#!/bin/bash

nagBase="/usr/local/nagios"
nagLog="$nagBase/var/nagios.log"
archives="$nagBase/var/archives"

# [fromTime]  aSource aType: host;service;state;severity;num;text

#fromTime=`date -d "" +"%s"`
file="$nagLog"
fromTime=""
toTime=""
noTime=""
host=""
service=""
state=""
severity=""
num=""
# These two need to be regexp wildcards to match everything when nothing is specified
aSource=".*"
aType=".*"

print_help() {
  echo "Usage:"
  echo "	-d (debug mode)"
  echo "	-m <machine>"
  echo "	-s <service>"
  echo "	-f <from time>, default=today at midnight"
  echo "	-t <to time>, default=now"
  echo "	-y <#> (subtracts # days from times specified"
  echo "	-x Skip remaining match checks and print all records in date range"
  echo "	-n <#> selects the alert number, no default"
  echo "	-T <type (HARD, SOFT)>, no default"
  echo "	-w <warning type (OK, WARNING, CRITICAL, UNKNOWN)> no default"
  echo "	--src|--source <alert source (HOST, SERVICE)>, default=SERVICE"
  echo "	--type <alert type (ALERT, EVENT, NOTIFICATION)>, no default"
  echo "	-q prints a quick report (doesn't print extended deatils)"
  echo "	-r Cancels all other selections except for times, and looks for restarts"
  echo "All input is evaluated as a regexp for pattern matching."
  echo "Time values can be in the following formats:"
  echo "	HH:MM[:SS]	MM/DD/YYYY	MM/DD/YYYY HH:MM[:SS]	-2 (ie, two days ago)"
  echo "So to see yesterday's critical service alerts, try this:"
  echo "	$0 [-A SERVICE] [-a ALERT] -f 00:00 -t 23:59 -y 1"
  echo "The logic for scanning which files to search relies upon Nagios rotating log"
  echo "files once per day, at midnight.  This causes a \"LOGFILE ROTATE\" message to"
  echo "occur in the logfile, which this program uses to determine if the logfile could"
  echo "contain valid information for the date range specified on the command line."
  echo "While this dramatically speeds up file processing time, it could lead to skipped"
  echo "data if the Nagios logfile rotation schedule is ever changed."
  exit;
}

while [ -n "$1" ]; do
  case "$1" in
    --help) print_help;;
    --file) file="$2"; shift 2;;
    -h|--host) host="$2"; shift 2;;
    -s|--service) service="$2"; shift 2;;
    --state) state="$2"; shift 2;;
    --hard) severity="HARD"; shift 1;;
    --soft) severity="SOFT"; shift 1;;
    --sev|--severity) severity="$2"; shift 2;;
    -n|--num) num="$2"; shift 2;;
    -t|--type) aType="$2"; shift 2;;
    --src|--source) aSource="$2"; shift 2;;
    -f|--from) fromTime="$2"; shift 2;;
    --to) toTime="$2"; shift 2;;
    --notime) noTime="true"; shift 1;;
    *) shift 1;;
  esac
done

# $1                              ; $2    ; $3  ; $4     ; $5; $6
# [fromTime]  aSource aType: host;service;state;severity;num;text
# [1690749418] HOST ALERT: Security Cameras;DOWN;SOFT;1;CRITICAL - 192.168.1.88: rta nan, lost 100%
# [1690765779] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;CRITICAL;SOFT;4;CRITICAL - Current BW in: 8.22Mbps Out: 1.58Mbps
# [1690765838] SERVICE ALERT: DD-WRT;Port: vlan1 Bandwidth;OK;SOFT;5;OK - Current BW in: .23Mbps Out: .15Mbps

files=""
if [ -n "$fromTime" ]; then
  fromTime=`date -d "$fromTime" +"%s"`
  for file in $archives/nagios-??-??-????-00.log; do
    fdate=`stat -c "%Y" $file`
    [ "$fdate" -lt "$fromTime" ] && continue
    files="$files $file"
  done
else
  files="$nagLog"
fi
if [ -n "$toTime" ]; then
  toTime=`date -d "$toTime" +"%s"`
fi

#awkScript=`mktemp`
#echo -n "//" >> $awkScript
#[ -n "$fromTime" ] && echo -n " && substr (\$1, 2, 10) >= $fromTime" >> $awkScript
#[ -n "$toTime" ] && echo -n " && substr (\$1, 2, 10) <= $toTime" >> $awkScript
#echo -n " && \$1~/\[[0-9]+] $aSource $aType: $host/" >> $awkScript
#[ -n "$service" ] && echo -n " && \$2~/$service/" >> $awkScript
#[ -n "$state" ] && echo -n " && \$3~/$state/" >> $awkScript
#[ -n "$severity" ] && echo -n " && \$4~/$severity/" >> $awkScript
#[ -n "$num" ] && echo -n " && \$5~/$num/" >> $awkScript
#[ -z "$noTime" ] && echo " && sub (/^\[[0-9]{10}]/, strftime (\"%Y-%m-%d %H:%M:%S\", substr (\$1, 2, 10)), \$1)" >> $awkScript
#gawk -F\; -f $awkScript $files
#rm $awkScript

timeSelFrom=""
timeSelTo=""
[ -n "$fromTime" ] && timeSel=" && substr (\$1, 2, 10) >= $fromTime"
[ -n "$toTime" ] && timeSel=" && substr (\$1, 2, 10) <= $toTime"

svcSel=""
if [ -n "$host" ]; then
  if [ -n "$service" ]; then
    svcSel=" && \$2~/$service/ && \$3~/$state/"
  else
    svcSel=" && \$2~/$state/"
  fi
else
  svcSel=" && \$2~/$state/ || \$3~/$state/"
fi

awk -F\; "/^\[[0-9]+] $aSource $aType: .*$host.*;/ $svcSel {print}" $files
