projects/uloganalyzer/uloganalyzer.cpp

#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <vector>
#include <iomanip>
#include <GeoIP.h>


using namespace std;
GeoIP* gi = 0;
bool lookup = false;

vector<string>  getTokens(const string& str){
        string buf;  
        stringstream ss(str);  
        vector<string> tokens;  
        while (ss >> buf)
           tokens.push_back(buf);
        return tokens;
}

void lookupIP(const string& ip) {
        if (!lookup)
                return;
        const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());

        if (cc)
                cout << setw(3) << cc << " ";
        else
                cout << setw(3) << "n/a ";

}

void analyseWord(const string& word) {
        int delim = word.find("=");

        if (delim == -1) //delimiter not found;
                return;
        string key = word.substr(0,delim);
        string val = word.substr(delim+1, 1024); // the rest

        if (key == "SRC") {
                cout << setw(15) << left << val << " ";
                lookupIP(val);
        }

        if (key == "DST")
                cout << setw(15) << left << val << " ";

        if (key == "PROTO")
                cout << val << " ";

        if (key == "SPT")
                cout << setw(5) << right << val << " ";

        if (key == "DPT")
                cout << setw(6) << right << val << " ";
}

void analyseLine(string line) {
        vector<string> words = getTokens(line);
        
        if (words.size() < 7) {
                cout << "Illegal line format " << line << endl;
                return;
        }

        //print date and time
        cout << words[0] << " " << words[1] << " " << words[2] << " ";
        for (unsigned i=3; i<words.size(); i++) {
                analyseWord(words[i]);
        }


        cout << endl;   
}


void printUsage() {
        cout << "Usage: analyser [-l] <logfile>|-" << endl;
        cout << "Use '-' for reading logdata from std input" << endl;
        cout << "Options:" << endl;
        cout << "  -l : geoip lookup on source IP adresses" << endl;
}

int main(int argc, char** argv)
{
        if (argc < 2) {
                printUsage();
                return 1;
        }

        string file = "";

        if (string(argv[1]) == "-l") {
                if (argc != 3) {
                        printUsage();
                        return 1;
                }

                file = argv[2];
                lookup = true;
        } else {
                file = argv[1];
        }

        istream* in;
        ifstream infile;

        if ( file == "-") {
                in = &cin;
        } else {
                infile.open(file.c_str());

                if (!infile) {
                        cout << "Could not open " << file << endl;
                        return 1;
                }

                in = &infile;
        }

        
        if (lookup){
                gi = GeoIP_new(GEOIP_STANDARD); 
        }

        char buffer[1024];

        while (!in->eof()) {
                in->getline(buffer,1024);
                if (buffer[0] == 0)
                        continue; //empty line 
                analyseLine(buffer);
        }

        if (lookup) {
                GeoIP_delete(gi);
        }

        return 0;
}
1	#include <iostream>
2	#include <fstream>
3	#include <string>
4	#include <sstream>
5	#include <vector>
6	#include <iomanip>
7	#include <GeoIP.h>
8
9
10	using namespace std;
11	GeoIP* gi = 0;
12	bool lookup = false;
13
14	vector<string> getTokens(const string& str){
15	string buf;
16	stringstream ss(str);
17	vector<string> tokens;
18	while (ss >> buf)
19	tokens.push_back(buf);
20	return tokens;
21	}
22
23	void lookupIP(const string& ip) {
24	if (!lookup)
25	return;
26	const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());
27
28	if (cc)
29	cout << setw(3) << cc << " ";
30	else
31	cout << setw(3) << "n/a ";
32
33	}
34
35	void analyseWord(const string& word) {
36	int delim = word.find("=");
37
38	if (delim == -1) //delimiter not found;
39	return;
40	string key = word.substr(0,delim);
41	string val = word.substr(delim+1, 1024); // the rest
42
43	if (key == "SRC") {
44	cout << setw(15) << left << val << " ";
45	lookupIP(val);
46	}
47
48	if (key == "DST")
49	cout << setw(15) << left << val << " ";
50
51	if (key == "PROTO")
52	cout << val << " ";
53
54	if (key == "SPT")
55	cout << setw(5) << right << val << " ";
56
57	if (key == "DPT")
58	cout << setw(6) << right << val << " ";
59	}
60
61	void analyseLine(string line) {
62	vector<string> words = getTokens(line);
63
64	if (words.size() < 7) {
65	cout << "Illegal line format " << line << endl;
66	return;
67	}
68
69	//print date and time
70	cout << words[0] << " " << words[1] << " " << words[2] << " ";
71	for (unsigned i=3; i<words.size(); i++) {
72	analyseWord(words[i]);
73	}
74
75
76	cout << endl;
77	}
78
79
80	void printUsage() {
81	cout << "Usage: analyser [-l] <logfile>\|-" << endl;
82	cout << "Use '-' for reading logdata from std input" << endl;
83	cout << "Options:" << endl;
84	cout << " -l : geoip lookup on source IP adresses" << endl;
85	}
86
87	int main(int argc, char** argv)
88	{
89	if (argc < 2) {
90	printUsage();
91	return 1;
92	}
93
94	string file = "";
95
96	if (string(argv[1]) == "-l") {
97	if (argc != 3) {
98	printUsage();
99	return 1;
100	}
101
102	file = argv[2];
103	lookup = true;
104	} else {
105	file = argv[1];
106	}
107
108	istream* in;
109	ifstream infile;
110
111	if ( file == "-") {
112	in = &cin;
113	} else {
114	infile.open(file.c_str());
115
116	if (!infile) {
117	cout << "Could not open " << file << endl;
118	return 1;
119	}
120
121	in = &infile;
122	}
123
124
125
126	if (lookup){
127	gi = GeoIP_new(GEOIP_STANDARD);
128	}
129
130	char buffer[1024];
131
132	while (!in->eof()) {
133	in->getline(buffer,1024);
134	if (buffer[0] == 0)
135	continue; //empty line
136	analyseLine(buffer);
137	}
138
139	if (lookup) {
140	GeoIP_delete(gi);
141	}
142
143	return 0;
144	}