#!/usr/bin/perl # # This program produces a brief summary by reading # the daily firewall log file and adding up the # in=... and out=... byte counts for each logged # protocol we are interested in. # # Original Author not documented, but believed to # be Kusai Abdulkareem # # Refitted, documented and tested at Gauntlet 3.1 # and Gauntlet 3.2 levels by Norbert Kremla # # Modified for fwtk and ipfilter by ArkanoiD # # Usage: # # ./chart.pl [-d] [-b 256] [-f /var/log/messages.0] >reportfile & # # Note: # Don't run this program at busy times against the active log file # # -d option indicates that log contains one day records only # # -b is maximum bandwidth available (kbps) # # Change History: # # 1997/08/12 N. Kremla - added $start/$stop variables to allow # choosing any period of the daily log. # # 1997/09/10 N. Kremla - downscaled reports to Kbytes instead # of bytes. # # 1997/09/10 N. Kremla - fixed kbps averages. # # 1997/09/15 N. Kremla - Segregated Pointcast pcnserver statistics # (no longer report PCN under HTTP) # - Added RAP (RealAudio/Video) statistics # - Added catchall (Other) category # # 1997/09/16 N. Kremla - Pull log date from message log and # display in headers # - Convert headers to "here" document # - Remove commented (dead) lines # # 1997/09/17 N. Kremla - Added Percentages to report # # 1998-2001 ArkanoiD - changes for fwtk operation $start="00"; # Begin at this hour $stop="24"; # End at this hour $max_kbps="64"; # Theoretical 'T1' link capacity #$name = $ARGV[$1]; $ftotal=0; $loops=0; $total_pcn=0; $total_kbps=0; $total_nntp=0; $total_smap=0; $total_ftp=0; $total_binkd=0; $total_tn=0; $total_rap=0; $total_nat=0; $total_other=0; $t_http=0; $t_pcn=0; $t_nntp=0; $t_smap=0; $t_ftp=0; $t_sql=0; $t_tn=0; $t_rap=0; $t_nat=0; $t_other=0; &case(*options,<<'ENDCASE'); '-f' $name=$ARGV[$i+1]; '-d' $oneday=$ARGV[$i]; '-b' $max_kbps=$ARGV[$i+1]; ENDCASE foreach $i (0..$#ARGV){ eval $options{$ARGV[$i]}; } # #---------------------------------- main -------------------------------------- # if ($name) { open(IN, "<$name" ) || die " can't open file: $!"; } else { open(IN, "<&0" ) || die " can't open file: $!"; } # $_=; $logdt= substr($_, 0, 6); # Pull the date from first 6 char. of log file. print STDOUT <<"EndOfHeader"; ----- Internet Traffic in KiloBytes for $logdt --------------------- Avg. Type: WWW News Mail Database Files Login Audio NAT Other Total Load (HTTP) (NNTP) (SQL) (FTP) (Telnet) (RA) Traffic Kb/s Hour ------------------------------------------------------------------------- EndOfHeader # $time= substr($_,7,2); $otime="99"; while () { chop; $line=$_; $line =~ s/\s+/ /g; @arr= split; @_ = split; @val=split(/:/,$arr[2]); $tt=$val[0]; next if ( $tt < $start ); if (($time != $tt) && ($otime != $tt)) { $t_http=$t_http / 1024; $t_nntp=$t_nntp / 1024; $t_smap=$t_smap / 1024; $t_sql =$t_sql / 1024; $t_ftp =$t_ftp / 1024; $t_tn =$t_tn / 1024; $t_rap =$t_rap / 1024; $t_nat =$t_nat / 1024; # # Report small (other) traffic as 1K bytes minimum # if ($t_other > 0 && $t_other < 1024) { $t_other=1; } elsif ($t_other >= 1024) { $t_other=$t_other/1024; } $total=$t_http+$t_nntp+$t_smap+$t_sql+$t_ftp+$t_tn+$t_rap+$t_nat+$t_other; $kbps=( ((0.25 * $total ) +$total) * 8) / 3600; printf("%s %8ld %6ld %6ld %5ld %6ld %6ld %6ld %6ld %5ld %7ld %4ld\n", $time, $t_http, $t_nntp, $t_smap, $t_sql, $t_ftp, $t_tn, $t_rap, $t_nat, $t_other, $total, $kbps); $total_http += $t_http; $total_nntp += $t_nntp; $total_smap += $t_smap; $total_ftp += $t_ftp; $total_sql += $t_sql; $total_tn += $t_tn; $total_rap += $t_rap; $total_nat += $t_nat; $total_other += $t_other; $total_kbps += $kbps; $loops += 1; $t_http=$t_nntp= $t_smap =$t_sql=$t_ftp= $t_tn=$t_rap=$t_nat=$t_other=0; if (!$oneday) { $cdate=substr($line, 0, 6); if (!($logdt eq $cdate)) { print STDOUT <<"EndOfHeader"; ----- Internet Traffic in KiloBytes for $cdate --------------------- Avg. Type: WWW News Mail Database Files Login Audio NAT Other Total Load (HTTP) (NNTP) (SQL) (FTP) (Telnet) (RA) Traffic Kb/s Hour ------------------------------------------------------------------------- EndOfHeader # $logdt=$cdate; } } $otime = $time; $time= $tt; } last if ( $tt > $stop -1); if (/ squid-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+)/) { $in=$2; $out=$3; $t_http+=$in+$out; next; } elsif (/ smtpd\[\d+\]: exit host=(\S+).* bytes=(\S+)/) { $in= $2; $t_smap+=$in; next; } elsif (/ smapd\[\d+\]: exit host=(\S+).* bytes=(\S+)/) { $in= $2; $t_smap+=$in; next; } elsif (/ pop3-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+)/) { $in=$2; $out=$3; $t_smap+=$in+$out; next; } if (/ nntp-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) /) { $in=$2; $out=$3; $t_nntp+=$in+$out; next; } elsif ( ( index($line,"sybase-gw") !=-1) && ( index($line,"out=") !=-1) ) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_sql+=$in+$out; next; } elsif ( ( index($line,"sql-gw") !=-1) && ( index($line,"out=") !=-1) ) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_sql+=$in+$out; next; } elsif ( ( index($line,"ftp-gw") !=-1) && ( index($line,"out=") !=-1) ) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_ftp+=$in+$out; next; } elsif ( ( index($line,"tn-gw") !=-1) && ( index($line,"out=") !=-1) ) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_tn+=$in+$out; next; } elsif ( ( index($line,"ra-gw") !=-1) && ( index($line,"out=") !=-1) ) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_rap+=$in+$out; next; } elsif (/ipmon\[\d+\]: .* NAT:EXPIRE (\S+),(\S+) \<- -\> (\S+) \[(\S+),(\S+)\] Pkts (\S+) Bytes (\S+)/) { $t_nat+=$7; next; } elsif ( index($line,"out=") !=-1) { @array=grep(/^in=/,@arr); @val=split(/=/,$array[0]); $in=$val[1]; @array=grep(/^out=/,@arr); @val=split(/=/,$array[0]); $out=$val[1]; $t_other+=$in+$out; next; } } close(IN); print "---------------------------------------------------", "----------------------------\n"; $ftotal=$total_http + $total_nntp + $total_smap + $total_sql + $total_ftp + $total_tn + $total_rap + $total_nat + $total_other; $kbps=$total_kbps/$loops; printf("Tot%8ld %6ld %6ld %5ld %6ld %6ld %6ld %6ld %5ld %7ld %4ld\n", $total_http, $total_nntp, $total_smap, $total_sql, $total_ftp, $total_tn, $total_rap, $total_nat, $total_other, $ftotal, $kbps); $p_http = $total_http * 100.00 / $ftotal; $p_nntp = $total_nntp * 100.00 / $ftotal; $p_smap = $total_smap * 100.00 / $ftotal; $p_sql = $total_sql * 100.00 / $ftotal; $p_ftp = $total_ftp * 100.00 / $ftotal; $p_tn = $total_tn * 100.00 / $ftotal; $p_rap = $total_rap * 100.00 / $ftotal; $p_nat = $total_nat * 100.00 / $ftotal; $p_other = $total_other * 100.00 / $ftotal; $p_kbps = $kbps * 100.00 / $max_kbps; $p_total = 100.00; print "---------------------------------------------------", "----------------------------\n"; printf("Pct %5.2f %6.2f %6.2f %5.2f %6.2f %6.2f %6.2f %6.2f %5.2f %7.2f %4.1f\n", $p_http, $p_nntp, $p_smap, $p_sql, $p_ftp, $p_tn, $p_rap, $p_nat, $p_other, $p_total, $p_kbps); #-------------------------------------------------------------------- sub case { local(*assoc,$_)=@_; for (split(/\n/)){ /^(\S+)\s+(.*)/; for (eval $1) { $assoc{$_}=$2; } } }