]="PPP - Receive Close Event"; @prog[46]="Rlogin connected";
@codes[47]="PPP - No NCP's were open"; @prog[47]="";
@codes[48]="PPP - MP bundle unknown"; @prog[48]="";
@codes[49]="PPP - LCP close MP add fail"; @prog[49]="";
@codes[50]="Session Table Full"; @prog[50]="Modem Outdial - Call Up";
@codes[51]="Out of resources"; @prog[51]="";
@codes[52]="Invalid IP Address"; @prog[52]="";
@codes[53]="Hostname resolution failed"; @prog[53]="";
@codes[54]="Bad/missing port number"; @prog[54]="";
@codes[60]="Host Reset"; @prog[60]="LAN Session Up (Connected)";
@codes[61]="Connection refused"; @prog[61]="Opening LCP (link control)";
@codes[62]="Connection timeout"; @prog[62]="Opening CCP (stack compression)";
@codes[63]="Connection Closed"; @prog[63]="Opening IPNCP";
@codes[64]="Network unreachable"; @prog[64]="Opening BNCP";
@codes[65]="Host unreachable"; @prog[65]="LCP Opened";
@codes[66]="Network admin unreachable"; @prog[66]="CCP Opened (Connected with compression)";
@codes[67]="Host admin unreachable"; @prog[67]="IPNCP Opened";
@codes[68]="Port unreachable"; @prog[68]="BNCP Opened";
@codes[69]=""; @prog[69]="LCP State Initial";
@codes[70]=""; @prog[70]="LCP State Starting";
@codes[71]=""; @prog[71]="LCP State Closed";
@codes[72]=""; @prog[72]="LCP State Stopped";
@codes[73]=""; @prog[73]="LCP State Closing";
@codes[74]=""; @prog[74]="LCP State Stopping";
@codes[75]=""; @prog[75]="LCP State Request Sent";
@codes[76]=""; @prog[76]="LCP State Ack Received";
@codes[77]=""; @prog[77]="LCP State Ack Sent";
@codes[80]=""; @prog[80]="IPXNCP Opened";
@codes[81]=""; @prog[81]="ATNCP Opened";
@codes[82]=""; @prog[82]="BACP Opening";
@codes[83]=""; @prog[83]="BACP Opened";
@codes[90]=""; @prog[90]="V110 Up";
@codes[91]=""; @prog[91]="V110 State Opened";
@codes[92]=""; @prog[92]="V110 State Carrier";
@codes[93]=""; @prog[93]="V110 State Reset";
@codes[94]=""; @prog[94]="V110 State Closed";
@codes[100]="Session Timeout"; @prog[100]="";
@codes[101]="Invalid incoming user"; @prog[101]="";
@codes[102]="Disconnect due to callback"; @prog[102]="";
@codes[120]="Protocol disabled/unsupported"; @prog[120]="";
@codes[150]="Disconnect requested by RADIUS"; @prog[150]="";
@codes[151]="Disconnect by Local Admin"; @prog[151]="";
@codes[160]="V110 timeout/sync retry exceed"; @prog[160]="";
@codes[170]="PPP Auth Timeout exceeded"; @prog[170]="";
@codes[180]="User executed Do..Hangup"; @prog[180]="";
@codes[185]="Remote End Hung Up"; @prog[185]="";
@codes[190]="Resource has been Quiesced"; @prog[190]="";
@codes[195]="MAX Call duration reached"; @prog[195]="";
#############################
$input=shift(@_);
@lines=split("\n", $input);

while($input2=shift(@lines)){

($month,$day,$time,$machinename,$garb,$call,$garb,$garb,$garb,$garb,$garb,$action,$user)=split(" ",$input2);

if($call eq "call"){
&discon($input2);
}elsif($call eq "slot"){
if($action eq "up,"){ 
print"$month $day $time $machinename: $user established PPP connection.\n";
}else{
print"$month $day $time $machinename: Connection terminated for $user.\n";
}
}else{
print"$month $day $time $machinename: Error parsing syslog line.\n";
}
}
}

sub discon{
$input1=shift(@_);

($month,$day,$time,$machinename,$garb,$garb,$garb,$garb,$garb,$user,$c,$p)=split(" ",$input1);
$user=substr($user,2,255);
$error=@codes[substr($c,2,3)];
print"$month $day $time $machinename:  Disconnected because: $error\n";
$error=@prog[substr($p,2,3)];
print"$month $day $time $machinename:  While: $error\n";
}

sub display_usage {
print "##############################################\n";
print "##         Usage for FILTER $ver      ##\n";
print "##############################################\n";
print "# filter username [-raw]                     #\n";
print "##############################################\n";
print "# username = the persons userid   (Mandatory)#\n";
print "# -raw     = -raw display raw logs info      #\n";
print "##############################################\n";
exit();
}

---

References:

• (ASCEND) MAX log parsing
• From: Forrest Houston <fhouston@east.isi.edu>

---

• Prev by Date: Re: (ASCEND) Finger?
• Next by Date: (ASCEND) Filters and such...
• Prev by thread: (ASCEND) MAX log parsing
• Next by thread: (ASCEND) MAX log parsing
• Index(es):
  • Main
  • Thread