3 # Written by David Augros <david@lightship.net>
7 use vars qw(%DATAFIELDS);
10 use Yaala::Parser::WebserverTools qw#%MONTH_NUMBERS#;
11 use Yaala::Data::Persistent qw#init#;
13 @Yaala::Parser::EXPORT_OK = qw#%DATAFIELDS parse extra#;
14 @Yaala::Parser::ISA = ('Exporter');
16 our $LASTDATE = init ('$LASTDATE', 'scalar');
17 our $EXTRA = init ('$EXTRA', 'hash');
19 if (!$$LASTDATE) { $$LASTDATE = 0; }
20 if (!defined ($EXTRA->{'total'})) { $EXTRA->{'total'} = 0; }
21 if (!defined ($EXTRA->{'days'} )) { $EXTRA->{'days'} = {}; }
25 (qw#kern user mail daemon auth syslog lpr
26 news uucp cron authpriv ftp
27 local0 local1 local2 local3
28 local4 local5 local6 local7#);
45 require Yaala::Data::Core;
46 import Yaala::Data::Core qw#store#;
48 my ($default_second, $default_minute, $default_hour, $default_day, $default_year) = (localtime ())[0,1,2,3,5];
49 my $default_month = (split (m/\s+/, scalar (localtime ())))[1];
50 $default_year += 1900;
52 my $VERSION = '$Id: Bind9.pm,v 1.4 2003/12/07 15:01:33 octo Exp $';
53 print STDERR $/, __FILE__, ": $VERSION" if ($::DEBUG);
59 my $line = shift or return undef;
60 #if ($line =~ m/^(?:(\w{3}) (\d+) (\d\d)[\d:\.]+ )?(?:(\w+): )?(?:(\w+): )?client ([\d\.])#\d+: query: (\S+) (\S+) (\S+)$/)
61 if ($line =~ m/^(?:(\w{3}) (\d+) (\d\d):(\d\d):(\d\d)\.(\d\d\d) )?(?:(\w+): )?(?:(\w+): )?client ([\d\.]+)#\d+: query: (\S+) (\S+) (\S+)$/)
63 my ($client, $query, $class, $type) = ($9, $10, $11, $12);
65 my ($month, $day, $hour, $minute, $second, $frac) =
67 $default_month, $default_day, $default_hour,
68 $default_minute, $default_second, '000'
71 if (defined ($1) and $1)
73 ($month, $day, $hour, $minute, $second, $frac) = ($MONTH_NUMBERS{$1},
76 print STDERR $/, __FILE__, ": $1" if (!$month);
78 my $tmp = int (sprintf ("%04u%02u%02u%02u%02u%02u%03u",
79 $default_year, $month, $day, $hour,
80 $minute, $second, $frac));
82 if ($tmp < $$LASTDATE)
84 print STDERR $/, __FILE__, ": Skipping.. ($tmp < $$LASTDATE)" if ($::DEBUG & 0x0200);
87 else { $$LASTDATE = $tmp; }
90 my $date = sprintf ("%04u-%02u-%02u",
91 $default_year, $month, $day);
93 my $category = '*UNKNOWN*';
94 my $severity = '*UNKNOWN*';
95 if (defined ($7) and $7 and defined ($8) and $8)
100 elsif (defined ($7) and $7)
102 if (defined ($severity{$7})) { $severity = $7; }
103 else { $category = $7; }
105 elsif (defined ($8) and $8)
107 if (defined ($severity{$8})) { $severity = $8; }
108 else { $category = $8; }
111 if ($query =~ m/in-addr\.arpa$/)
113 my @tmp = reverse (split (m/\./, $query));
116 $query = join ('.', @tmp);
120 $EXTRA->{'days'}{$date}++;
131 severity => $severity,
132 category => $category,
142 print $/, __FILE__, ": Unable to parse: $line";
148 my ($average, $days) = (0, 1);
150 return (0) unless ($EXTRA->{'total'});
152 $days = scalar (keys (%{$EXTRA->{'days'}}));
154 $::EXTRA->{'Total requests'} = $EXTRA->{'total'};
155 $::EXTRA->{'Average requests per day'} = sprintf ("%.1f", $EXTRA->{'total'} / $days);;
156 $::EXTRA->{'Reporting period'} = "$days days";