#!/usr/bin/perl
#
# checksyslog - a program to extract abnormal entries from the system logs
#
# jwa@nbs.nau.edu  4 Dec 1996
#

$log = "/var/adm/syslog";			# where syslog lives
$rules = "/nau/share/lib/checksyslog.rules";	# where the rules live

if ($ARGV[0] eq "-today") {
 $filter=`date +"%b %e"`;
 chop $filter;
} else {
 $filter = $ARGV[0];
}

# Read in the rules & construct a single regexp.  This looks ugly,
# but it speeds things up significantly.

open (RULES, $rules) || die "Can't locate rule file : $!\n";
while ($line = <RULES>) {
 chop $line;
 if (($line ne "") && ($line !~ /^#/)) {
  $rulecount++;
  $rulez = "$rulez|$line" if ($rulez ne "");
  $rulez = "$line" if ($rulez eq "");
  print "Added rule: [$line]\n" if ($verbose == 1);
 }
}
close (RULES);

print "Read $rulecount rules\n" if ($verbose == 1);

# Do it.

open (LOG, $log);
while ($line = <LOG>) {
 print $line if ((($filter eq "") || ($line =~ /$filter/)) && ($line !~ /$rulez/));
}
close (LOG);
exit (0);
