/[projects]/uloganalyzer/uloganalyzer.cpp
ViewVC logotype

Annotation of /uloganalyzer/uloganalyzer.cpp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 123 - (hide annotations) (download)
Tue Dec 2 18:08:19 2008 UTC (15 years, 5 months ago) by torben
File size: 2391 byte(s) 
Make it possible to read logdata from stdin (cin)
1 torben 116 #include <iostream>
2     #include <fstream>
3     #include <string>
4     #include <sstream>
5     #include <vector>
6     #include <iomanip>
7     #include <GeoIP.h>
8    
9    
10     using namespace std;
11     GeoIP* gi = 0;
12     bool lookup = false;
13    
14     vector<string> getTokens(const string& str){
15     string buf;
16     stringstream ss(str);
17     vector<string> tokens;
18     while (ss >> buf)
19     tokens.push_back(buf);
20     return tokens;
21     }
22    
23     void lookupIP(const string& ip) {
24     if (!lookup)
25     return;
26     const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());
27    
28     if (cc)
29     cout << setw(3) << cc << " ";
30     else
31     cout << setw(3) << "n/a ";
32    
33     }
34    
35     void analyseWord(const string& word) {
36     int delim = word.find("=");
37    
38     if (delim == -1) //delimiter not found;
39     return;
40     string key = word.substr(0,delim);
41     string val = word.substr(delim+1, 1024); // the rest
42    
43     if (key == "SRC") {
44     cout << setw(15) << left << val << " ";
45     lookupIP(val);
46     }
47    
48     if (key == "DST")
49     cout << setw(15) << left << val << " ";
50    
51     if (key == "PROTO")
52     cout << val << " ";
53    
54     if (key == "SPT")
55     cout << setw(5) << right << val << " ";
56    
57     if (key == "DPT")
58     cout << setw(6) << right << val << " ";
59     }
60    
61     void analyseLine(string line) {
62     vector<string> words = getTokens(line);
63 torben 123
64     if (words.size() < 7) {
65     cout << "Illegal line format " << line << endl;
66     return;
67     }
68 torben 116
69     //print date and time
70     cout << words[0] << " " << words[1] << " " << words[2] << " ";
71     for (unsigned i=3; i<words.size(); i++) {
72     analyseWord(words[i]);
73     }
74    
75    
76     cout << endl;
77     }
78    
79    
80     void printUsage() {
81 torben 123 cout << "Usage: analyser [-l] <logfile>|-" << endl;
82     cout << "Use '-' for reading logdata from std input" << endl;
83 torben 116 cout << "Options:" << endl;
84     cout << " -l : geoip lookup on source IP adresses" << endl;
85     }
86    
87     int main(int argc, char** argv)
88     {
89     if (argc < 2) {
90     printUsage();
91     return 1;
92     }
93    
94     string file = "";
95    
96     if (string(argv[1]) == "-l") {
97     if (argc != 3) {
98     printUsage();
99     return 1;
100     }
101    
102     file = argv[2];
103     lookup = true;
104     } else {
105     file = argv[1];
106     }
107    
108 torben 123 istream* in;
109     ifstream infile;
110 torben 116
111 torben 123 if ( file == "-") {
112     in = &cin;
113     } else {
114     infile.open(file.c_str());
115 torben 116
116 torben 123 if (!infile) {
117     cout << "Could not open " << file << endl;
118     return 1;
119     }
120    
121     in = &infile;
122 torben 116 }
123    
124 torben 123
125 torben 116
126     if (lookup){
127     gi = GeoIP_new(GEOIP_STANDARD);
128     }
129    
130 torben 122 char buffer[1024];
131    
132 torben 123 while (!in->eof()) {
133     in->getline(buffer,1024);
134 torben 116 if (buffer[0] == 0)
135     continue; //empty line
136     analyseLine(buffer);
137     }
138    
139     if (lookup) {
140 torben 122 GeoIP_delete(gi);
141 torben 116 }
142    
143     return 0;
144     }
  ViewVC Help
Powered by ViewVC 1.1.20