contribs/packets-iface.pl


#!/usr/bin/perl 


# Heavily based on :
# Packet Bar Charts for ipchains  Angelos Karageorgiou angelos@unix.gr
#
# cgi adaptation by gleicon
# cgi adaptation 2 by gleicon to match der-rj logs 
# cgi adaptation 3 by gleicon to generic packet logging
# a patch to log protocol, and interface




%HOSTS={};

use Socket;

$cmdline=shift;

$data=`/bin/date`;

$max=-1000;
$cdot=0;



printf ("Content-type: text/html\n\n\n");
printf (" Packet chart - Date: $data (cumulativo)\n");


open(LOG,"< /var/log/messages") || erro ();
print "
Parsing "; while() { $i++; if ( ( ! /.*Packet log.*DENY.*/gi ) && ( ! /.*Packet log.*REJECT.*/gi) && ( ! /.*Packet log.*ACCEPT.*/gi) ) { next ; } @fields=split(" ", $_); ($host,$port)=split(':', $fields[12]); ($shost,$sport)=split(':', $fields[11]); $status=$fields[8]; $iface=$fields[9]; ($gar,$proto)=split('=', $fields[10]); # $name=resolv($host); $sname=resolv($shost); $name=$host; # $sname=$shost; $key= $sname . " " . $name ." " . $status ." " . $iface. " ". $proto; $SCAN{$key}++; $max=$SCAN{$key} if ( $max < $SCAN{$key} ) ; if ($cdot > 40 ) { print "\n"; $cdot=0 } print "."; $cdot++; } close(LOG); print " Done
\n\n\n\n
Stats:
\n\n\n"; print ""; print " \n"; foreach $key (keys(%SCAN)){ $max=$SCAN{$key}; } foreach $key (keys(%SCAN)){ ($sname,$name,$status, $iface, $proto) =split(' ', $key); print ""; print ""; print ""; $bars= $SCAN{$key}; print ""; print ""; print ""; print ""; print "\n"; $bars++; } print "
"; print " OrigemDestino No de acessos Status Iface Proto
"; printf("%-${sourcelen}s ", $sname); print ""; printf("%-${destlen}s",$name); print ""; printf("%d", $bars); print ""; print "$status"; print ""; print "$iface"; print ""; if ($proto == 1) { print "ICMP" } elsif ($proto == 6) { print "TCP" } elsif ($proto == 17) {print "UDP" } else { print "$proto" ;} print "
\n\n\n\n"; print "

Gleicon Moraes

\n"; print "

Angelos Karageorgiou

\n"; sub resolv #resolv and cache a host name { local $mname,$miaddr,$mhost; $mhost=shift; $miaddr = inet_aton($mhost); # or whatever address if (! $HOSTS{$mhost} ) { $mname=''; eval { local $SIG{ALRM} = sub { die "alarm\n" }; # NB \n required alarm $timeout; $mname = gethostbyaddr($miaddr, AF_INET); }; die if $@ && $@ ne "alarm\n"; # propagate errors if ( $mname =~ /^$/ ) { $mname=$mhost; } $HOSTS{$mhost}=$mname; } return $HOSTS{$mhost} } sub erro { #error banner # print "Content-type:text/html\n\n"; print " Error \n"; print "\n"; print "\n"; print "\n"; print "
Packet chart
Error opening logfile
\n"; die ; }