From 22e6213acbc22fd6f72f2cfe8f3d1ef2e0966f5f Mon Sep 17 00:00:00 2001 From: hjp Date: Mon, 1 Dec 2003 17:12:02 +0000 Subject: [PATCH] *** empty log message *** --- iptable_logs/hist | 19 +++++++++++++++++++ iptable_logs/hist2 | 24 ++++++++++++++++++++++++ iptable_logs/ts_dport | 25 +++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100755 iptable_logs/hist create mode 100755 iptable_logs/hist2 create mode 100755 iptable_logs/ts_dport diff --git a/iptable_logs/hist b/iptable_logs/hist new file mode 100755 index 0000000..2e03669 --- /dev/null +++ b/iptable_logs/hist @@ -0,0 +1,19 @@ +#!/usr/local/bin/perl -w +use strict; +use TimeSeries; +use HTTP::Date qw(parse_date); + +my %hist = (); +while (<>) { + my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/; + my %p = /(\S+)=(\S+)/g; + my $bucket = $p{SRC} . " " . $p{DST}; + if ($p{PROTO} eq "TCP" && $p{DPT} == 25 && ($p{SRC} =~ /^143.130\./)) { + $hist{$bucket}++; + } +} + +for (sort keys %hist) { + print "$_ $hist{$_}\n"; +} + diff --git a/iptable_logs/hist2 b/iptable_logs/hist2 new file mode 100755 index 0000000..f0faee3 --- /dev/null +++ b/iptable_logs/hist2 @@ -0,0 +1,24 @@ +#!/usr/local/bin/perl -w +use strict; +use TimeSeries; +use HTTP::Date qw(parse_date); + +my %hist = (); +while (<>) { + my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/; + my %p = /(\S+)=(\S+)/g; + if ($p{SRC} && ($p{SRC} =~ /^143.130\./)) { + my $bucket; + if ($p{PROTO} eq "ICMP") { + $bucket = "$p{SRC} $p{DST} $p{PROTO} $p{TYPE}/$p{CODE}"; + } else { + $bucket = "$p{SRC} $p{DST} $p{PROTO} $p{DPT}"; + } + $hist{$bucket}++; + } +} + +for (sort keys %hist) { + print "$_ $hist{$_}\n"; +} + diff --git a/iptable_logs/ts_dport b/iptable_logs/ts_dport new file mode 100755 index 0000000..63d2537 --- /dev/null +++ b/iptable_logs/ts_dport @@ -0,0 +1,25 @@ +#!/usr/local/bin/perl -w +use strict; +use TimeSeries; +use HTTP::Date qw(parse_date); + +my %hist = (); +my $dport = shift; +while (<>) { + my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/; + my ($year, $mon, $day, $hour, $min, $sec, $zone) + = parse_date($timestring); + my $bucket = sprintf "%04d-%02d-%02dT%02d:00\n", $year, $mon, $day, $hour; + my %p = /(\S+)=(\S+)/g; + if ($dport == $p{DPT}) { + $hist{$bucket}++; + } else { + $hist{$bucket} += 0; + } +} +my $ts = TimeSeries->new(); +$ts->legend("Connects to port $dport"); +for (sort keys %hist) { + $ts->add_timestring($_, $hist{$_}); +} +print $ts->plot();