1 |
#include <iostream> |
2 |
#include <fstream> |
3 |
#include <string> |
4 |
#include <sstream> |
5 |
#include <vector> |
6 |
#include <iomanip> |
7 |
#include <GeoIP.h> |
8 |
|
9 |
|
10 |
using namespace std; |
11 |
GeoIP* gi = 0; |
12 |
bool lookup = false; |
13 |
|
14 |
vector<string> getTokens(const string& str){ |
15 |
string buf; |
16 |
stringstream ss(str); |
17 |
vector<string> tokens; |
18 |
while (ss >> buf) |
19 |
tokens.push_back(buf); |
20 |
return tokens; |
21 |
} |
22 |
|
23 |
void lookupIP(const string& ip) { |
24 |
if (!lookup) |
25 |
return; |
26 |
const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str()); |
27 |
|
28 |
if (cc) |
29 |
cout << setw(3) << cc << " "; |
30 |
else |
31 |
cout << setw(3) << "n/a "; |
32 |
|
33 |
} |
34 |
|
35 |
void analyseWord(const string& word) { |
36 |
int delim = word.find("="); |
37 |
|
38 |
if (delim == -1) //delimiter not found; |
39 |
return; |
40 |
string key = word.substr(0,delim); |
41 |
string val = word.substr(delim+1, 1024); // the rest |
42 |
|
43 |
if (key == "SRC") { |
44 |
cout << setw(15) << left << val << " "; |
45 |
lookupIP(val); |
46 |
} |
47 |
|
48 |
if (key == "DST") |
49 |
cout << setw(15) << left << val << " "; |
50 |
|
51 |
if (key == "PROTO") |
52 |
cout << val << " "; |
53 |
|
54 |
if (key == "SPT") |
55 |
cout << setw(5) << right << val << " "; |
56 |
|
57 |
if (key == "DPT") |
58 |
cout << setw(6) << right << val << " "; |
59 |
} |
60 |
|
61 |
void analyseLine(string line) { |
62 |
vector<string> words = getTokens(line); |
63 |
|
64 |
if (words.size() < 7) { |
65 |
cout << "Illegal line format " << line << endl; |
66 |
return; |
67 |
} |
68 |
|
69 |
//print date and time |
70 |
cout << words[0] << " "; //month |
71 |
cout << setw(2) << words[1] << " " ; //day min width 2 |
72 |
cout << words[2] << " "; //timestamp |
73 |
for (unsigned i=3; i<words.size(); i++) { |
74 |
analyseWord(words[i]); |
75 |
} |
76 |
|
77 |
|
78 |
cout << endl; |
79 |
} |
80 |
|
81 |
|
82 |
void printUsage() { |
83 |
cout << "Usage: analyser [-l] <logfile>|-" << endl; |
84 |
cout << "Use '-' for reading logdata from std input" << endl; |
85 |
cout << "Options:" << endl; |
86 |
cout << " -l : geoip lookup on source IP adresses" << endl; |
87 |
} |
88 |
|
89 |
int main(int argc, char** argv) |
90 |
{ |
91 |
if (argc < 2) { |
92 |
printUsage(); |
93 |
return 1; |
94 |
} |
95 |
|
96 |
string file = ""; |
97 |
|
98 |
if (string(argv[1]) == "-l") { |
99 |
if (argc != 3) { |
100 |
printUsage(); |
101 |
return 1; |
102 |
} |
103 |
|
104 |
file = argv[2]; |
105 |
lookup = true; |
106 |
} else { |
107 |
file = argv[1]; |
108 |
} |
109 |
|
110 |
istream* in; |
111 |
ifstream infile; |
112 |
|
113 |
if ( file == "-") { |
114 |
in = &cin; |
115 |
} else { |
116 |
infile.open(file.c_str()); |
117 |
|
118 |
if (!infile) { |
119 |
cout << "Could not open " << file << endl; |
120 |
return 1; |
121 |
} |
122 |
|
123 |
in = &infile; |
124 |
} |
125 |
|
126 |
|
127 |
|
128 |
if (lookup){ |
129 |
gi = GeoIP_new(GEOIP_STANDARD); |
130 |
} |
131 |
|
132 |
char buffer[1024]; |
133 |
|
134 |
while (!in->eof()) { |
135 |
in->getline(buffer,1024); |
136 |
if (buffer[0] == 0) |
137 |
continue; //empty line |
138 |
analyseLine(buffer); |
139 |
} |
140 |
|
141 |
if (lookup) { |
142 |
GeoIP_delete(gi); |
143 |
} |
144 |
|
145 |
return 0; |
146 |
} |