*** empty log message ***

iptable_logs/hist

@@ -0,0 +1,19 @@
+#!/usr/local/bin/perl -w 
+use strict;
+use TimeSeries;
+use HTTP::Date qw(parse_date);
+
+my %hist = ();
+while (<>) {
+    my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/;
+    my %p = /(\S+)=(\S+)/g;
+    my $bucket = $p{SRC} . " " . $p{DST};
+    if ($p{PROTO} eq "TCP" && $p{DPT} == 25 && ($p{SRC} =~ /^143.130\./)) {
+	$hist{$bucket}++;
+    } 
+}
+
+for (sort keys %hist) {
+    print "$_ $hist{$_}\n";
+}
+

iptable_logs/hist2

@@ -0,0 +1,24 @@
+#!/usr/local/bin/perl -w 
+use strict;
+use TimeSeries;
+use HTTP::Date qw(parse_date);
+
+my %hist = ();
+while (<>) {
+    my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/;
+    my %p = /(\S+)=(\S+)/g;
+    if ($p{SRC} && ($p{SRC} =~ /^143.130\./)) {
+	my $bucket;
+	if ($p{PROTO} eq "ICMP") {
+	    $bucket = "$p{SRC} $p{DST} $p{PROTO} $p{TYPE}/$p{CODE}";
+	} else {
+	    $bucket = "$p{SRC} $p{DST} $p{PROTO} $p{DPT}";
+	}
+	$hist{$bucket}++;
+    } 
+}
+
+for (sort keys %hist) {
+    print "$_ $hist{$_}\n";
+}
+

iptable_logs/ts_dport

@@ -0,0 +1,25 @@
+#!/usr/local/bin/perl -w 
+use strict;
+use TimeSeries;
+use HTTP::Date qw(parse_date);
+
+my %hist = ();
+my $dport = shift;
+while (<>) {
+    my ($timestring, $rest) = m/(\w\w\w [ \d]\d \d\d:\d\d:\d\d) (.*)/;
+    my ($year, $mon, $day, $hour, $min, $sec, $zone)  
+	    = parse_date($timestring);
+    my $bucket = sprintf "%04d-%02d-%02dT%02d:00\n", $year, $mon, $day, $hour;
+    my %p = /(\S+)=(\S+)/g;
+    if ($dport == $p{DPT}) {
+	$hist{$bucket}++;
+    } else {
+	$hist{$bucket} += 0;
+    }
+}
+my $ts = TimeSeries->new();
+$ts->legend("Connects to port $dport");
+for (sort keys %hist) {
+    $ts->add_timestring($_, $hist{$_});
+}
+print $ts->plot();