Import logrider-0.2 as sysutils/logrider, packaged for wip by Franck Lesage.

LogRider is my attempt to improve a popular LogCheck/LogSentry utility.
LogCheck uses egrep for periodically scanning system logs for specific
alert/hacking signatures based on set of static filters. LogRider is
rewritten from scratch with lot of important features added:
1. Strings caught by any filter are excluded from processing by next filters.
2. Actual filters are composed from the set of small sub-filters located
   in directories that name is given as filter name. Each subfilter
   contains messages generated by one service. You can easily put additional
   filters for checking additional services without modification of
   already existing program and configuration.
3. Configuration is separated from program and moved to standalone file.
   This means that LogRider may be easily adopted to new platform without
   modification of program core, and may be easily used for checking multiple
   logfiles by different filters.

6 files changed, 131 insertions, 0 deletions

diff --git a/sysutils/logrider/DESCR b/sysutils/logrider/DESCR
new file mode 100644
index 00000000000..67932f5eeab
--- /dev/null
+++ b/sysutils/logrider/DESCR
@@ -0,0 +1,14 @@
+LogRider is my attempt to improve a popular LogCheck/LogSentry utility.
+LogCheck uses egrep for periodically scanning system logs for specific
+alert/hacking signatures based on set of static filters. LogRider is
+rewritten from scratch with lot of important features added:
+1. Strings caught by any filter are excluded from processing by next filters.
+2. Actual filters are composed from the set of small sub-filters located
+   in directories that name is given as filter name. Each subfilter
+   contains messages generated by one service. You can easily put additional
+   filters for checking additional services without modification of
+   already existing program and configuration.
+3. Configuration is separated from program and moved to standalone file.
+   This means that LogRider may be easily adopted to new platform without
+   modification of program core, and may be easily used for checking multiple
+   logfiles by different filters.
diff --git a/sysutils/logrider/MESSAGE b/sysutils/logrider/MESSAGE
new file mode 100644
index 00000000000..e04acac3365
--- /dev/null
+++ b/sysutils/logrider/MESSAGE
@@ -0,0 +1,5 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2013/05/07 08:49:28 wiz Exp $
+
+Don't forget to add a crontab line to run logrider.sh.
+===========================================================================
diff --git a/sysutils/logrider/Makefile b/sysutils/logrider/Makefile
new file mode 100644
index 00000000000..08101e88792
--- /dev/null
+++ b/sysutils/logrider/Makefile
@@ -0,0 +1,71 @@
+# $NetBSD: Makefile,v 1.1 2013/05/07 08:49:28 wiz Exp $
+#
+
+DISTNAME=	logrider-0.2
+CATEGORIES=	sysutils
+MASTER_SITES=	http://ilya-evseev.narod.ru/posix/logrider/
+EXTRACT_SUFX=	.zip
+
+MAINTAINER=     francksys@free.fr
+HOMEPAGE=	http://ilya-evseev.narod.ru/posix/logrider/
+COMMENT=	Monitor system logs for alerts
+LICENSE=	gnu-gpl-v2
+
+NO_CHECKSUM=yes
+EXTRACT_DIR=	${WRKDIR}/${DISTNAME}
+USE_LANGUAGES=	# none
+
+NO_BUILD=	YES
+USE_TOOLS+=	bash
+REPLACE_BASH=	logrider.sh logtail.sh
+PATCH_STRIP=    -p1
+
+SUBST_CLASSES+=               config_dir
+SUBST_STAGE.config_dir=      post-extract
+SUBST_MESSAGE.config_dir=    Replacing directories
+SUBST_FILES.config_dir=      logrider.conf logrider.sh
+SUBST_SED.config_dir=        -E -e 's|CONF_DIR(:?)=/etc|CONF_DIR\1=${PKG_SYSCONFDIR}|'
+
+SUBST_CLASSES+=                 conf_bin_tail
+SUBST_STAGE.conf_bin_tail=      post-extract
+SUBST_MESSAGE.conf_bin_tail=    Replacing directories
+SUBST_FILES.conf_bin_tail=      logrider.conf logrider.sh
+SUBST_SED.conf_bin_tail=        -E -e 's|LOGTAIL(:?)=/usr|LOGTAIL\1=${PREFIX}|'
+
+
+BUILD_DEFS+=		VARBASE
+EGDIR=			${PREFIX}/share/examples/logrider
+INSTALLATION_DIRS=	bin ${EGDIR} ${EGDIR}/violations_ignore
+OWN_DIRS=		${PKG_SYSCONFDIR}/logrider ${PKG_SYSCONFDIR}/logrider/violations_ignore ${VARBASE}/lib/logrider
+
+CONF_FILES= ${EGDIR}/logrider.conf ${PKG_SYSCONFDIR}/logrider/logrider.conf
+CONF_FILES+= ${EGDIR}/hacking ${PKG_SYSCONFDIR}/logrider/hacking
+CONF_FILES+= ${EGDIR}/ignore ${PKG_SYSCONFDIR}/logrider/ignore
+CONF_FILES+= ${EGDIR}/violations ${PKG_SYSCONFDIR}/logrider/violations
+CONF_FILES+= ${EGDIR}/violations_ignore/cvspserver ${PKG_SYSCONFDIR}/logrider/violations_ignore/cvspserver
+CONF_FILES+= ${EGDIR}/violations_ignore/ftp ${PKG_SYSCONFDIR}/logrider/violations_ignore/ftp
+CONF_FILES+= ${EGDIR}/violations_ignore/misc ${PKG_SYSCONFDIR}/logrider/violations_ignore/misc
+CONF_FILES+= ${EGDIR}/violations_ignore/nsfbackup ${PKG_SYSCONFDIR}/logrider/violations_ignore/nsfbackup
+CONF_FILES+= ${EGDIR}/violations_ignore/postfix ${PKG_SYSCONFDIR}/logrider/violations_ignore/postfix
+CONF_FILES+= ${EGDIR}/violations_ignore/drweb-postfix ${PKG_SYSCONFDIR}/logrider/violations_ignore/drweb-postfix
+CONF_FILES+= ${EGDIR}/violations_ignore/microbackup ${PKG_SYSCONFDIR}/logrider/violations_ignore/microbackup
+CONF_FILES+= ${EGDIR}/violations_ignore/named ${PKG_SYSCONFDIR}/logrider/violations_ignore/named
+CONF_FILES+= ${EGDIR}/violations_ignore/pam ${PKG_SYSCONFDIR}/logrider/violations_ignore/pam
+CONF_FILES+= ${EGDIR}/violations_ignore/sshd ${PKG_SYSCONFDIR}/logrider/violations_ignore/sshd
+
+V_IGNORE=		${WRKSRC}/violations_ignore
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/logtail.sh ${DESTDIR}${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/logrider.sh ${DESTDIR}${PREFIX}/bin
+
+	${INSTALL_DATA} ${WRKSRC}/ignore ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${WRKSRC}/logrider.conf ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${WRKSRC}/hacking ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${WRKSRC}/violations ${DESTDIR}${EGDIR}
+
+	cd ${V_IGNORE} && for example in *; do \
+			${INSTALL_DATA} "$${example}" ${DESTDIR}${EGDIR}/violations_ignore; \
+			done
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/sysutils/logrider/PLIST b/sysutils/logrider/PLIST
new file mode 100644
index 00000000000..3a822966c8d
--- /dev/null
+++ b/sysutils/logrider/PLIST
@@ -0,0 +1,17 @@
+@comment $NetBSD: PLIST,v 1.1 2013/05/07 08:49:28 wiz Exp $
+bin/logrider.sh
+bin/logtail.sh
+share/examples/logrider/ignore
+share/examples/logrider/hacking
+share/examples/logrider/violations
+share/examples/logrider/logrider.conf
+share/examples/logrider/violations_ignore/cvspserver
+share/examples/logrider/violations_ignore/drweb-postfix
+share/examples/logrider/violations_ignore/ftp
+share/examples/logrider/violations_ignore/microbackup
+share/examples/logrider/violations_ignore/misc
+share/examples/logrider/violations_ignore/named
+share/examples/logrider/violations_ignore/nsfbackup
+share/examples/logrider/violations_ignore/pam
+share/examples/logrider/violations_ignore/postfix
+share/examples/logrider/violations_ignore/sshd
diff --git a/sysutils/logrider/distinfo b/sysutils/logrider/distinfo
new file mode 100644
index 00000000000..6b402484b78
--- /dev/null
+++ b/sysutils/logrider/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1 2013/05/07 08:49:28 wiz Exp $
+
+SHA1 (logrider-0.2.zip) = d23c030d29f5776a8897a393cb4f61f37cde128d
+RMD160 (logrider-0.2.zip) = 5f63fea34cf322b28f30eb291f6409178f489f4a
+Size (logrider-0.2.zip) = 12242 bytes
+SHA1 (patch-logtail.sh) = cdf37c97607654124b8bdd341606e25e47444e0e
diff --git a/sysutils/logrider/patches/patch-logtail.sh b/sysutils/logrider/patches/patch-logtail.sh
new file mode 100644
index 00000000000..bda9b07ecb8
--- /dev/null
+++ b/sysutils/logrider/patches/patch-logtail.sh
@@ -0,0 +1,18 @@
+$NetBSD: patch-logtail.sh,v 1.1 2013/05/07 08:49:28 wiz Exp $
+
+# Replace stat arguments with NetBSD ones
+--- work/logtail.sh.orig	2003-04-14 00:56:00.000000000 +0000
++++ work/logtail.sh	2013-05-05 07:23:46.000000000 +0000
+@@ -29,9 +29,9 @@
+ 	[ -z "$SAVED_INODE" ] && SAVED_INODE=0
+ 	[ -z "$SAVED_POS"   ] && SAVED_POS=0
+ 
+-	set abc `stat -lt $LOGFILE`
+-	ACTUAL_LOGSIZE=$3
+-	ACTUAL_INODE=$9
++	set abc `stat -f "%z %i" $LOGFILE`
++	ACTUAL_LOGSIZE=$2
++	ACTUAL_INODE=$3
+ 	$doit : $2, logsize=$ACTUAL_LOGSIZE, inode=$ACTUAL_INODE
+ 
+ 	[ -z "$ACTUAL_LOGSIZE" ] && ACTUAL_LOGSIZE=0