#!/bin/bash
adminFound=0
PROGNAME="accessEvents.sh"
hostsql=127.0.0.1
usersql=nagios
dbsql=db_audit
portdb=5432
sql="psql --host=$hostsql --port=$portdb --username=$usersql --dbname=$dbsql"
fileUsers=/var/log/audit/auditAdminUsers.log
case "$1" in
--query)
case "$2" in
--table)
if [ -z $3 ];then
echo No table to check. Please try again!!
else
case "$4" in
--event)
if [ -z $5 ];then
echo No event to check. Please try again!!
else
echo Id. Event = $5
eventQ=$(echo "SELECT user_event, n_times FROM $3 WHERE id_event=$5 ORDER BY user_event;"|$sql)
echo $eventQ
fi
;;
--user)
if [ -z $5 ];then
echo No user to check. Please try again!!
else
echo User Event = $5
userQ=$(echo "SELECT id_event, n_times FROM $3 WHERE user_event='$5' ORDER BY id_event;"|$sql)
echo $userQ
fi
;;
--times)
if [ -z $5 ];then
echo Neither user nor event to check. Please try again!!
else
if [ -z $6 ];then
echo Not event or user to check. Please try again!!
else
echo User Event = $5 Id. Event = $6
timeQ=$(echo "SELECT n_times FROM $3 WHERE user_event='$5' AND id_event=$6 ORDER BY id_event;"|$sql)
echo $timeQ
fi
fi
;;
*)
echo DB Table = $3
tableQ=$(echo "SELECT * FROM $3 ORDER BY id_event;"|$sql)
echo $tableQ
;;
esac
fi
;;
--db)
dbQ=$(echo "\dt"|$sql)
echo $dbQ
;;
*)
echo You need more arguments to make a query. Please try again!!
;;
esac
;;
--help)
echo "Usage:"
echo -e " $PROGNAME --parser \n\t Parse daily event log, create in the same folder accessResume.log and fill the daily audit table"
echo -e " $PROGNAME --total \n\t Add daily audit table data to audit events table. WE RECOMMEND USE \"--parser\" OPTION BEFORE \"--total\""
echo -e " $PROGNAME --query --db <DATABASENAME> \n\t Return DB TABLE NAMES"
echo -e " $PROGNAME --query --table <TABLENAME> \n\t Return ALL TABLE INFO"
echo -e " $PROGNAME --query --table <TABLENAME> --event <IDEVENT> \n\t Return USERS and TIMES"
echo -e " $PROGNAME --query --table <TABLENAME> --user <USERNAME> \n\t Return EVENTS and TIMES"
echo -e " $PROGNAME --query --table <TABLENAME> --times <USERNAME> <IDEVENT> \n\t Return TIMES"
;;
--parser)
echo "TRUNCATE TABLE tb_daily_audit;"|$sql
today=$(date +"%Y-%m-%d")
fileIn=/var/log/audit/$today/accessEvents.log
#fileIn=/var/log/audit/2014-11-19/accessEvents.log
fileOut=/var/log/audit/$today/accessResume.log
#fileOut=/var/log/audit/2014-11-19/accessResume.log
echo "" > $fileOut
/usr/local/nagios/libexec/accessBackup.sh
#echo Antes read >> $fileOut
if [ -f $fileIn ];then
#echo Antes read >> $fileOut
while read -r line1
do
#echo Dentro read1 >> $fileOut
idEvent=`echo $line1|awk '{print $5}'`
audit=`echo $line1|awk '{print $9}'`
userPos=`echo $line1|grep -bo 'Nombre de cuenta:'|awk -F ":" '{print $1}'`
objectPos=`echo $line1|grep -bo 'Nombre del* objeto:'|awk -F ":" '{print $1}'`
user2=`echo ${line1:$userPos}|awk '{print $5}'`
#echo USER - $user1>> $fileOut
#user2=`echo $user1 | awk '{print $5}'`
object2=`echo ${line1:$objectPos}|awk '{print $8}'`
#echo OBJECT - $object1>> $fileOut
#object2=`echo $object1| awk '{print $8}'`
#echo userpos: $userPos user: $user2 objectpos: $objectPos object: $object2 >> $fileOut
while read line2
do
#echo Dentro read2 >> $fileOut
if [ $adminFound == 0 ];then
#echo $line2=$user2>> $fileOut
if [ $line2 == $user2 ];then
adminFound=1
#echo admin Found!!
fi
fi
done < $fileUsers
#echo $admin == 0 >> $fileOut
if [ $adminFound == 0 ];then
#echo NO COINCIDE >> $fileOut
# PARA LOS USUARIOS QUE NO ESTEN EN LA LISTA ADMIN
res=$(echo "INSERT INTO tb_daily_audit (user_event,id_event,n_times) VALUES ('$user2','$idEvent',1);"|$sql)
#echo res=$res
if [ -z "$res" ];then
echo "UPDATE tb_daily_audit SET n_times=n_times +1 WHERE user_event='$user2' AND id_event='$idEvent';"|$sql
fi
general=`echo $line1|awk '{print $1, $2, $3, $5, $9, $10}'`
if [ $object2 == "N/A" ];then
echo $general $user2 NO HAY OBJETO! >> $fileOut
else
echo $general $user2 $object2 >> $fileOut
fi
fi
adminFound=0
done < $fileIn
echo -e "\nParse finished!! accessResume.log and daily audit table ready!!"
else
echo -e "\n" $fileIn " does not exist!! \n"
fi
;;
--total)
echo "UPDATE tb_audit_events SET n_times=n_times+(select n_times from tb_daily_audit where id_event=tb_audit_events.id_event AND user_event=tb_audit_events.user_event)WHERE tb_audit_events.user_event=(select user_event from tb_daily_audit where id_event=tb_audit_events.id_event AND user_event=tb_audit_events.user_event) AND tb_audit_events.id_event=(select id_event from tb_daily_audit where id_event=tb_audit_events.id_event AND user_event=tb_audit_events.user_event);"|$sql
echo -e "\nDaily audit table updated!!"
;;
*)
echo WARNING!!! You are not using this script properly. If you need help, please use $PROGNAME --help
;;
esac