#!/usr/pkg/bin/perl -w
#
# $Id: loco,v 1.1.1.1 2000/12/14 19:52:34 jules Exp $
#
# perl script to give /var/log/messages nice colors for readability
#
#  Jules Stuifbergen <jules@zjuul.net>
#  (I was bored, rewrote 'logcolorise.pl' from Michael Babcock from scratch)
#  
#  Thanks Jeffrey Paul <sneak@datavibe.net> for several improvements
#         Cristian Ionescu-Idbohrn <cii@axis.se> for better patterns

use Term::ANSIColor;
use strict;

$Term::ANSIColor::AUTORESET++;	       # reset color after each print
$SIG{INT} = sub { print "\n"; exit; }; # reset color after Ctrl-C

my ($i,$word,$date,$host,$service,$rest,@mesg);

#### Put your own preferences here 
#
# lines get processed in this order: ignore service, ignore line, color line, color word

# ignore service (default = ignore nothing)
my $service_ignore = "";
# or.. (to ignore syslogd and gdm)
# my $service_ignore = "syslogd|gdm";

# ignore line (default = ignore nothing)
my $line_ignore = "";
# or.. (to block out portsentry + name server messages and some sendmail msgs):
# my $line_ignore = "already blocked Ignoring|XSTATS|USAGE|NSTATS|Lame server|^[A-Z][A-Z][A-Z][0-9][0-9][0-9][0-9][0-9]";

# color line
my $line_alert = "SIGHUP|DENY|lost|shutting|dead|DHCP_NAK|failure|inactive|terminat|refus|rejected|down";
my $line_warn  = "invalid|bad|attackalert|wrong|Lame|failing|unknown|obsolete";
my $line_good  = "DHCP_ACK|[cC]lean[e]?[d]?|alive|found";

# color word
my $alert = "LOGIN|login|DHCP_OFFER|[Cc]onnect|fatal|[Ss]uccessful|failed";
my $warn  = "dangling|Assum(e|ing)|root|miss(ed|ing)|[Ii]gnore|adminalert|delet(e|ing)";
my $good  = "[Ll]isten|[Ss]tart(ed|ing)|[Rr]eady|active|[Rr]eload(ed|ing)";

# 'palette'
my $date_color    = "cyan";
my $host_color    = "magenta";
my $service_color = "blue";

my $alert_color   = "red";
my $warn_color    = "yellow";
my $good_color    = "green";

my $alert_word_color   = "bold red";
my $warn_word_color    = "yellow";
my $good_word_color    = "green";


#### Main loop
#

NEWLINE: while (<>) {
	($date,$host,$service,$rest) = /^(.+?\s.+?\s.+?\s)(.+?\s)(.+?:\s)(.*)/;

        # Anything interesting to show?
        next NEWLINE if ! defined($rest) or (length($rest) < 1);

	# ignore if..
	$service_ignore && next NEWLINE if ($service =~ /$service_ignore/);
	$line_ignore    && next NEWLINE if ($rest =~ /$line_ignore/);

	print colored("$date",    $date_color);
	print colored("$host",    $host_color);
	print colored("$service", $service_color);

	# color the whole message if..
	if ($rest =~ /$line_alert/) {
        	print colored("$rest\n", $alert_color);
        	next NEWLINE;
	}
	if ($rest =~ /$line_warn/) {
		print colored("$rest\n", $warn_color);
		next NEWLINE;
	}
	if ($rest =~ /$line_good/) {
		print colored("$rest\n", $good_color);
		next NEWLINE;
	}

	# else, color seperate words
	@mesg = split(/ /,$rest);
	foreach $word (@mesg) {
		if ($word =~ /$alert/) {
			print colored ("$word ", $alert_word_color);	
			next;
		} elsif ($word =~ /$warn/) {
			print colored ("$word ", $warn_word_color);	
			next;
		} elsif ($word =~ /$good/) {
			print colored ("$word ", $good_word_color);	
			next;
		} else {
			# no color
			print "$word ";
		}		
	}
	print "\n";
}

=pod

=head1
NAME

loco - colorize B</var/log/messages> for easy reading

=head1
SYNOPSIS

B<loco> [I<FILE>]...

=head1
DESCRIPTION

Colorize FILES(s), or standard input and print on the
standard output. With no FILE, read standard input.

To produce colors, loco uses the B<Term::ANSIColor>
module.

=head1
EXAMPLES

	loco /var/log/messages

	tail -f /var/log/messages | loco

=head1
AUTHOR

Jules Stuifbergen <jules@zjuul.net>. Basically, I
was bored, and rewrote 'logcolorise.pl' from Michael
Babcock from scratch.
Feel free to mail me patches, improvements, or fixes.

=head1
BUGS

The Escape codes used for coloring are characters, too,
so lines will be broken off apparently prematurely.
If there's no match, the lines will be displayed in the
default color. If you default color happens to be red,
the effect of red keywords will disappear.

=head1
LICENSE

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

=cut

