Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dec 2 00:14:09 ftp1 ftpd[743]: USER testing1
- Dec 2 00:14:09 ftp1 ftpd[743]: FTP LOGIN FROM 192.168.0.2 [192.168.0.2], testing1
- Dec 2 00:30:08 ftp1 ftpd[1261]: USER testing1
- Dec 2 00:30:09 ftp1 ftpd[1261]: FTP LOGIN FROM 192.168.0.4 [192.168.0.4], testing1
- Dec 2 01:12:33 ftp1 ftpd[11804]: USER testing1
- Dec 2 01:12:33 ftp1 ftpd[11804]: FTP LOGIN FROM 192.168.0.2 [192.168.0.2], testing1
- Dec 1 23:59:03 ftp1 ftpd[4152]: USER testing1
- Dec 1 23:59:03 ftp1 ftpd[4152]: PASS password
- Dec 1 23:59:03 ftp1 ftpd[4152]: FTP LOGIN FROM 192.168.0.02 [192.168.0.2], testing1
- Dec 1 23:59:03 ftp1 ftpd[4152]: PWD
- Dec 1 23:59:03 ftp1 ftpd[4152]: CWD /test/data/
- Dec 1 23:59:03 ftp1 ftpd[4152]: TYPE Image
- $VAR1 = {
- '743' => [
- '00:1'
- ],
- '20687' => [
- '01:3'
- ],
- '27186' => [
- '15:3'
- ],
- '6929' => [
- '12:0'
- ],
- '24771' => [
- '09:0'
- ],
- '11804' => [
- '01:1'
- ],
- '27683' => [
- '08:3'
- ],
- '14976' => [
- '04:3'
- ],
- };
- # -------------------------------------------------------
- # Extract PIDs and Time from lines, take out doubles
- # -------------------------------------------------------
- my $infile3 = 'output.txt';
- my %pids;
- my $found;
- my $var;
- open (INPUT2, $infile3) or die "Couldn't read $infile3.n";
- while (my $line = <INPUT2>) {
- if($line =~ /(d{2}):(d)/ ) {
- my $hhmm = $1 . ":" . $2;
- if ($line =~ /ftpd[(.*?)]/) {
- $found = 0;
- foreach $var(keys %pids){
- if(grep $1 =~ $var, keys %pids){
- $found = 1;
- }
- }
- if ($found == 0){
- push @{$pids{$1}}, $hhmm;
- }
- }
- }
- }
- ##-------------------------------------------------------
- ## read each line from file into an array
- ##-------------------------------------------------------
- open (INPUT, $infile2) or die "Couldn't read $infile2.n";
- my @messages;
- while (my $line = <INPUT>){
- # if there is a match to the PID then put the line in the array
- if ($line =~ /ftpd[(.*?)]/){
- my $mPID = $1;
- foreach my $key (keys %pids){
- if ($key =~ $mPID){
- push @messages, $line;
- }
- }
- }
- }
- # -------------------------------------------------------
- #find flow based on PID that was found from criteria
- #-------------------------------------------------------
- foreach my $line(@messages){
- if(my($pid) = $line =~ m{ [ s*(d+) ]: }x) {
- if($line =~ /(d{2}):(d)/){
- my $time = $1 . ":" . $2;
- if ($pids{$pid}[0] =~ /$time/){
- push $pids{$pid}[0], $line;
- }
- }
- }
- }
- $VAR1 = {
- '743' => {
- '' => '00:1'
- },
- '20687' => {
- '' => '01:3'
- },
- $VAR1 = {
- '743' => '00:1',
- '20687' => '01:3',
- };
- if($pids{$pid} == qr/$time/){
- $pids{$pid}{$time}[$y] = $line;
- $y++;
- };
- $VAR1 = {
- '743' => '00:1',
- '4771' => {
- '23:5' => [
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: USER test
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: PASS password
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: FTP LOGIN FROM 192.168.0.2 [192.168.0.2], test
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: CWD /home/test/
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: TYPE Image
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: PASV
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: RETR test
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: QUIT
- ',
- 'Dec 1 23:59:23 ftp1 ftpd[4771]: FTP session closed
- '
- ]
- },
- if($line =~ /(d{2}):(d)/ ) {
- if($line =~ /(d{2}):(d{2})/ ) {
- if ($line =~ /ftpd[(.*?)]/) {
- $pid{$1}[0] = $hhmm unless exists $pid{$1};
- }
- if(grep $1 =~ $var, keys %pids){
- my $pid = $1;
- if ($line =~ /ftpd[(.*?)]/) {
- $pid{$pid}{time} = $hhmm unless exists $pid{$pid};
- }
- if ($line =~ /USER (w+)/) {
- $pid{$pid}{user} = $1;
- }
- $time{$hhmm}{pid} = $pid;
- push @{$user{$1}}, $pid;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
