Last active
May 30, 2019 12:10
-
-
Save Generalelektrix/6b288f4f42c34d951279 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# Tracks a user in EZproxy logfiles with a given string and a given date | |
# | |
# Pierre Lemieux, April 17th 2015 | |
# Université Laval | |
# | |
use strict; | |
use utf8; | |
use Getopt::Std; | |
use Date::Calc qw(:all); | |
use Sys::Hostname; | |
(my $host = uc(&hostname())) =~ s/\..+$//; | |
# EZproxy directory | |
my $rep = '/usr/local/ezproxy'; | |
# Log files directory | |
my $rep_logs = "$rep/logs"; | |
# Audit files directory | |
my $rep_audit = "$rep/audit"; | |
my ($year, $month, $day, $string); | |
our ($opt_c, $opt_d); | |
getopts("c:d:"); | |
if (defined $opt_c) { | |
$string = $opt_c; | |
if (defined $opt_d) { | |
$year = substr($opt_d, 0, 4); | |
$month = substr($opt_d, 4, 2); | |
$day = substr($opt_d, 6, 2); | |
usage() unless (check_date($year, $month, $day)); | |
} | |
else { ($year, $month, $day) = split(/\-/, (split(/ /, &DATE_NOW(-86400)))[0]); } # Defaults to Yesterday | |
} | |
else { | |
usage(); | |
} | |
print STDOUT "Looking for '$string' on '$host' with datestamp '$year$month$day'...\n"; | |
my $log = "ezp$year$month$day.log"; | |
my $audit = "$year$month$day.txt"; | |
if (-e "$rep_logs/$log") { | |
# Scan log file for given string on given date | |
my @match; | |
open(LOG, "<$rep_logs/$log"); | |
while (my $line = <LOG>) { | |
push(@match, $line) if $line =~ /\Q$string\E/i; | |
} | |
close(LOG); | |
if (scalar(@match) > 0) { | |
print STDOUT "\nLines of log file '$log' matching string: " . scalar(@match) . "\n"; | |
# Looking up session IDs used for these downloads | |
my %sessions; | |
foreach my $li (@match) { | |
# Ex.: "- 123.123.123.123 qpz1ktzFSpGb8u5 [03/Mar/2015:17:59:18 -0500] "GET http://vendor.org:80..." | |
my $sess = (split(/\s+/, $li))[2]; | |
$sessions{$sess} = 1; | |
} | |
print STDOUT "\nListing found session IDs:\n"; | |
foreach my $sess (keys %sessions) { print STDOUT "$sess\n"; } | |
if (-e "$rep_audit/$audit") { | |
# Looking up session IDs in audit files (logins/logouts) | |
my %users; | |
open(AUDIT, "<$rep_audit/$audit"); | |
while (my $ligne = <AUDIT>) { | |
if ($ligne =~ /Login\.Success/i) { | |
# Looking up usernames used to start EZproxy sessions | |
# Ex.: "2015-03-03 17:59:01 Login.Success 123.123.123.123 username qpz1ktzFSpGb8u5..." | |
my ($id, $sess_aud) = (split(/\s+/, $ligne))[4, 5]; | |
$users{$id} = 1 if ($sessions{$sess_aud}); | |
} | |
} | |
close(AUDIT); | |
if (scalar(keys %users) > 0) { | |
print STDOUT "\nList of usernames used to start these sessions:\n"; | |
foreach my $id (keys %users) { print STDOUT "$id\n"; } | |
} | |
else { print STDOUT "No line of '$audit' contains these session IDs.\n"; } | |
} | |
else { print STDOUT "'$audit' audit file doesn't exist.\n"; } | |
} | |
else { print STDOUT "No line of log file '$log' contains string '$string'.\n"; } | |
} | |
else { print STDOUT "'$log' log file doesn't exist.\n"; } | |
exit; | |
sub usage { | |
print <<"END_OF_USAGE"; | |
Usage: | |
find_user.pl -c<string> [-d<YYYYMMDD>] | |
Lookup a string in EZproxy log files and report user | |
associated with download. | |
Parameters: | |
-c string to lookup | |
-d Log file datestamp YYYYMMDD (defaults to yesterday) | |
END_OF_USAGE | |
exit; | |
} | |
sub DATE_NOW | |
{ | |
my ($delay) = @_; | |
my ($sec, $min, $hour, $day_m, $month, $year, $day_w, $yday, $isdst) = localtime(time() + $delay); | |
my $time = sprintf("%d\-%02d\-%02d %02d:%02d:%02d", $year + 1900, $month + 1, $day_m, $hour, $min, $sec); | |
return($time); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment