#!/usr/bin/perl
## $Id: summ_complete.pl,v 1.2 2007/09/17 01:10:55 arkenoi Exp $
## ======================================================================== 
## fwtk-summ -- Summarise FWTK logs
## Author          : Mike Williams <mikew@pemail.net>
## ========================================================================
     
#=== Config ===============================================================
     
$top_max = 20;   # number of items to show in "top" lists
     
#=== Report printing routines =============================================
     
sub kB {
    local ($bytes) = @_;
    int( $bytes / 1024 );
}

#=== Collect stats ========================================================
     
while (<>) {
     
    @_ = split;
     
    if (/ (\S+)\[\d+\]: deny host=(\S+) (.*)/) {
     
 # $deny++;
 $deny_by_reason{$1,$2,$3}++;
     
    } elsif (/ tn-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+) duration=(\S+)/) {
     
 $tn_connect++;
 $tn_connect_by_host{$1}++;
 $tn_in += $2;
 $tn_out += $3;
 $tn_time += $5;
 $tn_in_by_host{$1} += $2;
 $tn_out_by_host{$1} += $3;
 $tn_time_by_host{$1} += $5;
     
    } elsif (/ rlogin-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+) duration=(\S+)/) {
     
 $tn_connect++;
 $tn_connect_by_host{$1}++;
 $tn_in += $2;
 $tn_out += $3;
 $tn_time += $5;
 $tn_in_by_host{$1} += $2;
 $tn_out_by_host{$1} += $3;
 $tn_time_by_host{$1} += $5;
     
    } elsif (/ rsh-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {
     
 $rsh_connect++;
 $rsh_connect_by_host{$1}++;
 $rsh_in += $2;
 $rsh_out += $3;
 $rsh_in_by_host{$1} += $2;
 $rsh_out_by_host{$1} += $3;
     
    } elsif (/ rexec-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {
     
 $rsh_connect++;
 $rsh_connect_by_host{$1}++;
 $rsh_in += $2;
 $rsh_out += $3;
 $rsh_in_by_host{$1} += $2;
 $rsh_out_by_host{$1} += $3;
     
    } elsif (/ lp-gw\[\d+\]: exit host=(\S+).* cmd=(\S+) .* in=(\S+) out=(\S+) /) {
     
 $lp_connect++;
 $lp_connect_by_host{$1}++;
 $lp_in += $3;
 $lp_out += $4;
 $lp_in_by_host{$1} += $3;
 $lp_out_by_host{$1} += $4;

 if ($2 eq "restart") {
   $lpc++;
   $lpc_by_host{$1}++;
 } elsif ($2 eq "print") {
   $lpr++;
   $lpr_by_host{$1}++;
 } elsif (substr($2,0,6)  eq "qstate") {
   $lpq++;
   $lpq_by_host{$1}++;
 } elsif ($2 eq "remove") {
   $lprm++;
   $lprm_by_host{$1}++;
 }
     
    } elsif (/ ftp-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/)
{
     
 $ftp_connect++;
 $ftp_connect_by_host{$1}++;
 $ftp_in += $2;
 $ftp_out += $3;
 $ftp_in_by_host{$1} += $2;
 $ftp_out_by_host{$1} += $3;

    } elsif (/ x-gw\[\d+\]: child exit host=(\S+).* display=(\S+):.* in=(\S+) out=(\S+)/) {

 $x_connect++;
 $x_connect_by_display{$2}++;
 $x_in += $3;
 $x_out += $4;
 $x_in_by_display{$2} += $3;
 $x_out_by_display{$2} += $4;
     
    } elsif (/ http-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/)
{
     
 $http_connect++;
 $http_connect_by_host{$1}++;
 $http_in += $2;
 $http_out += $3;
 $http_in_by_host{$1} += $2;
 $http_out_by_host{$1} += $3;
     
    } elsif (/ http-gw\[\d+\]: log .* cmd=get dest=([^ :]+)/) {
     
 # $http_gets++;
 $http_gets_by_dest{$1}++;
     
     
    } elsif (/ squid-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+) duration=(\S+) cmd=\'.*:\/\/([^ :\/]+)/) {
     
 $http_connect++;
 $http_connect_by_host{$1}++;
 $http_in += $2;
 $http_out += $3;
 $http_in_by_host{$1} += $2;
 $http_out_by_host{$1} += $3;
 $http_gets_by_dest{$6}++;
     
    } elsif (/ nntp-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+)/) {

 $nntp_connect++;
 $nntp_connect_by_host{$1}++;
 $nntp_in += $2;
 $nntp_out += $3;
 $nntp_in_by_host{$1} += $2;
 $nntp_out_by_host{$1} += $3;
     
    } elsif (/ ra-gw\[\d+\]: exit host=(\S+).* destination=(\S+) in=(\S+) out=(\S+)/) {

 $ra_connect++;
 $ra_connect_by_host{$1}++;
 $ra_in += $3;
 $ra_out += $4;
 $ra_in_by_host{$1} += $3;
 $ra_out_by_host{$1} += $4;
     
    } elsif (/ irc-gw\[\d+\]: exit host=(\S+).* dccs=(\S+) in=(\S+) out=(\S+).* duration=(\S+)/) {

 $irc_connect++;
 $irc_connect_by_host{$1}++;
 $dccs += $2;
 $dccs_by_host{$1} += $2;
 $irc_in += $3;
 $irc_out += $4;
 $irc_time += $5;
 $irc_in_by_host{$1} += $3;
 $irc_out_by_host{$1} += $4;
 $irc_time_by_host{$1} += $5;
     
    } elsif (/ pop3-gw\[\d+\]: exit host=(\S+).* dest=(\S+) in=(\S+) out=(\S+)/) {

 $pop_connect++;
 $pop_connect_by_host{$1}++;
 $pop_in += $3;
 $pop_out += $4;
 $pop_in_by_host{$1} += $3;
 $pop_out_by_host{$1} += $4;
     
    } elsif (/ ms-sql-gw\[\d+\]: exit host=(\S+).* destination=(\S+) in=(\S+) out=(\S+)/) {

 $sql_connect++;
 $sql_connect_by_host{$1}++;
 $sql_in += $3;
 $sql_out += $4;
 $sql_in_by_host{$1} += $3;
 $sql_out_by_host{$1} += $4;

    } elsif (/ sybase-gw\[\d+\]: exit host=(\S+).* destination=(\S+) in=(\S+) out=(\S+)/) {

 $sql_connect++;
 $sql_connect_by_host{$1}++;
 $sql_in += $3;
 $sql_out += $4;
 $sql_in_by_host{$1} += $3;
 $sql_out_by_host{$1} += $4;

    } elsif (/ (\S+)\[\d+\]: disconnect host=(\S+) destination=(\S+) in=(\S+) out=(\S+) duration=(\S+)/) {
     
 $plug_connect++;
 $plug_in += $4;
 $plug_out += $5;
 $plug_time += $6;
 $plug_connect_by_plug{$2,$3}++;
 $plug_connect_by_service{$1}++;
 $plug_in_by_service{$1} += $4;
 $plug_out_by_service{$1} += $5;
 $plug_in_by_plug{$2,$3} += $4;
 $plug_out_by_plug{$2,$3} += $5;
 $plug_time_by_plug{$2,$3} += $6;
     
    } elsif (/ipmon\[\d+\]: .* NAT:EXPIRE (\S+),(\S+) \<- -\> (\S+) \[(\S+),(\S+)\] Pkts (\S+) Bytes (\S+)/) {

 $nat_connect++;
 $nat_io += $7;
 $nat_connect_by_src{$1}++;
 $nat_io_by_src{$1} += $7;
 $nat_connect_by_port{$5}++;
 $nat_io_by_port{$5} += $7;
 
    } elsif (/ authsrv\[\d+\]: /) {
     
 if (/: AUTHENTICATE (\S+)/) {
     $auth_user{$1}++;
     $auth_okay{$1}++;
 } elsif (/: BADAUTH (\S+)/) {
     $auth_user{$1}++;
     $auth_bad{$1}++;
 } elsif (!/LIST/) {
     s/.* authsrv\[\d+\]: //;
     $authops .= $_;
 }

    } elsif (/ login: login on .* as (\S+)/) {

 $console_logins{$1}++;
 $logins{$1}++;

    } elsif (/ sshd\[\d+\]: log: login user (\S+) from/) {

 $remote_logins{$1}++;
 $logins{$1}++;

     
    } elsif (($host,$bytes,$from,$to) =
      / smap\[\d+\]: host=(\S+) bytes=(\S+) from=(\S+) to=(\S+)/) {
     
 $from =~ tr/A-Z/a-z/;
 $to =~ tr/A-Z/a-z/;
     
 $smap_messages++;
 $smap_messages_by_host{$host}++;
 $smap_messages_by_sender{$from}++;
 $smap_messages_by_recipient{$to}++;
 $smap_bytes += $bytes;
 $smap_bytes_by_host{$host} += $bytes; 
 $smap_bytes_by_sender{$from} += $bytes; 
 $smap_bytes_by_recipient{$to} += $bytes;
     
    } elsif (($host,$from,$to,$bytes) =
      / smtpd\[\d+\]: relay=(\S+) from=(\S+) to=(\S+) bytes=(\S+)/) {
     
 $from =~ tr/A-Z/a-z/;
 $to =~ tr/A-Z/a-z/;
     
 $smap_messages++;
 $smap_messages_by_host{$host}++;
 $smap_messages_by_sender{$from}++;
 $smap_messages_by_recipient{$to}++;
 $smap_bytes += $bytes;
 $smap_bytes_by_host{$host} += $bytes; 
 $smap_bytes_by_sender{$from} += $bytes; 
 $smap_bytes_by_recipient{$to} += $bytes;
     
    } elsif (/ netacl\[\d+\]: permit host=(\S+) service=(\S+) /) {
     
 $netacl_by_service_and_host{$2,$1}++;
     
    }
     
}
     
#=== Authentication management ============================================
     
if (keys %logins) {

    print <<EOF;

*** Administrative logins
User        Local Remote
----        ----- ------
EOF

    for $user (sort keys %logins) {
 printf( "%-12s %4d  %4d\n", $user, $console_logins{$user}, $remote_logins{$user} );
    }
}

if ($authops) {
     
    print <<EOF;
     
*** Authentication Management Operations 
Message
-------
EOF
    print $authops;
     
}
     
#=== Authentications ======================================================
     
if (keys %auth_user) {
     
    print <<EOF;
     
*** User Authentications
User          Okay  Bad
----          ----  ---
EOF
     
    for $user (sort keys %auth_user) {
 printf( "%-12s  %4d %4d\n", $user, $auth_okay{$user}, $auth_bad{$user} );
    }
     
}
     
#=== Rejected connections =================================================
     
if (keys %deny_by_reason) {
     
    print <<EOF;
     
*** Rejected connections
Tries  Service  Host/Address                         Action 
-----  -------  ------------                         ------ 
EOF
     
    for $key (sort keys %deny_by_reason) {
 $attempts = $deny_by_reason{$key};
 ($service, $host, $reason) = split( $;, $key ); 
 printf( "%5d  %-8s %-36s %s\n", $attempts, $service, $host, $reason );
    }
     
}
     
#=== TELNET usage =========================================================
     
if (keys %tn_connect_by_host) {
     
    print <<EOF;
     
*** Interactive session (TELNET and RLOGIN) usage
Connects  In(kB) Out(kB) Time(m) Host/Address 
--------  ------ ------- -------  ------------ 
EOF
     
    for $host (sort { ($tn_connect_by_host{$b} <=> 
         $tn_connect_by_host{$a} ||
         $a cmp $b) }
        keys %tn_connect_by_host) {
 printf( "%8d %7d %7d %7d %-40s\n",
        $tn_connect_by_host{$host}, 
        &kB( $tn_in_by_host{$host} ), &kB( $tn_out_by_host{$host} ), 
        $tn_time_by_host{$host}/60,$host );
    }
    print( ' ' x 33, '=' x 10, "\n" );
    printf( "%8d %7d %7d %7d TOTAL\n", 
    $tn_connect, &kB($tn_in), &kB($tn_out), $tn_time/60 );
     
}

#=== RSH usage =========================================================
     
if (keys %rsh_connect_by_host) {
     
    print <<EOF;
     
*** Remote execution services (RSH and REXEC) usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($rsh_connect_by_host{$b} <=> 
         $rsh_connect_by_host{$a} ||
         $a cmp $b) }
        keys %rsh_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $rsh_connect_by_host{$host}, 
        &kB( $rsh_in_by_host{$host} ), &kB( $rsh_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $rsh_connect, &kB($rsh_in), &kB($rsh_out) );
     
}
#=== X usage ==============================================================

if (keys %x_connect_by_display) {
     
    print <<EOF;
     
*** X usage
Connects  In(kB) Out(kB)  X Server 
--------  ------ -------  -------- 
EOF
     
    for $host (sort { ($x_connect_by_display{$b} <=> 
         $x_connect_by_display{$a} ||
         $a cmp $b) }
        keys %x_connect_by_display) {
 printf( "%8d %7d %7d  %-40s\n",
        $x_connect_by_display{$host}, 
        &kB( $x_in_by_display{$host} ), &kB( $x_out_by_display{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $x_connect, &kB($x_in), &kB(x_out) );
}     
     
#=== LP usage =============================================================

if (keys %lp_connect_by_host) {
     
    print <<EOF;
     
*** LP usage
Connects  lpc  lpr  lpq  lprm In(kB) Out(kB)  Host/Address 
--------  ---  ---  ---  ---- ------ -------  ------------ 
EOF
     
    for $host (sort { ($lp_in_by_host{$b} <=> 
         $lp_in_by_host{$a} ||
         $a cmp $b) }
        keys %lp_in_by_host) {
 printf( "%8d %4d %4d %4d %4d %7d %7d  %-32s\n",
        $lp_connect_by_host{$host}, $lpc_by_host{$host},
	$lpr_by_host{$host},$lpq_by_host{$host},$lprm_by_host{$host},
        &kB( $lp_in_by_host{$host} ), &kB( $lp_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 46, '=' x 10, "\n" );
    printf( "%8d %4d %4d %4d %4d %7d %7d  TOTAL\n", 
    $lp_connect, $lpc, $lpr, $lpq , $lprm, &kB($lp_in), &kB(lp_out) );
}     
     
#=== FTP usage ============================================================
     
if (keys %ftp_connect_by_host) {
     
    print <<EOF;
     
*** FTP usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($ftp_connect_by_host{$b} <=> 
         $ftp_connect_by_host{$a} ||
         $a cmp $b) }
        keys %ftp_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $ftp_connect_by_host{$host}, 
        &kB( $ftp_in_by_host{$host} ), &kB( $ftp_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $ftp_connect, &kB($ftp_in), &kB($ftp_out) );
     
}
     
#=== HTTP usage ===========================================================
     
if (keys %http_connect_by_host) {
     
    print <<EOF;
     
*** HTTP usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($http_in_by_host{$b} <=> 
         $http_in_by_host{$a} ||
         $a cmp $b) }
        keys %http_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $http_connect_by_host{$host}, 
        &kB( $http_in_by_host{$host} ), &kB( $http_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $http_connect, &kB($http_in), &kB($http_out) );
     
}
     
#if (keys %squid_gets_by_dest) {
#     
#    print <<EOF;
#     
#*** Top $top_max HTTP destinations
#    Gets  Host/Address
#    ----  ------------
#EOF
#     
#    $top = 0;
#    for $dest (sort { ($squid_gets_by_dest{$b} <=> $squid_gets_by_dest{$a} ||
#         $a cmp $b) }
#        keys %squid_gets_by_dest ) {
# last if (++$top > $top_max);
# printf( "%8d  %-40s\n", $squid_gets_by_dest{$dest}, $dest );
#    }
#     
#}

#=== RealAudio usage ======================================================

if (keys %ra_connect_by_host) {
     
    print <<EOF;
     
*** RealAudio usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($ra_in_by_host{$b} <=> 
         $ra_in_by_host{$a} ||
         $a cmp $b) }
        keys %ra_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $ra_connect_by_host{$host}, 
        &kB( $ra_in_by_host{$host} ), &kB( $ra_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $ra_connect, &kB($ra_in), &kB($ra_out) );
}
     
#=== PLUG-GW usage ========================================================
     
if (keys %plug_connect_by_plug) {
     
    print <<EOF;

*** PLUG-GW usage
Connects  In(kB) Out(kB)  Proxy name
--------  ------ -------  ----------
EOF

    for $plug (sort { ($plug_connect_by_service{$b} <=> 
         $plug_connect_by_service{$a} ||
         $a cmp $b) }
        keys %plug_connect_by_service) {
 printf( "%8d %7d %7d  %s\n",
        $plug_connect_by_service{$plug}, 
        &kB( $plug_in_by_service{$plug} ), 
        &kB( $plug_out_by_service{$plug} ), 
        $plug );
    }
    print <<EOF;
     
Connects  In(kB) Out(kB)  To/From
--------  ------ -------  ---------- 
EOF
     
    for $plug (sort { ($plug_connect_by_plug{$b} <=> 
         $plug_connect_by_plug{$a} ||
         $a cmp $b) }
        keys %plug_connect_by_plug) {
 my ($from, $to) = split( $;, $plug ); 
 printf( "%8d %7d %7d  %s\n",
        $plug_connect_by_plug{$plug}, 
        &kB( $plug_in_by_plug{$plug} ), 
        &kB( $plug_out_by_plug{$plug} ), 
        $to );
 print( ' ' x 29, $from, "\n" );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $plug_connect, &kB($plug_in), &kB($plug_out) );
}
     
#=== NNTP usage ===========================================================

if (keys %nntp_connect_by_host) {
     
    print <<EOF;
     
*** NNTP usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($nntp_in_by_host{$b} <=> 
         $nntp_in_by_host{$a} ||
         $a cmp $b) }
        keys %nntp_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $nntp_connect_by_host{$host}, 
        &kB( $nntp_in_by_host{$host} ), &kB( $nntp_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $nntp_connect, &kB($nntp_in), &kB($nntp_out) );
}
     
#=== pop3 usage ===========================================================

if (keys %pop_connect_by_host) {
     
    print <<EOF;
     
*** POP3 usage
Connects  In(kB) Out(kB)  Host/Address 
--------  ------ -------  ------------ 
EOF
     
    for $host (sort { ($pop_in_by_host{$b} <=> 
         $pop_in_by_host{$a} ||
         $a cmp $b) }
        keys %pop_connect_by_host) {
 printf( "%8d %7d %7d  %-40s\n",
        $pop_connect_by_host{$host}, 
        &kB( $pop_in_by_host{$host} ), &kB( $pop_out_by_host{$host} ), 
        $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
    $pop_connect, &kB($pop_in), &kB($pop_out) );
}
#=== SMAP usage ===========================================================
     
if ($smap_messages) {
     
    print <<EOF;
     
*** Top $top_max SMTP clients
Messages Thru(kB)  Host/Address
-------- --------  ------------
EOF
     
    $top = 0;
    for $host (sort 
        { ($smap_messages_by_host{$b} <=> $smap_messages_by_host{$a} ||
    $smap_bytes_by_host{$b} <=> $smap_bytes_by_host{$a} || 
    $a cmp $b) }
        keys %smap_messages_by_host) {
 last if (++$top > $top_max);
 printf( "%8d %8d  %-55s\n",
        $smap_messages_by_host{$host}, 
        &kB( $smap_bytes_by_host{$host} ),
        $host );
    }
    print( ' ' x 19, '=' x 10, "\n" );
    printf( "%8d %8d  TOTAL\n", $smap_messages, &kB($smap_bytes) );
     
    print <<EOF;
     
*** Top $top_max SMTP senders
Messages Thru(kB)  Sender
-------- --------  ------
EOF
     
    $top = 0;
    for $sender (sort { ($smap_messages_by_sender{$b} <=> 
    $smap_messages_by_sender{$a} ||
    $smap_bytes_by_sender{$b} <=> 
    $smap_bytes_by_sender{$a} ||
    $a cmp $b) }
   keys %smap_messages_by_sender) {
 last if (++$top > $top_max);
 printf( "%8d %8d  %-55s\n",
        $smap_messages_by_sender{$sender}, 
        &kB( $smap_bytes_by_sender{$sender} ), 
        $sender );
    }
     
    print <<EOF;
     
*** Top $top_max SMTP recipients
Messages Thru(kB)  Recipient
-------- --------  ---------
EOF
     
    $top = 0;
    for $recipient (sort { ($smap_messages_by_recipient{$b} <=> 
       $smap_messages_by_recipient{$a} || 
       $smap_bytes_by_recipient{$b} <=> 
       $smap_bytes_by_recipient{$a} || 
       $a cmp $b) }
   keys %smap_messages_by_recipient) {
 last if (++$top > $top_max);
 printf( "%8d %8d  %-55s\n",
        $smap_messages_by_recipient{$recipient}, 
        &kB( $smap_bytes_by_recipient{$recipient} ), 
        $recipient );
    }
     
}
     
#=== irc usage ============================================================

if (keys %irc_connect_by_host) {
     
    print <<EOF;
     
*** IRC usage
Connects DCCs In(kB) Out(kB) Time(m) Host/Address 
-------- ---- ------ ------- ------- ------------ 
EOF
     
    for $host (sort { ($irc_in_by_host{$b} <=> 
         $irc_in_by_host{$a} ||
         $a cmp $b) }
        keys %irc_connect_by_host) {
 printf( "%8d %4d %6d %7d %7d %-40s\n",
        $irc_connect_by_host{$host}, $dccs_by_host{$host},
        &kB( $irc_in_by_host{$host} ), &kB( $irc_out_by_host{$host} ), 
        $irc_time_by_host{$host}/60, $host );
    }
    print( ' ' x 37, '=' x 10, "\n" );
    printf( "%8d %4d %6d %7d %7d TOTAL\n", 
    $irc_connect, $dccs, &kB($irc_in), &kB($irc_out), $irc_time/60 );
}
     
#=== Netacl connections =================================================

if (keys %netacl_by_service_and_host) {
     
    print <<EOF;
     
*** netacl connections
Connects Service    Host/Address
-------- -------    ------------
EOF
     
    for $key (sort keys %netacl_by_service_and_host) {
 ($service, $host) = split( $;, $key ); 
 printf( "%8d %-10s %-40s\n", $netacl_by_service_and_host{$key},
        $service, $host );
    }
     
}
     
#=== NAT statistics =====================================================

if ($nat_connect) {

    print <<EOF;

*** NAT usage summary - top users
Connects Thru(kB) Host
-------- -------- ----
EOF

    for $host (sort { ($nat_connect_by_src{$b} <=>
		     $nat_connect_by_src{$a} ||
	             $a cmp $b) }
	keys %nat_connect_by_src) {
	  printf("%8d %8d %-30s \n",$nat_connect_by_src{$host},
	         &kB($nat_io_by_src{$host}),$host);
        }

    printf("\n");
    print <<EOF;

*** NAT usage summary - top services
Connects Thru(kB) Service
-------- -------- -------
EOF

    for $port (sort { ($nat_connect_by_port{$b} <=>
		     $nat_connect_by_port{$a} ||
	             $a cmp $b) }
	keys %nat_connect_by_port) {
	  printf("%8d %8d %-30s \n",$nat_connect_by_port{$port},
	         &kB($nat_io_by_port{$port}),$port);
	}
    print( ' ' x 18, '=' x 7, "\n");
    printf("%8d %8d TOTAL \n",$nat_connect,&kB($nat_io));

}

##=== END of fwtk-summ ====================================================