import initial

darcs-hash:20020105123738-a279a-cea1d9e56ef3e20e6a1aa94a4bf2d8dc34ee02d2.gz
2002-01-05 13:37:38 +01:00 · 2002-01-05 13:37:38 +01:00 · b18959eba9
commit b18959eba9
parent 17c43b872d
1 changed files with 352 additions and 0 deletions
--- a/analyse.pl
+++ b/analyse.pl
@ -0,0 +1,352 @@
 #!/usr/bin/perl -w
 ##
 ## Analyse.pl 
 ##
 ## Made by Tab <rv@crans.org> 
 ##
 ## Started on  Tue 09 Oct 2001 01:28:25 AM CEST tab 
 ## Last Update Tue Nov 25 19:00:00 2001 Nico
 ##
 ##
 ##    This program is free software; you can redistribute it and/or modify
 ##    it under the terms of the GNU General Public License as published by
 ##    the Free Software Foundation; either version 2 of the License, or
 ##    (at your option) any later version.
 ## 
 ##    This program is distributed in the hope that it will be useful,
 ##    but WITHOUT ANY WARRANTY; without even the implied warranty of
 ##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ##    GNU General Public License for more details.
 ## 
 ##    You should have received a copy of the GNU General Public License
 ##    along with this program; if not, write to the Free Software
 ##    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
 ##
 ##
 ## AUTEUR: Tab
 ## MAINTAINERS: Nico, Tab
 ##
 ## DESCRIPTION: analyse permet de creer des resumes des fichiers de 
 ## log cree par net-acct. Net-acct est un daemon qui permet de logguer toutes
 ## les connexions effectues. 
 ##
 ## SYNOPSIS: analyse (-d|-u) [-h <host>] [-m <to>] [-n <nb>] [-f <file>]
 ##
 ## VERSION: 0.2
 ##
 use strict;
 my $inputfile = "/var/log/net-acct/net-acct.log.0";
 my $host = "";
 my $download = 0;
 my $nombre_line_affiche = -1;
 my $dns_resolve = 1;
 my $ip_interne = "138\.231\.1(3[6-9]|4[0-3])\.";
 ######## ERROR GEST ########
 # USAGE: affiche en cas d'erreur dans les arguments.
 sub usage
 {
 print "Usage:\tanalyse (-d) [-h <host>][-m <to>][-n <nb>][-f <file>]\n\n";
 print "\t-d, --download\tTri la base sur le download\n";
 print "\t-h, --host\tResume des connexions effectues par la machine <host IP>\n";
 print "\t-n, --nombre\tChoisi le nombre de lignes affichees\n";
 print "\t-f, --file\tSpecifie le fichier qui sera analyse\n";
 print "\t    --nodns\tNe resout pas les noms DNS\n";
 print "\t    --help\tAffiche cette aide\n";
 print "\n";
 print "par defaut si l'option n'existe pas:\n";
 print "\tdownload = on tri sur l'upload\n";
 print "\tnombre = tout est affiche\n";
 print "\tfile = analyse de /var/log/net-acct/net-acct.log.0\n"; 
 exit (1);
 }
 sub show_all
 {
 	my $id;
 	my %up_db;
 	my %down_db;
 	my $max;
 	my ($nb_to_print, $sort_by_upload) = @_;
 	open INPUT, $inputfile;
 	while (my $line = <INPUT>) {
 		my ($src_ip, $dst_ip, $size) = (split "\t", $line)[2,4,6];
 		if ($src_ip =~ /$ip_interne/ ) {
 			$up_db{$src_ip} += $size;
 		}
 		if ($dst_ip =~ /$ip_interne/ ) {
 			$down_db{$dst_ip} += $size;
 		}
 	}
 	close(INPUT);
 	if ($nb_to_print == -1)
 		{ $nb_to_print = (my @nb = (keys %up_db)); }
 	$max = (keys %up_db)[0];
 	if ($sort_by_upload) {
 	for (my $dec=$nb_to_print; $dec > 0; $dec--) {
 		foreach my $ip (keys %up_db) {
 			if ($up_db{$max} <= $up_db{$ip})
 				{ $max = $ip; }
 		}
 		print normalize($up_db{$max})." (".normalize($down_db{$max}).")\t".ip_to_name($max)."\n" if $up_db{$max} > 0;
 		$up_db{$max} = 0;
 	}
 	} else {
 	for (my $dec=$nb_to_print; $dec > 0; $dec--) {
 		foreach my $ip (keys %down_db) {
 			if ($down_db{$max} <= $down_db{$ip})
 				{ $max = $ip; }
 		}
 		print normalize($down_db{$max})." (".normalize($up_db{$max}).
 			")\t".ip_to_name($max)."\n" if $down_db{$max} > 0;
 		$down_db{$max} = 0;
 	}
 	}
 }
 sub get_host_info
 {
 	my $up_size = 0;
 	my $down_size = 0;
 	my %up_loc_db;
 	my %down_loc_db;
 	my %up_dist_db;
 	my %down_dist_db;
 	my $max;
 	my ($ip_search) = @_;
 	open INPUT, $inputfile;
 	while (my $line = <INPUT>) {
 		my ($src_ip, $src_port, $dst_ip, $dst_port, $size) = 
 			(split "\t", $line)[2,3,4,5,6];
 		if ($src_ip eq $ip_search) {
 			$up_size += $size;
 			$up_loc_db{$src_port} += $size;
 			$up_dist_db{$dst_port} += $size;
 		} 
 		if ($dst_ip eq $ip_search) {
 			$down_size += $size;
 			$down_loc_db{$dst_port} += $size;
 			$down_dist_db{$src_port} += $size;
 		}
 	}
 	close(INPUT);
 	print "--- Info for $ip_search ---";
 	print "\n ";
 	print "\nUpload:  \t".normalize($up_size);
 	print "\nPorts locaux: ";
 	$max = (keys %up_loc_db)[0];
 	for (my $dec=5; $dec > 0; $dec--) {
 		foreach my $port (keys %up_loc_db) {
 			if ($up_loc_db{$max} <= $up_loc_db{$port})
 				{ $max = $port; }
 		}
 		print "$max(".normalize($up_loc_db{$max}).") " 
 			if ($up_loc_db{$max} > 0);
 		$up_loc_db{$max} = 0;
 	}
 	print "\nPorts distants: ";
  $max = (keys %up_dist_db)[0];
  for (my $dec=5; $dec > 0; $dec--) {
    foreach my $port (keys %up_dist_db) {
      if ($up_dist_db{$max} <= $up_dist_db{$port})
        { $max = $port; }
    }
    print "$max(".normalize($up_dist_db{$max}).") "
      if ($up_dist_db{$max} > 0);
    $up_dist_db{$max} = 0;
  }
 	print "\n ";
 	print "\nDownload:\t".normalize($down_size);
 	print "\nPorts locaux: ";	
 	$max = (keys %down_loc_db)[0];
  for (my $dec=5; $dec > 0; $dec--) {
    foreach my $port (keys %down_loc_db) {
      if ($down_loc_db{$max} <= $down_loc_db{$port})
        { $max = $port; }
    }
    print "$max(".normalize($down_loc_db{$max}).") "
      if ($down_loc_db{$max} > 0);
    $down_loc_db{$max} = 0;
  }
 	print "\nPorts distants: ";
 	$max = (keys %down_dist_db)[0];
 	for (my $dec=5; $dec > 0; $dec--) {
 		foreach my $port (keys %down_dist_db) {
 			if ($down_dist_db{$max} <= $down_dist_db{$port})
 				{ $max = $port; }
 		}
 		print "$max(".normalize($down_dist_db{$max}).") " 
 			if ($down_dist_db{$max} > 0);
 		$down_dist_db{$max} = 0;
 	}
 	print "\n ";
 	print "\n--- Quelques Calculs (Purement Informatif) ---";
 	print "\nUpload pur:\t".normalize($up_size - $down_size/20);
 	print "\nTaux download:\t";
 	print normalize($down_size/24)."/h  -  ";
 	print normalize($down_size/1440)."/min  -  ";
 	print normalize($down_size/86400)."/s";
 	print "\nTaux upload:\t";
 	print normalize($up_size/24)."/h  -  ";
 	print normalize($up_size/1440)."/min  -  ";
 	print normalize($up_size/86400)."/s";
 	print "\n\nCategoria:\t".categorie($up_size, $down_size);
 	print "\n(info: 20 mo download = 1 mo upload)";
 }
 #sub get_db_for_host
 #{
 #	open INPUT, $inputfile;
 #	my $id_port;
 #	my $id_ip;
 #
 #	my ($host) = @_;
 #	
 #	print "--- Info $host ---\n";
 #	
 #	if ($option_get_upload == 1) 
 #		{ $id_ip = 2; $id_port = 3; }
 #	else 
 #		{ $id_ip = 4; $id_port = 3; }
 #	
 #	while (my $line = <INPUT>) {
 #		my ($ip, $port, $size) = (split "\t", $line)[$id_ip,$id_port,6];
 #		if ($ip =~ $host) {
 #			$db{$port} += $size;
 #		}	
 #	}
 #}
 ###########################
 ######### TOOLKIT #########
 # normalize: transforme un nombre, en un nombre suivi d'un prefixe
 # Go, Mo, Ko, Octets.
 sub normalize
 {
 	my ($nb) = @_;
 	if (defined $nb) {
 	if ($nb < 0)
 	 	{ return ("0o"); }
 	if ($nb > (1024*1024*1024))
 		{ return ((int($nb*100/(1024*1024*1024))/100)."Go"); }
 	elsif ($nb > (1024*1024))
 		{ return (int($nb/(1024*1024))."Mo"); }
 	elsif ($nb > 1024)
 		{ return (int($nb/(1024))."Ko"); }
 	else
 		{ return ($nb."o"); }
 	}
 	return ("0o");
 }
 # ip_to_name: resout le nom associe a l'ip donne en argument
 sub ip_to_name
 {
 	my ($ip) = @_;
 	my $ret;
 	my $host_name;
 	my $aliases;
 	my $addrtype;
 	my $length;
 	my @addrs;
 	if ($dns_resolve) {
 		my $ipaddr = pack("C4", split(/\./, $ip));
 		if (($host_name, $aliases, $addrtype, $length, @addrs) 
 				= gethostbyaddr($ipaddr, 2)) {
 			return ($host_name);
 		} else
 		{	return ("$ip [lookup failed]"); }
 	}
 	return ($ip);
 }
 sub categorie
 {
 	my $upload_pure;
 	my ($upload, $download) = @_;
 	$upload_pure = $upload - $download/20;
 	if ($upload_pure < 200*1024*1024)
 		{ return ("OK"); } 
 	if ($upload_pure < 300*1024*1024)
 		{ return ("Avertissement"); }
 	if ($upload_pure < 1000*1024*1024)
 		{ return ("Deconnexion 2 semaines"); }
 	if ($upload_pure < 3000*1024*1024)
 		{ return ("Deconnexion 1 mois"); }
 	return ("Adios");
 }
 # print_host_info: on affiche $nb (@_) ports pour l'hote. 
 #sub print_host_info
 #{
 #	my ($nb) = @_;
 #	my $max;
 #	
 #	if ($nb == -1)
 #		{ $nb = (my @nb = (keys %db)); }
 #
 #	for (my $dec=$nb; $dec > 0; $dec--) {
 #		foreach my $port (keys %db) {
 #			if ($db{$max} <= $db{$port})
 #				{ $max = $port; }
 #		}
 #		print "port $max:\t".normalize($db{$max})."\n" 
 #			if ($db{$max} > 0);
 #		$db{$max} = 0;
 #	}
 #}
 ###########################
 ########## MAIN ###########
 ## Options 
 for (my $ct = 0; $ct < @ARGV; $ct++)
 {
 	if ($ARGV[$ct] eq '-d' || $ARGV[$ct] eq '--download') {
 		$download = 1;
 	} elsif ($ARGV[$ct] eq '-h' || $ARGV[$ct] eq '--host') {
 		if ($ARGV[$ct+1] =~ /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/)
 			{ $host = $ARGV[$ct+1]; $ct++; }
 		else { usage(); }
 	} elsif ($ARGV[$ct] =~ '-n' || $ARGV[$ct] eq '--nombre') {
 		if ($ARGV[$ct+1])
 			{ $nombre_line_affiche = $ARGV[$ct+1]; $ct++; }
 		else { usage(); }
 	} elsif ($ARGV[$ct] eq '-f' || $ARGV[$ct] eq '--file') {
 		if ($ARGV[$ct+1])
 			{ $inputfile = $ARGV[$ct+1]; $ct++; }
 		else { usage(); }
 	} elsif ( $ARGV[$ct] =~ '--nodns') {
 			$dns_resolve = 0;
 	} elsif ( $ARGV[$ct] =~ '--help') {
 		usage();
 		}
 }
 if ($host ne "") {
 	get_host_info($host);
 } else {
 	show_all($nombre_line_affiche, !$download);
 }
 exit (0);