Begin, End & Rule Sections
(NOTE: Some of the techniques shown or described on this page--marked in purple--require new features in the latest official PIKT 1.19.0 release (pikt-current.tar.gz) that are unavailable in any previous version.)
Next come action statements, grouped in begin, end, and rule sections.
For example, here is a script (in the form of a macro, for broad generality) to report crontab changes:
crontab_change(u)
init
status =piktstatus
level =piktlevel
task "Report changes in (u) crontabs"
input proc "if [ -e =hstdir/log/(u).crontab.bak ];
then =diff =hstdir/log/(u).crontab.bak =hstdir/log/(u).crontab
else =cat =hstdir/log/(u).crontab 2>/dev/null; fi"
begin
doexec wait "=crontab -u (u) -l > =hstdir/log/(u).crontab"
rule
output mail $inlin
end
doexec wait "=mv =hstdir/log/(u).crontab =hstdir/log/(u).crontab.bak"
Before input processing, you might have a begin section, for example to initialize some variables or to take some other preliminary actions. (In the example script, the begin section saves 'crontab -l' output to disk.)
The heart of a Pikt script is the main processing loop: A line of input (from a proc, file, or logfile) is read in, then acted upon, the next line is read in and acted upon, and so on until all input is exhausted. (In the example script, in the 'input proc' statement, the current crontab disk file is diff'ed against a saved backup. In the single rule statement (in other scripts, there may be and usually are more than one), the diff output (if any) is e-mailed to the designated (in alerts.cfg) alert recipients.)
After input processing, you might add an end section, for actions taken at the conclusion of input processing. (In the example script, the current crontab save file is mv'ed to its backup version, for diff'ing against the current version the next time around.)
In other words:
begin [optional]
<statement>
<statement>
...
[while there's another input line] [optional]
rule
<statement>
<statement>
...
rule
<statement>
<statement>
...
...
[endwhile]
end [optional]
<statement>
<statement>
...
(As you might see, this is all very Awk-like.)
Note that begin, rule, and end sections are individually optional, but the script must have at least one. That is, you might have a script with only a begin section, or only an end section, or only one or more rule sections, or some combination of the three. Another requirement is that begin must precede rules, and end must follow begin and rules. Here are the possibilities:
begin
end
begin
end
rules
begin
rules
rules
end
begin
rules
end
It used to be the case that PIKT would open script input in the init section, and subsequently move on to the begin (and rules and end) section(s). Now, alarm input is opened just after the begin section and right before any rule statements.
In other words, and despite appearances, the actual processing sequence of a Pikt script is:
- Do the begin section (if any).
- Open script input (in the init section's 'input ...' statement).
- Do the rules processing on that input.
- Close script input (done automatically; there is no need for you to do this explicitly).
- Do the end section (if any).
For example, in a passwd file checking script with this 'input proc' statement
input file "/etc/passwd"
passwd entries are fed to the rules sections, one passwd line after another. Here are just some of the rules you might apply to each input passwd line:
...
rule // non-root uid 0's
if $uid eq "0"
&& ( $user !~ "^(root|sundiag|sysdiag|smtp)$"
|| ( $user =~ "^(sundiag|sysdiag)$"
&& $password ne "*"
)
)
output mail "User $user has UID OF 0!"
output syslog "User $user has UID OF 0!"
endif
rule // no password
if $password eq ""
output mail "User $user has NO PASSWORD!"
output syslog "User $user has NO PASSWORD!"
endif
rule // no uid
if $uid eq ""
output mail "User $user has no uid!"
output mail " $inline"
endif
rule // no gid
if $gid eq ""
output mail "User $user has no gid!"
output mail " $inline"
endif
...
Although it would be possible to combine all of the rules checks into a single, all-encompassing rule section, doing so would obscure the processing logic.
There are additional benefits to using multiple rules sections. See Pikt Rule Sections for details.
Note that, in addition to the implicit, built-in data processing loop (the 'input proc' and rules tandem), you can also achieve additional data processing loops within a Pikt script using a combination of #fopen()/#popen(), #read(), and #fclose()/#pclose().
Refer to the sample alarms.cfg for many more examples.
 prev page | 1st page | next page  |
