From 5314f32a223d04a13d80ad3f3bd98b543d26733e Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 21 Jan 2015 18:37:54 +0000 Subject: [PATCH] Update log analysis script to use Maxmind GeoIP data --- bin/sumlogs | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/bin/sumlogs b/bin/sumlogs index 400a363..c46bcba 100755 --- a/bin/sumlogs +++ b/bin/sumlogs @@ -3,41 +3,34 @@ use strict; use warnings; -use Net::Patricia; +use Geo::IP; use YAML; -my $pt = new Net::Patricia; - -open(COUNTRIES, "< countries.conf") || die "Can't open /etc/powerdns/countries.conf"; - -while (my $line = ) -{ - if ($line =~ /^(\d+\.\d+\.\d+\.\d+\/\d+)\s+:127\.\d+\.\d+\.\d+:([a-z]{2})/) - { - my $address = $1; - my $country = uc($2); - - $pt->add_string($address, $country); - } -} - -close(COUNTRIES); - +my $gi = Geo::IP->open("/usr/share/GeoIP/GeoIP.dat", GEOIP_MEMORY_CACHE); my $total_bytes = 0; my %country_bytes; while (my $record = <>) { - if ($record =~ /^\d+\.\d+\s+\d+\s+(\d+\.\d+\.\d+\.\d+)\s+TCP_[A-Z_]+\/\d+\s+(\d+) (?:GET|HEAD|POST) /) + if ($record =~ /^\d+\.\d+\s+\d+\s+(\d+\.\d+\.\d+\.\d+)\s+TCP_[A-Z_]+\/\d+\s+(\d+) (?:GET|HEAD|POST|OPTIONS|PROPFIND) /) { my $ip = $1; my $bytes = $2; - my $country = $pt->match_string($ip); + my $country = $gi->country_code_by_addr($ip); - $country_bytes{$country} += $bytes if defined($country); + if (defined($country) && + $country ne "A1" && $country ne "A2" && + $country ne "01" && $country ne "--") + { + $country_bytes{$country} += $bytes; + } $total_bytes += $bytes; } + elsif ($record =~ /^\d+\.\d+\s+\d+\s+(\d+\.\d+\.\d+\.\d+)\s+TCP_DENIED\/\d+\s+(\d+) /) + { + # do nothing + } elsif ($record =~ /^\d+\.\d+\s+\d+\s+(\d+\.\d+\.\d+\.\d+)\s+UDP_[A-Z_]+\/\d+\s+(\d+) ICP_QUERY /) { # do nothing -- 2.39.5