Add support for haproxy logs

2025-03-20 18:49:50 +01:00
parent 492e692137
commit ba62e87a00
4 changed files with 79 additions and 4 deletions
--- a/bin/parserfilter-tester
+++ b/bin/parserfilter-tester
@ -4,16 +4,16 @@ use warnings;
 use Getopt::Long;
 use My::parser::stats;
 my $module;
-my @modules	= ('ssh','dovecot','exim','apache','gitea_ssh');
+my @modules	= ('ssh','dovecot','exim','apache','gitea_ssh', 'haproxy');
 my $program	= $0;
 GetOptions	("module=s"	=> \$module);	#Only test one module
 unless($module) {
-	print 'No module specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh)'."\n";
+	print 'No module specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh|haproxy)'."\n";
 	exit;
 }
 my @matches = grep { /$module/ } @modules;
 unless(@matches) {
-	print 'Unsupported module '.$module.' specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh)'."\n";
+	print 'Unsupported module '.$module.' specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh|haproxy)'."\n";
 	exit;
 }
 print "Please paste a line to parse here:\n";
--- a/conf/parserfilter.conf.sample
+++ b/conf/parserfilter.conf.sample
@ -13,7 +13,7 @@
 # this is based on the normal syslog-in-db format

 logfile = '/var/log/parser_filter.log' #Our logfile
-modules = 'dovecot','exim','ssh','apache','gitea' #List of modules available
+modules = 'dovecot','exim','ssh','apache','gitea','haproxy' #List of modules available

 #One entry per module, beware, no stray spaces allowed:)
 dovecot = 'file','/usr/local/jails/thinjails/dovecot/var/log/maillog'
@ -21,6 +21,7 @@ exim = 'file','/var/log/exim/mainlog'
 apache = 'file','/var/log/apache-error.log'
 ssh = 'db','syslog.logs','sshd'
 gitea = 'file','/usr/local/jails/thinjails/gitea/var/log/gitea/gitea.log'
+haproxy = 'file','/var/log/haproxy.log'
 #why we have the first entry here, I'm not too sure about, since the module itself also 
 #needs to know what type of fetcher it wants. Ancient code is ancient. Undocumented ideas are bad:)

--- a/lib/haproxy.pm
+++ b/lib/haproxy.pm
@ -0,0 +1,45 @@
+package My::parser::haproxy;
+use strict;
+use warnings;
+use File::Tail 0.91;
+use My::parser::haproxy_parser;
+
+sub new {
+	my $class	= shift;
+	my $config	= shift;
+	my $self	= {};
+	bless ($self, $class);
+
+	$self->{'config'}	= $config;
+	$self->{'parser'}	= My::parser::haproxy_parser->new();
+	return $self;
+}
+
+sub parse {
+	my $self	= shift;
+	my @result;
+	while(my $string = $self->fetch) {
+		last unless($string);
+		if (my $line	= $self->{'parser'}->parser($string)) {
+			push(@result,$line);
+		}
+	}
+	return { retval => 0 } unless(scalar(@result)); # nothing to say, nothing to report
+	return { retval => 1, retmsg => 'Here comes the results', lines => \@result };
+}
+
+sub fetch {
+	my $self	= shift;
+	my $fetcher	= $self->{'config'}->get_fetcher('haproxy');
+	die "Fetcher for haproxy went away?" unless($fetcher);
+	my $line;
+	my ($nfound,$timeleft,@pending) = File::Tail::select(undef,undef,undef,1,$fetcher);
+	foreach (@pending) {
+		$line	= $_->read;
+		chomp($line);
+	}
+	return 0 unless($line);
+	return $line;
+}
+
+1;
--- a/lib/haproxy_parser.pm
+++ b/lib/haproxy_parser.pm
@ -0,0 +1,29 @@
+package My::parser::haproxy_parser;
+use strict;
+use warnings;
+
+sub new {
+	my $class	= shift;
+	my $self	= {};
+	bless ($self, $class);
+	return $self;
+}
+
+sub parser {
+	my $self	= shift;
+	my $string	= shift;
+	my ($reply,$hostile,$host) = ("No match for $string",0,'');
+	my $re_host	= qr/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/;
+	if($string =~ m/SSL handshake failure/) {
+		$_		= $string;
+		$reply		= 'SSL handshake failure';
+		$hostile	= 1;
+		PARSE:
+			m/(\ ($re_host):[0-9]{1,6})/gcix && do {
+				$host	= $2;
+			};
+	}
+	return { retval => 1, retmsg => $reply, hostile => $hostile, host => $host, string => $string };
+}
+
+return 1;