#!/usr/bin/perl use Socket; %HOSTS={}; $logfile="$ARGV[0]"; shift; $sourcelen=60; $destlen=30; $barlen=130 - $sourcelen - $destlen - 3 ; $myname=`uname -n`; chop $myname; foreach $myint (@ARGV) { $num++; $myip=`/sbin/ifconfig $myint|sed -n 's/^.*inet addr:\$[0-9\\.]*\$ .*\$/\\1/p'`; chop ($myip); $myint[$num]="${myint}:${myip}"; $not_from[$num]="${myip}:3"; $not_to[$num]="${myip}:113 ${myip}:0"; } $max=-1000; open(LOG, "< $logfile") || die "Unable to open logfile for reading!"; while() { $i++; if ( ( ! /.*Packet log.*REJECT.*/gi ) && ( ! /.*Packet log.*DENY.*/gi ) ) { next ; } @fields=split(" ", $_); next if (! $fields[14]) ; ($host, $port)=split(':', $fields[12]); ($shost, $sport)=split(':', $fields[11]); $skipit = 0; foreach $all_filters (@not_from) { foreach $filter (split(' ', $all_filters)) { if ( "${shost}:${sport}" eq $filter ) { $skipit=1; } } } foreach $all_filters (@not_to) { foreach $filter (split(' ', $all_filters)) { if ( "${host}:${port}" eq $filter ) { $skipit=1; } } } next if ($skipit > 0 ) ; $name=resolv($host); $sname=resolv($shost); foreach $filter (@myint) { ($myint, $myip)=split(':', $filter); if ($host eq $myip) { $name = "${myint}-${myname}"; } if ($shost eq $myip) { $sname = "${myint}-${myname}"; } } $key= $sname . " " . $name; $SCAN{$key}++; $max=$SCAN{$key} if ( $max < $SCAN{$key} ) ; } close(LOG); $ratio=$max/$barlen; printf("\n%-${sourcelen}s %-${destlen}s %s\n","FROM", "TO","COUNT"); print "=" x 130; print "\n"; foreach $key (keys(%SCAN)){ $max=$SCAN{$key}; } foreach $key (keys(%SCAN)){ ($sname,$name)=split(' ', $key); printf("%-${sourcelen}s %-${destlen}s ", $sname,$name); $bars= $SCAN{$key}/$ratio; $bars++; print "*" x $bars; print "\n"; } 1; sub resolv #resolv and cache a host name { local $mname,$miaddr,$mhost; $mhost=shift; $miaddr = inet_aton($mhost); # or whatever address if (! $HOSTS{$mhost} ) { $mname = gethostbyaddr($miaddr, AF_INET); if ( $mname =~ /^$/ ) { $mname=$mhost; } $HOSTS{$mhost}=$mname; } return $HOSTS{$mhost} }