You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 lines
1.9 KiB
78 lines
1.9 KiB
#!/usr/bin/perl -w
|
|
|
|
use warnings;
|
|
use strict;
|
|
use Data::Dumper;
|
|
|
|
my $users = {};
|
|
my $machines = {};
|
|
my $operations = {
|
|
connect => 0,
|
|
disconnect => 0,
|
|
chdir => 0,
|
|
open_read => 0,
|
|
open_write => 0,
|
|
close => 0,
|
|
rename => 0,
|
|
unlink => 0,
|
|
mkdir => 0,
|
|
rmdir => 0
|
|
};
|
|
my $files = {};
|
|
my $statuses = {
|
|
success => 0,
|
|
failure => 0
|
|
};
|
|
|
|
my $re_date = qr/(?<month>\w{3})\s(?<day>\d{1,2})\s(?<hour>[\d+]{1,2}):(?<minute>\d{1,2}):(?<seconds>\d{1,2})/;
|
|
my $re_hostname = qr/\w[\w\-]+/;
|
|
my $re_user = qr/\w[\w\-]+/;
|
|
my $re_op = qr/connect|disconnect|chdir|open|close|rename|unlink|mkdir|rmdir/;
|
|
my $re_path = qr{/?(\.|([^\|]/?)*)};
|
|
my $re_ip = qr/(\d{1,3}\.){3}\d{1,3}/;
|
|
my $re_share = qr/\w[\w\-]+/;
|
|
my $re_status = qr/ok|fail\s+[^\|]+/;
|
|
|
|
while (<STDIN>){
|
|
# Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|close
|
|
next unless m/^$re_date\s+$re_hostname\s+smbd\[\d+\]:\s+(?<user>$re_user)\|(?<ip>$re_ip)\|(?<machine>$re_hostname)\|(?<share>$re_share)\|(?<operation>$re_op)\|(?<status>$re_status)\|/;
|
|
my $date = $+{date};
|
|
my $user = $+{user};
|
|
my $ip = $+{ip};
|
|
my $machine = $+{machine};
|
|
my $share = $+{share};
|
|
my $operation = $+{operation};
|
|
my $status = $+{status};
|
|
my $open_mode;
|
|
my $file;
|
|
my $new_name;
|
|
if ($operation eq 'open'){
|
|
m/(r|w)\|(?<file>$re_path)$/;
|
|
$open_mode = $1;
|
|
$file = $+{file};
|
|
if ($open_mode eq 'r'){
|
|
$operations->{open_read}++;
|
|
} else {
|
|
$operations->{open_write}++;
|
|
}
|
|
} elsif ($operation eq 'rename') {
|
|
m/(?<file>$re_path)\|(?<new_name>$re_path)$/;
|
|
$file = $+{file};
|
|
$new_name = $+{new_name};
|
|
$operations->{rename}++;
|
|
} else {
|
|
m/(?<file>$re_path)$/;
|
|
$file = $+{file};
|
|
$operations->{$operation}++;
|
|
}
|
|
$machines->{$ip} = 1;
|
|
$users->{$user} = 1;
|
|
$files->{$file} = 1;
|
|
if ($status eq 'ok'){
|
|
$statuses->{success}++;
|
|
} else {
|
|
$statuses->{failure}++;
|
|
}
|
|
}
|
|
|
|
print "Sucess : $statuses->{success}\nFailure : $statuses->{failure}\n";
|
|
|