Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use strict();
- open(LOG_FILE, "/var/log/firewall");
- my @log = <LOG_FILE>;
- close(LOG_FILE);
- foreach my $line (@log) {
- $line =~ /(^... .. ..:..:..) [\w\-]+ ulogd\[.*\]:(.*)(IN=.*)$/;
- my $timestamp = $1; my $comment = $2; my $packet = $3;
- $packet =~ /IN=(\w+)/; my $iface=$1;
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
- $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1;
- $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
- $packet =~ /PROTO=(\w+)/; my $proto=$1;
- $packet =~ /SPT=(\d+)/; my $srcport=$1;
- #$packet =~ /DPT=(\d+)/; my $dstport=$1;
- $dstport = $1 if $dstport =~ /DPT=(\d+)/;
- #my $dstport="-";
- # $line =~ /SPT=(\d+)/ ;
- #$dstport = $1; $dstport;
- print"$iface,$srcaddr,$dstaddr,$macaddr,$proto,$srcport,$dstport***\n";
- }
- *****************
- /var/log/firewall:
- Jul 5 13:10:04 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4451 DF PROTO=KEY_TCP SPT=9043 DPT=80 SEQ=2620679419 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:04 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4459 DF PROTO=KEY_TCP SPT=9044 DPT=80 SEQ=2113772585 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:05 IRONGATE-1309865667 ulogd[1403]: INPUTFW:ACCEPT:1:l3 IN=br0 OUT= MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.5.85 LEN=86 TOS=00 PREC=0x00 TTL=128 ID=4461 PROTO=KEY_UDP SPT=52849 DPT=69 LEN=66
- Jul 5 13:10:07 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4470 DF PROTO=KEY_TCP SPT=9045 DPT=80 SEQ=687877400 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:08 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4478 DF PROTO=KEY_TCP SPT=9046 DPT=80 SEQ=1037503816 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:09 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=4491 DF PROTO=KEY_TCP SPT=9043 DPT=80 SEQ=2620679419 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:10 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4492 DF PROTO=KEY_TCP SPT=9045 DPT=80 SEQ=687877400 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:10 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=4497 DF PROTO=KEY_TCP SPT=9044 DPT=80 SEQ=2113772585 ACK=0 WINDOW=65535 SYN URGP=0
- Jul 5 13:10:11 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:1 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.2.22 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=4498 DF PROTO=KEY_TCP SPT=9046 DPT=80 SEQ=1037503816 ACK=0 WINDOW=8192 SYN URGP=0
- Jul 5 13:10:12 IRONGATE-1309865667 ulogd[1403]: INPUTFW:ACCEPT:11:l3 IN=br0 OUT= MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=192.168.5.85 LEN=68 TOS=00 PREC=0x00 TTL=128 ID=4500 PROTO=KEY_UDP SPT=55559 DPT=53 LEN=48
- Jul 5 12:49:17 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:10 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=74.125.91.105 LEN=60 TOS=00 PREC=0x00 TTL=127 ID=20946 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=209
- Jul 5 12:49:18 IRONGATE-1309865667 ulogd[1403]: OUTGOINGFW:ACCEPT:10 IN=br0 OUT=eth1 MAC=00:24:1d:8f:1a:08:ff:ff:08:00:0c:00 SRC=192.168.5.58 DST=74.125.91.105 LEN=60 TOS=00 PREC=0x00 TTL=127 ID=20950 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=210
- *******************
- output:
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9043,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9044,***
- br0,192.168.5.58,192.168.5.85,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_UDP,52849,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9045,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9046,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9043,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9045,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9044,***
- br0,192.168.5.58,192.168.2.22,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_TCP,9046,***
- br0,192.168.5.58,192.168.5.85,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,KEY_UDP,55559,***
- br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
- br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
- ***********
- bug:
- br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
- br0,192.168.5.58,74.125.91.105,00:24:1d:8f:1a:08:ff:ff:08:00:0c:00,ICMP,ICMP,***
- second ICMP is not sorce port and must be null.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement