#include #include #include #include #include #include #include using namespace std; GeoIP* gi = 0; bool lookup = false; vector getTokens(const string& str){ string buf; stringstream ss(str); vector tokens; while (ss >> buf) tokens.push_back(buf); return tokens; } void lookupIP(const string& ip) { if (!lookup) return; const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str()); if (cc) cout << setw(3) << cc << " "; else cout << setw(3) << "n/a "; } void analyseWord(const string& word) { int delim = word.find("="); if (delim == -1) //delimiter not found; return; string key = word.substr(0,delim); string val = word.substr(delim+1, 1024); // the rest if (key == "SRC") { cout << setw(15) << left << val << " "; lookupIP(val); } if (key == "DST") cout << setw(15) << left << val << " "; if (key == "PROTO") cout << val << " "; if (key == "SPT") cout << setw(5) << right << val << " "; if (key == "DPT") cout << setw(6) << right << val << " "; } void analyseLine(string line) { vector words = getTokens(line); //print date and time cout << words[0] << " " << words[1] << " " << words[2] << " "; for (unsigned i=3; i" << endl; cout << "Options:" << endl; cout << " -l : geoip lookup on source IP adresses" << endl; } int main(int argc, char** argv) { if (argc < 2) { printUsage(); return 1; } string file = ""; if (string(argv[1]) == "-l") { if (argc != 3) { printUsage(); return 1; } file = argv[2]; lookup = true; } else { file = argv[1]; } ifstream in(file.c_str()); if (!in) { cout << "Could not open " << file << endl; return 1; } if (lookup){ gi = GeoIP_new(GEOIP_STANDARD); } char buffer[1024]; while (!in.eof()) { in.getline(buffer,1024); if (buffer[0] == 0) continue; //empty line analyseLine(buffer); } if (lookup) { GeoIP_delete(gi); } return 0; }