#!/usr/bin/perl## $Id: fwtk-summ,v 1.8 1997/02/10 12:42:34 mi2itmwx Exp $## ======================================================================== ## fwtk-summ -- Summarise FWTK logs## Author          : Mike Williams <mikew@pemail.net>## ========================================================================     #=== Config ===============================================================     $top_max = 20;   # number of items to show in "top" lists     #=== Report printing routines =============================================     sub kB {    local ($bytes) = @_;    int( $bytes / 1024 );}     #=== Collect stats ========================================================     while (<>) {         @_ = split;         if (/ (\S+)\[\d+\]: deny host=(\S+) (.*)/) {      # $deny++; $deny_by_reason{$1,$2,$3}++;         } elsif (/ tn-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {      $tn_connect++; $tn_connect_by_host{$1}++; $tn_in += $2; $tn_out += $3; $tn_in_by_host{$1} += $2; $tn_out_by_host{$1} += $3;         } elsif (/ ftp-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/){      $ftp_connect++; $ftp_connect_by_host{$1}++; $ftp_in += $2; $ftp_out += $3; $ftp_in_by_host{$1} += $2; $ftp_out_by_host{$1} += $3;         } elsif (/ http-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/){      $http_connect++; $http_connect_by_host{$1}++; $http_in += $2; $http_out += $3; $http_in_by_host{$1} += $2; $http_out_by_host{$1} += $3;         } elsif (/ http-gw\[\d+\]: log .* cmd=get dest=([^ :]+)/) {      # $http_gets++; $http_gets_by_dest{$1}++;         } elsif (/ plug-gw\[\d+\]: disconnect host=(\S+) destination=(\S+) in=(\S+) out=(\S+) duration=(\S+)/) {      $plug_connect++; $plug_in += $3; $plug_out += $4; $plug_time += $5; $plug_connect_by_plug{$1,$2}++; $plug_in_by_plug{$1,$2} += $3; $plug_out_by_plug{$1,$2} += $4; $plug_time_by_plug{$1,$2} += $5;         } elsif (/ authsrv\[\d+\]: /) {      if (/: AUTHENTICATE (\S+)/) {     $auth_user{$1}++;     $auth_okay{$1}++; } elsif (/: BADAUTH (\S+)/) {     $auth_user{$1}++;     $auth_bad{$1}++; } elsif (!/LIST/) {     s/.* authsrv\[\d+\]: //;     $authops .= $_; }         } elsif (($host,$bytes,$from,$to) =      / smap\[\d+\]: host=(\S+) bytes=(\S+) from=(\S+) to=(\S+)/) {      $from =~ tr/A-Z/a-z/; $to =~ tr/A-Z/a-z/;      $smap_messages++; $smap_messages_by_host{$host}++; $smap_messages_by_sender{$from}++; $smap_messages_by_recipient{$to}++; $smap_bytes += $bytes; $smap_bytes_by_host{$host} += $bytes;  $smap_bytes_by_sender{$from} += $bytes;  $smap_bytes_by_recipient{$to} += $bytes;         } elsif (/ netacl\[\d+\]: permit host=(\S+) service=(\S+) /) {      $netacl_by_service_and_host{$2,$1}++;         }     }     #=== Authentication management ============================================     if ($authops) {         print <<EOF;     ** Authentication Management Operations Message-------EOF    print $authops;     }     #=== Authentications ======================================================     if (keys %auth_user) {         print <<EOF;     ** User AuthenticationsUser         Okay  Bad----      ----  ---EOF         for $user (sort keys %auth_user) { printf( "%-12s %4d %4d\n", $user, $auth_okay{$user}, $auth_bad{$user} );    }     }     #=== Rejected connections =================================================     if (keys %deny_by_reason) {         print <<EOF;     *** Rejected connectionsTries  Service  Host/Address        Reason -----  -------  ------------             ------ EOF         for $key (sort keys %deny_by_reason) { $attempts = $deny_by_reason{$key}; ($service, $host, $reason) = split( $;, $key );  printf( "%5d  %-8s %-36s %s\n", $attempts, $service, $host, $reason );    }     }     #=== TELNET usage =========================================================     if (keys %tn_connect_by_host) {         print <<EOF;     *** TELNET usageConnects  In(kB) Out(kB)  Host/Address --------  ------ -------  ------------ EOF         for $host (sort { ($tn_connect_by_host{$b} <=>          $tn_connect_by_host{$a} ||         $a cmp $b) }        keys %tn_connect_by_host) { printf( "%8d %7d %7d  %-40s\n",        $tn_connect_by_host{$host},         &kB( $tn_in_by_host{$host} ), &kB( $tn_out_by_host{$host} ),         $host );    }    print( ' ' x 26, '=' x 10, "\n" );    printf( "%8d %7d %7d  TOTAL\n",     $tn_connect, &kB($tn_in), &kB($tn_out) );     }     #=== FTP usage ============================================================     if (keys %ftp_connect_by_host) {         print <<EOF;     *** FTP usageConnects  In(kB) Out(kB)  Host/Address --------  ------ -------  ------------ EOF         for $host (sort { ($ftp_connect_by_host{$b} <=>          $ftp_connect_by_host{$a} ||         $a cmp $b) }        keys %ftp_connect_by_host) { printf( "%8d %7d %7d  %-40s\n",        $ftp_connect_by_host{$host},         &kB( $ftp_in_by_host{$host} ), &kB( $ftp_out_by_host{$host} ),         $host );    }    print( ' ' x 26, '=' x 10, "\n" );    printf( "%8d %7d %7d  TOTAL\n",     $ftp_connect, &kB($ftp_in), &kB($ftp_out) );     }     #=== HTTP usage ===========================================================     if (keys %http_connect_by_host) {         print <<EOF;     *** HTTP usageConnects  In(kB) Out(kB)  Host/Address --------  ------ -------  ------------ EOF         for $host (sort { ($http_connect_by_host{$b} <=>          $http_connect_by_host{$a} ||         $a cmp $b) }        keys %http_connect_by_host) { printf( "%8d %7d %7d  %-40s\n",        $http_connect_by_host{$host},         &kB( $http_in_by_host{$host} ), &kB( $http_out_by_host{$host} ),         $host );    }    print( ' ' x 26, '=' x 10, "\n" );    printf( "%8d %7d %7d  TOTAL\n",     $http_connect, &kB($http_in), &kB($http_out) );     }     if (keys %http_gets_by_dest) {         print <<EOF;     *** Top $top_max HTTP destinations    Gets  Host/Address    ----  ------------EOF         $top = 0;    for $dest (sort { ($http_gets_by_dest{$b} <=> $http_gets_by_dest{$a} ||         $a cmp $b) }        keys %http_gets_by_dest ) { last if (++$top > $top_max); printf( "%8d  %-40s\n", $http_gets_by_dest{$dest}, $dest );    }     }     #=== PLUG-GW usage ========================================================     if (keys %plug_connect_by_plug) {         print <<EOF;     *** PLUG-GW usageConnects  In(kB) Out(kB)  To/From--------  ------ -------  ---------- EOF         for $plug (sort { ($plug_connect_by_plug{$b} <=>          $plug_connect_by_plug{$a} ||         $a cmp $b) }        keys %plug_connect_by_plug) { my ($from, $to) = split( $;, $plug );  printf( "%8d %7d %7d  %s\n",        $plug_connect_by_plug{$plug},         &kB( $plug_in_by_plug{$plug} ),         &kB( $plug_out_by_plug{$plug} ),         $to ); print( ' ' x 29, $from, "\n" );    }    print( ' ' x 26, '=' x 10, "\n" );    printf( "%8d %7d %7d  TOTAL\n",     $plug_connect, &kB($plug_in), &kB($plug_out) );     }     #=== SMAP usage ===========================================================     if ($smap_messages) {         print <<EOF;     *** Top $top_max SMTP clientsMessages Thru(kB)  Host/Address-------- --------  ------------EOF         $top = 0;    for $host (sort         { ($smap_messages_by_host{$b} <=> $smap_messages_by_host{$a} ||    $smap_bytes_by_host{$b} <=> $smap_bytes_by_host{$a} ||     $a cmp $b) }        keys %smap_messages_by_host) { last if (++$top > $top_max); printf( "%8d %8d  %-60s\n",        $smap_messages_by_host{$host},         &kB( $smap_bytes_by_host{$host} ),        $host );    }    print( ' ' x 19, '=' x 10, "\n" );    printf( "%8d %8d  TOTAL\n", $smap_messages, &kB($smap_bytes) );         print <<EOF;     *** Top $top_max SMTP sendersMessages Thru(kB)  Sender-------- --------  ------EOF         $top = 0;    for $sender (sort { ($smap_messages_by_sender{$b} <=>     $smap_messages_by_sender{$a} ||    $smap_bytes_by_sender{$b} <=>     $smap_bytes_by_sender{$a} ||    $a cmp $b) }   keys %smap_messages_by_sender) { last if (++$top > $top_max); printf( "%8d %8d  %-60s\n",        $smap_messages_by_sender{$sender},         &kB( $smap_bytes_by_sender{$sender} ),         $sender );    }         print <<EOF;     *** Top $top_max SMTP recipientsMessages Thru(kB)  Recipient-------- --------  ---------EOF         $top = 0;    for $recipient (sort { ($smap_messages_by_recipient{$b} <=>        $smap_messages_by_recipient{$a} ||        $smap_bytes_by_recipient{$b} <=>        $smap_bytes_by_recipient{$a} ||        $a cmp $b) }   keys %smap_messages_by_recipient) { last if (++$top > $top_max); printf( "%8d %8d  %-60s\n",        $smap_messages_by_recipient{$recipient},         &kB( $smap_bytes_by_recipient{$recipient} ),         $recipient );    }     }     #=== Netacl connections =================================================     if (keys %netacl_by_service_and_host) {         print <<EOF;     *** netacl connectionsConnects Service    Host/Address-------- -------    ------------EOF         for $key (sort keys %netacl_by_service_and_host) { ($service, $host) = split( $;, $key );  printf( "%8d %-10s %-40s\n", $netacl_by_service_and_host{$key},        $service, $host );    }     }     ##=== END of fwtk-summ ====================================================