File: //ibin/apalog.new
#!/usr/bin/perl
#
# Written 9/27/2001 - Jack Sasportas - Jack@innovativeinternet.com
#########################################################################################################
# This provides CPU benchmark stuff
#use Benchmark;
#$start_time = new Benchmark;
# -----------------------------
# This provides Date & Time Stamp
#use Date::Format;
#@lt = localtime(time);
# -----------------------------
$file = "apache_log";
$lines = "60";
#$file = @ARGV[0];
#$lines = @ARGV[1];
#print @ARGV[2];
$lgreen = "\033[1;32m";
$white = "\033[0m";
$dblue = "\033[0;34m";
$virus=0;
$formm=0;
$hit=0;
$percent=0;
$col=0;
%bh_bytes_by_domain = ();
$bh_total_bytes = 0.1;
my $pv = "";
my %hosts = ();
open(APALOG,"tail -f -n".$lines." /var/log/httpd/".$file." |") or die;
while($line = <APALOG>) {
# bhoran
$bh_current_line = $line;
@arz = split(/\s+/,$bh_current_line);
$bh_host = $arz[0];
$bh_total_bytes += $arz[10];
if(exists $bh_bytes_by_domain{$bh_host}) {
$bh_bytes_by_domain{$bh_host} += $arz[10];
} else {
$bh_bytes_by_domain{$bh_host} = $arz[10];
}
# /bhoran
($domain, $host, $month, $year) = $line =~ m|^(.*?) (.*?) .*? \[.*?/(.*?)/(.*?)\:|;
if ($line =~ /default.ida/) {$domain = "V-ida - ".$domain; $virus++ ;$on="y"; }
if ($line =~ /root.exe/) {$domain = "V-root- ".$domain; $virus++ ;$on="y"; }
if ($line =~ /cmd.exe/) {$domain = "V-cmd - ".$domain; $virus++ ;$on="y"; }
if ($line =~ /formmail/) {$domain = "FormM - ".$domain; $fromm++ ;$on="y"; }
if ($line =~ /FormMail/) {$domain = "FormM - ".$domain; $formm++ ;$on="y"; }
if ($on ne "y") { $hit++ };
if ($on ne "y") { $domain = " - ".$domain; };
$hosts{"$domain"}++;
$pv = $hosts{"$domain"};
if ( $hit > 1 ) {
if ( $virus => 1 ) { $percent = round((100*((($hit+$virus+$formm)-$hit -$formm)/$hit)),2); }
if ( $formm => 1 ) { $percent2 = round((100*((($hit+$virus+$formm)-$hit -$virus)/$hit)),2); }
}
# This provides CPU benchmark stuff
# $current_time = new Benchmark;
# $amount_of_time = timestr(timediff($current_time, $start_time));
# -----------------------------
# Standard Output
# print $domain . pad($domain,44) . "Hits-$hit" . pad($hit,7) . "Virus-$virus" . pad($virus,5) . "$percent%\n";
# -----------------------------
# Prints Date & Time Stamp
# print $domain . pad($domain,44) . "Hits-$hit" . pad($hit,7) . "FormM-$formm" . pad($formm,5) . "$percent2% " . "Virus-$virus" . pad($virus,5) . "$percent% ". time2str('%C',time) . "\n";
if ( $domain ne $old_domain ) {
# print $domain . pad($domain,44) . " SHT: $hit" . pad($hit,6) . " IHT: $pv" . pad($pv,6) . " FM: $formm" . pad($formm,3) . "$percent2% " . "V: $virus" . pad($virus,3) . "$percent% ". "H: $host" . pad($host,30) . "\n";
if ( $hit => 1 ) { $percent = round(($pv/$hit*100),2); }
if ($live_mode eq "y") {
if ($col eq 0) {
$col++;
print $lgreen . $domain . pad($domain,44) . " SHT: $hit" . pad($hit,8) . " IHT: $pv" . pad($pv,8) . "$percent% " . " H: $host" . pad($host,30) . "BW: ". sprintf(" %.2f MB / %.2f MB",($bh_bytes_by_domain{$bh_host}/1024.0/1024.0),($bh_total_bytes/1024.0/1024.0) )."\n";
} else {
print $white . $domain . pad($domain,44) . " SHT: $hit" . pad($hit,8) . " IHT: $pv" . pad($pv,8) . "$percent% " . " H: $host" . pad($host,30) . "BW: ". sprintf(" %.2f MB / %.2f MB",($bh_bytes_by_domain{$bh_host}/1024.0/1024.0),($bh_total_bytes/1024.0/1024.0) )."\n";
$col=0;
}
} else {
if ($col eq 0) {
$col++;
# print $lgreen . $domain . pad($domain,44) . " SHT: $hit" . pad($hit,7) . " IHT: $pv" . pad($pv,7) . "$percent% " . pad($pv,4) . " H: $host" . pad($host,15) . "BW: ". sprintf(" %.2f MB / %.2f MB",($bh_bytes_by_domain{$bh_host}/1024.0/1024.0),($bh_total_bytes/1024.0/1024.0) )."\n";
$padded = $green;
$padded .= sprintf("%-${54}s", $domain);
$padded .= " SHT: " . sprintf("%${8}s", $hit);
$padded .= " IHT: " . sprintf("%${7}s", $pv);
$padded .= sprintf("%${4}s", $percent);
print $padded . "\n";
} else {
# print $white . $domain . pad($domain,44) . " SHT: $hit" . pad($hit,7) . " IHT: $pv" . pad($pv,7) . "$percent% " . pad($pv,4) . " H: $host" . pad($host,15) . "BW: ". sprintf(" %.2f MB / %.2f MB",($bh_bytes_by_domain{$bh_host}/1024.0/1024.0),($bh_total_bytes/1024.0/1024.0) )."\n";
# $padded = sprintf("%${44}s", $domain) . sprintf("%-*s", 12, $hit) . sprintf("%-*s", 8, $pv);
# $padded = sprintf("%${44}s", $domain) . sprintf("%${12}s", $hit) . sprintf("%${8}s", $pv);
$padded = $white;
$padded .= sprintf("%-${54}s", $domain);
$padded .= " SHT: " . sprintf("%${8}s", $hit);
$padded .= " IHT: " . sprintf("%${7}s", $pv);
$padded .= sprintf("%${4}s", $percent);
#$padded = sprintf("%44d", $domain) . sprintf("%12d", $hit) . sprintf("%8d", $pv) ;
print $padded . "\n";
$col=0;
}
}
$old_domain = $domain;
}
# Detail Print
# print $dblue . "\t" . $domain . pad($domain,44) . " SHT: $hit" . pad($hit,6) . " IHT: $pv" . pad($pv,6) . "$percent% " . " H: $host" . pad($host,30) . "\n";
# print $domain . pad($domain,44) . "Hits-$hit" . pad($hit,7) . "FormM-$formm" . pad($formm,5) . "$percent2% " . "Virus-$virus" . pad($virus,5) . "$percent% ". "\n";
# -----------------------------
# This prints CPU time
# print $domain . pad($domain,44) . "Hits-$hit" . pad($hit,7) . "Virus-$virus" . pad($virus,5) . "$percent% ". $amount_of_time ."\n";
# -----------------------------
$on="n"
}
sub pad {
my $text = $_[0];
my $length = length($text);
my $spaces = $_[1] - $length;
my $blank = "";
for($i = 1; $i <= $spaces; $i++) {
$blank .= " ";
}
return("$blank");
}
sub round{
$float = shift; # the number to round
$intgr = int($float + 0.5);
return $intgr;
}
close(APALOG);
exit;