rorysavage77/something.rb

## something.rb
modSecurityLog="./logs/modsec_audit.log"
securityString1="POST /activfoundation/login/oauth/facebook/callback"
securityString2="HTTP/1.1 400 Bad Request"
detailString="CF-Connecting-IP:"
modsecLogFile="./logs/modsec_audit.log"

$/ = "-Z--\n"; 							## Input Record Seperator to create chunk

iparray = []
timeary = []
instanceHash = {}
timecount=0
ipcount=0

file = File.open("#{modsecLogFile}", "r")
file.each_line do |chunk|

  if chunk.include?("#{securityString1}") and chunk.include?("#{securityString2}")
    $/ = "\n";

    chunk.each_line do |line|
      if line.include?("[")
         timeary << line[1..20] if line =~ /\[/
         timecount += 1
      elsif line.include?("#{detailString}")
         iparray << line.split("#{detailString} ", 2) if line =~ /#{detailString} (\d+.\d+.\d+.\d+)/
         ipcount += 1
      end
    end
  end
end
file.close

for i in 0..timecount
  timevr = timeary[i] unless timeary[i].nil?
  ipaddr = iparray[i].join unless iparray[i].nil?; ipaddr.chomp!
  instanceHash[i] = { "time" => timevr, "ipaddr" => ipaddr }
end

instanceHash.each do |k,v|
  puts "key: #{k}, value: #{v}"
end


Hash "instanceHash" contents
key: 0, value: {"time"=>"22/Mar/2015:13:38:34", "ipaddr"=>"94.20.224.52"}
key: 1, value: {"time"=>"22/Mar/2015:13:38:36", "ipaddr"=>"94.20.224.52"}
key: 2, value: {"time"=>"22/Mar/2015:13:38:36", "ipaddr"=>"94.20.224.52"}
key: 3, value: {"time"=>"22/Mar/2015:14:14:09", "ipaddr"=>"79.36.167.218"}
key: 4, value: {"time"=>"22/Mar/2015:15:32:23", "ipaddr"=>"79.36.167.218"}
key: 5, value: {"time"=>"24/Mar/2015:05:01:27", "ipaddr"=>"73.164.37.32"}
key: 6, value: {"time"=>"24/Mar/2015:14:35:06", "ipaddr"=>"84.237.160.136"}
key: 7, value: {"time"=>"27/Mar/2015:06:27:37", "ipaddr"=>"217.24.242.98"}
key: 8, value: {"time"=>"27/Mar/2015:08:49:28", "ipaddr"=>"217.24.242.98"}
key: 9, value: {"time"=>"27/Mar/2015:20:18:15", "ipaddr"=>"99.100.77.173"}
key: 10, value: {"time"=>"28/Mar/2015:11:39:40", "ipaddr"=>"146.185.36.103"}
key: 11, value: {"time"=>"28/Mar/2015:11:39:55", "ipaddr"=>"146.185.36.103"}
key: 12, value: {"time"=>"28/Mar/2015:11:59:53", "ipaddr"=>"146.185.36.103"}
key: 13, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
key: 14, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
key: 15, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
key: 16, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
key: 17, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
key: 18, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	modSecurityLog="./logs/modsec_audit.log"
	securityString1="POST /activfoundation/login/oauth/facebook/callback"
	securityString2="HTTP/1.1 400 Bad Request"
	detailString="CF-Connecting-IP:"
	modsecLogFile="./logs/modsec_audit.log"

	$/ = "-Z--\n"; ## Input Record Seperator to create chunk

	iparray = []
	timeary = []
	instanceHash = {}
	timecount=0
	ipcount=0

	file = File.open("#{modsecLogFile}", "r")
	file.each_line do \|chunk\|

	if chunk.include?("#{securityString1}") and chunk.include?("#{securityString2}")
	$/ = "\n";

	chunk.each_line do \|line\|
	if line.include?("[")
	timeary << line[1..20] if line =~ /\[/
	timecount += 1
	elsif line.include?("#{detailString}")
	iparray << line.split("#{detailString} ", 2) if line =~ /#{detailString} (\d+.\d+.\d+.\d+)/
	ipcount += 1
	end
	end
	end
	end
	file.close

	for i in 0..timecount
	timevr = timeary[i] unless timeary[i].nil?
	ipaddr = iparray[i].join unless iparray[i].nil?; ipaddr.chomp!
	instanceHash[i] = { "time" => timevr, "ipaddr" => ipaddr }
	end

	instanceHash.each do \|k,v\|
	puts "key: #{k}, value: #{v}"
	end



	Hash "instanceHash" contents
	key: 0, value: {"time"=>"22/Mar/2015:13:38:34", "ipaddr"=>"94.20.224.52"}
	key: 1, value: {"time"=>"22/Mar/2015:13:38:36", "ipaddr"=>"94.20.224.52"}
	key: 2, value: {"time"=>"22/Mar/2015:13:38:36", "ipaddr"=>"94.20.224.52"}
	key: 3, value: {"time"=>"22/Mar/2015:14:14:09", "ipaddr"=>"79.36.167.218"}
	key: 4, value: {"time"=>"22/Mar/2015:15:32:23", "ipaddr"=>"79.36.167.218"}
	key: 5, value: {"time"=>"24/Mar/2015:05:01:27", "ipaddr"=>"73.164.37.32"}
	key: 6, value: {"time"=>"24/Mar/2015:14:35:06", "ipaddr"=>"84.237.160.136"}
	key: 7, value: {"time"=>"27/Mar/2015:06:27:37", "ipaddr"=>"217.24.242.98"}
	key: 8, value: {"time"=>"27/Mar/2015:08:49:28", "ipaddr"=>"217.24.242.98"}
	key: 9, value: {"time"=>"27/Mar/2015:20:18:15", "ipaddr"=>"99.100.77.173"}
	key: 10, value: {"time"=>"28/Mar/2015:11:39:40", "ipaddr"=>"146.185.36.103"}
	key: 11, value: {"time"=>"28/Mar/2015:11:39:55", "ipaddr"=>"146.185.36.103"}
	key: 12, value: {"time"=>"28/Mar/2015:11:59:53", "ipaddr"=>"146.185.36.103"}
	key: 13, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	key: 14, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	key: 15, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	key: 16, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	key: 17, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}
	key: 18, value: {"time"=>"28/Mar/2015:19:41:28", "ipaddr"=>"37.145.136.226"}