source-git / mod_security

Clone
Source Code
GIT

Blame mlogc/mlogc-batch-load.pl.in

c8 c8s master
  1.   266c79f0bc40b8cac92f2ad12ff78b5c4b9ecb37
  2.   mlogc
  3.   mlogc-batch-load.pl.in
Blob History Raw
Packit 284210 
#!@PERL@
Packit 284210 
#
Packit 284210 
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
Packit 284210 
# Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
Packit 284210 
#
Packit 284210 
# You may not use this file except in compliance with
Packit 284210 
# the License.  You may obtain a copy of the License at
Packit 284210 
#
Packit 284210 
#     http://www.apache.org/licenses/LICENSE-2.0
Packit 284210 
#
Packit 284210 
# If any of the files related to licensing are missing or if you have any
Packit 284210 
# other questions related to licensing please contact Trustwave Holdings, Inc.
Packit 284210 
# directly using the email address security@modsecurity.org.
Packit 284210
Packit 284210 
use strict;
Packit 284210 
use File::Find qw(find);
Packit 284210 
use File::Spec::Functions qw(catfile);
Packit 284210 
use Sys::Hostname qw(hostname);
Packit 284210 
use Digest::MD5 qw(md5_hex);
Packit 284210
Packit 284210 
my $ROOTDIR = $ARGV[0] || '';
Packit 284210 
my $MLOGC = $ARGV[1] || '';
Packit 284210 
my $MLOGCCONF = $ARGV[2] || '';
Packit 284210 
my @AUDIT = ();
Packit 284210
Packit 284210 
if ($ROOTDIR eq '' or ! -e $MLOGC or ! -e $MLOGCCONF) {
Packit 284210 
	printf STDERR "\nUsage: $0 <rootdir> </path/to/mlogc> <mlogc_config>\n\n";
Packit 284210 
	exit 1;
Packit 284210 
}
Packit 284210
Packit 284210 
open(MLOGC, "|$MLOGC -f $MLOGCCONF") or die "ERROR: could not open '$MLOGC' - $!\n";
Packit 284210
Packit 284210 
find(
Packit 284210 
	{
Packit 284210 
		wanted => sub {
Packit 284210 
			my($fn,$dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size);
Packit 284210
Packit 284210 
			(($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size) = stat($_)) &&
Packit 284210 
			-f _ &&
Packit 284210 
####        MODSEC-204 /^\d{8}-\d+-\w{24}$/s
Packit 284210 
            /^\d{8}-\d+-.{24,}$/s
Packit 284210 
			&& (($fn = $File::Find::name) =~ s/^\Q$ROOTDIR\E//)
Packit 284210 
			&& push(@AUDIT, [$fn, $size]);
Packit 284210 
		},
Packit 284210 
		follow => 1,
Packit 284210 
	},
Packit 284210 
	$ROOTDIR
Packit 284210 
);
Packit 284210
Packit 284210 
for my $audit (@AUDIT) {
Packit 284210 
	my $fn = $audit->[0];
Packit 284210 
	my $line = "";
Packit 284210 
	my $err = 0;
Packit 284210 
	my $ln = 0;
Packit 284210 
	my $sln = 0;
Packit 284210 
	my $sect = "";
Packit 284210 
	my $data = "";
Packit 284210 
	my %data = (
Packit 284210 
		hostname => hostname(),
Packit 284210 
		remote_addr => "-",
Packit 284210 
		remote_user => "-",
Packit 284210 
		local_user  => "-",
Packit 284210 
		logtime => "-",
Packit 284210 
		request => "-",
Packit 284210 
		response_status => "-",
Packit 284210 
		bytes_sent => "-",
Packit 284210 
		referer => "-",
Packit 284210 
		user_agent => "-",
Packit 284210 
		uniqueid => "-",
Packit 284210 
		sessionid => "-",
Packit 284210 
		audit_file => $fn,
Packit 284210 
		extra => "0",
Packit 284210 
		audit_size => $audit->[1],
Packit 284210 
		md5 => "-",
Packit 284210 
	);
Packit 284210
Packit 284210 
	### Parse the audit file in an attempt to recreate the original log line
Packit 284210 
	open (AUDIT, "<".catfile($ROOTDIR,$fn)) or $err = 1;
Packit 284210 
	if ($err == 1) {
Packit 284210 
		print STDERR "ERROR: could not open '$fn' - $!\n";
Packit 284210 
		next;
Packit 284210 
	}
Packit 284210
Packit 284210 
	while($line = <AUDIT>) {
Packit 284210 
		$data .= $line;
Packit 284210 
		chop $line;
Packit 284210 
		$ln++;
Packit 284210 
		$sln++;
Packit 284210 
		if ($line =~ m%^--[0-9A-Fa-f]{8}-([A-Z])--$%) {
Packit 284210 
			$sect = $1;
Packit 284210 
			$sln = 0;
Packit 284210 
			next;
Packit 284210 
		};
Packit 284210 
		if ($sect eq 'A') {
Packit 284210 
            if ($line =~ m%^(\[[^:]+:\d+:\d+:\d+ [^\]]+\]) (\S+) (\S+) (\d+) (\S+) (\d+)%) {
Packit 284210 
				$data{logtime} = $1;
Packit 284210 
				$data{uniqueid} = $2;
Packit 284210 
				$data{remote_addr} = $3;
Packit 284210 
			}
Packit 284210 
			next;
Packit 284210 
		}
Packit 284210 
		elsif ($sect eq 'B') {
Packit 284210 
			if ($sln == 1) {
Packit 284210 
				$data{request} = $line;
Packit 284210 
			}
Packit 284210 
			elsif ($line =~ m%^User=Agent: (.*)%i) {
Packit 284210 
				$data{user_agent} = $1;
Packit 284210 
			}
Packit 284210 
			elsif ($line =~ m%^Referer: (.*)%i) {
Packit 284210 
				$data{referer} = $1;
Packit 284210 
			}
Packit 284210 
			next;
Packit 284210 
		}
Packit 284210 
		elsif ($sect eq 'F') {
Packit 284210 
			if ($sln == 1 and $line =~ m%^\S+ (\d{3})\D?.*%) {
Packit 284210 
				$data{response_status} = $1;
Packit 284210 
			}
Packit 284210 
			elsif ($line =~ m%^Content-Length: (\d+)%i) {
Packit 284210 
				$data{bytes_sent} = $1;
Packit 284210 
			}
Packit 284210 
			next;
Packit 284210 
		}
Packit 284210 
	}
Packit 284210 
	$data{md5} = md5_hex($data);
Packit 284210
Packit 284210 
	printf MLOGC (
Packit 284210 
		"%s %s %s %s %s \"%s\" %s %s \"%s\" \"%s\" %s \"%s\" %s %s %s md5:%s\n",
Packit 284210 
		$data{hostname},
Packit 284210 
		$data{remote_addr},
Packit 284210 
		$data{remote_user},
Packit 284210 
		$data{local_user},
Packit 284210 
		$data{logtime},
Packit 284210 
		$data{request},
Packit 284210 
		$data{response_status},
Packit 284210 
		$data{bytes_sent},
Packit 284210 
		$data{referer},
Packit 284210 
		$data{user_agent},
Packit 284210 
		$data{uniqueid},
Packit 284210 
		$data{sessionid},
Packit 284210 
		$data{audit_file},
Packit 284210 
		$data{extra},
Packit 284210 
		$data{audit_size},
Packit 284210 
		$data{md5},
Packit 284210 
	);
Packit 284210
Packit 284210 
}
Packit 284210

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation