Vim Patior

View file

File name : analyze_log.pl
Content :
#!/usr/bin/perl

## args
my $verbose;
my $day = 0;
my $logdir = '/var/log';
while (@ARGV) {
    $_ = shift @ARGV;
    if ($_ eq '-v') {
        $verbose = 1;
    }
    elsif ($_ =~ /--day=/) {
        $day = $';
    }
    elsif ($_ =~ /--logdir=/) {
        $logdir = $';
    }
    else {
        warn "** unrecognized option '$_'\n";
    }
}

##
print "VERBOSE\n" if $verbose;
print "logdir $logdir\n" if $verbose;
print "day $day\n" if $verbose;

my %out;   # user -> amount
my %in;    # same same
my %users;
my %domains; # domain ->

my $first_stamp;
my $last_stamp;



## do log
open(P,"$logdir/ftp.log.$day") || die "can't open $logdir/ftp.log.$day\n";
while (my $line = <P>) {
    chomp $line;
#leap.pyra.com UNKNOWN nobody [24/Oct/2001:02:03:25 -0700] "USER bomber" 331 -
    my ($domain,$unknown,$user,$date,$tz,@rest) = split(/ /,$line);
    my $rest = join(' ',@rest);
    my ($command,$code,$size) = $rest =~ /\"(.*)\" (\d+) (\S+)/;
#	print "date '$date'\n";
	next unless $date;

	# determine log bounds
	$first_stamp = $date unless $first_stamp;
	$last_stamp = $date unless $last_stamp;

	$first_stamp = $date if $date lt $first_stamp;
	$last_stamp = $date if $date gt $last_stamp;

#	print "$line\n";
#	print "$domain, $unknown,  $user ... '$command' ... $size\n";

    if ($command =~ /RETR /) {
		$out{$user} += $size;
    }
	if ($command =~ /STOR /) {
		$in{$user} += $size;
	}
	$users{$user}++;
}
close P;


## fix up log dates
sub fixup {
	my $d = shift @_;
#	print "start $d\n";
	$d =~ s/[\[\]]//g;
	my ($day,$mon,$y,$h,$m,$s) = $d =~ /(\d+)\/(\w+)\/(\d+):(\d+):(\d+):(\d+)/;
#	print "day $day mon $mon\n";
	my %mon = ('Jan' => '01',
			   'Feb' => '02',
			   'Mar' => '03',
			   'Apr' => '04',
			   'May' => '05',
			   'Jun' => '06',
			   'Jul' => '07',
			   'Aug' => '08',
			   'Sep' => '09',
			   'Oct' => '10',
			   'Nov' => '11',
			   'Dec' => '12');
	my $e = sprintf("$y-$mon{$mon}-%02d $h:$m:$s",$day);
#	print $e;
	$e;
}

$first_stamp = &fixup($first_stamp);
$last_stamp = &fixup($last_stamp);

## results

# stamp from post log
my $stamp = (stat("$logdir/ftp.log.$day"))[9];   ### fixme
print "stamp\t$stamp\n";
print "stamp_first\t$first_stamp\n";
print "stamp_last\t$last_stamp\n";

# users
for my $user (keys %users) {
	$out{$user} ||= 0;
	$in{$user} ||= 0;
    print "user\t$user\t$out{$user}\t$in{$user}\n";
}