From fd0cc6cd3480f2fe05bd836411f3dd239e540882 Mon Sep 17 00:00:00 2001
From: Eric Loyd <eric@bitnetix.com>
Date: Mon, 7 Aug 2023 15:14:32 -0400
Subject: [PATCH] Version pulled from 192.168.1.19 at this time

---
 nlog | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 123 insertions(+)
 create mode 100755 nlog

diff --git a/nlog b/nlog
new file mode 100755
index 0000000..70cea42
--- /dev/null
+++ b/nlog
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+nagBase="/usr/local/nagios"
+nagLog="$nagBase/var/nagios.log"
+archives="$nagBase/var/archives"
+
+# [fromTime]  aSource aType: host;service;state;severity;num;text
+
+#fromTime=`date -d "" +"%s"`
+file="$nagLog"
+fromTime=""
+toTime=""
+noTime=""
+host=""
+service=""
+state=""
+severity=""
+num=""
+# These two need to be regexp wildcards to match everything when nothing is specified
+aSource=".*"
+aType=".*"
+
+print_help() {
+  echo "Usage:"
+  echo "	-d (debug mode)"
+  echo "	-m <machine>"
+  echo "	-s <service>"
+  echo "	-f <from time>, default=today at midnight"
+  echo "	-t <to time>, default=now"
+  echo "	-y <#> (subtracts # days from times specified"
+  echo "	-x Skip remaining match checks and print all records in date range"
+  echo "	-n <#> selects the alert number, no default"
+  echo "	-T <type (HARD, SOFT)>, no default"
+  echo "	-w <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default"
+  echo "	--src|--source <alert source (HOST, SERVICE)>, default=SERVICE"
+  echo "	--type <alert type (ALERT, EVENT, NOTIFICATION)>, no default"
+  echo "	-q prints a quick report (doesn't print extended deatils)"
+  echo "	-r Cancels all other selections except for times, and looks for restarts"
+  echo "All input is evaluated as a regexp for pattern matching."
+  echo "Time values can be in the following formats:"
+  echo "	HH:MM[:SS]	MM/DD/YYYY	MM/DD/YYYY HH:MM[:SS]	-2 (ie, two days ago)"
+  echo "So to see yesterday's critical service alerts, try this:"
+  echo "	$0 [-A SERVICE] [-a ALERT] -f 00:00 -t 23:59 -y 1"
+  echo "The logic for scanning which files to search relies upon Nagios rotating log"
+  echo "files once per day, at midnight.  This causes a \"LOGFILE ROTATE\" message to"
+  echo "occur in the logfile, which this program uses to determine if the logfile could"
+  echo "contain valid information for the date range specified on the command line."
+  echo "While this dramatically speeds up file processing time, it could lead to skipped"
+  echo "data if the Nagios logfile rotation schedule is ever changed."
+  exit;
+}
+
+while [ -n "$1" ]; do
+  case "$1" in
+    --help) print_help;;
+    --file) file="$2"; shift 2;;
+    -h|--host) host="$2"; shift 2;;
+    -s|--service) service="$2"; shift 2;;
+    --state) state="$2"; shift 2;;
+    --hard) severity="HARD"; shift 1;;
+    --soft) severity="SOFT"; shift 1;;
+    --sev|--severity) severity="$2"; shift 2;;
+    -n|--num) num="$2"; shift 2;;
+    -t|--type) aType="$2"; shift 2;;
+    --src|--source) aSource="$2"; shift 2;;
+    -f|--from) fromTime="$2"; shift 2;;
+    --to) toTime="$2"; shift 2;;
+    --notime) noTime="true"; shift 1;;
+    *) shift 1;;
+  esac
+done
+
+# $1                              ; $2    ; $3  ; $4     ; $5; $6
+# [fromTime]  aSource aType: host;service;state;severity;num;text
+# [1690749418] HOST ALERT: Security Cameras;DOWN;SOFT;1;CRITICAL - 192.168.1.88: rta nan, lost 100%
+# [1690765779] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;CRITICAL;SOFT;4;CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps
+# [1690765838] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;OK;SOFT;5;OK - Current BW in: .23Mbps Out: .15Mbps
+
+files=""
+if [ -n "$fromTime" ]; then
+  fromTime=`date -d "$fromTime" +"%s"`
+  for file in $archives/nagios-??-??-????-00.log; do
+    fdate=`stat -c "%Y" $file`
+    [ "$fdate" -lt "$fromTime" ] && continue
+    files="$files $file"
+  done
+else
+  files="$nagLog"
+fi
+if [ -n "$toTime" ]; then
+  toTime=`date -d "$toTime" +"%s"`
+fi
+
+#awkScript=`mktemp`
+#echo -n "//" >> $awkScript
+#[ -n "$fromTime" ] && echo -n " && substr (\$1, 2, 10) >= $fromTime" >> $awkScript
+#[ -n "$toTime" ] && echo -n " && substr (\$1, 2, 10) <= $toTime" >> $awkScript
+#echo -n " && \$1~/\[[0-9]+] $aSource $aType: $host/" >> $awkScript
+#[ -n "$service" ] && echo -n " && \$2~/$service/" >> $awkScript
+#[ -n "$state" ] && echo -n " && \$3~/$state/" >> $awkScript
+#[ -n "$severity" ] && echo -n " && \$4~/$severity/" >> $awkScript
+#[ -n "$num" ] && echo -n " && \$5~/$num/" >> $awkScript
+#[ -z "$noTime" ] && echo " && sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" >> $awkScript
+#gawk -F\; -f $awkScript $files
+#rm $awkScript
+
+timeSelFrom=""
+timeSelTo=""
+[ -n "$fromTime" ] && timeSel=" && substr (\$1, 2, 10) >= $fromTime"
+[ -n "$toTime" ] && timeSel=" && substr (\$1, 2, 10) <= $toTime"
+
+svcSel=""
+if [ -n "$host" ]; then
+  if [ -n "$service" ]; then
+    svcSel=" && \$2~/$service/ && \$3~/$state/"
+  else
+    svcSel=" && \$2~/$state/"
+  fi
+else
+  svcSel=" && \$2~/$state/ || \$3~/$state/"
+fi
+
+awk -F\; "/^\[[0-9]+] $aSource $aType: .*$host.*;/ $svcSel {print}" $files