From b18959eba9978f8482ec66ab0a9f9d814ee9d1a5 Mon Sep 17 00:00:00 2001
From: stransky <none>
Date: Sat, 5 Jan 2002 13:37:38 +0100
Subject: [PATCH] import initial

darcs-hash:20020105123738-a279a-cea1d9e56ef3e20e6a1aa94a4bf2d8dc34ee02d2.gz
---
 analyse.pl | 352 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 352 insertions(+)
 create mode 100755 analyse.pl

diff --git a/analyse.pl b/analyse.pl
new file mode 100755
index 00000000..99841839
--- /dev/null
+++ b/analyse.pl
@@ -0,0 +1,352 @@
+#!/usr/bin/perl -w
+##
+## Analyse.pl 
+##
+## Made by Tab <rv@crans.org> 
+##
+## Started on  Tue 09 Oct 2001 01:28:25 AM CEST tab 
+## Last Update Tue Nov 25 19:00:00 2001 Nico
+##
+##
+##    This program is free software; you can redistribute it and/or modify
+##    it under the terms of the GNU General Public License as published by
+##    the Free Software Foundation; either version 2 of the License, or
+##    (at your option) any later version.
+## 
+##    This program is distributed in the hope that it will be useful,
+##    but WITHOUT ANY WARRANTY; without even the implied warranty of
+##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##    GNU General Public License for more details.
+## 
+##    You should have received a copy of the GNU General Public License
+##    along with this program; if not, write to the Free Software
+##    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
+##
+##
+## AUTEUR: Tab
+## MAINTAINERS: Nico, Tab
+##
+## DESCRIPTION: analyse permet de creer des resumes des fichiers de 
+## log cree par net-acct. Net-acct est un daemon qui permet de logguer toutes
+## les connexions effectues. 
+##
+## SYNOPSIS: analyse (-d|-u) [-h <host>] [-m <to>] [-n <nb>] [-f <file>]
+##
+## VERSION: 0.2
+##
+
+use strict;
+
+my $inputfile = "/var/log/net-acct/net-acct.log.0";
+my $host = "";
+my $download = 0;
+my $nombre_line_affiche = -1;
+my $dns_resolve = 1;
+my $ip_interne = "138\.231\.1(3[6-9]|4[0-3])\.";
+
+######## ERROR GEST ########
+# USAGE: affiche en cas d'erreur dans les arguments.
+
+sub usage
+{
+print "Usage:\tanalyse (-d) [-h <host>][-m <to>][-n <nb>][-f <file>]\n\n";
+
+print "\t-d, --download\tTri la base sur le download\n";
+print "\t-h, --host\tResume des connexions effectues par la machine <host IP>\n";
+print "\t-n, --nombre\tChoisi le nombre de lignes affichees\n";
+print "\t-f, --file\tSpecifie le fichier qui sera analyse\n";
+print "\t    --nodns\tNe resout pas les noms DNS\n";
+print "\t    --help\tAffiche cette aide\n";
+print "\n";
+print "par defaut si l'option n'existe pas:\n";
+print "\tdownload = on tri sur l'upload\n";
+print "\tnombre = tout est affiche\n";
+print "\tfile = analyse de /var/log/net-acct/net-acct.log.0\n"; 
+
+exit (1);
+}
+
+sub show_all
+{
+	my $id;
+	my %up_db;
+	my %down_db;
+	my $max;
+	
+	my ($nb_to_print, $sort_by_upload) = @_;
+	
+	open INPUT, $inputfile;
+	while (my $line = <INPUT>) {
+		my ($src_ip, $dst_ip, $size) = (split "\t", $line)[2,4,6];
+		if ($src_ip =~ /$ip_interne/ ) {
+			$up_db{$src_ip} += $size;
+		}
+		if ($dst_ip =~ /$ip_interne/ ) {
+			$down_db{$dst_ip} += $size;
+		}
+	}
+	close(INPUT);
+	
+	if ($nb_to_print == -1)
+		{ $nb_to_print = (my @nb = (keys %up_db)); }
+	
+	$max = (keys %up_db)[0];
+	if ($sort_by_upload) {
+	for (my $dec=$nb_to_print; $dec > 0; $dec--) {
+		foreach my $ip (keys %up_db) {
+			if ($up_db{$max} <= $up_db{$ip})
+				{ $max = $ip; }
+		}
+		print normalize($up_db{$max})." (".normalize($down_db{$max}).")\t".ip_to_name($max)."\n" if $up_db{$max} > 0;
+		$up_db{$max} = 0;
+	}
+	} else {
+	for (my $dec=$nb_to_print; $dec > 0; $dec--) {
+		foreach my $ip (keys %down_db) {
+			if ($down_db{$max} <= $down_db{$ip})
+				{ $max = $ip; }
+		}
+		print normalize($down_db{$max})." (".normalize($up_db{$max}).
+			")\t".ip_to_name($max)."\n" if $down_db{$max} > 0;
+		$down_db{$max} = 0;
+	}
+	}
+}
+
+sub get_host_info
+{
+	my $up_size = 0;
+	my $down_size = 0;
+	my %up_loc_db;
+	my %down_loc_db;
+	my %up_dist_db;
+	my %down_dist_db;
+	my $max;
+	my ($ip_search) = @_;
+	open INPUT, $inputfile;
+	
+	while (my $line = <INPUT>) {
+		my ($src_ip, $src_port, $dst_ip, $dst_port, $size) = 
+			(split "\t", $line)[2,3,4,5,6];
+		if ($src_ip eq $ip_search) {
+			$up_size += $size;
+			$up_loc_db{$src_port} += $size;
+			$up_dist_db{$dst_port} += $size;
+		} 
+		if ($dst_ip eq $ip_search) {
+			$down_size += $size;
+			$down_loc_db{$dst_port} += $size;
+			$down_dist_db{$src_port} += $size;
+		}
+	}
+	close(INPUT);
+
+	print "--- Info for $ip_search ---";
+	print "\n ";
+	print "\nUpload:  \t".normalize($up_size);
+	print "\nPorts locaux: ";
+	$max = (keys %up_loc_db)[0];
+	for (my $dec=5; $dec > 0; $dec--) {
+		foreach my $port (keys %up_loc_db) {
+			if ($up_loc_db{$max} <= $up_loc_db{$port})
+				{ $max = $port; }
+		}
+		print "$max(".normalize($up_loc_db{$max}).") " 
+			if ($up_loc_db{$max} > 0);
+		$up_loc_db{$max} = 0;
+	}
+	print "\nPorts distants: ";
+  $max = (keys %up_dist_db)[0];
+  for (my $dec=5; $dec > 0; $dec--) {
+    foreach my $port (keys %up_dist_db) {
+      if ($up_dist_db{$max} <= $up_dist_db{$port})
+        { $max = $port; }
+    }
+    print "$max(".normalize($up_dist_db{$max}).") "
+      if ($up_dist_db{$max} > 0);
+    $up_dist_db{$max} = 0;
+  }
+
+	
+	print "\n ";
+	print "\nDownload:\t".normalize($down_size);
+	print "\nPorts locaux: ";	
+	$max = (keys %down_loc_db)[0];
+  for (my $dec=5; $dec > 0; $dec--) {
+    foreach my $port (keys %down_loc_db) {
+      if ($down_loc_db{$max} <= $down_loc_db{$port})
+        { $max = $port; }
+    }
+    print "$max(".normalize($down_loc_db{$max}).") "
+      if ($down_loc_db{$max} > 0);
+    $down_loc_db{$max} = 0;
+  }
+
+	print "\nPorts distants: ";
+	$max = (keys %down_dist_db)[0];
+	for (my $dec=5; $dec > 0; $dec--) {
+		foreach my $port (keys %down_dist_db) {
+			if ($down_dist_db{$max} <= $down_dist_db{$port})
+				{ $max = $port; }
+		}
+		print "$max(".normalize($down_dist_db{$max}).") " 
+			if ($down_dist_db{$max} > 0);
+		$down_dist_db{$max} = 0;
+	}
+	print "\n ";
+	print "\n--- Quelques Calculs (Purement Informatif) ---";
+	print "\nUpload pur:\t".normalize($up_size - $down_size/20);
+	print "\nTaux download:\t";
+	print normalize($down_size/24)."/h  -  ";
+	print normalize($down_size/1440)."/min  -  ";
+	print normalize($down_size/86400)."/s";
+	print "\nTaux upload:\t";
+	print normalize($up_size/24)."/h  -  ";
+	print normalize($up_size/1440)."/min  -  ";
+	print normalize($up_size/86400)."/s";
+	print "\n\nCategoria:\t".categorie($up_size, $down_size);
+	print "\n(info: 20 mo download = 1 mo upload)";
+}
+
+#sub get_db_for_host
+#{
+#	open INPUT, $inputfile;
+#	my $id_port;
+#	my $id_ip;
+#
+#	my ($host) = @_;
+#	
+#	print "--- Info $host ---\n";
+#	
+#	if ($option_get_upload == 1) 
+#		{ $id_ip = 2; $id_port = 3; }
+#	else 
+#		{ $id_ip = 4; $id_port = 3; }
+#	
+#	while (my $line = <INPUT>) {
+#		my ($ip, $port, $size) = (split "\t", $line)[$id_ip,$id_port,6];
+#		if ($ip =~ $host) {
+#			$db{$port} += $size;
+#		}	
+#	}
+#}
+
+###########################
+######### TOOLKIT #########
+# normalize: transforme un nombre, en un nombre suivi d'un prefixe
+# Go, Mo, Ko, Octets.
+
+sub normalize
+{
+	my ($nb) = @_;
+	if (defined $nb) {
+	if ($nb < 0)
+	 	{ return ("0o"); }
+	if ($nb > (1024*1024*1024))
+		{ return ((int($nb*100/(1024*1024*1024))/100)."Go"); }
+	elsif ($nb > (1024*1024))
+		{ return (int($nb/(1024*1024))."Mo"); }
+	elsif ($nb > 1024)
+		{ return (int($nb/(1024))."Ko"); }
+	else
+		{ return ($nb."o"); }
+	}
+	
+	return ("0o");
+}
+
+# ip_to_name: resout le nom associe a l'ip donne en argument
+
+sub ip_to_name
+{
+	my ($ip) = @_;
+	my $ret;
+	my $host_name;
+	my $aliases;
+	my $addrtype;
+	my $length;
+	my @addrs;
+
+	if ($dns_resolve) {
+		my $ipaddr = pack("C4", split(/\./, $ip));
+		if (($host_name, $aliases, $addrtype, $length, @addrs) 
+				= gethostbyaddr($ipaddr, 2)) {
+			return ($host_name);
+		} else
+		{	return ("$ip [lookup failed]"); }
+	}
+	return ($ip);
+}
+
+sub categorie
+{
+	my $upload_pure;
+	my ($upload, $download) = @_;
+	
+	$upload_pure = $upload - $download/20;
+	
+	if ($upload_pure < 200*1024*1024)
+		{ return ("OK"); } 
+	if ($upload_pure < 300*1024*1024)
+		{ return ("Avertissement"); }
+	if ($upload_pure < 1000*1024*1024)
+		{ return ("Deconnexion 2 semaines"); }
+	if ($upload_pure < 3000*1024*1024)
+		{ return ("Deconnexion 1 mois"); }
+	return ("Adios");
+}
+
+# print_host_info: on affiche $nb (@_) ports pour l'hote. 
+#sub print_host_info
+#{
+#	my ($nb) = @_;
+#	my $max;
+#	
+#	if ($nb == -1)
+#		{ $nb = (my @nb = (keys %db)); }
+#
+#	for (my $dec=$nb; $dec > 0; $dec--) {
+#		foreach my $port (keys %db) {
+#			if ($db{$max} <= $db{$port})
+#				{ $max = $port; }
+#		}
+#		print "port $max:\t".normalize($db{$max})."\n" 
+#			if ($db{$max} > 0);
+#		$db{$max} = 0;
+#	}
+#}
+
+###########################
+########## MAIN ###########
+
+## Options 
+for (my $ct = 0; $ct < @ARGV; $ct++)
+{
+	if ($ARGV[$ct] eq '-d' || $ARGV[$ct] eq '--download') {
+		$download = 1;
+	} elsif ($ARGV[$ct] eq '-h' || $ARGV[$ct] eq '--host') {
+		if ($ARGV[$ct+1] =~ /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/)
+			{ $host = $ARGV[$ct+1]; $ct++; }
+		else { usage(); }
+	} elsif ($ARGV[$ct] =~ '-n' || $ARGV[$ct] eq '--nombre') {
+		if ($ARGV[$ct+1])
+			{ $nombre_line_affiche = $ARGV[$ct+1]; $ct++; }
+		else { usage(); }
+	} elsif ($ARGV[$ct] eq '-f' || $ARGV[$ct] eq '--file') {
+		if ($ARGV[$ct+1])
+			{ $inputfile = $ARGV[$ct+1]; $ct++; }
+		else { usage(); }
+	} elsif ( $ARGV[$ct] =~ '--nodns') {
+			$dns_resolve = 0;
+	} elsif ( $ARGV[$ct] =~ '--help') {
+		usage();
+		}
+}
+
+if ($host ne "") {
+	get_host_info($host);
+} else {
+	show_all($nombre_line_affiche, !$download);
+}
+
+exit (0);