*** empty log message ***
This commit is contained in:
hjp
parent
e52d92dfc2
commit
7dfd0f68ae
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
use strict;
|
||||||
|
# 15:20:56.789680 P 0:48:54:5c:4d:f1 0:0:0:0:0:1 ip 1514: wsrppp15.wsr.ac.at.1605 > 195.202.170.227.smtp: P 420284195:420285643(1448) ack 3689574287 win 32120 <nop,nop,timestamp 2363951 3391664> (DF)
|
||||||
|
my %octets;
|
||||||
|
|
||||||
|
while (<>) {
|
||||||
|
if (/([\d.:]+) . ([\w:]+) ([\w:]+) ip (\d+): ([\w.]+)\.(\w+) > ([\w.]+)\.(\w+):/) {
|
||||||
|
# print;
|
||||||
|
# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
|
||||||
|
my $octets = $4;
|
||||||
|
my $sip = $5;
|
||||||
|
my $sport = $6;
|
||||||
|
my $dip = $7;
|
||||||
|
my $dport = $8;
|
||||||
|
# print "-> proto = $proto\n";
|
||||||
|
$octets{"$sip - $dip"} += $octets;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) {
|
||||||
|
printf "%10d %s\n", $octets{$i}, $i;
|
||||||
|
}
|
||||||
|
|
||||||
|
#vim:sw=4
|
||||||
|
|
||||||
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
use strict;
|
||||||
|
# 15:20:56.789680 P 0:48:54:5c:4d:f1 0:0:0:0:0:1 ip 1514: wsrppp15.wsr.ac.at.1605 > 195.202.170.227.smtp: P 420284195:420285643(1448) ack 3689574287 win 32120 <nop,nop,timestamp 2363951 3391664> (DF)
|
||||||
|
my %octets;
|
||||||
|
|
||||||
|
while (<>) {
|
||||||
|
if (/([\d.:]+) . ([\w:]+) ([\w:]+) ip (\d+): ([\w.]+)\.(\w+) > ([\w.]+)\.(\w+):/) {
|
||||||
|
# print;
|
||||||
|
# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
|
||||||
|
my $octets = $4;
|
||||||
|
my $sport = $6;
|
||||||
|
my $dport = $8;
|
||||||
|
my $proto;
|
||||||
|
if ($sport =~ m/[a-z]/) {
|
||||||
|
$proto = $sport;
|
||||||
|
}
|
||||||
|
elsif ($dport =~ m/[a-z]/) {
|
||||||
|
$proto = $dport;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$proto = "$sport/$dport";
|
||||||
|
}
|
||||||
|
# print "-> proto = $proto\n";
|
||||||
|
$octets{$proto} += $octets;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) {
|
||||||
|
printf "%10d %s\n", $octets{$i}, $i;
|
||||||
|
}
|
||||||
|
|
||||||
|
#vim:sw=4
|
||||||
|
|
||||||
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/sh
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
tcpdump -i eth2 -p -e -s 2000 -c 10000 > dump.`isodate`
|
||||||
|
while [ `du -s . | awk '{print $1}'` -gt 1000000 ]
|
||||||
|
do
|
||||||
|
file=`ls -tr dump.????-??-??T??:??:?? | head -1`
|
||||||
|
rm $file
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
@ -11,7 +11,7 @@ sub dumpstats {
|
||||||
}
|
}
|
||||||
|
|
||||||
while (<>) {
|
while (<>) {
|
||||||
if (m/^(\d\d:\d\d):\d\d\.\d{6} ([-\w\.]+) \> ([-\w\.]+): (.*)/) {
|
if (m/^(\d\d:\d\d):\d\d\.\d{6} . ([-\w\.]+) \> ([-\w\.]+): (.*)/) {
|
||||||
$time = $1;
|
$time = $1;
|
||||||
$from = $2;
|
$from = $2;
|
||||||
$to = $3;
|
$to = $3;
|
||||||
|
|
@ -28,7 +28,7 @@ while (<>) {
|
||||||
# tcp ack
|
# tcp ack
|
||||||
$sum{$from . " > " . $to} += 0;
|
$sum{$from . " > " . $to} += 0;
|
||||||
} else {
|
} else {
|
||||||
print stderr "unparseable2: $_";
|
print stderr "unparseable2: $rest\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue