25 lines
513 B
Plaintext
25 lines
513 B
Plaintext
|
#!/usr/local/bin/perl -w
|
||
|
use strict;
|
||
|
use TimeSeries;
|
||
|
use HTTP::Date qw(parse_date);
|
||
|
|
||
|
my %hist = ();
|
||
|
while (<>) {
|
||
|
my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/;
|
||
|
my %p = /(\S+)=(\S+)/g;
|
||
|
if ($p{SRC} && ($p{SRC} =~ /^143.130\./)) {
|
||
|
my $bucket;
|
||
|
if ($p{PROTO} eq "ICMP") {
|
||
|
$bucket = "$p{SRC} $p{DST} $p{PROTO} $p{TYPE}/$p{CODE}";
|
||
|
} else {
|
||
|
$bucket = "$p{SRC} $p{DST} $p{PROTO} $p{DPT}";
|
||
|
}
|
||
|
$hist{$bucket}++;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
for (sort keys %hist) {
|
||
|
print "$_ $hist{$_}\n";
|
||
|
}
|
||
|
|