forked from wedaa/LongTail-Log-Analysis
-
Notifications
You must be signed in to change notification settings - Fork 1
/
LongTail_class_b_hall_of_shame.pl
executable file
·130 lines (118 loc) · 3.66 KB
/
LongTail_class_b_hall_of_shame.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/perl
############################################################################
# adds commas to numbers so they are readable
#
sub commify {
my ( $sign, $int, $frac ) = ( $_[0] =~ /^([+-]?)(\d*)(.*)/ );
my $commified = (
reverse scalar join ',',
unpack '(A3)*',
scalar reverse $int
);
return $sign . $commified . $frac;
}
sub this_month_hall_of_shame {
my %my_array;
`ls *.*.*.*-$YEAR.$MONTH.* >/tmp/LongTail.hall.of.shame.$$`;
open (FILE, "/tmp/LongTail.hall.of.shame.$$");
while (<FILE>){
($ip1,$ip2,$trash)=split (/\./,$_);
$my_array{"$ip1.$ip2"}++;
}
close (FILE);
print "<TR><TH colspan=3>Class B IP ranges with most attacks for $MONTH $YEAR</TD></TR>\n";
print "<TR> <TH>Class B Address</TH> <TH>Number Of Attacks</TH> <TH>Number Of Login Attempts</TH> </TR> \n";
$count=0;
foreach my $name (sort { $my_array{$b} <=> $my_array{$a} } keys %my_array) {
$note="";
if ( -e "/var/www/html/honey/notes/$name" ){
$note=`cat /var/www/html/honey/notes/$name`;
}
$number_of_attacks=`cat $name* |wc -l`;
chomp $number_of_attacks;
if ( $number_of_attacks > 10000){
if ($count < 10){
printf "<TR><TD>%s $note</TD><TD>%d</TD>", $name, $my_array{$name};
$number_of_attacks=&commify($number_of_attacks);
printf "<TD>$number_of_attacks</TD></TR>\n";
$count++;
}
if ($count >= 10){last;}
}
}
undef (%my_array);
}
sub this_year_hall_of_shame {
my %my_array;
chdir ("/var/www/html/honey/attacks/");
`ls *.*.*.*.*-$YEAR.* >/tmp/LongTail.hall.of.shame.$$`;
open (FILE, "/tmp/LongTail.hall.of.shame.$$");
while (<FILE>){
($ip1,$ip2,$trash)=split (/\./,$_);
$my_array{"$ip1.$ip2"}++;
}
close (FILE);
print "</TABLE>\n";
print "<BR><BR>\n";
print "<TABLE BORDER=3>\n";
print "<TR><TH colspan=3>Class B IP ranges with most attacks for $YEAR</TD></TR>\n";
print "<TR> <TH>Class B Address</TH> <TH>Number Of Attacks</TH> <TH>Number Of Login Attempts</TH> </TR> \n";
$count=0;
foreach my $name (sort { $my_array{$b} <=> $my_array{$a} } keys %my_array) {
$note="";
if ( -e "/var/www/html/honey/notes/$name" ){
$note=`cat /var/www/html/honey/notes/$name`;
}
$number_of_attacks=`cat $name* |wc -l`;
chomp $number_of_attacks;
if ( $number_of_attacks > 10000){
if ($count < 10){
printf "<TR><TD>%s $note</TD><TD>%d</TD>", $name, $my_array{$name};
$number_of_attacks=&commify($number_of_attacks);
printf "<TD>$number_of_attacks</TD></TR>\n";
$count++;
}
if ($count >= 10){last;}
}
}
}
sub all_class_c {
my %my_array;
chdir ("/var/www/html/honey/attacks/");
`ls *.*.*.*.* >/tmp/LongTail.hall.of.shame.$$`;
open (FILE, "/tmp/LongTail.hall.of.shame.$$");
while (<FILE>){
($ip1,$ip2,$trash)=split (/\./,$_);
$my_array{"$ip1.$ip2"}++;
}
close (FILE);
print "</TABLE>\n";
print "<BR><BR>\n";
print "<TABLE BORDER=3>\n";
print "<TR><TH colspan=3>All Class B IP ranges Sorted By Number Of Attakcs</TD></TR>\n";
print "<TR> <TH>Class B Address</TH> <TH>Number Of Attacks</TH> <TH>Number Of Login Attempts</TH> </TR> \n";
foreach my $name (sort { $my_array{$b} <=> $my_array{$a} } keys %my_array) {
$note="";
if ( -e "/var/www/html/honey/notes/$name" ){
$note=`cat /var/www/html/honey/notes/$name`;
}
$number_of_attacks=`cat $name* |wc -l`;
chomp $number_of_attacks;
printf "<TR><TD>%s $note</TD><TD>%d</TD>", $name, $my_array{$name};
$number_of_attacks=&commify($number_of_attacks);
printf "<TD>$number_of_attacks</TD></TR>\n";
}
}
$YEAR=`date +%Y`;
chomp $YEAR;
$MONTH=`date +%m`;
chomp $MONTH;
chdir ("/var/www/html/honey/attacks/");
if ( "$ARGV[0]" eq "ALL" ){
&all_class_c;
}
else {
&this_month_hall_of_shame;
&this_year_hall_of_shame;
}
unlink ("/tmp/LongTail.hall.of.shame.$$");