SyslogEventMonitor.sh

#!/bin/sh
VER="v1.03"
#======================================================================================================= © 2016-2020 Martineau, v1.03
#
# Simple Syslog event monitor. Normally runs in background as a permanent task and allows for Event DOWN recovery action.
#
#     SyslogEventMonitor   { & } [ status ] [ stop ]
#
#     SyslogEventMonitor   &
#                          Run in the background and creates '/tmp/SyslogMonitor-running' semaphore file
#                          This file will contain messages for events that have been triggered etc.
#                          Emails will be sent for matching triggers.
#
#     SyslogEventMonitor   stop
#                          The '/tmp/SyslogMonitor-running' semaphore is renamed to '/tmp/SyslogMonitor-yyyy-hhmmss
#                          which causes the background task to terminate the Syslog Event monitoring.

#

Say(){
   echo -e $$ $@ | logger -st "($(basename $0))"
}
SayT(){
   echo -e $$ $@ | logger -t "($(basename $0))"
}
# Print between line beginning with'#==' to first blank line inclusive
ShowHelp() {
    awk '/^#==/{f=1} f{print; if (!NF) exit}' $0
}
# shellcheck disable=SC2034
ANSIColours() {

    cRESET="\e[0m";cBLA="\e[30m";cRED="\e[31m";cGRE="\e[32m";cYEL="\e[33m";cBLU="\e[34m";cMAG="\e[35m";cCYA="\e[36m";cGRA="\e[37m"
    cBGRA="\e[90m";cBRED="\e[91m";cBGRE="\e[92m";cBYEL="\e[93m";cBBLU="\e[94m";cBMAG="\e[95m";cBCYA="\e[96m";cBWHT="\e[97m"
    aBOLD="\e[1m";aDIM="\e[2m";aUNDER="\e[4m";aBLINK="\e[5m";aREVERSE="\e[7m"
    cRED_="\e[41m";cGRE_="\e[42m"

}
SendMail() {

    local MYROUTER=$(nvram get computer_name)

    local TEMPFILE="/tmp/mail.txt"

    local SMTP="mysmtp.server.com:nnn"                          # e.g. smtp.gmail.com:465
    local FROM="Me@gmail.com"
    local TO="Me@gmail.com"
    local USERNAME="account_ID"
    local PASSWORD="password"
    local FROMNAME="This "$MYROUTER

    BODY=$(echo -e "Start Email body...\n\n\tFirst line.\n\tSecond line.\n\nEnd of email Body")

    echo -e "Subject: Example email"         >$TEMPFILE
    echo -e "From: \"$FROMNAME\"<$FROM>"    >>$TEMPFILE
    echo -e "Date: `date -R`"               >>$TEMPFILE
    echo -e ""                              >>$TEMPFILE
    echo -e "$BODY"                         >>$TEMPFILE
    echo -e ""                              >>$TEMPFILE
    echo -e $(date)                         >>$TEMPFILE

    curl    -s --url smtps://$SMTP                  \
            --mail-from "$FROM" --mail-rcpt "$TO"   \
            --upload-file $TEMPFILE                 \
            --ssl-reqd                              \
            --user "$USERNAME:$PASSWORD" --insecure

    Say "e-mail sent using curl smtps:// SSL/TLS (non-Certificate)" $SMTP

    return 0
}
SyslogEmail() {

    # Uses Global variables!!!! - Tacky!!!

    local MSG=$TAG" "$REASON

    if [ $(echo "$@" | grep -cw "noaction") -eq 0 ];then
        local MSG=$MSG"; Action='"$ACTION"'"
    fi
    if [ $(echo "$@" | grep -cw "error") -eq 1 ];then
        local MSG="***ERROR*** "$MSG            # 'Add '***ERROR***' prefix
    fi
    SayT "$MSG"
    echo -e $(date)" "$MSG >> $LOCKFILE

    if [ $(echo "$@" | grep -cw "nomail") -eq 0 ];then
        SendMail "$MSG"
    fi

    return 0

}
Process_ACTION() {

    # Execute a script for this trigger message
    if [ ! -z "$ACTION" ];then
        if [ -f "$ACTION" ];then
            Say $(date)" "$TAG" action requested '"$ACTION"'"   # v1.03
            sh $ACTION &
            ACTION=
        else
            Say $TAG"'"$ACTION"' ***ERROR action NOT FOUND?"    # v1.03
        fi
    fi


}


#===============================================Main==============================================================================
Main() { true; }            # Syntax that is Atom Shellchecker compatible!

ANSIColours

# v384.13+ NVRAM variable 'lan_hostname' supersedes 'computer_name'
[ -n "$(nvram get computer_name)" ] && MYROUTER=$(nvram get computer_name) || MYROUTER=$(nvram get lan_hostname)

trap '' SIGHUP                  # Since 'nohup' doesn't work; Allow starting this script as a background task from command line!

#if [ -d "/tmp/mnt/"$MYROUTER ];then
    #MOUNT="/tmp/mnt/"$MYROUTER
#else
    MOUNT="/tmp"
#fi

# Single instance semaphore
LOCKFILE=${MOUNT}"/"$(basename $0)"-running"

if [ "$1" == "status" ];then
    if [ ! -z "$(ps | grep $(basename $0) | grep -v "VPN_" | grep -v "grep $(basename $0)" | grep -v "status")" ];then
        echo -e $cBGRE
        Say "Syslog Event monitor ACTIVE" $(grep -oE "PID=[0-9]*" $LOCKFILE)
        echo -e $cRESET
        exit
    else
        echo -e $cBMAG
        Say "Syslog Event monitor not running"
        echo -e $cRESET
        exit
    fi
fi

if [ "$1" == "stop" ] && [ -f $LOCKFILE ];then
    echo -e $cGRE
    Say "Syslog Event monitor Termination requested" $(grep -oE "PID=[0-9]*" $LOCKFILE)
    mv $LOCKFILE ${MOUNT}"/"$(basename $0)-$(date +"%Y%m%d-%H%M%S")
    echo -e $cRESET
    exit 0
fi

echo -en $cBWHT
Say $VER "Syslog Event Monitor started....."
echo -en $cRESET

FD=120
eval exec "$FD>$LOCKFILE"
flock -n $FD || { Say "Syslog Event monitor ALREADY running...ABORTing"; exit; }

sleep 1
echo -e $(date)" Syslog Event Monitor started.....PID="$$ >> $LOCKFILE

# Define Trigger messages
#
#       DOWN message count (to allow for controlling the trigger/action etc.)
#       DOWN trigger message
#       DOWN trigger ACTION script
#       UP trigger message
#       UP trigger ACTION script

#------------------------------------Start of customisation----------------------------------------------------------------

MSG0001T="WiFi subsystem"                       # Title for Syslog messages/SendMail
MSG0001C=1                                      # DOWN message count trigger
MSG0001D="notify_rc restart_wireless"           # DOWN Trigger message
MSG0001U="eth1: Broadcom"                       # UP message: Reset monitoring/recovery action message or perhaps any of these???
                                                #   'wl_module_init: igs set to 0x0'
                                                #   'wl_module_init: txworkq set to 0x1'
                                                #   'eth1: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)'
                                                #   'eth2: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.126 (r561982)'
                                                #   'device eth1 entered promiscuous mode'
                                                #   v384.xx message -> 'roamast: eth1: add client'
MSG0001XD="/jffs/scripts/DOWNfixit.sh"          # DOWN action script
MSG0001XU="/jffs/scripts/UPCheckit.sh"          # UP   action script


#------------------------------------End of customisation----------------------------------------------------------------


# Explicitly identify Syslog i.e. if syslog-ng is running, although /tmp/syslog.log is usually symlinked anyway?
# NB. It might be safer to simply hard-code '/tmp/syslog.log' to ensure continued event monitoring if syslog-ng is unexpectedly stopped?
#[ -z "$(ps -w | grep -v grep | grep -F "{syslog-ng}")" ] && FN="/tmp/syslog.log" || FN="/opt/var/log/messages"
FN="/tmp/syslog.log"                        # v1.03

tail -F $FN | \
    while read SYSLOG
        do
            case "$SYSLOG" in
                *$MSG0001D*|*$MSG0001U*)                                # DOWN/UP pair
                    TAG="$MSG0001T"
                    REASON="Trigger"
                    [ -z "MSG0001CT" ] && MSG0001CT=0                   # v1.02
                    case "$SYSLOG" in
                        *$MSG0001D*)                                    # DOWN event
                            MSG0001CT=$((1+MSG0001CT))
                            ACTION=$MSG0001XD                           # DOWN ACTION script
                            if [ $MSG0001CT -eq $MSG0001C ];then        # v1.02 Apply trigger threshold logic
                                REASON="unexpected restart detected"
                                SyslogEmail                             # Email etc.
                                Process_ACTION                          # Execute a script for this DOWN trigger message
                            fi
                            ;;
                        *$MSG0001U*)                                    # UP event
                            #MSG0001CU=$((1+MSG0001CU))
                            ACTION=$MSG0001XU                           # UP ACTION script
                            REASON="re-initialised"
                            SyslogEmail                                 # Email or not using "nomail" arg
                            Process_ACTION                              # Execute a script for this UP trigger message
                            MSG0001CT=0                                 # v 1.02 Reset DOWN trigger threshold counter
                            ;;
                    esac
                    ;;
                #
                #*$MSG9999U*|*$MSG9999D*)                               # Repeat for additional triggers
                #   TAG=
                #   REASON=
                #   etc.

                *)
                    # No trigger message match
                    ;;
            esac

            # Check for external kill switch; NOTE: Termination can be delayed on a quiet system!
            if [ ! -f "$LOCKFILE" ];then                        # Tacky! should really check for a separate 'KILL' file?
                echo -en $cBYEL
                Say "Syslog Event Monitor external termination trigger.....terminating"
                echo -e $cRESET
                flock -u $FD
                exit
            fi
        done

# Runs forever???


exit 0