API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 21st, 2017
66
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.18 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2.  
  3. use strict();
  4.  
  5. open(LOG_FILE, "/var/log/firewall");
  6. my @log = <LOG_FILE>;
  7. close(LOG_FILE);
  8.  
  9. foreach my $line (@log) {
  10. $line =~ /(^... .. ..:..:..) [\w\-]+ ulogd\[.*\]:(.*)(IN=.*)$/;
  11. my $timestamp = $1; my $comment = $2; my $packet = $3;
  12. $packet =~ /IN=(\w+)/; my $iface=$1;
  13. $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
  14. $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1;
  15. $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
  16. $packet =~ /PROTO=(\w+)/; my $proto=$1;
  17. $packet =~ /SPT=(\d+)/; my $srcport=$1;
  18. #$packet =~ /DPT=(\d+)/; my $dstport=$1;
  19.  
  20. $dstport = $1 if $dstport =~ /DPT=(\d+)/;
  21. #my $dstport="-";
  22. # $line =~ /SPT=(\d+)/ ;
  23. #$dstport = $1; $dstport;
  24. print"$iface,$srcaddr,$dstaddr,$macaddr,$proto,$srcport,$dstport***\n";
  25. }
  26.  
  27.  
  28.  
  29.  
  30. *****************
  31. /var/log/firewall:
  32. Jul 5 13:10:04 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4451 DF PROTO=KEY_TCP SPT=9043 DPT=80 SEQ=2620679419 ACK=0 WINDOW=8192 SYN URGP=0
  33. Jul 5 13:10:04 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4459 DF PROTO=KEY_TCP SPT=9044 DPT=80 SEQ=2113772585 ACK=0 WINDOW=8192 SYN URGP=0
  34. Jul 5 13:10:05 IRONGATE-1309865667 ulogd[1403]: INPUTFW:ACCEPT:1:l3 IN=br0 OUT= MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.5.85 LEN=86 TOS=00 PREC=0x00 TTL=128 ID=4461 PROTO=KEY_UDP SPT=52849 DPT=69 LEN=66
  35. Jul 5 13:10:07 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4470 DF PROTO=KEY_TCP SPT=9045 DPT=80 SEQ=687877400 ACK=0 WINDOW=8192 SYN URGP=0
  36. Jul 5 13:10:08 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4478 DF PROTO=KEY_TCP SPT=9046 DPT=80 SEQ=1037503816 ACK=0 WINDOW=8192 SYN URGP=0
  37. Jul 5 13:10:09 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=4491 DF PROTO=KEY_TCP SPT=9043 DPT=80 SEQ=2620679419 ACK=0 WINDOW=8192 SYN URGP=0
  38. Jul 5 13:10:10 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4492 DF PROTO=KEY_TCP SPT=9045 DPT=80 SEQ=687877400 ACK=0 WINDOW=8192 SYN URGP=0
  39. Jul 5 13:10:10 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=4497 DF PROTO=KEY_TCP SPT=9044 DPT=80 SEQ=2113772585 ACK=0 WINDOW=65535 SYN URGP=0
  40. Jul 5 13:10:11 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4498 DF PROTO=KEY_TCP SPT=9046 DPT=80 SEQ=1037503816 ACK=0 WINDOW=8192 SYN URGP=0
  41. Jul 5 13:10:12 IRONGATE-1309865667 ulogd[1403]: INPUTFW:ACCEPT:11:l3 IN=br0 OUT= MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.5.85 LEN=68 TOS=00 PREC=0x00 TTL=128 ID=4500 PROTO=KEY_UDP SPT=55559 DPT=53 LEN=48
  42. Jul 5 12:49:17 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:10 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=74.125.91.105 LEN=60 TOS=00 PREC=0x00 TTL=127 ID=20946 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=209
  43. Jul 5 12:49:18 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:10 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=74.125.91.105 LEN=60 TOS=00 PREC=0x00 TTL=127 ID=20950 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=210
  44.  
  45. *******************
  46. output:
  47. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9043,***
  48. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9044,***
  49. br0,192.168.5.58,192.168.5.85,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_UDP,52849,***
  50. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9045,***
  51. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9046,***
  52. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9043,***
  53. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9045,***
  54. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9044,***
  55. br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9046,***
  56. br0,192.168.5.58,192.168.5.85,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_UDP,55559,***
  57. br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
  58. br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
  59.  
  60. ***********
  61. bug:
  62. br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
  63. br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
  64.  
  65. second ICMP is not sorce port and must be null.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!