1 |
#include <iostream> |
2 |
#include <fstream> |
3 |
#include <string> |
4 |
#include <sstream> |
5 |
#include <vector> |
6 |
#include <iomanip> |
7 |
#include <GeoIP.h> |
8 |
|
9 |
|
10 |
using namespace std; |
11 |
GeoIP* gi = 0; |
12 |
bool lookup = false; |
13 |
|
14 |
vector<string> getTokens(const string& str){ |
15 |
string buf; |
16 |
stringstream ss(str); |
17 |
vector<string> tokens; |
18 |
while (ss >> buf) |
19 |
tokens.push_back(buf); |
20 |
return tokens; |
21 |
} |
22 |
|
23 |
void lookupIP(const string& ip) { |
24 |
if (!lookup) |
25 |
return; |
26 |
const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str()); |
27 |
|
28 |
if (cc) |
29 |
cout << setw(3) << cc << " "; |
30 |
else |
31 |
cout << setw(3) << "n/a "; |
32 |
|
33 |
} |
34 |
|
35 |
void analyseWord(const string& word) { |
36 |
int delim = word.find("="); |
37 |
|
38 |
if (delim == -1) //delimiter not found; |
39 |
return; |
40 |
string key = word.substr(0,delim); |
41 |
string val = word.substr(delim+1, 1024); // the rest |
42 |
|
43 |
if (key == "SRC") { |
44 |
cout << setw(15) << left << val << " "; |
45 |
lookupIP(val); |
46 |
} |
47 |
|
48 |
if (key == "DST") |
49 |
cout << setw(15) << left << val << " "; |
50 |
|
51 |
if (key == "PROTO") |
52 |
cout << val << " "; |
53 |
|
54 |
if (key == "SPT") |
55 |
cout << setw(5) << right << val << " "; |
56 |
|
57 |
if (key == "DPT") |
58 |
cout << setw(6) << right << val << " "; |
59 |
} |
60 |
|
61 |
void analyseLine(string line) { |
62 |
vector<string> words = getTokens(line); |
63 |
|
64 |
if (words.size() < 7) { |
65 |
cout << "Illegal line format " << line << endl; |
66 |
return; |
67 |
} |
68 |
|
69 |
//print date and time |
70 |
cout << words[0] << " " << words[1] << " " << words[2] << " "; |
71 |
for (unsigned i=3; i<words.size(); i++) { |
72 |
analyseWord(words[i]); |
73 |
} |
74 |
|
75 |
|
76 |
cout << endl; |
77 |
} |
78 |
|
79 |
|
80 |
void printUsage() { |
81 |
cout << "Usage: analyser [-l] <logfile>|-" << endl; |
82 |
cout << "Use '-' for reading logdata from std input" << endl; |
83 |
cout << "Options:" << endl; |
84 |
cout << " -l : geoip lookup on source IP adresses" << endl; |
85 |
} |
86 |
|
87 |
int main(int argc, char** argv) |
88 |
{ |
89 |
if (argc < 2) { |
90 |
printUsage(); |
91 |
return 1; |
92 |
} |
93 |
|
94 |
string file = ""; |
95 |
|
96 |
if (string(argv[1]) == "-l") { |
97 |
if (argc != 3) { |
98 |
printUsage(); |
99 |
return 1; |
100 |
} |
101 |
|
102 |
file = argv[2]; |
103 |
lookup = true; |
104 |
} else { |
105 |
file = argv[1]; |
106 |
} |
107 |
|
108 |
istream* in; |
109 |
ifstream infile; |
110 |
|
111 |
if ( file == "-") { |
112 |
in = &cin; |
113 |
} else { |
114 |
infile.open(file.c_str()); |
115 |
|
116 |
if (!infile) { |
117 |
cout << "Could not open " << file << endl; |
118 |
return 1; |
119 |
} |
120 |
|
121 |
in = &infile; |
122 |
} |
123 |
|
124 |
|
125 |
|
126 |
if (lookup){ |
127 |
gi = GeoIP_new(GEOIP_STANDARD); |
128 |
} |
129 |
|
130 |
char buffer[1024]; |
131 |
|
132 |
while (!in->eof()) { |
133 |
in->getline(buffer,1024); |
134 |
if (buffer[0] == 0) |
135 |
continue; //empty line |
136 |
analyseLine(buffer); |
137 |
} |
138 |
|
139 |
if (lookup) { |
140 |
GeoIP_delete(gi); |
141 |
} |
142 |
|
143 |
return 0; |
144 |
} |