Created
November 25, 2015 17:02
-
-
Save Generalelektrix/debf32f0c8b7cae913c4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# Lookup EZproxy log files for activity from a given user | |
# | |
# Pierre Lemieux, April 17th 2015 | |
# Université Laval | |
# | |
use strict; | |
use utf8; | |
use Getopt::Std; | |
use Date::Calc qw(:all); | |
use Sys::Hostname; | |
(my $host = uc(&hostname())) =~ s/\..+$//; | |
# EZproxy directory | |
my $rep = '/usr/local/ezproxy'; | |
# Log files directory | |
my $rep_logs = "$rep/logs"; | |
# Audit files directory | |
my $rep_audit = "$rep/audit"; | |
# Directory where to store report files from this script | |
# Important: You need to create this directory before running the script | |
my $rep_surv = "$rep/surveillance"; | |
my ($year, $month, $day, $username); | |
our ($opt_i, $opt_d); | |
getopts("i:d:"); | |
if (defined $opt_i) { | |
$username = $opt_i; | |
if (defined $opt_d) { | |
$year = substr($opt_d, 0, 4); | |
$month = substr($opt_d, 4, 2); | |
$day = substr($opt_d, 6, 2); | |
usage() unless (check_date($year, $month, $day)); | |
} | |
else { ($year, $month, $day) = split(/\-/, (split(/ /, &DATE_NOW(-86400)))[0]); } # Defaults to Yesterday | |
} | |
else { | |
usage(); | |
} | |
print STDOUT "Looking up activity for '$username' on '$host' with datestamp '$year$month$day'...\n"; | |
my $log = "ezp$year$month$day.log"; | |
my $audit = "$year$month$day.txt"; | |
if (-e "$rep_audit/$audit") { | |
# Looking up username in audit files to retrieve session IDs | |
my %sessions; | |
open(AUDIT, "<$rep_audit/$audit"); | |
while (my $line = <AUDIT>) { | |
if (($line =~ /\s$username\s/i) and ($line =~ /Login\.Success/i)) { | |
# Ex.: "2015-03-03 17:59:01 Login.Success 123.123.123.123 username qpz1ktzFSpGb8u5..." | |
my $sess = (split(/\s+/, $line))[5]; | |
$sessions{$sess} = 1; | |
} | |
} | |
close(AUDIT); | |
if (scalar(keys %sessions) > 0) { | |
print STDOUT "\nRetrieved session IDs for '$username' on '$year-$month-$day':\n"; | |
foreach my $sess (keys %sessions) { print STDOUT "$sess\n"; } | |
if (-e "$rep_logs/$log") { | |
# Looking up activities for retrieved session IDs | |
my @match_logs; | |
open(LOG, "<$rep_logs/$log"); | |
while (my $line = <LOG>) { | |
# Ex.: "- 123.123.123.123 qpz1ktzFSpGb8u5 [03/Mar/2015:17:59:18 -0500] "GET http://vendor.org:80..." | |
my $sess_log = (split(/\s+/, $line))[2]; | |
push(@match_logs, $line) if ($sessions{$sess_log}); | |
} | |
close(LOG); | |
if (scalar(@match_logs) > 0) { | |
print STDOUT "\nNumber of lines found in '$log' with session IDs started by '$username': " . scalar(@match_logs) . "\n"; | |
unlink("$rep_surv/$username\_$audit") if (-e "$rep_surv/$username\_$audit"); | |
open(RES, ">$rep_surv/$username\_$audit"); | |
foreach my $li (@match_logs) { print RES $li; } | |
close(RES); | |
print STDOUT "\nFile '$rep_surv/$username\_$audit' contains lines found.\n"; | |
} | |
else { print STDOUT "No line from '$rep_logs/$log' contains retrieved session IDs.\n"; } | |
} | |
else { print STDOUT "Log file '$rep_logs/$log' doesn't exist.\n"; } | |
} | |
else { print STDOUT "No session ID retrieved for user '$username'.\n"; } | |
} | |
else { print STDOUT "Audit file '$rep_audit/$audit' doesn't exist.\n"; } | |
exit; | |
sub usage { | |
print <<"END_OF_USAGE"; | |
Usage: | |
find_logs.pl -i<IDUL> [-d<YYYYMMDD>] | |
Lookup EZproxy log files for activity from a given user | |
Options: | |
-i username | |
-d Log file datestamp YYYYMMDD (defaults to yesterday) | |
Lines found will be written in a file named from username and datestamp | |
END_OF_USAGE | |
exit; | |
} | |
sub DATE_NOW | |
{ | |
my ($delay) = @_; | |
my ($sec, $min, $hour, $day_m, $month, $year, $day_w, $yday, $isdst) = localtime(time() + $delay); | |
my $time = sprintf("%d\-%02d\-%02d %02d:%02d:%02d", $year + 1900, $month + 1, $day_m, $hour, $min, $sec); | |
return($time); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment