parent
5f718869f5
commit
adf83d7a4e
2 changed files with 91 additions and 0 deletions
@ -0,0 +1,78 @@ |
|||||||
|
#!/usr/bin/perl -w |
||||||
|
|
||||||
|
use warnings; |
||||||
|
use strict; |
||||||
|
use Data::Dumper; |
||||||
|
|
||||||
|
my $users = {}; |
||||||
|
my $machines = {}; |
||||||
|
my $operations = { |
||||||
|
connect => 0, |
||||||
|
disconnect => 0, |
||||||
|
chdir => 0, |
||||||
|
open_read => 0, |
||||||
|
open_write => 0, |
||||||
|
close => 0, |
||||||
|
rename => 0, |
||||||
|
unlink => 0, |
||||||
|
mkdir => 0, |
||||||
|
rmdir => 0 |
||||||
|
}; |
||||||
|
my $files = {}; |
||||||
|
my $statuses = { |
||||||
|
success => 0, |
||||||
|
failure => 0 |
||||||
|
}; |
||||||
|
|
||||||
|
my $re_date = qr/(?<month>\w{3})\s(?<day>\d{1,2})\s(?<hour>[\d+]{1,2}):(?<minute>\d{1,2}):(?<seconds>\d{1,2})/; |
||||||
|
my $re_hostname = qr/\w[\w\-]+/; |
||||||
|
my $re_user = qr/\w[\w\-]+/; |
||||||
|
my $re_op = qr/connect|disconnect|chdir|open|close|rename|unlink|mkdir|rmdir/; |
||||||
|
my $re_path = qr{/?(\.|([^\|]/?)*)}; |
||||||
|
my $re_ip = qr/(\d{1,3}\.){3}\d{1,3}/; |
||||||
|
my $re_share = qr/\w[\w\-]+/; |
||||||
|
my $re_status = qr/ok|fail\s+[^\|]+/; |
||||||
|
|
||||||
|
while (<STDIN>){ |
||||||
|
# Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|close |
||||||
|
next unless m/^$re_date\s+$re_hostname\s+smbd\[\d+\]:\s+(?<user>$re_user)\|(?<ip>$re_ip)\|(?<machine>$re_hostname)\|(?<share>$re_share)\|(?<operation>$re_op)\|(?<status>$re_status)\|/; |
||||||
|
my $date = $+{date}; |
||||||
|
my $user = $+{user}; |
||||||
|
my $ip = $+{ip}; |
||||||
|
my $machine = $+{machine}; |
||||||
|
my $share = $+{share}; |
||||||
|
my $operation = $+{operation}; |
||||||
|
my $status = $+{status}; |
||||||
|
my $open_mode; |
||||||
|
my $file; |
||||||
|
my $new_name; |
||||||
|
if ($operation eq 'open'){ |
||||||
|
m/(r|w)\|(?<file>$re_path)$/; |
||||||
|
$open_mode = $1; |
||||||
|
$file = $+{file}; |
||||||
|
if ($open_mode eq 'r'){ |
||||||
|
$operations->{open_read}++; |
||||||
|
} else { |
||||||
|
$operations->{open_write}++; |
||||||
|
} |
||||||
|
} elsif ($operation eq 'rename') { |
||||||
|
m/(?<file>$re_path)\|(?<new_name>$re_path)$/; |
||||||
|
$file = $+{file}; |
||||||
|
$new_name = $+{new_name}; |
||||||
|
$operations->{rename}++; |
||||||
|
} else { |
||||||
|
m/(?<file>$re_path)$/; |
||||||
|
$file = $+{file}; |
||||||
|
$operations->{$operation}++; |
||||||
|
} |
||||||
|
$machines->{$ip} = 1; |
||||||
|
$users->{$user} = 1; |
||||||
|
$files->{$file} = 1; |
||||||
|
if ($status eq 'ok'){ |
||||||
|
$statuses->{success}++; |
||||||
|
} else { |
||||||
|
$statuses->{failure}++; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
print "Sucess : $statuses->{success}\nFailure : $statuses->{failure}\n"; |
@ -0,0 +1,13 @@ |
|||||||
|
Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|chdir|ok|chdir|/home/e-smith/files/shares/tools/files |
||||||
|
Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|close|ok|signatures/pdurant |
||||||
|
Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|disconnect|ok|tools |
||||||
|
Jan 13 04:45:12 contis smbd[9552]: port-guy2_|192.168.137.69|port-guy2|acme_exploi_maint|chdir|fail (Permission denied)|chdir|/home/e-smith/files/shares/acme_exploi_maint/files |
||||||
|
Jan 13 05:46:40 contis smbd[30248]: alicia|192.168.137.110|stm2012|acme_report_cial|connect|ok|acme_report_cial |
||||||
|
Jan 13 06:31:46 contis smbd[27799]: assistlogistic3|192.168.137.29|port-verom|tools|open|ok|r|001conf.bat |
||||||
|
Jan 13 06:40:26 contis smbd[27733]: assistlogistic3|192.168.137.29|port-verom|acme_env_stm|open|ok|w|CARTE ADR ABADI M..pdf |
||||||
|
Jan 13 06:40:27 contis smbd[27733]: port-verom_|192.168.137.29|port-verom|acme_env_stm|connect|ok|acme_env_stm |
||||||
|
Jan 13 07:30:35 contis smbd[19305]: respdeee|192.168.137.71|port-pascalp|acme_metaux|unlink|ok|CORONAVIRUS/C84E6727.tmp |
||||||
|
Jan 13 07:30:34 contis smbd[19305]: respdeee|192.168.137.71|port-pascalp|acme_metaux|rename|ok|CORONAVIRUS/D0A703E.tmp|CORONAVIRUS/EFFECTIFS METAUX CORONAVIRUS 30 AVRIL |
||||||
|
2020.xlsx |
||||||
|
Jan 13 08:16:58 contis smbd[11611]: pdurant|192.168.137.106|port-dylan|portail_achat|mkdir|ok|Dossier Commande Achat - Reception/Nouveau dossier |
||||||
|
Jan 13 08:46:37 contis smbd[28263]: vanessa|192.168.136.192|port-vanessab|fact|rmdir|ok|6 - PARAPHEUR/DEMANDES DE PAIEMENTS/12 01 2021 |
Loading…
Reference in new issue