|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Log: pix,v $
|
|
Packit |
57988d |
# Revision 1.4 2008/06/30 23:07:51 kirk
|
|
Packit |
57988d |
# fixed copyright holders for files where I know who they should be
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.3 2008/03/24 23:31:26 kirk
|
|
Packit |
57988d |
# added copyright/license notice to each script
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.2 2007/02/16 03:30:55 bjorn
|
|
Packit |
57988d |
# Change to Unix text, without CR/LF, by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.1 2006/12/20 04:24:07 bjorn
|
|
Packit |
57988d |
# New script for cisco pix files, written by Bob Hendry.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#######################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Bob Hendry
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':all';
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# Apply date for Cisco PIX
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use POSIX qw(strftime);
|
|
Packit |
57988d |
use Logwatch ':dates';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$SearchDate = TimeFilter('%b %e %H:%M:%S');
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
|
|
Packit |
57988d |
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "\n\nDEBUG: Inside PIX Filter \n\n";
|
|
Packit |
57988d |
$DebugCounter = 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my ($month,$day,$time,$host,$process,$conn,$msg);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
if ($ThisLine =~ m/^$SearchDate/o) { # added
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $Debug >= 30 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG($DebugCounter): $ThisLine";
|
|
Packit |
57988d |
$DebugCounter++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Copyright/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /IOS \(tm\)/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /TAC:Home:SW:IOS:Specials/ )
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
# don't care about this, will code this later
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( $ThisLine =~ /%PIX-4-106023:/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*PIX-4-106023: Deny //;
|
|
Packit |
57988d |
$testline =~ s/\[0x0, 0x0\]//;
|
|
Packit |
57988d |
$testline =~ s/"/ /g;
|
|
Packit |
57988d |
$testline =~ s/by access-group//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$accesslist = @testfields[$#testfields];
|
|
Packit |
57988d |
$action = "Deny";
|
|
Packit |
57988d |
$protocol = @testfields[0];
|
|
Packit |
57988d |
if ($protocol =~ /(tcp|udp)/) {
|
|
Packit |
57988d |
$source = @testfields[3];
|
|
Packit |
57988d |
$destination = @testfields[7];
|
|
Packit |
57988d |
$icmp_type = "";
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[3];
|
|
Packit |
57988d |
$source_port = @testfields[4];
|
|
Packit |
57988d |
$destination_ip = @testfields[7];
|
|
Packit |
57988d |
$destination_port = @dfields[8];
|
|
Packit |
57988d |
} elsif ($protocol =~ /icmp/) {
|
|
Packit |
57988d |
$source = @testfields[3];
|
|
Packit |
57988d |
$destination = @testfields[7];
|
|
Packit |
57988d |
$icmp_type = @testfields[8];
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[3];
|
|
Packit |
57988d |
$destination_ip = @testfields[7];
|
|
Packit |
57988d |
} elsif ($protocol =~ /41/) { #IPv6
|
|
Packit |
57988d |
$source = @testfields[3];
|
|
Packit |
57988d |
$destination = @testfields[7];
|
|
Packit |
57988d |
$icmp_type = "";
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[3];
|
|
Packit |
57988d |
$source_port = @testfields[4];
|
|
Packit |
57988d |
$destination_ip = @testfields[7];
|
|
Packit |
57988d |
$destination_port = @dfields[8];
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$count = 0;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$ACL{$accesslist} += $count;
|
|
Packit |
57988d |
$ACTION{$action} += $count;
|
|
Packit |
57988d |
$packets += $count;
|
|
Packit |
57988d |
if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$SSH{$source_ip} += $count;
|
|
Packit |
57988d |
$SSH_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$TELNET{$source_ip} += $count;
|
|
Packit |
57988d |
$TELNET_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-106100:/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-106100://;
|
|
Packit |
57988d |
$testline =~ s/ ->//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$accesslist = @testfields[1];
|
|
Packit |
57988d |
$action = @testfields[2];
|
|
Packit |
57988d |
$protocol = @testfields[3];
|
|
Packit |
57988d |
if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[5];
|
|
Packit |
57988d |
$source_port = @testfields[6];
|
|
Packit |
57988d |
$destination_ip = @testfields[8];
|
|
Packit |
57988d |
$destination_port = @testfields[9];
|
|
Packit |
57988d |
} elsif ($protocol =~ /icmpv6/) {
|
|
Packit |
57988d |
# not implemented
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$count = 0;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$ACL{$accesslist} += $count;
|
|
Packit |
57988d |
$ACTION{$action} += $count;
|
|
Packit |
57988d |
$packets += $count;
|
|
Packit |
57988d |
if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$SSH{$source_ip} += $count;
|
|
Packit |
57988d |
$SSH_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$TELNET{$source_ip} += $count;
|
|
Packit |
57988d |
$TELNET_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$FTP{$source_ip} += $count;
|
|
Packit |
57988d |
$FTP_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
#Error Message %PIX|ASA-6-302013
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302013: Built/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302013: Built//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$connection_id = @testfields[3];
|
|
Packit |
57988d |
$CONNECTION_ID{$connection_id} = $connection_id;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
#Error Message %PIX|ASA-6-302015
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302015: Built/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302015: Built//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$connection_id = @testfields[3];
|
|
Packit |
57988d |
$CONNECTION_ID{$connection_id} = $connection_id;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#Error Message %PIX|ASA-6-302014
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302014: Teardown/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302014: Teardown//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$protocol = @testfields[0];
|
|
Packit |
57988d |
$connection_id = @testfields[2];
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[5];
|
|
Packit |
57988d |
$source_port = @testfields[6];
|
|
Packit |
57988d |
$destination_ip = @testfields[11];
|
|
Packit |
57988d |
$destination_port = @testfields[12];
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($connection_id == $CONNECTION_ID{$connection_id}) {
|
|
Packit |
57988d |
if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$FTP{$source_ip} += $count;
|
|
Packit |
57988d |
$FTP_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$SSH{$source_ip} += $count;
|
|
Packit |
57988d |
$SSH_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$TELNET{$source_ip} += $count;
|
|
Packit |
57988d |
$TELNET_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
#Error Message %PIX|ASA-6-302016
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302016: Teardown/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302016: Teardown//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$protocol = @testfields[0];
|
|
Packit |
57988d |
$connection_id = @testfields[2];
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[5];
|
|
Packit |
57988d |
$source_port = @testfields[6];
|
|
Packit |
57988d |
$destination_ip = @testfields[11];
|
|
Packit |
57988d |
$destination_port = @testfields[12];
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($connection_id == $CONNECTION_ID{$connection_id}) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($source_port == 53) and ($protocol =~ /UDP|udp/) ) {
|
|
Packit |
57988d |
$DNS{$source_ip} += $count;
|
|
Packit |
57988d |
$DNS_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($source_port == 123) and ($protocol =~ /UDP|udp/) ) {
|
|
Packit |
57988d |
$NTP{$source_ip} += $count;
|
|
Packit |
57988d |
$NTP_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( ($source_port == 514) and ($protocol =~ /UDP|udp/) ) {
|
|
Packit |
57988d |
$SYSLOG{$source_ip} += $count;
|
|
Packit |
57988d |
$SYSLOG_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ /%PIX-3-710003:/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-3-710003://;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$accesslist = @testfields[4];
|
|
Packit |
57988d |
$action = "denied";
|
|
Packit |
57988d |
$protocol = @testfields[0];
|
|
Packit |
57988d |
if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
|
|
Packit |
57988d |
$icmp_type = "";
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = @testfields[6];
|
|
Packit |
57988d |
$source_port = @testfields[7];
|
|
Packit |
57988d |
$destination_ip = @testfields[10];
|
|
Packit |
57988d |
$destination_port = @testfields[11];
|
|
Packit |
57988d |
} elsif ($protocol =~ /icmpv6/) {
|
|
Packit |
57988d |
$source_ip = @testfields[3];
|
|
Packit |
57988d |
$source_port = 0;
|
|
Packit |
57988d |
$destination_ip = @testfields[4];
|
|
Packit |
57988d |
$destination_port = 0;
|
|
Packit |
57988d |
$icmp_type = @testfields[5];
|
|
Packit |
57988d |
$count = @testfields[6];
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$count = 0;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$ACL{$accesslist} += $count;
|
|
Packit |
57988d |
$ACTION{$action} += $count;
|
|
Packit |
57988d |
$packets += $count;
|
|
Packit |
57988d |
if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
|
|
Packit |
57988d |
$SSH{$source_ip} += $count;
|
|
Packit |
57988d |
$SSH_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}#Error Message %PIX|ASA-6-302020
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302020: Built ICMP connection for faddr/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302020: Built ICMP connection for faddr//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$connection_id = @testfields[0];
|
|
Packit |
57988d |
$CONNECTION_ID{$connection_id} = $connection_id;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#Error Message %PIX|ASA-6-302021
|
|
Packit |
57988d |
elsif ($ThisLine =~ /%PIX-6-302021: Teardown ICMP connection for faddr/) {
|
|
Packit |
57988d |
$testline = $ThisLine;
|
|
Packit |
57988d |
chomp $testline;
|
|
Packit |
57988d |
$testline =~ s/^.*%PIX-6-302021: Teardown ICMP connection for faddr//;
|
|
Packit |
57988d |
$testline =~ s/[:,]/ /g;
|
|
Packit |
57988d |
$testline =~ s/\// /g;
|
|
Packit |
57988d |
$testline =~ s/[()]/ /g;
|
|
Packit |
57988d |
@testfields = split(' ',$testline);
|
|
Packit |
57988d |
$connection_id = @testfields[0];
|
|
Packit |
57988d |
$count = 1;
|
|
Packit |
57988d |
$source_ip = $connection_id;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($connection_id == $CONNECTION_ID{$connection_id}) {
|
|
Packit |
57988d |
$ICMP{$source_ip} += $count;
|
|
Packit |
57988d |
$ICMP_packets += $count;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
# Report any unmatched entries...
|
|
Packit |
57988d |
chomp $ThisLine;
|
|
Packit |
57988d |
$OtherList{$ThisLine}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if (keys %ACL) {
|
|
Packit |
57988d |
print "\nAccess Control Lists:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %ACL) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $ACL{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $packets . " Hit(s)\n";
|
|
Packit |
57988d |
if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ACTION) {
|
|
Packit |
57988d |
print "\nActions:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %ACTION) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $ACTION{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $packets . " Hit(s)\n";
|
|
Packit |
57988d |
if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if (keys %ICMP) {
|
|
Packit |
57988d |
print "\nICMP Requests:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %ICMP) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $ICMP{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $ICMP_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SSH) {
|
|
Packit |
57988d |
print "\nSSH access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %SSH) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $SSH{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $SSH_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %TELNET) {
|
|
Packit |
57988d |
print "\nTELNET access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %TELNET) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $TELNET{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $TELNET_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %FTP) {
|
|
Packit |
57988d |
print "\nFTP access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %FTP) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $FTP{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $FTP_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %DNS) {
|
|
Packit |
57988d |
print "\nDNS access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %DNS) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $DNS{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $DNS_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if (keys %NTP) {
|
|
Packit |
57988d |
print "\nNTP access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %NTP) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $NTP{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $NTP_packets . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if (keys %SYSLOG) {
|
|
Packit |
57988d |
print "\nSYSLOG access:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort keys %SYSLOG) {
|
|
Packit |
57988d |
print " " . $ThisOne . " : " . $SYSLOG{$ThisOne} . " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print " Total : " . $SYSLOG_packets. " Hit(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#if (keys %OtherList) {
|
|
Packit |
57988d |
# print "\n**Unmatched Entries**\n";
|
|
Packit |
57988d |
# foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
|
|
Packit |
57988d |
# print " $line: $OtherList{$line} Time(s)\n";
|
|
Packit |
57988d |
# }
|
|
Packit |
57988d |
#}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|