#!/usr/local/bin/perl -Tw # # $Id: quickreport.pl,v 1.2 1999/07/09 16:23:28 dgregor Exp $ # # Copyright (c) 1999 Daniel J. Gregor, Jr., All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Daniel J. Gregor, Jr. # 4. The name of Daniel J. Gregor, Jr. may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY DANIEL J. GREGOR, JR. ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL DANIEL J. GREGOR, JR. BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. $ipregexp = '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'; while (defined($_ = <>)) { chomp($_); next unless $_ =~ m/IPACCESS/; # we only want IP access messages # next unless $_ =~ m/list [0-9]+ denied/; # we only watch denied next unless $_ =~ m/list [0-9]+ (denied|permitted)/; (($accesslist, $permitted, $proto, $sourceip, $sourceport, $destip, $destport, $numpackets) = m/list ([0-9]+) (\S+) (\S+) ($ipregexp)(?:\((\S+)\))? -> ($ipregexp)(?:\s*\((\S+)\))?, (\d+) packets?$/o) || warn "syntax error on $.: \"$_\"\n"; if (!defined($sourceport)) { $sourceport = ""; } if (!defined($destport)) { $destport = ""; } # XXX This is really freaking nasty. This hash is going to # XXX get *HUGE*. I need to do something like # XXX $list{$accesslist}{"$sourceip\t$destip\t..."} += $numpackets # XXX I have haven't gotten around to it yet. foreach $bogus (1 .. $numpackets) { $bogus = $bogus; # quiet warnings push (@{$list{$accesslist}}, "$sourceip\t$destip\t$destport\t$sourceport\t$proto\t$permitted"); } } format STDOUT = @<<<<< @<<<<<<<<<<<<<< @<<<< @<<<<<<<<<<<<<< @<<<< @<<< @<<<< $count, $sourceip, $sourceport, $destip, $destport,$proto, $permitted . format STDOUT_TOP = @||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| "Access list $accesslist denied packets" Count Source IP Source Port Dest IP Dest Port Protocol Permit ------------------------------------------------------------------------------- . # sort everything foreach $accesslist (keys %list) { @{$list{$accesslist}} = sort(@{$list{$accesslist}}); } foreach $accesslist (keys %list) { $- = 0; undef($lastline); foreach $line (@{$list{$accesslist}}) { if (defined($lastline)) { if ($line eq $lastline) { $count++; next; } else { ($sourceip, $destip, $destport, $sourceport, $proto, $permitted) = split(/\t/, $lastline); write; $lastline = $line; $count = 1; } } else { $lastline = $line; $count = 1; } } if (defined($lastline)) { ($sourceip, $destip, $destport, $sourceport, $proto, $permitted) = split(/\t/, $lastline); write; } }