4 /**********************************************************/
5 // This PHP script acquires syslog warning message and sends mail.
6 // Add in syslog.conf as: local1.=warning <TAB> | /path/sendreportmail.php
7 // The following warning message is reported when a MAC address registered in
8 // watchlist table is detected by opengatemd.
9 // "Sep 29 12:34:56 opengate01 opengatemd[1234]: WARN: find mac=11:22:33:44:55:66 ip=192.168.0.10"
10 /**********************************************************/
13 $mysqlServer="localhost";
16 $mailSender="opengate@cc.saga-u.ac.jp";
17 $reportInterval="6 HOUR";
20 openlog('sendreportmail', LOG_PID, LOG_LOCAL1);
22 // get mac address and others from syslog message
23 list($timestamp, $gatewayName, $macAddress, $ipAddress)=getDataFromSyslog();
24 if($timestamp=="?") return;
27 if(!($link=prepareMysql($mysqlServer, $mysqlUser, $mysqlPassword))) return;
30 // get mail address and others from mysql db
31 if(!(list($device, $mailAddress)=getDataFromMysql($macAddress))){
36 // if recent report exists, skip to send report
37 if(skipReporting($link, $macAddress, $gatewayName, $reportInterval)){
45 // send mail to the user
46 sendMailToUser($mailSender, $mailAddress, $device, $gatewayName,
47 $ipAddress, $timestamp);
52 get MAC address and others from syslog
54 function getDataFromSyslog(){
60 // syslog message is acqiured from STDIN
61 if(($message=fgets(STDIN))==FALSE){
62 syslog(LOG_INFO, 'ERR: Fail to read from stdin');
66 // extract timestamp, gateway and macaddress by regular expression
67 if(preg_match('/^(.*) (.*) .* WARN: find mac=(.*) ip=(.*)/',
68 $message, $matches)==1){
69 $timestamp = $matches[1];
70 $gatewayName = $matches[2];
71 $macAddress = $matches[3];
72 $ipAddress = $matches[4];
74 syslog(LOG_INFO, 'ERR: Fail to analyze syslog message');
76 return array($timestamp, $gatewayName, $macAddress, $ipAddress);
80 prepare mysql connection
82 function prepareMysql($mysqlServer, $mysqlUser, $mysqlPassword){
84 // connect and access to MySql DB
85 $link = mysqli_connect($mysqlServer, $mysqlUser, $mysqlPassword);
87 syslog(LOG_INFO, 'ERR: Cannot connect DB '.mysqli_error());
91 // use opengatem database
92 $db_selected = mysqli_select_db($link, 'opengatem');
94 syslog(LOG_INFO, 'ERR: Cannot select DB '.mysqli_error());
97 mysqli_set_charset($link, 'utf8');
102 get mail address and others corresponding to the MAC address from mysql
104 function getDataFromMysql($macAddress){
109 $result = mysqli_query($link, 'SELECT device, mailAddress FROM macaddrs
110 WHERE macAddress="'.$macAddress.'" AND status!="D"');
112 syslog(LOG_INFO, 'ERR: Fail DB query '.mysqli_error());
117 if($row = mysqli_fetch_row($result)){
119 $mailAddress = $row[1];
121 syslog(LOG_INFO, 'ERR: Fail to get mail address from DB');
125 return array($device, $mailAddress);
129 to avoid to send too many mails,
130 skip if there are recent logs having same macaddress, and same gateway
131 PLEASE MODIFY to control the report frequency.
133 function skipReporting($link, $macAddress, $gatewayName, $reportInterval){
136 $result = mysqli_query($link, 'SELECT count(*) FROM sessionmd '
137 .'WHERE EXISTS (SELECT * FROM sessionmd '
138 .'WHERE macAddress="'.$macAddress.'" '
139 .'AND gatewayName LIKE "'.$gatewayName.'.%" '
140 .'AND openTime > NOW() - INTERVAL '.$reportInterval.' '
141 .'AND openTime < NOW() - INTERVAL 1 MINUTE '
146 syslog(LOG_INFO, 'ERR: Fail query '.mysqli_error());
151 if($row = mysqli_fetch_row($result)) $count = $row[0];
154 // if recent logs exist, skip is true
155 if($count>0)return TRUE;
160 send mail to the mail address
162 function sendMailToUser($mailSender, $mailAddress, $device, $gatewayName,
163 $ipAddress, $timestamp){
166 $subject="Your device is detected";
167 $message="Your device ".$device
168 ." is detected as ip=".$ipAddress
169 ." on the subnet under ".$gatewayName
172 ." If it is not your use, please contact to the administrator.";
173 $headers="From: ".$mailSender."\n";
174 $parameters="-f ".$mailSender;
176 if(mb_send_mail($to, $subject, $message, $headers, $parameters)){
177 syslog(LOG_INFO, 'INFO: Success to send mail');
180 syslog(LOG_INFO, 'ERR: Fail to send mail');