#!/usr/bin/perl -w
use strict;
##########################################################################
# $Id: pam_unix,v 1.4 2002/10/12 02:08:19 kirk Exp $
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
########################################################

my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

my ($service, $line, %data);

while ($line = <STDIN>) {
   chomp $line;
   $service = $line;
   if ($line =~ s/^... .. ..:..:.. .+ .+\(pam_unix\)\[\d+\]: //) {
      $service =~ s/^... .. ..:..:.. .+ (.+)\(pam_unix\)\[\d+\]: .*$/$1/;
   } else {
      next;
   }
   if (($service eq 'sshd') or ($service eq 'login') or ($service eq 'ftp')) {
      if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
         ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
      } elsif ($line =~ s/^session opened for user (.+) by LOGIN\(uid=\d+\)/$1/) {
         $data{$service}{'Sessions Opened'}{$line}++;
      } elsif ($line =~ /session closed for user/) {
         # ignore this line
      } elsif ($line =~ s/^authentication failure; .*rhost=(.+)\s+user=(.+)$/$2 ($1)/) {
         $data{$service}{'Authentication Failures'}{$line}++;
      } elsif ($line =~ s/^authentication failure; .*rhost=(.+)$/unknown ($1)/) {
         $data{$service}{'Authentication Failures'}{$line}++;
      } elsif ($line =~ /check pass; user unknown/) {
         $data{$service}{'Invalid Users'}{'Unknown Account'}++;
      } elsif ($line =~ s/bad username \[(.*)\]/$1/) {
         $data{$service}{'Invalid Users'}{"Bad User: $line"}++;
      } else {
         $data{$service}{'Unknown Entries'}{$line}++;
      }
   } elsif ($service eq 'su') {
      if ($line =~ s/^authentication failure; logname=(.+) uid=(\d+) .*user=(.+)$/$1($2) -> $3/) {
         $data{$service}{'Authentication Failures'}{$line}++;
      } elsif ($line =~ /session closed for user/) {
         # ignore this line
      } elsif ($line =~ s/session opened for user (.+) by (.+)$/$2 -> $1/) {
         $data{$service}{'Sessions Opened'}{$line}++;
      } else {
         $data{$service}{'Unknown Entries'}{$line}++;
      }
   } elsif ($service eq 'gdm') {
      if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
         ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
      } elsif ($line =~ /session closed for user/) {
         # ignore this line
      } else {
         $data{$service}{'Unknown Entries'}{$line}++;
      }
   } else {
      $data{$service}{'Unknown Entries'}{$line}++;
   }
}

foreach my $service (keys %data) {
   print "$service:\n";
   foreach my $type (keys %{$data{$service}}) {
      print "   $type:\n";
      foreach my $entry (keys %{$data{$service}{$type}}) {
         print "      $entry: $data{$service}{$type}{$entry} Time(s)\n";
      }
   }
   print "\n";
}

exit(0);

