From d0a3e3c81edffbbd80c534690e34560dcea27147 Mon Sep 17 00:00:00 2001 From: watanaby Date: Fri, 21 Nov 2014 10:41:49 +0900 Subject: [PATCH] added sendreportmail.php --- doc/Changes.html | 4 + phpsrc/sendreportmail.php | 184 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100755 phpsrc/sendreportmail.php diff --git a/doc/Changes.html b/doc/Changes.html index f51fa47..fc62c08 100644 --- a/doc/Changes.html +++ b/doc/Changes.html @@ -239,6 +239,10 @@ OpengateM History Added edit function for device name and email (opengatemup). Replaced strncpy to strlcpy. +
Ver.0.9.3 at 2014.11.21 +
+ Added sendreportmail.php cooperating with watch function of v0.9.1(phpsrc). +
diff --git a/phpsrc/sendreportmail.php b/phpsrc/sendreportmail.php new file mode 100755 index 0000000..75bb6c0 --- /dev/null +++ b/phpsrc/sendreportmail.php @@ -0,0 +1,184 @@ +#!/usr/local/bin/php + + | /path/sendreportmail.php +// The following warning message is reported when a MAC address registered in +// watchlist table is detected by opengatemd. +// "Sep 29 12:34:56 opengate01 opengatemd[1234]: WARN: find mac=11:22:33:44:55:66 ip=192.168.0.10" +/**********************************************************/ + +/*** parameters ***/ +$mysqlServer="localhost"; +$mysqlUser="root"; +$mysqlPassword=""; +$mailSender="opengate@cc.saga-u.ac.jp"; +$reportInterval="6 HOUR"; + +// open syslog +openlog('sendreportmail', LOG_PID, LOG_LOCAL1); + +// get mac address and others from syslog message +list($timestamp, $gatewayName, $macAddress, $ipAddress)=getDataFromSyslog(); +if($timestamp=="?") return; + +// prepare database +if(!($link=prepareMysql($mysqlServer, $mysqlUser, $mysqlPassword))) return; +if(!$link)return; + +// get mail address and others from mysql db +if(!(list($device, $mailAddress)=getDataFromMysql($macAddress))){ + mysql_close($link); + return; +} + +// if recent report exists, skip to send report +if(skipReporting($macAddress, $gatewayName, $reportInterval)){ + mysql_close($link); + return; +} + +// close database +mysql_close($link); + +// send mail to the user +sendMailToUser($mailSender, $mailAddress, $device, $gatewayName, + $ipAddress, $timestamp); +return; + + +/*** +get MAC address and others from syslog +***/ +function getDataFromSyslog(){ + $timestamp="?"; + $gatewayName="?"; + $macAddress="?"; + $ipAddress="?"; + + // syslog message is acqiured from STDIN + if(($message=fgets(STDIN))==FALSE){ + syslog(LOG_INFO, 'ERR: Fail to read from stdin'); + return FALSE; + } + + // extract timestamp, gateway and macaddress by regular expression + if(preg_match('/^(.*) (.*) .* WARN: find mac=(.*) ip=(.*)/', + $message, $matches)==1){ + $timestamp = $matches[1]; + $gatewayName = $matches[2]; + $macAddress = $matches[3]; + $ipAddress = $matches[4]; + }else{ + syslog(LOG_INFO, 'ERR: Fail to analyze syslog message'); + } + return array($timestamp, $gatewayName, $macAddress, $ipAddress); +} + +/*** +prepare mysql connection +***/ +function prepareMysql($mysqlServer, $mysqlUser, $mysqlPassword){ + + // connect and access to MySql DB + $link = mysql_connect($mysqlServer, $mysqlUser, $mysqlPassword); + if (!$link){ + syslog(LOG_INFO, 'ERR: Cannot connect DB '.mysql_error()); + return FALSE; + } + + // use opengatem database + $db_selected = mysql_select_db('opengatem', $link); + if (!$db_selected){ + syslog(LOG_INFO, 'ERR: Cannot select DB '.mysql_error()); + return FALSE; + } + mysql_set_charset('utf8'); + return $link; +} + +/*** +get mail address and others corresponding to the MAC address from mysql +***/ +function getDataFromMysql($macAddress){ + $device="?"; + $mailAddress="?"; + + // query + $result = mysql_query('SELECT device, mailAddress FROM macaddrs + WHERE macAddress="'.$macAddress.'" AND status!="D"'); + if (!$result){ + syslog(LOG_INFO, 'ERR: Fail DB query '.mysql_error()); + return FALSE; + } + + // get result + if($row = mysql_fetch_row($result)){ + $device = $row[0]; + $mailAddress = $row[1]; + }else{ + syslog(LOG_INFO, 'ERR: Fail to get mail address from DB'); + return FALSE; + } + + return array($device, $mailAddress); +} + +/*** +to avoid to send too many mails, +skip if there are recent logs having same macaddress, and same gateway +PLEASE MODIFY to control the report frequency. +***/ +function skipReporting($macAddress, $gatewayName, $reportInterval){ + + // query + $result = mysql_query('SELECT count(*) FROM sessionmd ' + .'WHERE EXISTS (SELECT * FROM sessionmd ' + .'WHERE macAddress="'.$macAddress.'" ' + .'AND gatewayName LIKE "'.$gatewayName.'.%" ' + .'AND openTime > NOW() - INTERVAL '.$reportInterval.' ' + .'AND openTime < NOW() - INTERVAL 1 MINUTE ' + .')' + ); + + if (!$result){ + syslog(LOG_INFO, 'ERR: Fail query '.mysql_error()); + return TRUE; + } + + // get data + if($row = mysql_fetch_row($result)) $count = $row[0]; + else $count = 0; + + // if recent logs exist, skip is true + if($count>0)return TRUE; + else return FALSE; +} + +/*** +send mail to the mail address +***/ +function sendMailToUser($mailSender, $mailAddress, $device, $gatewayName, + $ipAddress, $timestamp){ + + $to=$mailAddress; + $subject="Your device is detected"; + $message="Your device ".$device + ." is detected as ip=".$ipAddress + ." on the subnet under ".$gatewayName + ." at ".$timestamp + .". " + ." If it is not your use, please contact to the administrator."; + $headers="From: ".$mailSender."\n"; + $parameters="-f ".$mailSender; + + if(mb_send_mail($to, $subject, $message, $headers, $parameters)){ + syslog(LOG_INFO, 'INFO: Success to send mail'); + return TRUE; + }else{ + syslog(LOG_INFO, 'ERR: Fail to send mail'); + return FALSE; + } +} +?> -- 2.11.0