home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
ckscripts
/
crstats
< prev
next >
Wrap
Text File
|
2020-01-01
|
2KB
|
40 lines
#!/usr/local/bin/wermit +
;
; c r s t a t s
;
; Reads given codered logfile (see codered script), collects counts by
; originating host, prints summary to screen.
;
; F. da Cruz, Columbia University, August 2001.
; Requires C-Kermit 7.0 or later or K95 1.1.20 or later.
; Illustrates: file i/o, associative arrays, compact substring notation, sort.
if not def \%1 exit 1 Usage: \%0 logfilename ; Check args
fopen /read \%c \%1 ; Open log
if fail exit 1 \f_errmsg() ; Check that we did
.\%n := 0 ; Init record counter
while not \f_eof(\%c) { ; Loop to read each record
fread /line \%c line ; Read one record
if fail break ; Check
incr \%n ; Count
.a := \s(line[19]) ; Remove timestamp
.\%x ::= \findex({"},\m(a)) - 1 ; Remove attack string
.a := \ftrim(\s(a[1:\%x])) ; Remove any surrounding whitespace
.a := \fltrim(\m(a))
_increment aa<\m(a)> ; Count a hit from this host
}
fclose \%c ; Close log file
.\%k := \faaconvert(aa,&a,&b) ; Convert to pair of regular arrays
.\%u := 0 ; Local domain counter
array sort /reverse /numeric b a ; Sort in descending order of hits
for \%i 1 \%k 1 {
echo \frpad(\&a[\%i],60) \flpad(\&b[\%i],5) ; Print host and count
if match \&a[\%i] *128.59* increment \%u ; Check if local domain
}
echo Hits: \flpad(\%n,5) ; Print summary
echo Unique hosts: \flpad(\%k,5)
echo Unique local hosts: \flpad(\%u,5)
exit 0