1. intro
The basic idea of rlog is the same as a syslog server collecting all kind of information on a centralized server.
Where logger is used to send messages in syslog, we wrote a script called cid-rlog to send a message through port 443
to the centralized server.
This script can be called from any service, server, program or script triggered by they own hook mechanism.
On the centralized server, a very simple php script will call another script called rlog putting the message send by cid-rlog
into a logfile and a database.
2. cid-rlog
cid-rlog is a REXX script which can be executed in either Linux or windows.
To debug the script, run export DEBUG=1 first. (or set DEBUG=1 in windows)
Following variables can dynamically be parsed:
domainname
homedrive
hostname
hosttype
ipaddress
logonserver
macaddress
username
userprofile
3. cases
3.1. dhcp
vi /etc/dhcp/dhcpd.conf
///
include "/etc/dhcp/dhcpd-commit.conf";
cat /etc/dhcp/dhcpd-commit.conf
#
# 25jan2018: (re)initial version (ary)
# 28dec2019: execute cid-rlog-dhcp
on commit {
set ipAddress = binary-to-ascii(10, 8, ".", leased-address);
set macAddress = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
log("===[ START COMMIT ]=============================================");
# log(concat("---> commit: ipaddress: ", ipAddress, " macaddress: ", macAddress));
execute("/bin/cid-rlog-dhcp", "-a", "dhcp", "-m", macAddress, "-i", ipAddress, "-d", "1");
log("===[ STOP COMMIT ]=============================================");
}
#
# man dhcp-eval
#
# "-h", host-decl-name
#
3.2. ipl
cat /bin/cid-ipllog
#!/bin/sh
# 18jan2020: (re)initial version
set -e
if test -d /data1/
then {
mkdir -p /data1/var/log
logfile="/data1/var/log/ipl.log"
}
else logfile="/var/log/ipl.log"
fi
uptime="$(awk '{print $1}' /proc/uptime)"
echo "ipl done on $(date '+%a %d %b %Y %T'): ${uptime}" >> ${logfile}
use="$(df -h / | tail -n1 | awk '{print $5}')"
/bin/cid-rlog -t "ipl" "action=reboot elapsed=${uptime} use=${use} uname=$(uname -r)"
exit 0
3.3. openvpn
vi /etc/openvpn/server.conf
///
# hooks
script-security 2
client-connect "/bin/ovpn-hook conn"
client-disconnect "/bin/ovpn-hook disc"
vi /bin/ovpn-hook
#!/bin/sh
# 02jan2020: initial version
cfgfile="/var/lib/openvpn/openvpn-$$.set"
set | egrep "IV_PLAT|ifconfig_pool_remote_ip|time_duration|username" > ${cfgfile}
source ${cfgfile}
if test -z ${time_duration}
then time_duration=""
else time_duration="elapsed=${time_duration}"
fi
sudo /bin/cid-rlog-openvpn "state=$1 user=${username} ip=${ifconfig_pool_remote_ip} os=${IV_PLAT} ${time_duration}"
rm -f ${cfgfile}
exit 0
3.5. samba
cat /etc/samba/smb-shares.conf
[common]
comment = common share
path = /data1/common/
read only = yes
browseable = yes
force user = root
force group = smbgroup
write list = @smbgroup
create mask = 0660
directory mask = 0770
force create mode = 0660
force directory mode = 0770
preexec = /bin/cid-rlog-samba "state=conn user=%U share=%S ip=%I"
postexec = /bin/cid-rlog-samba "state=disc user=%U share=%S ip=%I"