Skip to content

Instantly share code, notes, and snippets.

@Generalelektrix

Generalelektrix/find_user.pl

Last active May 30, 2019 12:10
Show Gist options
  • Save Generalelektrix/6b288f4f42c34d951279 to your computer and use it in GitHub Desktop.
Save Generalelektrix/6b288f4f42c34d951279 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
find_user.pl
#!/usr/bin/perl
# Tracks a user in EZproxy logfiles with a given string and a given date
#
# Pierre Lemieux, April 17th 2015
# Université Laval
#
use strict;
use utf8;
use Getopt::Std;
use Date::Calc qw(:all);
use Sys::Hostname;
(my $host = uc(&hostname())) =~ s/\..+$//;
# EZproxy directory
my $rep = '/usr/local/ezproxy';
# Log files directory
my $rep_logs = "$rep/logs";
# Audit files directory
my $rep_audit = "$rep/audit";
my ($year, $month, $day, $string);
our ($opt_c, $opt_d);
getopts("c:d:");
if (defined $opt_c) {
$string = $opt_c;
if (defined $opt_d) {
$year = substr($opt_d, 0, 4);
$month = substr($opt_d, 4, 2);
$day = substr($opt_d, 6, 2);
usage() unless (check_date($year, $month, $day));
}
else { ($year, $month, $day) = split(/\-/, (split(/ /, &DATE_NOW(-86400)))[0]); } # Defaults to Yesterday
}
else {
usage();
}
print STDOUT "Looking for '$string' on '$host' with datestamp '$year$month$day'...\n";
my $log = "ezp$year$month$day.log";
my $audit = "$year$month$day.txt";
if (-e "$rep_logs/$log") {
# Scan log file for given string on given date
my @match;
open(LOG, "<$rep_logs/$log");
while (my $line = <LOG>) {
push(@match, $line) if $line =~ /\Q$string\E/i;
}
close(LOG);
if (scalar(@match) > 0) {
print STDOUT "\nLines of log file '$log' matching string: " . scalar(@match) . "\n";
# Looking up session IDs used for these downloads
my %sessions;
foreach my $li (@match) {
# Ex.: "- 123.123.123.123 qpz1ktzFSpGb8u5 [03/Mar/2015:17:59:18 -0500] "GET http://vendor.org:80..."
my $sess = (split(/\s+/, $li))[2];
$sessions{$sess} = 1;
}
print STDOUT "\nListing found session IDs:\n";
foreach my $sess (keys %sessions) { print STDOUT "$sess\n"; }
if (-e "$rep_audit/$audit") {
# Looking up session IDs in audit files (logins/logouts)
my %users;
open(AUDIT, "<$rep_audit/$audit");
while (my $ligne = <AUDIT>) {
if ($ligne =~ /Login\.Success/i) {
# Looking up usernames used to start EZproxy sessions
# Ex.: "2015-03-03 17:59:01 Login.Success 123.123.123.123 username qpz1ktzFSpGb8u5..."
my ($id, $sess_aud) = (split(/\s+/, $ligne))[4, 5];
$users{$id} = 1 if ($sessions{$sess_aud});
}
}
close(AUDIT);
if (scalar(keys %users) > 0) {
print STDOUT "\nList of usernames used to start these sessions:\n";
foreach my $id (keys %users) { print STDOUT "$id\n"; }
}
else { print STDOUT "No line of '$audit' contains these session IDs.\n"; }
}
else { print STDOUT "'$audit' audit file doesn't exist.\n"; }
}
else { print STDOUT "No line of log file '$log' contains string '$string'.\n"; }
}
else { print STDOUT "'$log' log file doesn't exist.\n"; }
exit;
sub usage {
print <<"END_OF_USAGE";
Usage:
find_user.pl -c<string> [-d<YYYYMMDD>]
Lookup a string in EZproxy log files and report user
associated with download.
Parameters:
-c string to lookup
-d Log file datestamp YYYYMMDD (defaults to yesterday)
END_OF_USAGE
exit;
}
sub DATE_NOW
{
my ($delay) = @_;
my ($sec, $min, $hour, $day_m, $month, $year, $day_w, $yday, $isdst) = localtime(time() + $delay);
my $time = sprintf("%d\-%02d\-%02d %02d:%02d:%02d", $year + 1900, $month + 1, $day_m, $hour, $min, $sec);
return($time);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment