|
Packit |
57988d |
#########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Log: sonicwall,v $
|
|
Packit |
57988d |
# Revision 1.4 2008/06/30 23:07:51 kirk
|
|
Packit |
57988d |
# fixed copyright holders for files where I know who they should be
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.3 2008/03/24 23:31:27 kirk
|
|
Packit |
57988d |
# added copyright/license notice to each script
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.2 2006/10/18 17:57:49 mike
|
|
Packit |
57988d |
# Updates from Laurent DuFour -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.1 2005/05/04 15:54:23 bjorn
|
|
Packit |
57988d |
# Sonicwall submitted by Laurent Dufour
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
# This was written and is maintained by:
|
|
Packit |
57988d |
# Laurent DUFOUR <laurent.dufour@havas.com>,<dufour_l@hotmail.com>
|
|
Packit |
57988d |
# based on the work of
|
|
Packit |
57988d |
# Kirk Bauer <kirk@kaybee.org>
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Please send all comments, suggestions, bug reports,
|
|
Packit |
57988d |
# etc, to logwatch-devel@lists.sourceforge.net
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#######################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Laurent DUFOUR
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':all';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
|
|
Packit |
57988d |
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my %configConvert = (
|
|
Packit |
57988d |
'human-readable' => 0,
|
|
Packit |
57988d |
'Human-readable' => 1,
|
|
Packit |
57988d |
'truncate-readable' => 2,
|
|
Packit |
57988d |
);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Taken from DiskUsage.pm inside Filesys-DiskUsage-0.02
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Jose Castro, C<< <cog@cpan.org>
|
|
Packit |
57988d |
# Please report any bugs or feature requests to
|
|
Packit |
57988d |
# C<bug-disk-usage@rt.cpan.org>, or through the web interface at
|
|
Packit |
57988d |
# L<http://rt.cpan.org>. I will be notified, and then you'll
|
|
Packit |
57988d |
# automatically be notified of progress on your bug as I make changes.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Copyright 2004 Jose Castro, All Rights Reserved.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
#This program is free software; you can redistribute it and/or modify it
|
|
Packit |
57988d |
#under the same terms as Perl itself.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# convert size to human readable format
|
|
Packit |
57988d |
sub _convert {
|
|
Packit |
57988d |
defined (my $size = shift) || return undef;
|
|
Packit |
57988d |
my $config = {@_};
|
|
Packit |
57988d |
# $config->{human} || return $size;
|
|
Packit |
57988d |
my $block = $config->{'Human-readable'} ? 1000 : 1024;
|
|
Packit |
57988d |
my @args = qw/B K M G/;
|
|
Packit |
57988d |
while (@args && $size > $block) {
|
|
Packit |
57988d |
shift @args;
|
|
Packit |
57988d |
$size /= $block;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($config->{'truncate-readable'} > 0) {
|
|
Packit |
57988d |
$size = sprintf("%.$config->{'truncate-readable'}f",$size);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
return "$size$args[0]";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "\n\nDEBUG: Inside SONICWALL Filter \n\n";
|
|
Packit |
57988d |
$DebugCounter = 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
my ($month,$day,$time,$host_ip,$host,$conn,$msg,$message);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
if ( $Debug >= 30 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG($DebugCounter): $ThisLine";
|
|
Packit |
57988d |
$DebugCounter++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
($month,$day,$time,$host_ip,$host_id,$host_sn,$msg)=split(/ +/,$ThisLine,7);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($ThisLine =~ /sn=/ ) { #mean that we ave to deal with a sonicwall log file line
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($ThisLine =~ /traffic/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Copyright/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /removed due to simultaneous rekey/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Administrator logged out/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /Connection (Closed|Opened)/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /(TCP|UDP) connection dropped/ )
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
# don't care about this, will code this later
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$pad) = ($ThisLine =~ /msg="UDP packet dropped" n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? (.*)?/) ) {
|
|
Packit |
57988d |
$UDP_dropped{$host_ip}{LookupIP($src_ip)," to ",LookupIP($dst_ip)}++
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$pad) = ($ThisLine =~ /msg="TCP packet dropped" n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? (.*)?/) ) {
|
|
Packit |
57988d |
$TCP_dropped{$host_ip}{LookupIP($src_ip)," to ",LookupIP($dst_ip)}++
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$pad) = ($ThisLine =~ /msg="ICMP packet dropped" n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? (.*)?/) ) {
|
|
Packit |
57988d |
$ICMP_dropped{$host_ip}{LookupIP($src_ip)," to ",LookupIP($dst_ip)}++
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$ip_proto,$xfer_port_type,$op_type,$http_result) = ($ThisLine =~ /n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? proto=(udp|tcp)\/(http|80) op=(HEAD|Other) result=(\d+)/) ) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($op_type eq "HEAD") {
|
|
Packit |
57988d |
$URL_HEAD{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
$URL_OTHER{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$ip_proto,$xfer_port_type,$op_type,$xfer_way,$xfer_byte,$http_result,$url,$args) = ($ThisLine =~ /n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? proto=(udp|tcp|icmp)\/(http|80) op=(GET|POST) (rcvd|sent)=(\d+) result=(\d+) dstname=(.*) arg=(.*)(.*)/) ) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($op_type eq "GET") {
|
|
Packit |
57988d |
$URL_GET{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
$URL_POST{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($xfer_way eq "sent") {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$ProtoPacketSent{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
|
|
Packit |
57988d |
$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
$ProtoPacketReceived{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
|
|
Packit |
57988d |
$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$ip_proto,$xfer_port_type,$op_type,$xfer_byte_sent,$xfer_byte_rcvd,$http_result,$url,$args) = ($ThisLine =~ /n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? proto=(udp|tcp|icmp)\/(http|80) op=(GET|POST) sent=(\d+) rcvd=(\d+) result=(\d+) dstname=(.*) (arg=(.*))?/) ) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($op_type eq "GET") {
|
|
Packit |
57988d |
$URL_GET{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
$URL_POST{$host_ip}{$url}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$ProtoPacketSent{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte_sent;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte_sent;
|
|
Packit |
57988d |
$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$ProtoPacketReceived{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte_rcvd;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte_rcvd;
|
|
Packit |
57988d |
$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$ip_proto,$xfer_port_type,$xfer_way,$xfer_byte) = ($ThisLine =~ /n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? proto=(udp|tcp|icmp)\/(.*) (rcvd|sent)=(\d+)(.*)/) ) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($xfer_way eq "sent") {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$ProtoPacketSent{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteSent{$host_ip}{$ip_proto}=$TotalProtoByteSent{$host_ip}{$ip_proto}+$xfer_byte;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteSent{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteSent{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
|
|
Packit |
57988d |
$PortPacketSent{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
$ProtoPacketReceived{$host_ip}{$ip_proto}++;
|
|
Packit |
57988d |
$TotalProtoByteReceived{$host_ip}{$ip_proto}=$TotalProtoByteReceived{$host_ip}{$ip_proto}+$xfer_byte;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($ip_proto eq "tcp") or ($ip_proto eq "udp")) {
|
|
Packit |
57988d |
$ByteReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}=$ByteReceived{$ip_proto}{$ip_proto,"/",$xfer_port_type}+$xfer_byte;
|
|
Packit |
57988d |
$PortPacketReceived{$host_ip}{$ip_proto,"/",$xfer_port_type}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
#time="2005-03-23 09:03:27" fw=62.2.84.91 pri=5 c=128 m=37 msg="UDP packet dropped" n=3759 src=64.74.133.26:11379:WAN dst=62.2.84.91:33436:WAN^M
|
|
Packit |
57988d |
#Mar 23 12:45:32 10.15.30.1 id=firewall sn=004010144097 time="2005-03-23 11:08:20" fw=62.2.84.91 pri=6 c=1024 m=98 n=61505 src=195.143.213.210:4992:WAN dst=62.2.84.92:1802:DMZ proto=tcp/1802 rcvd=106 ^M
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /System Config saved from host (\d+\.\d+\.\d+\.\d+) (.*)/) ) {
|
|
Packit |
57988d |
$SysCfgSaved{$host_ip}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($dst_ip,$msg) = ($ThisLine =~ /The system configuration was saved from host (\d+\.\d+\.\d+\.\d+) by (.*)/) ) {
|
|
Packit |
57988d |
$SysCfgSaved{$host_ip}{LookupIP($dst_ip)}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Compiled/) ) {
|
|
Packit |
57988d |
$Started{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /DNS entries have been automatically refreshed./) ) {
|
|
Packit |
57988d |
$DNSRefreshed{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /DNS has been refreshed./) ) {
|
|
Packit |
57988d |
$DNSRefreshed{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Log successfully sent via email/) ) {
|
|
Packit |
57988d |
$SyslogHost{$host_ip}{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Syslog facility has been changed/) ) {
|
|
Packit |
57988d |
$SyslogFacility{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Syslog security facility has been changed/) ) {
|
|
Packit |
57988d |
$SyslogFacility{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /The system clock has been updated through NTP./) ) {
|
|
Packit |
57988d |
$NTPUpdated{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /failed to get clock through NTP/) ) {
|
|
Packit |
57988d |
$NTPFailed{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($ThisLine =~ /Access Rule added/) ) {
|
|
Packit |
57988d |
$AccessRuleAdded{$host_ip}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /RELOAD: (.*)/) ) {
|
|
Packit |
57988d |
$ReloadRequested{$host_ip}{$message}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($message) = ($ThisLine =~ /RESTART: (.*)/) ) {
|
|
Packit |
57988d |
$Restarted{$host_ip}{$message}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/msg="Probable TCP NULL scan " n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -TCP NULL scan- line\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
my $name = LookupIP($2);
|
|
Packit |
57988d |
$Temp = "TCP NULL scan from $name";
|
|
Packit |
57988d |
$TCP_NULL_scan{$host_ip}{$Temp}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($interface) = ($ThisLine =~ /msg="Successful administrator login" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/) ) {
|
|
Packit |
57988d |
if ($Debug >= 5) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -$1 logged in from $4 using $2\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ($Detail >= 20) {
|
|
Packit |
57988d |
$Users{$host_ip}{"from ",$2}{"using port 80"}{$1}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$Users{$host_ip}{"from ",$2}{"using port 80"}{"(all)"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($interface) = ($ThisLine =~ /msg="(WAN zone administrator login allowed|Web management request allowed)" n=(\d+) usr=(\w+) src=(\d+\.\d+\.\d+\.\d+)(.*)?/) ) {
|
|
Packit |
57988d |
if ($Debug >= 5) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -$1 logged in from $5 using $3\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ($Detail >= 20) {
|
|
Packit |
57988d |
$Users{$host_ip}{"from ",$3}{"using port 80"}{$1}++;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$Users{$host_ip}{"from ",$3}{"using port 80"}{"(all)"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/msg="Administrator login failed - incorrect password" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) (.*)/ ) {
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -Failed login- line\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
my $name = LookupIP($2);
|
|
Packit |
57988d |
$Temp = "HTTP from $name";
|
|
Packit |
57988d |
$BadAdminLogins{$host_ip}{"Administrator login failed - incorrect password from $name"}++;
|
|
Packit |
57988d |
$IllegalUsers{$host_ip}{$Temp}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/msg="Unknown user attempted to log in" n=(\d+) src=(\d+\.\d+\.\d+\.\d+) dst=(\d+\.\d+\.\d+\.\d+) user=(.*)/ ) {
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG: Found -Failed login- line\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
my $name = LookupIP($2);
|
|
Packit |
57988d |
$Temp = "HTTP from $name";
|
|
Packit |
57988d |
$BadLogins{$host_ip}{"$4 user attempted to log in from $name"}++;
|
|
Packit |
57988d |
$IllegalUsers{$host_ip}{$Temp}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( $ThisLine =~ m/SSH client at (.+) has attempted to make an SCS connection to interface untrust with IP (.+) but failed (.*)/ ) {
|
|
Packit |
57988d |
my $name = LookupIP($2);
|
|
Packit |
57988d |
$Temp = "SSH from $name";
|
|
Packit |
57988d |
$BadLogins{$host_ip}{$Temp}++;
|
|
Packit |
57988d |
$IllegalUsers{$host_ip}{$Temp}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
elsif ( ($Msg,$number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$pad) = ($ThisLine =~ /msg="(.*)" n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)?(S+)?(.*)?/) ) {
|
|
Packit |
57988d |
$Msg{$host_ip}{$Msg," for ",LookupIP($src_ip)," to ",LookupIP($dst_ip)}++
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
elsif ( ($Msg,$number,$src_ip,$port_src,$interface_src,$src_name,$dst_ip,$port_dst,$interface_dst,$dst_name,$pad) = ($ThisLine =~ /msg="(Ping of death dropped|Smurf Amplification attack dropped)" n=(\d+) src=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)? dst=(\d+\.\d+\.\d+\.\d+):(\d+):(WAN|LAN|DMZ):?(.*)?/) ) {
|
|
Packit |
57988d |
$Msg{$host_ip}{$Msg," for ",LookupIP($src_ip)," to ",LookupIP($dst_ip)}++
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
# Report any unmatched entries...
|
|
Packit |
57988d |
push @OtherList,$ThisLine;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} #end of mean we have a sonic wall logfile line
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Started) {
|
|
Packit |
57988d |
print "\nDevice started :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Started) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Started{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t Started" .$ThatOne . "\t: " . $Started{$ThisOne}{$ThatOne} . "{ Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %UDP_dropped) {
|
|
Packit |
57988d |
print "\nDevice where ip UDP packets have been dropped :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %UDP_dropped) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$UDP_dropped{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $UDP_dropped{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %TCP_dropped) {
|
|
Packit |
57988d |
print "\nDevice where ip TCP packets have been dropped :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %TCP_dropped) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$TCP_dropped{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $TCP_dropped{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ICMP_dropped) {
|
|
Packit |
57988d |
print "\nDevice where ip ICMP packets have been dropped :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ICMP_dropped) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ICMP_dropped{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ICMP_dropped{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Msg) {
|
|
Packit |
57988d |
print "\nDevice others message :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Msg) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Msg{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Msg{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %URL_GET) ) {
|
|
Packit |
57988d |
print "\nDevice URL GET :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %URL_GET) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$URL_GET{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $URL_GET{$ThisOne}{$ThatOne} . " times(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %URL_POST) ) {
|
|
Packit |
57988d |
print "\nDevice URL POST :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %URL_POST) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$URL_POST{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $URL_POST{$ThisOne}{$ThatOne} . " times(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %URL_HEAD) ) {
|
|
Packit |
57988d |
print "\nDevice URL HEAD :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %URL_HEAD) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$URL_HEAD{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $URL_HEAD{$ThisOne}{$ThatOne} . " times(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %URL_OTHER) ) {
|
|
Packit |
57988d |
print "\nDevice URL OTHER :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %URL_OTHER) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$URL_OTHER{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $URL_OTHER{$ThisOne}{$ThatOne} . " times(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ProtoPacketReceived) ) {
|
|
Packit |
57988d |
print "\nDevice Total packets received by protocols :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ProtoPacketReceived) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ProtoPacketReceived{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ProtoPacketReceived{$ThisOne}{$ThatOne} . " packet(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %PortPacketReceived) ) {
|
|
Packit |
57988d |
print "\nDevice Total packets received by ports :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %PortPacketReceived) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$PortPacketReceived{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $PortPacketReceived{$ThisOne}{$ThatOne} . " packet(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %TotalProtoByteReceived) ) {
|
|
Packit |
57988d |
print "\nDevice Total Bytes received by protocols :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %TotalProtoByteReceived) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$TotalProtoByteReceived{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . _convert($TotalProtoByteReceived{$ThisOne}{$ThatOne}, %configConvert ) . " Byte(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ByteReceived) ) {
|
|
Packit |
57988d |
print "\nDevice Total Bytes received by ports :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ByteReceived) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ByteReceived{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . _convert($ByteReceived{$ThisOne}{$ThatOne}, %configConvert ) . " Byte(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ProtoPacketSent) ) {
|
|
Packit |
57988d |
print "\nDevice Total packets sent by protocols :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ProtoPacketSent) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ProtoPacketSent{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ProtoPacketSent{$ThisOne}{$ThatOne} . " packet(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %PortPacketSent) ) {
|
|
Packit |
57988d |
print "\nDevice Total packets sent by ports :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %PortPacketSent) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$PortPacketSent{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $PortPacketSent{$ThisOne}{$ThatOne} . " packet(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %TotalProtoByteSent) ) {
|
|
Packit |
57988d |
print "\nDevice Total Bytes sent by protocols :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %TotalProtoByteSent) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$TotalProtoByteSent{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . _convert($TotalProtoByteSent{$ThisOne}{$ThatOne}, %configConvert ) . " Byte(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ByteSent) ) {
|
|
Packit |
57988d |
print "\nDevice Total Bytes sent by ports :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ByteSent) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ByteSent{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . _convert($ByteSent{$ThisOne}{$ThatOne}, %configConvert ) . " Byte(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %NTPUpdated) {
|
|
Packit |
57988d |
print "\nDevice where The system clock has been updated through NTP :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NTPUpdated) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$NTPUpdated{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $NTPUpdated{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %NTPFailed) {
|
|
Packit |
57988d |
print "\nDevice where failed to get clock through NTP :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NTPFailed) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$NTPFailed{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $NTPFailed{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print "\nDevice where DNS have been refreshed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DNSRefreshed) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$DNSRefreshed{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $DNSRefreshed{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SyslogFacility) {
|
|
Packit |
57988d |
print "\nDevice where Syslog facility has been changed :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SyslogFacility) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SyslogFacility{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SyslogFacility{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SyslogHost) {
|
|
Packit |
57988d |
print "\nDevice where Syslog have been mail succesfully :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SyslogHost) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SyslogHost{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SyslogHost{$ThisOne}{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Restarted) {
|
|
Packit |
57988d |
print "\nDevice restarted :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Restarted) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$Restarted{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $Restarted{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %AccessRuleAdded) {
|
|
Packit |
57988d |
print "\nDevice where rules have been added :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %AccessRuleAdded) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$AccessRuleAdded{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $AccessRuleAdded{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ReloadRequested) {
|
|
Packit |
57988d |
print "\nDevice reload requested :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ReloadRequested) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$ReloadRequested{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $ReloadRequested{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %SysCfgSaved) {
|
|
Packit |
57988d |
print "\nDevice where system config have been saved :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %SysCfgSaved) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $ThatOne (keys %{$SysCfgSaved{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t " .$ThatOne . "\t: " . $SysCfgSaved{$ThisOne}{$ThatOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %BadLogins) {
|
|
Packit |
57988d |
print "\nFailed logins from these:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %BadLogins) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$BadLogins{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $BadLogins{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %TCP_NULL_scan) {
|
|
Packit |
57988d |
print "\nDevice whcih had been ports scanned :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %TCP_NULL_scan) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$TCP_NULL_scan{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $TCP_NULL_scan{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %BadAdminLogins) {
|
|
Packit |
57988d |
print "\nFailed administrator logins from these:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %BadAdminLogins) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$BadAdminLogins{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $BadAdminLogins{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %IllegalUsers) {
|
|
Packit |
57988d |
print "\nIllegal users from these:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %IllegalUsers) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
for (sort keys %{$IllegalUsers{$ThisOne}}) {
|
|
Packit |
57988d |
print "\t $_: $IllegalUsers{$ThisOne}{$_} Time(s)\n";
|
|
Packit |
57988d |
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Users) {
|
|
Packit |
57988d |
print "\nUsers logging in through :\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %Users) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach $user (sort {$a cmp $b} keys %{$Users{$ThisOne}}) {
|
|
Packit |
57988d |
print " $user:\n";
|
|
Packit |
57988d |
my $totalSort = TotalCountOrder(%{$Users{$ThisOne}{$user}}, \&SortIP);
|
|
Packit |
57988d |
foreach my $ip (sort $totalSort keys %{$Users{$ThisOne}{$user}}) {
|
|
Packit |
57988d |
my $name = LookupIP($ip);
|
|
Packit |
57988d |
if ($Detail >= 20) {
|
|
Packit |
57988d |
print " $name:\n";
|
|
Packit |
57988d |
my $sort = CountOrder(%{$Users{$ThisOne}{$user}{$ip}});
|
|
Packit |
57988d |
foreach my $method (sort $sort keys %{$Users{$ThisOne}{$user}{$ip}}) {
|
|
Packit |
57988d |
my $val = $Users{$ThisOne}{$user}{$ip}{$method};
|
|
Packit |
57988d |
my $plural = ($val > 1) ? "s" : "";
|
|
Packit |
57988d |
print " $method: $val time$plural\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
my $val = (values %{$Users{$ThisOne}{$user}{$ip}})[0];
|
|
Packit |
57988d |
my $plural = ($val > 1) ? "s" : "";
|
|
Packit |
57988d |
print " $name: $val time$plural\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($#OtherList >= 0) {
|
|
Packit |
57988d |
print "\n**Unmatched Entries**\n";
|
|
Packit |
57988d |
print @OtherList;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|