jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [branches/] [HotSaNIC-0.5.0-pre6/] [lib/] [HotSaNIClogparse.pm] - Rev 23 Go to most recent revision

Compare with Previous - Blame - Download


#
# $Id: HotSaNIClogparse.pm,v 1.3 2004/03/07 23:29:40 bernisys Exp $
#

package HotSaNIClogparse;

use Time::Local;

($VERSION = '$Revision: 1.3 $') =~ s/.*(\d+\.\d+).*/$1/;

my %datehash=(Jan=>0,Feb=>1,Mar=>2,Apr=>3,May=>4,Jun=>5,Jul=>6,Aug=>7,Sep=>8,Oct=>9,Nov=>10,Dec=>11);

######################################################################
#
# finds logfiles that are not already parsed.
#
# USAGE: ($position,@files)=findlogs($dir,$names,$infofile);
#
#  $dir       the directory that contains the desired logfiles
#
#  $names     a regex that matches all desired logs
#
#  $infofile  is the path to a file where some information about
#             the last parsing process has been stored.
#
#
#  $position  will be the position where the last parsing process stopped
#
#  @files     is an array containing all "newer" (i.e. unparsed) logs
#             in hopefully the right order. This list can be parsed
#             within a "foreach (@files) {...}" construct.
#
sub findlogs {
  my $logdir = shift;
  my $logfile = shift;
  my $lastinfo = shift;

  my @files;
  use File::Find;
  File::Find::find( {wanted => sub { /^$logfile\z/s && push @files,$File::Find::name; } }, $logdir);

  my @sfiles = sort @files;

  my $firstline="*** no lastfile found ***";
  my $position=0;
  if (-e $lastinfo) {
    open FILE,$lastinfo;
    $firstline=<FILE> || "*** empty lastfile ***";
    $position=<FILE> || 0;
    close FILE;
    }

  undef @files;
  my $found=0;
  while ($found==0) {
    if (@sfiles) {
      my $file=shift @sfiles;
      open FILE,"$file";
      my $line=<FILE>;
      close FILE;
      unshift @files,$file;
      if ($line eq $firstline) { $found=1; }
      }
    else { $found=-1 }
    }

  if ($found < 0) { $position=0; }

  return ($position,@files);
  }



######################################################################
#
# parse a line of an apache logfile and return it splitted in a hash
#
sub parseline_apache {
  my $line=shift || "";
  my %info;

  $line =~ /^(.*?) (.*?) (.*?) \[(.*?) (.*?)\] \"(.*?)\" ([0-9]+) ([0-9-]+) \"(.*?)\" \"(.*?)\"$/,
    $info{IP_DN}=$1 || "",
    $info{REQuser}=$2 || "",
    $info{REQauthuser}=$3 || "",
    $info{TS}=$4 || "",
    $info{TSzone}=$5 || "",
    $info{REQwhat}=$6 || "",
    $info{RETcode}=$7 || "",
    $info{RETsize}=$8 || "",
    $info{REQreferer}=$9 || "",
    $info{REQagent}=$10 || "";
  
  $info{TS} =~ /([0-9]+)\/(\w+)\/([0-9]+)\:([0-9]+)\:([0-9]+)\:([0-9]+)/,
    $info{TSday}=$1 || 1,
    $info{TSmname}=$2 || "",
    $info{TSyear}=$3 || 1900,
    $info{TShour}=$4 || 0,
    $info{TSminute}=$5 || 0,
    $info{TSsecond}=$6 || 0;

  $info{TSmonth}=$datehash{$info{TSmname}} || 1;

  $info{TSzone} =~ /^([-+][0-9][0-9])/,$info{TSzdiff}=$1 || 0;

  $info{TSzdiff}*=1;
  $info{TSyear}*=1;
  $info{TSday}*=1;
  $info{TShour}*=1;
  $info{TSminute}*=1;
  $info{TSsecond}*=1;

  $info{TStime} = Time::Local::timelocal($info{TSsecond},$info{TSminute},$info{TShour},$info{TSday},$info{TSmonth}-1,$info{TSyear});

  return %info;
  }


######################################################################
#
# parse a line of an amavisd-new logfile and return it splitted in a hash
#
# returns all elements as a hash.
# the "result" key contains one of these keywords:
#   BANNED
#   INFECTED
#   mail_via_smtp
#   Not-Delivered
#   NOTICE
#   Passed
#
sub parseline_amavis {
  my $line=shift || "";
  my %info;

#Mar  5 11:11:03 some.host.org amavisd-new[30127]: (30127-09) Passed, <sender@send.host.org> -> <recipient@receiving.host.org>, Message-ID: <MSG_ID>, Hits: -

  $line =~ /^(\w+)\s+(\d+) (\d+):(\d+):(\d+) (.*?) (.*\[\d+\]): \((\d+-\d+)\) (\w+)[,:]* (.*)$/,
    $info{TSmname}=$1 || "",
    $info{TSday}=$2 || 1,
    $info{TShour}=$3 || 0,
    $info{TSminute}=$4 || 0,
    $info{TSsecond}=$5 || 0,
    $info{host}=$6 || "",
    $info{process}=$7 || "",
    $info{ID}=$8 || "",
    $info{result}=$9 || "",
    $info{info}=$10 || "";

  ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);

  $info{TSmonth}=$datehash{$info{TSmname}} || 1;

  $info{TSyear}=$year+1900;
  $info{TSyear}-- if ($mon+1 < $info{TSmonth});

  $info{TSday}*=1;
  $info{TShour}*=1;
  $info{TSminute}*=1;
  $info{TSsecond}*=1;

  $info{TStime} = Time::Local::timelocal($info{TSsecond},$info{TSminute},$info{TShour},$info{TSday},$info{TSmonth}-1,$info{TSyear});

  return %info;
  }


######################################################################
# 
# converts year, month, mday, hour, minute and second
# into a timestamp such as time() produces.
#
# How?  heh, heh.  Binary search. :)
# Try setting/unsetting bits starting from the high end until 
# localtime($result) matches the input time.
#
sub time_to_seconds {
  my $a = sprintf "%04d%02d%02d%02d%02d%02d",@_;
  my ($l_sec,$l_min,$l_hour,$l_mday,$l_mon,$l_year,$l_wday,$l_yday,$l_isdst);
  my ($result, $bit, $i);
    
  $result = 0;
    
  # For each bit in the value, starting with the highest bit...
  #
  $bit=1024*1024*1024;
  for (my $n=30;$n>=0; $n--) {
    $bit=1<<$n;

    $result += $bit;    # Try setting it...
    
    # Get the time info for that time...
    ($l_sec,$l_min,$l_hour,$l_mday,$l_mon,$l_year,$l_wday,$l_yday,$l_isdst) = localtime($result);
    
    $l_year+=1900;
    $l_mon+=1;

    my $b = sprintf "%04d%02d%02d%02d%02d%02d",$l_year,$l_mon,$l_mday,$l_hour,$l_min,$l_sec;
    
    $result -= $bit if ($a lt $b);
    }
    
  return($result);
  }

1;


Powered by WebSVN 2.2.1