rlog

1. intro

The basic idea of rlog is the same as a syslog server collecting all kind of information on a centralized server.

Where logger is used to send messages in syslog, we wrote a script called cid-rlog to send a message through port 443

to the centralized server.

This script can be called from any service, server, program or script triggered by they own hook mechanism.

On the centralized server, a very simple php script will call another script called rlog putting the message send by cid-rlog

into a logfile and a database.

2. cid-rlog

cid-rlog is a REXX script which can be executed in either Linux or windows.

To debug the script, run export DEBUG=1 first. (or set DEBUG=1 in windows)

Following variables can dynamically be parsed:

domainname
homedrive
hostname
hosttype
ipaddress
logonserver
macaddress
username
userprofile

3. cases

3.1. dhcp

vi /etc/dhcp/dhcpd.conf

///
include "/etc/dhcp/dhcpd-commit.conf";

cat /etc/dhcp/dhcpd-commit.conf

#
# 25jan2018: (re)initial version (ary)
# 28dec2019: execute cid-rlog-dhcp

on commit {
           set ipAddress = binary-to-ascii(10, 8, ".", leased-address);
           set macAddress = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
           log("===[ START COMMIT ]=============================================");
#          log(concat("---> commit: ipaddress: ", ipAddress, " macaddress: ", macAddress));
           execute("/bin/cid-rlog-dhcp", "-a", "dhcp", "-m", macAddress, "-i", ipAddress, "-d", "1");
           log("===[ STOP  COMMIT ]=============================================");
          }
#
# man dhcp-eval
#
# "-h", host-decl-name
#

3.2. ipl

cat /bin/cid-ipllog

#!/bin/sh
# 18jan2020: (re)initial version
 set -e
 if test -d /data1/
   then {
         mkdir -p /data1/var/log
         logfile="/data1/var/log/ipl.log"
        }
   else logfile="/var/log/ipl.log"
 fi
 uptime="$(awk '{print $1}' /proc/uptime)"
 echo "ipl done on $(date '+%a %d %b %Y %T'): ${uptime}" >> ${logfile}
 use="$(df -h / | tail -n1 | awk '{print $5}')"
 /bin/cid-rlog -t "ipl" "action=reboot elapsed=${uptime} use=${use} uname=$(uname -r)"
 exit 0

3.3. openvpn

vi /etc/openvpn/server.conf

///
# hooks
script-security 2
client-connect "/bin/ovpn-hook conn"
client-disconnect "/bin/ovpn-hook disc"

vi /bin/ovpn-hook

#!/bin/sh
# 02jan2020: initial version
cfgfile="/var/lib/openvpn/openvpn-$$.set"
set | egrep "IV_PLAT|ifconfig_pool_remote_ip|time_duration|username" > ${cfgfile}
source ${cfgfile}
if test -z ${time_duration}
 then time_duration=""
 else time_duration="elapsed=${time_duration}"
fi
sudo /bin/cid-rlog-openvpn "state=$1 user=${username} ip=${ifconfig_pool_remote_ip} os=${IV_PLAT} ${time_duration}"
rm -f ${cfgfile}
exit 0

3.4. pihole

http://d01cid.ddns.net/sharel/opt/dhcp/bin/ss-dhcp-dns

3.5. samba

cat /etc/samba/smb-shares.conf

[common]
  comment = common share
  path = /data1/common/
  read only = yes
  browseable = yes
  force user = root
  force group = smbgroup
  write list = @smbgroup
  create mask = 0660
  directory mask = 0770
  force create mode = 0660
  force directory mode = 0770
  preexec  = /bin/cid-rlog-samba "state=conn user=%U share=%S ip=%I"
  postexec = /bin/cid-rlog-samba "state=disc user=%U share=%S ip=%I"