fws
/
log_parsers
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Various log parsers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
28 KiB
 
Tag: Branch: Tree: adf83d7a4e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'adf83d7a4e'
${ noResults }
log_parsers/samba/autdit.pl

78 lines
1.9 KiB
Raw Blame History

#!/usr/bin/perl -w
use warnings;
use strict;
use Data::Dumper;
my $users = {};
my $machines = {};
my $operations = {
connect => 0,
disconnect => 0,
chdir => 0,
open_read => 0,
open_write => 0,
close => 0,
rename => 0,
unlink => 0,
mkdir => 0,
rmdir => 0
};
my $files = {};
my $statuses = {
success => 0,
failure => 0
};
my $re_date = qr/(?<month>\w{3})\s(?<day>\d{1,2})\s(?<hour>[\d+]{1,2}):(?<minute>\d{1,2}):(?<seconds>\d{1,2})/;
my $re_hostname = qr/\w[\w\-]+/;
my $re_user = qr/\w[\w\-]+/;
my $re_op = qr/connect|disconnect|chdir|open|close|rename|unlink|mkdir|rmdir/;
my $re_path = qr{/?(\.|([^\|]/?)*)};
my $re_ip = qr/(\d{1,3}\.){3}\d{1,3}/;
my $re_share = qr/\w[\w\-]+/;
my $re_status = qr/ok|fail\s+[^\|]+/;
while (<STDIN>){
# Jan 13 03:50:42 contis smbd[27251]: pdurant|192.168.137.117|desk-magasin|tools|close
next unless m/^$re_date\s+$re_hostname\s+smbd\[\d+\]:\s+(?<user>$re_user)\|(?<ip>$re_ip)\|(?<machine>$re_hostname)\|(?<share>$re_share)\|(?<operation>$re_op)\|(?<status>$re_status)\|/;
my $date = $+{date};
my $user = $+{user};
my $ip = $+{ip};
my $machine = $+{machine};
my $share = $+{share};
my $operation = $+{operation};
my $status = $+{status};
my $open_mode;
my $file;
my $new_name;
if ($operation eq 'open'){
m/(r|w)\|(?<file>$re_path)$/;
$open_mode = $1;
$file = $+{file};
if ($open_mode eq 'r'){
$operations->{open_read}++;
} else {
$operations->{open_write}++;
}
} elsif ($operation eq 'rename') {
m/(?<file>$re_path)\|(?<new_name>$re_path)$/;
$file = $+{file};
$new_name = $+{new_name};
$operations->{rename}++;
} else {
m/(?<file>$re_path)$/;
$file = $+{file};
$operations->{$operation}++;
}
$machines->{$ip} = 1;
$users->{$user} = 1;
$files->{$file} = 1;
if ($status eq 'ok'){
$statuses->{success}++;
} else {
$statuses->{failure}++;
}
}
print "Sucess : $statuses->{success}\nFailure : $statuses->{failure}\n";