Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #
- # Parse pflog (values will be inserted to PGSQL soon)
- #
- # TODO:
- #
- # 4) Get data in database table(s)
- use strict;
- use DBI;
- use CGI ();
- use HTML::Template ();
- use Time::ParseDate;
- use Time::Local qw( timelocal_nocheck );
- our ($db_name, $db_host, $db_user, $db_pass, $log);
- require "/etc/pflog/pf.conf";
- ##### WTF???????
- #my $dbh = DBI->connect("DBI:Pg:dbname=$db_name, host=localhost, user=$db_user, password=$db_pass", {'RaiseError' => 1});
- $dbh->{AutoCommit} = 0;
- my $existing = check_existing();
- my $insert_stmt = "insert into log (date, rulenum, action, direction, interface, proto, src_host, src_port, dst_host, dst_port, id) values (?,?,?,?,?,?,?,?,?,?,NULL)";
- my $sth = $dbh->prepare($insert_stmt);
- my $rules = get_rules();
- my @new_regex;
- my $count;
- unless (-f $log) { die "Can't open file: $!"; }
- open (LOGFILE, "$log") || die "LOLWAT?";
- while(<LOGFILE>) {
- chomp;
- my $parseResult = $_;
- my ($date, $direction, $action, $interface, $src_host, $src_port, $dst_host, $dst_port, $proto, $rulenum);
- SWITCH: {
- if ($parseResult =~ /(\w+ * \d+ \d+:.\d:.\d+) \d+.\d+.\d+.\d+\/\d+.\d+.\d+.\d+ +.* rule (\d+)\/\d+\(match\): (\w+) (\w+) \w+ (\w+): +.* proto (TCP|UDP) +.* (\d+.\d+.\d+.\d+).(\d+) > (\d+.\d+.\d+.\d+).(\d+)+.* /){
- my ($date1) = ($1);
- my $time1 = parsedate($date1);
- ($date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port) = ($time1, $2, $3, $4, $5, $6, $7, $8, $9, $10);
- #print "$date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port\n";
- $sth->execute($date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port);
- last SWITCH;
- }
- if ($parseResult =~ /(\w+ * \d+ \d+:.\d:.\d+) \d+.\d+.\d+.\d+\/\d+.\d+.\d+.\d+ +.* rule (\d+)\/\d+\(match\): (\w+) (\w+) \w+ (\w+): +.* proto (\w+) +.* (\d+.\d+.\d+.\d+) > (\d+.\d+.\d+.\d+): /){
- my ($date1) = ($1);
- my $time1 = parsedate($date1);
- ($date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port) = ($time1, $2, $3, $4, $5, $6, $7, "NULL", $8, "NULL");
- #print "$date $proto $src_host $src_port $dst_host $dst_port $rulenum $action $direction $interface\n";
- $sth->execute($date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port);
- last SWITCH;
- }
- if ($parseResult =~ /(\w+ * \d+ \d+:.\d:.\d+) \d+.\d+.\d+.\d+\/\d+.\d+.\d+.\d+ +.* proto (TCP|UDP|ICMP) +.* (\d+.\d+.\d+.\d+).(\d+) > (\d+.\d+.\d+.\d+).(\d+)+.* /){
- my ($date1) = ($1);
- my $time1 = parsedate($date1);
- ($date, $proto, $src_host, $src_port, $dst_host, $dst_port, $rulenum, $action, $direction, $interface) = ($time1, $2, $3, $4, $5, $6, "NULL", "NULL", "NULL", "NULL");
- $sth->execute($date, $rulenum, $action, $direction, $interface, $proto, $src_host, $src_port, $dst_host, $dst_port);
- last SWITCH;
- }
- else
- {
- last SWITCH;
- }
- }
- $dbh->commit;
- };
- close(LOGFILE);
- sub check_existing {
- my $select = "select date, rulenum, src_host from log";
- my $sth = $dbh->prepare($select);
- $sth->execute || die $dbh->stderr;
- my %existing;
- while (my $result = ($sth->fetchrow_hashref)) {
- my $timestamp = $result->{'date'} . " " . $result->{'src_host'};
- $existing{$timestamp} = 1;
- }
- return \%existing;
- }
- sub insert_table {
- my ($date, $direction, $action, $interface, $src_host, $src_port, $dst_host, $dst_port, $proto, $rulenum) = @_;
- my @timestamp = localtime(time);
- $date =~ /^(\w+) (\d+) (\d+)\:(\d+)\:(\d+)$/;
- my ($month, $mday, $hour, $min, $sec, $year) = ($1, $2, $3, $4, $5, $timestamp[5]);
- my %months = qw( Jan 0 Feb 1 Mar 2 Apr 3 May 4 Jun 5 Jul 6 Aug 7 Sep 8 Oct 9 Nov 10 Dec 11 );
- my $epoch = timelocal_nocheck($sec, $min, $hour, $mday, $months{$month}, $year);
- unless ($existing->{"$epoch"}) {
- $sth->execute($date, $direction, $action, $interface, $src_host, $src_port, $dst_host, $dst_port, $proto, $rules->{$rulenum});
- }
- return;
- }
- ########## Write a cron to pull or push the rules <--------- TODO!
- sub get_rules {
- my %rules;
- open(RULES, "/bin/cat /var/log/pflog/rules.txt | grep -E \"^@\" |");
- while (<RULES>) {
- chomp;
- /\@(\d+) (\w+.*)/;
- my ($index, $text) = ($1, $2);
- $text =~ s/\</\</g;
- $text =~ s/\>/\>/g;
- $rules{$index} = $text;
- }
- close(RULES);
- return \%rules;
- }
Add Comment
Please, Sign In to add comment