Skip to content

Instantly share code, notes, and snippets.

@martinium
Last active October 3, 2022 03:54
Show Gist options
  • Save martinium/cf44daa3a5b647ca6be0dd509b56a2d8 to your computer and use it in GitHub Desktop.
Save martinium/cf44daa3a5b647ca6be0dd509b56a2d8 to your computer and use it in GitHub Desktop.
Checks a bunch of logs for certain criteria
import strutils
import std/[asyncfile, asyncdispatch, asyncfutures, os]
import times
var post = openAsync("post_" & $now().toTime().toUnix() & ".txt", fmWrite)
var error = openAsync("error_" & $now().toTime().toUnix() & ".txt", fmWrite)
var fail = openAsync("fail_" & $now().toTime().toUnix() & ".txt", fmWrite)
var auth = openAsync("auth_" & $now().toTime().toUnix() & ".txt", fmWrite)
var succ = openAsync("succ_" & $now().toTime().toUnix() & ".txt", fmWrite)
var users = openAsync("users_" & $now().toTime().toUnix() & ".txt", fmWrite)
var conn = openAsync("connections_" & $now().toTime().toUnix() & ".txt", fmWrite)
var login = openAsync("login_" & $now().toTime().toUnix() & ".txt", fmWrite)
var nobody = openAsync("nobody_" & $now().toTime().toUnix() & ".txt", fmWrite)
var admin = openAsync("admin_" & $now().toTime().toUnix() & ".txt", fmWrite)
var query = openAsync("query_" & $now().toTime().toUnix() & ".txt", fmWrite)
var select = openAsync("select_" & $now().toTime().toUnix() & ".txt", fmWrite)
# var bad_ip = openAsync("badip_" & $now().toTime().toUnix() & ".txt", fmWrite)
# var domain = openAsync("domain_" & $now().toTime().toUnix() & ".txt", fmWrite)
var sqli = openAsync("sqli_" & $now().toTime().toUnix() & ".txt", fmWrite)
proc parseLog() {.async.} =
for file in walkDirRec("/mnt/d/logs/"):
if ".log" in file:
var f = openAsync(file, fmRead)
var data = f.readAll()
# f.close()
for line in data.lines:
case line
of "POST":
echo line
await post.write(line & "\t" & file & "\n")
of "ERROR", "error":
echo line
await error.write(line & "\t" & file & "\n")
of "failed":
echo line
await fail.write(line & "\t" & file & "\n")
of "auth":
echo line
await auth.write(line & "\t" & file & "\n")
of "success":
echo line
await succ.write(line & "\t" & file & "\n")
of "user":
echo line
await users.write(line & "\t" & file & "\n")
of "connection success", "connection fail", "connect":
echo line
await conn.write(line & "\t" & file & "\n")
of "login":
echo line
await login.write(line & "\t" & file & "\n")
of "nobody":
echo line
await nobody.write(line & "\t" & file & "\n")
of "admin":
echo line
await admin.write(line & "\t" & file & "\n")
of "query", "QUERY":
echo line
await query.write(line & "\t" & file & "\n")
of "select", "SELECT":
echo line
await select.write(line & "\t" & file & "\n")
of "update", "where", "set", "insert":
echo line
await sqli.write(line & "\t" & file & "\n")
else:
discard
when isMainModule:
waitFor parseLog()
error.close()
fail.close()
auth.close()
succ.close()
users.close()
conn.close()
login.close()
nobody.close()
admin.close()
query.close()
select.close()
# badip.close()
# domain.close()
sqli.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment