upload readme

fix sql scripts
fix docs

README.md

@@ -1 +1,13 @@
 # statV2
+
+Обычный быдло-кодинг, разросшийся за последние 13 лет. Выкладываю сюда - может кого-то сподвигнет сделать что-то своё нормально).
+
+Предназначен для контроля доступа юзеров в интернет на оборудовании микротик или linux-сервере.
+Возможности:
+- Фильтровать трафик юзеров по предустановленным группам фильтров
+- Ограничивать скорость (только на микротике, функционал на линухе был, но давно вырезан)
+- генерит конфиги для dhcp-серверов (dnsmasq, mikrotik)
+- генерит конфиг для named
+- опрашивает свичи и роутеры по snmp после чего анализирует и находит порты подклчюения ip-адресов
+- ну и ещё по мелочи...
+

docs/Readme.en.md

@@ -0,0 +1,169 @@
+Installation steps for CentOS 8:
+
+1. Enable repo:
+
+yum install dnf-plugins-core
+yum config-manager --set-enabled powertools
+yum config-manager --set-enabled extras
+dnf install epel-release elrepo-release
+
+2. Install packages:
+
+dnf install httpd php php-common perl mariadb-server git fping net-snmp-utils \
+php-mysqlnd php-bcmath php-intl php-mbstring php-pear-Date php-pear-Mail php-snmp perl-Net-Patricia \
+perl-NetAddr-IP perl-Config-Tiny perl-Net-DNS perl-DateTime perl-Proc-Daemon perl-Net-Netmask \
+perl-Text-Iconv perl-DateTime-Format-DateParse perl-Net-SNMP perl-Net-Telnet perl-Net-IPv4Addr \
+perl-DBI -y
+
+3. Download project:
+
+git clone https://github.com/rajven/statV2
+mkdir -p /usr/local/scripts
+cd statV2/
+cp -R scripts/ /usr/local/
+mkdir -p /usr/local/scripts/cfg
+cp docs/addons/cfg/config /usr/local/scripts/cfg/
+cp -R html/ /var/www
+
+4. Download additional scripts (optional)
+
+download from https://jquery.com/download/ production jQuery to /var/www/html/js/
+example: wget https://code.jquery.com/jquery-3.6.0.min.js
+rename jquery-3.6.0.min.js to jquery.min.js
+
+download from https://github.com/select2/select2 release
+example: https://github.com/select2/select2/archive/4.0.12.tar.gz
+extract contents from directory dist archive to /var/www/html/js/select2/
+
+5. Configure mysql
+
+systemctl enable mariadb
+systemctl start mariadb
+
+mysql_secure_installation - configure root password!!!
+
+#mysql -u root -p
+
+MariaDB [(none)]> create database stat;
+MariaDB [(none)]> grant all privileges on stat.* to stat@localhost identified by 'password';
+MariaDB [(none)]> flush privileges;
+MariaDB [(none)]> quit
+
+cat docs/mysql/stat_table_*.sql | mysql -u root -p stat
+cat docs/mysql/stat_extra.sql | mysql -u root -p stat
+
+6. Save configuration for web and scripts:
+
+cp html/inc/config.php.sample /var/www/html/cfg/
+mv /var/www/html/cfg/config.php.sample /var/www/html/cfg/config.php
+
+edit: /var/www/html/cfg/config.php & /usr/local/scripts/cfg/config
+
+set mysql database|user|password
+
+7. Configure apache & php:
+
+sed -i 's/short_open_tag = Off/short_open_tag = On/' /etc/php.ini
+
+#set timezone
+sed -i 's/;date.timezone =/date.timezone = Europe\/Moscow/' /etc/php.ini
+
+#enable php
+sed -i 's/#LoadModule mpm_prefork_module/LoadModule mpm_prefork_module/' /etc/httpd/conf.modules.d/00-mpm.conf
+sed -i 's/LoadModule mpm_event_module/#LoadModule mpm_event_module/' /etc/httpd/conf.modules.d/00-mpm.conf
+
+systemctl enable httpd
+systemctl start httpd
+
+cp docs/addons/sudoers.d/apache /etc/sudoers.d/apache
+
+8. Cron & logrotate
+
+cp docs/cron/stat /etc/cron.d/stat
+cp docs/logrotate/dnsmasq /etc/logrotate.d/dnsmasq
+cp docs/logrotate/scripts /etc/logrotate.d/scripts
+
+uncomment needed scripts...
+
+9. Minimal configuration done! login: http://[ip]/admin/ user: admin password: admin
+
+######################################### DHCP Server at Linux ###############################################################
+
+if you need dhcp server:
+
+dnf install dnsmasq -y
+
+cp docs/systemd/dnsmasq.service /etc/systemd/system
+cp docs/systemd/dhcp-log.service /etc/systemd/system
+cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
+cat docs/addons/dnsmasq.conf >/etc/dnsmasq.conf
+
+#edit /etc/dnsmasq.conf for you network
+
+systemctl enable dnsmasq
+systemctl enable dhcp-log
+systemctl start dnsmasq
+systemctl start dhcp-log
+
+######################################### Netflow #####################################################################
+
+dnf install nfdump -y
+
+cp docs/systemd/nfcapd@.service /etc/systemd/system/nfcapd@.service
+mkdir -p /etc/nfcapd
+cp docs/systemd/nfcapd/office.conf /etc/nfcapd/office.conf
+
+Change port, directory for netflow data and specify the id of the device that the netflow stream is coming from
+
+systemctl enable nfcapd@office
+systemctl start nfcapd@office
+
+enable netflow at mikrotik router:
+/ip traffic-flow
+set enabled=yes
+/ip traffic-flow target
+add dst-address=[IP-SERVER] port=[PORT nfcapd]
+
+######################################### Remote syslog ###############################################################
+
+dnf install syslog-ng -y
+
+cp /etc/syslog-ng/syslog-ng.conf  /etc/syslog-ng/syslog-ng.conf.default
+cat docs/syslog-ng/syslog-ng.conf >/etc/syslog-ng/syslog-ng.conf
+
+systemctl enable syslog-ng
+systemctl start syslog-ng
+
+cp docs/systemd/syslog-stat.service /etc/systemd/system/syslog-stat.service
+
+systemctl enable syslog-stat
+systemctl start syslog-stat
+
+######################################### Mikrotik managment ##########################################################
+
+Configure mikrotik login|password|port for telnet service in http://[IP]/admin/customers/control-options.php
+
+at device record (http://[IP]/admin/devices/) setup WAN & LAN intefaces for router, enable options acl,queue,connected-user-only
+
+at mikrotik add iptables filter rules:
+
+/ip firewall filter
+
+add action=jump chain=forward comment="users set" in-interface-list=WAN jump-target=Users
+add action=jump chain=forward jump-target=Users out-interface-list=WAN
+
+#before this standart rules!!!
+add action=drop chain=forward comment="drop forward invalid" connection-state=invalid
+add action=accept chain=forward comment=related,established connection-state=established,related
+
+#default deny forward rule - after standart rules!!!
+add action=reject chain=forward comment="deny default wan" in-interface-list=WAN reject-with=icmp-network-unreachable
+add action=reject chain=forward out-interface-list=WAN reject-with=icmp-network-unreachable
+
+/queue tree
+add max-limit=[YOU BANDWIDTH] name=upload_root_[WAN_INTERFACE_NAME] parent=[WAN_INTERFACE_NAME] queue=pcq-upload-default
+add name=download_root_[LAN_INTERFACE_NAME] parent=[LAN_INTERFACE_NAME] queue=pcq-download-default
+
+run /usr/local/scripts/sync_mikrotik.pl
+
+#########################################################################################################################

docs/Readme.ru.md

@@ -0,0 +1,175 @@
+Утсановка для CentOS 8:
+
+1. Включаем дополнительные репозитории:
+
+yum install dnf-plugins-core
+yum config-manager --set-enabled powertools
+yum config-manager --set-enabled extras
+dnf install epel-release elrepo-release
+
+2. Ставим пакеты:
+
+dnf install httpd php php-common perl mariadb-server git fping net-snmp-utils \
+php-mysqlnd php-bcmath php-intl php-mbstring php-pear-Date php-pear-Mail php-snmp perl-Net-Patricia \
+perl-NetAddr-IP perl-Config-Tiny perl-Net-DNS perl-DateTime perl-Proc-Daemon perl-Net-Netmask \
+perl-Text-Iconv perl-DateTime-Format-DateParse perl-Net-SNMP perl-Net-Telnet perl-Net-IPv4Addr \
+perl-DBI -y
+
+3. Качаем исходники и раскидываем по каталогам:
+
+git clone https://github.com/rajven/statV2
+mkdir -p /usr/local/scripts
+cd statV2/
+cp -R scripts/ /usr/local/
+mkdir -p /usr/local/scripts/cfg
+cp docs/addons/cfg/config /usr/local/scripts/cfg/
+cp -R html/ /var/www
+
+4. Можно скачать дополнительные скрипты (красивости)
+
+download from https://jquery.com/download/ production jQuery to /var/www/html/js/
+example: wget https://code.jquery.com/jquery-3.6.0.min.js
+rename jquery-3.6.0.min.js to jquery.min.js
+
+download from https://github.com/select2/select2 release
+example: https://github.com/select2/select2/archive/4.0.12.tar.gz
+extract contents from directory dist archive to /var/www/html/js/select2/
+
+5. Настраиваем mysql 
+
+systemctl enable mariadb
+systemctl start mariadb
+
+mysql_secure_installation - утсановить пароль для root
+
+#mysql -u root -p
+
+Создать юзера и базу данных
+
+MariaDB [(none)]> create database stat;
+MariaDB [(none)]> grant all privileges on stat.* to stat@localhost identified by 'password';
+MariaDB [(none)]> flush privileges;
+MariaDB [(none)]> quit
+
+cat docs/mysql/stat_table_*.sql | mysql -u root -p stat
+cat docs/mysql/stat_extra.sql | mysql -u root -p stat
+
+6. Настраиваем конфиги для вэба и скриптов:
+
+cp html/inc/config.php.sample /var/www/html/cfg/
+mv /var/www/html/cfg/config.php.sample /var/www/html/cfg/config.php
+
+edit: /var/www/html/cfg/config.php & /usr/local/scripts/cfg/config
+
+Надо указать пароль в  mysql и базу данных!!!
+
+7. Настраиваем апач и php:
+
+sed -i 's/short_open_tag = Off/short_open_tag = On/' /etc/php.ini
+
+#set timezone
+sed -i 's/;date.timezone =/date.timezone = Europe\/Moscow/' /etc/php.ini
+
+#enable php
+sed -i 's/#LoadModule mpm_prefork_module/LoadModule mpm_prefork_module/' /etc/httpd/conf.modules.d/00-mpm.conf
+sed -i 's/LoadModule mpm_event_module/#LoadModule mpm_event_module/' /etc/httpd/conf.modules.d/00-mpm.conf
+
+systemctl enable httpd
+systemctl start httpd
+
+cp docs/addons/sudoers.d/apache /etc/sudoers.d/apache
+
+8. Cron & logrotate
+
+cp docs/cron/stat /etc/cron.d/stat
+cp docs/logrotate/dnsmasq /etc/logrotate.d/dnsmasq
+cp docs/logrotate/scripts /etc/logrotate.d/scripts
+
+Не забудьте раскомментировать в кроне неоходимые скрипты
+
+9. Минимальная настрофка готова! Заходим: http://[ip]/admin/ user: admin password: admin, настраиваем список устройств, используемые сети и т.д.
+
+######################################### DHCP Server at Linux ###############################################################
+
+Можно исопльзовать dhcp-сервер как на миркотике, так и на сервере с Linux. Имхо, dnsmasq - предпочтительнее. 
+
+dnf install dnsmasq -y
+
+cp docs/systemd/dnsmasq.service /etc/systemd/system
+cp docs/systemd/dhcp-log.service /etc/systemd/system
+cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
+cat docs/addons/dnsmasq.conf >/etc/dnsmasq.conf
+
+#edit /etc/dnsmasq.conf for you network
+
+systemctl enable dnsmasq
+systemctl enable dhcp-log
+systemctl start dnsmasq
+systemctl start dhcp-log
+
+######################################### Netflow #####################################################################
+
+dnf install nfdump -y
+
+cp docs/systemd/nfcapd@.service /etc/systemd/system/nfcapd@.service
+mkdir -p /etc/nfcapd
+cp docs/systemd/nfcapd/office.conf /etc/nfcapd/office.conf
+
+Указываем порт, место хранения статистики и id роутера, с которого снимается трафик
+
+systemctl enable nfcapd@office
+systemctl start nfcapd@office
+
+Включаем netflow на микротике:
+/ip traffic-flow
+set enabled=yes
+/ip traffic-flow target
+add dst-address=[IP-SERVER] port=[PORT nfcapd]
+
+######################################### Remote syslog ###############################################################
+
+Если нужно писать логи с устройств:
+
+dnf install syslog-ng -y
+
+cp /etc/syslog-ng/syslog-ng.conf  /etc/syslog-ng/syslog-ng.conf.default
+cat docs/syslog-ng/syslog-ng.conf >/etc/syslog-ng/syslog-ng.conf
+
+systemctl enable syslog-ng
+systemctl start syslog-ng
+
+cp docs/systemd/syslog-stat.service /etc/systemd/system/syslog-stat.service
+
+systemctl enable syslog-stat
+systemctl start syslog-stat
+
+######################################### Mikrotik managment ##########################################################
+
+настраиваем параметры доступа по телнету к роутеру в админке (login|password|port)  http://[IP]/admin/customers/control-options.php
+
+указываем в роутере (http://[IP]/admin/devices/) внешние и внутренние интерфейсы, включаем использование шейперов, dhcp-сервера (не нужно, если исопльзуем dnsmasq)
+
+Добавляем правила в фаервол:
+
+/ip firewall filter
+
+add action=jump chain=forward comment="users set" in-interface-list=WAN jump-target=Users
+add action=jump chain=forward jump-target=Users out-interface-list=WAN
+
+#указанные выше правила надо поставить выше этих дефалтных:
+#add action=drop chain=forward comment="drop forward invalid" connection-state=invalid
+#dd action=accept chain=forward comment=related,established connection-state=established,related
+
+#А эти правила должны быть ниже дефолтных
+add action=reject chain=forward comment="deny default wan" in-interface-list=WAN reject-with=icmp-network-unreachable
+add action=reject chain=forward out-interface-list=WAN reject-with=icmp-network-unreachable
+
+шейпер:
+/queue tree
+add max-limit=[YOU BANDWIDTH] name=upload_root_[WAN_INTERFACE_NAME] parent=[WAN_INTERFACE_NAME] queue=pcq-upload-default
+add name=download_root_[LAN_INTERFACE_NAME] parent=[LAN_INTERFACE_NAME] queue=pcq-download-default
+
+запускаем /usr/local/scripts/sync_mikrotik.pl
+Скрипт создаст правила фильтрации и шейпера
+
+#########################################################################################################################

docs/addons/sudoers.d/apache

@@ -0,0 +1 @@
+apache	ALL=(ALL)	NOPASSWD: /usr/local/scripts/sync_mikrotik.pl, /usr/local/scripts/update-dnsmasq, /usr/local/scripts/fetch_new_arp.pl

docs/addons/sudoers.d/stat

@@ -1 +0,0 @@
-stat  ALL=(ALL)       NOPASSWD: /usr/local/scripts/poe_ipcam.pl, /usr/local/scripts/sync_user_list.pl, /usr/local/scripts/update-named, /usr/local/scripts/update-dhcpd, /usr/local/scripts/fetch_new_arp.pl, /etc/nagios/restart_nagios, /usr/local/scripts/update-dnsmasq

docs/cron/stat

@@ -7,7 +7,7 @@
 #16 * * * * root /etc/nagios/restart_nagios >/dev/null
 
 #refresh dnsmasq(dhcpd) dhcp server config's
-02 * * * * root /usr/local/scripts/update-dnsmasq
+#02 * * * * root /usr/local/scripts/update-dnsmasq
 
 #scan network
 09 * * * * root /usr/local/scripts/fetch_new_arp.pl
@@ -16,4 +16,4 @@
 01 0 * * * root /usr/local/scripts/garbage.pl
 
 #sync mikrotik cfg (need for update dhcp hostname)
-03 * * * * root /usr/local/scripts/sync_mikrotik.pl
+#03 * * * * root /usr/local/scripts/sync_mikrotik.pl

docs/doc/readme.txt

@@ -1,9 +0,0 @@
-yum install krb5-workstation bind-utils -y
-
-ktutil 
-ktutil:  addent -password -p dns_updater@ORG.LOCAL -k 1 -e rc4-hmac
-Password for dns_updater@ORG.LOCAL: 
-ktutil:  write_kt /usr/local/scripts/cfg/dns_updater.keytab
-ktutil:  quit
-
-kinit -k -t /usr/local/scripts/cfg/dns_updater.keytab dns_updater@ORG.LOCAL

docs/fix_net.pl

@@ -1,59 +0,0 @@
-#!/usr/bin/perl
-
-#
-# Copyright (C) Roman Dmitiriev, rnd@rajven.ru
-#
-
-use FindBin '$Bin';
-use lib "$Bin/";
-use strict;
-use DBI;
-use Time::Local;
-use Net::Patricia;
-use Data::Dumper;
-use Date::Parse;
-use Socket;
-use Rstat::config;
-use Rstat::main;
-use Rstat::net_utils;
-use Rstat::snmp;
-use Rstat::mysql;
-use NetAddr::IP;
-
-setpriority(0,0,19);
-
-#get userid list
-my $user_auth_list = $dbh->prepare( "SELECT id,ip FROM User_auth ORDER by ip" );
-if ( !defined $user_auth_list ) { die "Cannot prepare statement: $DBI::errstr\n"; }
-$user_auth_list->execute;
-my $authlist_ref = $user_auth_list->fetchall_arrayref();
-$user_auth_list->finish();
-
-my @batch_sql=();
-
-foreach my $row (@$authlist_ref) {
-my $ip=$row->[1];
-my $id=$row->[0];
-my $net=GetDhcpRange($ip);
-print "Auth id: $id Found network: $ip\n";
-print "NETWORK: $net->{network}\nBROADCAST: $net->{broadcast}\nMASK: $net->{mask}\n";
-my $ip_aton=StrToIp($net->{network});
-push(@batch_sql,"Update User_auth set ip_int=".$ip_aton." where id=".$id);
-}
-
-
-if (scalar @batch_sql) {
-    $dbh->{AutoCommit} = 0;
-    my $sth;
-    foreach my $sSQL(@batch_sql) {
-    print "$sSQL\n";
-    $sth = $dbh->prepare($sSQL);
-    $sth->execute;
-    }
-    $sth->finish;
-    $dbh->{AutoCommit} = 1;
-    }
-
-$dbh->disconnect;
-
-exit 0;

docs/mysql/stat_extra.sql

@@ -233,13 +233,13 @@ ALTER TABLE `building`
 -- AUTO_INCREMENT для таблицы `config`
 --
 ALTER TABLE `config`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=111;
 
 --
 -- AUTO_INCREMENT для таблицы `config_options`
 --
 ALTER TABLE `config_options`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=57;
 
 --
 -- AUTO_INCREMENT для таблицы `connections`
@@ -251,7 +251,7 @@ ALTER TABLE `connections`
 -- AUTO_INCREMENT для таблицы `Customers`
 --
 ALTER TABLE `Customers`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=10;
 
 --
 -- AUTO_INCREMENT для таблицы `devices`
@@ -401,4 +401,4 @@ ALTER TABLE `variables`
 -- AUTO_INCREMENT для таблицы `vendors`
 --
 ALTER TABLE `vendors`
-  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=20;

docs/mysql/stat_table_Customers.sql

@@ -17,4 +17,4 @@ CREATE TABLE `Customers` (
 --
 
 INSERT INTO `Customers` (`id`, `Login`, `Pwd`, `readonly`) VALUES
-(1, 'admin', '01a5aa14009873f841eab46082418496', 0);
+(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 0);

docs/show_dup.pl

@@ -1,60 +0,0 @@
-#!/usr/bin/perl
-
-#
-# Copyright (C) Roman Dmitiriev, rnd@rajven.ru
-#
-
-use FindBin '$Bin';
-use lib "$Bin/";
-use strict;
-use DBI;
-use Time::Local;
-use Net::Patricia;
-use Data::Dumper;
-use Date::Parse;
-use Socket;
-use Rstat::config;
-use Rstat::main;
-use Rstat::net_utils;
-use Rstat::mysql;
-use NetAddr::IP;
-
-setpriority(0,0,19);
-
-#get userid list
-my $user_auth_list = $dbh->prepare( "SELECT id,ip,mac,user_id FROM User_auth Where deleted=0 ORDER by id,ip_int,mac" );
-if ( !defined $user_auth_list ) { die "Cannot prepare statement: $DBI::errstr\n"; }
-$user_auth_list->execute;
-my $authlist_ref = $user_auth_list->fetchall_arrayref();
-$user_auth_list->finish();
-
-$dbh->disconnect;
-
-my %nethash;
-
-foreach my $net (@all_network_list) {
-    $nethash{$net}{network}= new Net::Patricia;
-    $nethash{$net}{network}->add_string($net);
-}
-
-foreach my $row (@$authlist_ref) {
-    my $id=$row->[0];
-    my $ip=$row->[1];
-    my $mac=mac_splitted($row->[2]);
-    my $user_id=$row->[3];
-    foreach my $net (keys %nethash) {
-        if ($nethash{$net}{network}->match_string($ip)) {
-            if (exists $nethash{$net}{$mac}) {
-                print "Dup found! id:$id mac: $mac ip:$ip First id: $nethash{$net}{$mac}{id} ip: $nethash{$net}{$mac}{ip}\n";
-                last;
-                }
-            $nethash{$net}{$mac}{id}=$id;
-            $nethash{$net}{$mac}{ip}=$ip;
-            last;
-            }
-    }
-}
-
-
-exit 0;
-

docs/syslog-ng/syslog-ng.conf

@@ -0,0 +1,34 @@
+@version:3.5
+@include "scl.conf"
+
+options {
+	flush_lines (0);
+	time_reopen (10);
+	log_fifo_size (1000);
+	chain_hostnames (off);
+	use_dns (no);
+	use_fqdn (no);
+	create_dirs (yes);
+	keep_hostname (no);
+};
+
+source s_remote { udp(port(514)); };
+
+destination d_socket {
+pipe("/var/run/syslog-ng.socket" template("$UNIXTIME|$SOURCEIP|$MSGHDR $MESSAGE\n") template-escape(yes) flags(no-multi-line));
+};
+
+destination d_all { file("/var/log/remote/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY.log" flags(no-multi-line)); };
+
+destination d_all_simple {
+file("/var/log/remote/messages.log" template("$UNIXTIME|$SOURCEIP|$MSGHDR $MESSAGE\n") template-escape(yes) flags(no-multi-line));
+};
+
+log { source(s_remote); destination(d_all); };
+log { source(s_remote); destination(d_all_simple); };
+log { source(s_remote); destination(d_socket); };
+
+# Source additional configuration files (.conf extension only)
+@include "/etc/syslog-ng/conf.d/*.conf"
+
+# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

scripts/syslog-stat.pl

@@ -17,12 +17,13 @@ use DBI;
 use Time::Local;
 use Date::Parse;
 use Getopt::Long;
+use IO::Socket::UNIX qw( SOCK_STREAM );
 use Proc::Daemon;
 use Cwd;
 
 
 my $pf = '/var/run/syslog-stat.pid';
-my $log = '/var/log/remote/messages.log';
+my $socket_path='/var/run/syslog-ng.socket';
 
 my $daemon = Proc::Daemon->new(
         pid_file => $pf,
@@ -121,60 +122,59 @@ my %warning_patterns = (
 
 while (1) {
 eval {
-# Create new database handle. If we can't connect, die()
-system('touch "'.$log.'"');
-my $db = DBI->connect("dbi:mysql:database=$DBNAME;host=$DBHOST","$DBUSER","$DBPASS");
-if ( !defined $dbh ) { die "Cannot connect to mySQL server: $DBI::errstr\n"; }
-open(SYSLOG, "tail -n 0 -F $log |") || die "$log not found!";
-while (my $logline = <SYSLOG>) {
-next unless defined $logline;
-chomp($logline);
-my ($timestamp,$host_ip,$message) = split (/\|/, $logline);
-next if (!$message);
-$message =~ s/\r/ /g;
-$message =~ s/\\015//g;
-$message =~ s/\\012//g;
-next if (!$message);
-next if (!$host_ip);
-if (time()-$last_refresh_config>=60) { init_option($db); }
-log_debug("Raw message: $message");
-#is trash messages?
-my $trash = 0;
-foreach my $pattern (keys %trash_patterns) {
-        next if (!$pattern);
-        if ($message=~/$pattern/i) {
-            log_debug("Trash pattern: $pattern");
-            $trash = 1;
-            last;
+    my $db = DBI->connect("dbi:mysql:database=$DBNAME;host=$DBHOST","$DBUSER","$DBPASS");
+    if ( !defined $dbh ) { die "Cannot connect to mySQL server: $DBI::errstr\n"; }
+    open(SYSLOG,$socket_path) || die("Error open fifo socket $socket_path: $!");
+    while (my $logline = <SYSLOG>) {
+        next unless defined $logline;
+        chomp($logline);
+        my ($timestamp,$host_ip,$message) = split (/\|/, $logline);
+        next if (!$message);
+        $message =~ s/\r/ /g;
+        $message =~ s/\\015//g;
+        $message =~ s/\\012//g;
+        next if (!$message);
+        next if (!$host_ip);
+        if (time()-$last_refresh_config>=60) { init_option($db); }
+        log_debug("Raw message: $message");
+        #is trash messages?
+        my $trash = 0;
+        foreach my $pattern (keys %trash_patterns) {
+            next if (!$pattern);
+            if ($message=~/$pattern/i) {
+                    log_debug("Trash pattern: $pattern");
+                    $trash = 1;
+                    last;
+                    }
+            }
+        next if ($trash);
+        my $hostname=$host_ip;
+        my $netdev = get_device_by_ip($db,$host_ip);
+        my $id = 0;
+        if ($netdev) {
+            $hostname = $netdev->{device_name};
+            $id = $netdev->{id};
+            } else {
+            log_debug("Host with $host_ip is not found in netdevices!");
             }
-}
-next if ($trash);
-my $hostname=$host_ip;
-my $netdev = get_device_by_ip($db,$host_ip);
-my $id = 0;
-if ($netdev) {
-    $hostname = $netdev->{device_name};
-    $id = $netdev->{id};
-    } else {
-    log_debug("Host with $host_ip is not found in netdevices!");
-    }
 
-my $q_msg=$db->quote($message);
-my $ssql="INSERT INTO remote_syslog(device_id,ip,message) values('".$id."','".$host_ip."',".$q_msg.")";
-do_sql($db,$ssql);
+        my $q_msg=$db->quote($message);
+        my $ssql="INSERT INTO remote_syslog(device_id,ip,message) values('".$id."','".$host_ip."',".$q_msg.")";
+        do_sql($db,$ssql);
 
-foreach my $pattern (keys %warning_patterns) {
-    next if (!$pattern);
-    if ($message=~/$pattern/i) {
-        log_info("Warning pattern $pattern found! Send email.",1);
-        sendEmail("Syslog warning for $hostname [".$host_ip."]!",$host_ip." ".$message);
-        last;
+        foreach my $pattern (keys %warning_patterns) {
+            next if (!$pattern);
+            if ($message=~/$pattern/i) {
+                log_info("Warning pattern $pattern found! Send email.",1);
+                sendEmail("Syslog warning for $hostname [".$host_ip."]!",$host_ip." ".$message);
+                last;
+                }
+            }
         }
-    }
-}
-close(SYSLOG);
-};
-if ($@) { log_error("Exception found: $@"); }
+
+    close(SYSLOG);
+    };
+if ($@) { log_error("Exception found: $@"); sleep(60); }
 }
     } else {
         print "Already Running with pid $pid\n";