#!

/usr/bin/env perl

use strict;
use warnings;
use Data::Dumper qw(Dumper);

my $date = `date '+%m%d%y'`;

chomp $date;

my $input_file = "/usr/openv/netbackup/logs/bpjava-susvc/log.".$date;

my $output_file = "/tmp/output.$$";
print "Output file name: $output_file\n";
my @inlist = qw(
bppolicynew bpplinfo bppllist bpplclients
bppldelete bpplinclude bpplcatdrinfo bpplsched
bpplschedrep bpplschedwin bpplvalid bpschedule
bpstuadd bpstudel
);
my $prefix = "/usr/openv/netbackup/bin/admincmd";
my(%info, %final, %users, %commands, %pids);
my($time, $pid, $type, $str);
open(LOG, $input_file) or die "Could not open file $input_file: $!\n";
while (<LOG>) {
chomp;
next if(/^\s*$/);
if(! /^\d\d:\d\d:\d\d\.\d\d\d/) {
my $str = pop(@{$info{$pid}{$type}});
$str .= "\n$_";
push(@{$info{$pid}{$type}}, $str);
next;
}
my(@tmp) = split(/\s+/, $_, 5);
$time = $tmp[0];
$tmp[1] =~ s/\[|\]//g;
$pid = $tmp[1];
$tmp[3] =~ s/:$//;
$type = $tmp[3];
$str = $tmp[4];
#push(@{$info{$pid}{$type}}, $time.",".$str);
push(@{$info{$pid}{$type}}, $str);
if($type eq "mkTmpFile" &&
$str =~ /^temp filename = .*user_ops\/(.*)\/logs.*/) {
$users{$pid} = $1;
$pids{$pid} = 1;
}
if($type eq "command_EXEC" &&
$str =~ /EXEC_RETURN.*buffer = (.*)$/) {
my $cmd = $1;
my $found = 0;
if($cmd =~ /^"$prefix\/(bp.*)" .*$/) {
my($c, @t) = split(/\s+/, $1);
$c =~ s/"//g;
$found = 1 if(grep(/^$c$/, @inlist));
}
if($found) {
$cmd =~ s/"//g;
push(@{$commands{$pid}}, $cmd);
 }
}
}
close(LOG);

open(OUT, "> $output_file") or die "Can't open $output_file: $!\n";

foreach $pid(sort keys %pids) {
my $user = $users{$pid};
my @cmds = @{$commands{$pid}} if(exists $commands{$pid});
print OUT "USER NAME: $user (PID: $pid)\n";
if(!scalar @cmds) {
print OUT "\t*** No Commands Executed ***\n\n";
next;
}
print OUT "\tCommands Executed:\n";
my $n = 1;
foreach my $cmd(@cmds) {
print OUT "\t$n. $cmd\n";
$n++;
}
print OUT "\n";
}
close(OUT);
system('mailx -s "User tampering Netbackup policies" <email_address> <
'.$output_file);