| hattori.hanzo |
10-05-2007 12:43 AM |
PIX Syslog Script
I am trying to get a pix syslog script to run. I found the script on a mailing list and would like to use it to make some sense of my logs.
Code:
#!/bin/sh -f
#
# PIX 6.2-6.3 syslog parser
# Lists incoming traffic by dest IP/port,
# source IP, service, and occurances.
#
# It's a shell script, so I guess it's Open Source. :-)
#
# Paul Melson (pmelson_at_analysts_dot_com)
#
if [ $1x = x ]; then echo "Usage: $0 <filename> <min. instances>"
exit 1
fi
if [ $2x != x ]; then lim=`expr $2`
else lim=10
fi
echo "`date` Parsing data..."
grep Built\ inbound\ TCP $1 |sed 's/\(.*\):\(.*\):\(.*\):\(.*\):\(.*\)\/\(.*\)\/\(.*\):\(.*\)\ \(.*\)/\8_from_\5/' >$1-inbound.tcp.tmp1 2>/dev/null
grep Built\ inbound\ UDP $1 |sed 's/\(.*\):\(.*\):\(.*\):\(.*\):\(.*\)\/\(.*\)\/\(.*\):\(.*\)\ \(.*\)/\8_from_\5/' >$1-inbound.udp.tmp1 2>/dev/null
echo -n "`date` Building report..."
date > $1-rpt.txt
echo "----------------------------" >> $1-rpt.txt
echo "Log file: $1" >> $1-rpt.txt
echo "Log file starts: `head -1 $1 |cut -f1-2`" >> $1-rpt.txt
echo "Log file ends: `tail -2 $1 |head -1 |cut -f1-2`" >> $1-rpt.txt
echo >> $1-rpt.txt
echo "Incoming TCP hosts/ports" >> $1-rpt.txt
echo "------------------------" >> $1-rpt.txt
for dst in `cat $1-inbound.tcp.tmp1 |sort -t . -n +0 -1 +1 -2 +2 -3 +3 -4 |uniq`
{
echo "${dst}"
num=`grep -c "${dst}" $1-inbound.tcp.tmp1`
if [ ${num} -gt ${lim} ]; then
prt=`echo $dst |cut -d/ -f2 |cut -d_ -f1`
echo "${dst}" >> $1-rpt.txt
echo "- Service: `grep -m1 ${prt}/tcp /etc/services |cut -f1-2`" >> $1-rpt.txt
echo "- Number of occurances: ${num}" >> $1-rpt.txt
echo >> $1-rpt.txt
fi
}
# rm $1-inbound.tcp.tmp1
echo >> $1-rpt.txt
echo "Incoming UDP hosts/ports" >> $1-rpt.txt
echo "------------------------" >> $1-rpt.txt
for dst in `cat $1-inbound.udp.tmp1 |sort -t . -n +0 -1 +1 -2 +2 -3 +3 -4 |uniq`
do
num=`grep -c "${dst}" $1-inbound.udp.tmp1`
if [ ${num} -gt ${lim} ]; then
prt=`echo $dst |cut -d/ -f2 |cut -d_ -f1`
num=`grep -c ${dst} $1-inbound.udp.tmp1`
echo "${dst}" >> $1-rpt.txt
echo "- Service: `grep -m1 ${prt}/udp /etc/services |cut -f1-2`" >> $1-rpt.txt
echo "- Number of occurances: ${num}" >> $1-rpt.txt
echo >> $1-rpt.txt
fi
done
# rm $1-inbound.udp.tmp1
echo " $1-rpt.txt done."
When I run the script, I get the following output:
Code:
[root@mybox ~]$ ./pix62-syslog-parser.sh
Usage: ./pix62-syslog-parser.sh <filename> <min. instances>
[root@mybox ~]$ ./pix62-syslog-parser.sh pix.log
Fri Oct 5 19:35:00 EST 2007 Parsing data...
Fri Oct 5 19:35:00 EST 2007 Building report...sort: invalid option -- 1
Try `sort --help' for more information.
sort: invalid option -- 1
Try `sort --help' for more information.
pix.log-rpt.txt done.
Does anyone know what could be wrong?
thanks in advance |
