6 use vars qw(%names %datafields);
9 use Config qw#get_config read_config#;
13 @Yaala::Parser::EXPORT_OK = qw#parse extra %datafields#;
15 @Yaala::Parser::ISA = ('Exporter');
17 print STDERR "\nparser/netacct: Using NET-ACCT format" if $::DEBUG;
18 # FIXME: pass month, date and hour in seconds to properly format and sort.
20 read_config ('netacct.config');
21 for (get_config ('alias'))
24 my ($name, $ips) = split (m/:/, $_);
25 my @ips = split (m/,/, $ips);
27 for (grep { m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ } @ips)
37 destination => 'key:host',
38 destinationport => 'key',
44 packetcount => 'amount:number',
45 bytes => 'amount:bytes',
46 connections => 'amount:number'
49 # This needs to be done at runtime, since Data uses Setup which relies on
50 # %datafields to be defined -octo
52 import Yaala::Data qw#store#;
58 my $line = shift or return undef;
60 my @data = split (/[\t\s]+/, $line, 10);
62 # Initialize the variables that we can get out of
64 my ($epoch, $protocol, $source_ip, $source_port, $dest_ip,
65 $dest_port, $packet_count, $data_size, $interface,
68 my ($hour, $day, $month, $year) = (localtime ($epoch))[2,3,4,5];
69 ++$month; $year += 1900;
70 my $date = sprintf ("%04u-%02u-%02u", $year, $month, $day);
71 $hour = sprintf ("%02u", $hour);
72 $month = sprintf ("%02u", $month);
74 # And now initialize all the variables we will use
75 # to get more information out of each field..
77 if ($protocol == 1) { $protocol = 'ICMP'; }
78 elsif ($protocol == 6) { $protocol = 'TCP'; }
79 elsif ($protocol == 17) { $protocol = 'UDP'; }
81 if (defined $names{$source_ip}) { $source_ip = $names{$source_ip}; }
82 elsif ($source_ip eq '127.0.0.1') { $source_ip = 'localhost'; }
83 elsif ($source_ip =~ /^192\.168\./) { $source_ip = 'lan'; }
84 else { $source_ip = 'extern'; }
86 if (defined $names{$dest_ip}) { $dest_ip = $names{$dest_ip}; }
87 elsif ($dest_ip eq '127.0.0.1') { $dest_ip = 'localhost'; }
88 elsif ($dest_ip =~ /^192\.168\./) { $dest_ip = 'lan'; }
89 else { $dest_ip = 'extern'; }
92 'protocol' => $protocol,
93 'source' => $source_ip,
94 'sourceport' => $source_port,
95 'destination' => $dest_ip,
96 'destinationport'=> $dest_port,
97 'packetcount' => $packet_count,
98 'interface' => $interface,
100 'bytes' => $data_size,