home *** CD-ROM | disk | FTP | other *** search
- #!/usr/local/bin/wermit +
- ;
- ; c r s t a t s
- ;
- ; Reads given codered logfile (see codered script), collects counts by
- ; originating host, prints summary to screen.
- ;
- ; F. da Cruz, Columbia University, August 2001.
- ; Requires C-Kermit 7.0 or later or K95 1.1.20 or later.
- ; Illustrates: file i/o, associative arrays, compact substring notation, sort.
-
- if not def \%1 exit 1 Usage: \%0 logfilename ; Check args
-
- fopen /read \%c \%1 ; Open log
- if fail exit 1 \f_errmsg() ; Check that we did
- .\%n := 0 ; Init record counter
- while not \f_eof(\%c) { ; Loop to read each record
- fread /line \%c line ; Read one record
- if fail break ; Check
- incr \%n ; Count
- .a := \s(line[19]) ; Remove timestamp
- .\%x ::= \findex({"},\m(a)) - 1 ; Remove attack string
- .a := \ftrim(\s(a[1:\%x])) ; Remove any surrounding whitespace
- .a := \fltrim(\m(a))
- _increment aa<\m(a)> ; Count a hit from this host
- }
- fclose \%c ; Close log file
-
- .\%k := \faaconvert(aa,&a,&b) ; Convert to pair of regular arrays
- .\%u := 0 ; Local domain counter
- array sort /reverse /numeric b a ; Sort in descending order of hits
- for \%i 1 \%k 1 {
- echo \frpad(\&a[\%i],60) \flpad(\&b[\%i],5) ; Print host and count
- if match \&a[\%i] *128.59* increment \%u ; Check if local domain
- }
- echo Hits: \flpad(\%n,5) ; Print summary
- echo Unique hosts: \flpad(\%k,5)
- echo Unique local hosts: \flpad(\%u,5)
- exit 0
-
