#!/usr/bin/perl # tell the web browser we're going to send it HTML text it needs to process # instead of plain text which it can display without processing print "Content-Type: text/html\n\n"; # variables $debug = 0; $linenumber = 0; $error = 0; # refresh how often? $refreshhours = 0; $refreshminutes = 6; $refreshseconds = 0; $refreshtime = ((($refreshhours*60)+$refreshminutes)*60)+$refreshseconds; # Version history # 1.0.0 Original program written # 1.1.0 Changed the output to HTML 4.01 compliant # 2.0.0 Changed the IP addresses to 4 sets of 3 numbers for ease of readability # 2.1.0 Added the ability of checking whois to the IP addresses with a single click # 2.1.1 Added comments and version number for addition to the CPAN archives # 2.1.2 Added better error handling # 2.2.0 changed the local net address selection and added both local net selections. # 3.0.0 Added a new feature to the get log program to allow it to work with logcleaner (strips out the overloads, updated the counter files) # skips 0.0.0.0 IP address. # Also fixed a minor bug in the local IP address filters. # 3.1.0 added a refresh to ensure acurateness of an access log if it's kept on. # $version = "GetLog version 3.1.0"; # The location of an apache log file in the following format # # 10.0.1.1 - - [15/Jan/2005:01:09:18 -0500] "GET /cgi-bin/getagentlog.cgi HTTP/1.1" 200 59734 # $mylogfilename = "/private/var/log/httpd/access_log"; # $mylogfilename = "/access.log"; $mytitle = "Access log"; # Create an error message if ($debug == 1) { $errormessage = join( "", "

Cannot open the access logs.
\n", $mylogfilename, "

\n\n"); } else { $errormessage = "\n\n

Cannot open the log file.

\n\n\n"; } # print a HTML header for the display print "\n"; print "\n"; print "\n"; print " ",$mytitle," \n"; print " \n"; print " \n"; print " \n"; print "\n"; print "\n"; print "\n\n\n\n

\n"; print "

",$mytitle,"

\n"; print "

",$version,"

\n"; print "

line number - IP address - date/time - method - file - protocol - result code - bytes served

\n"; print "

200 - file found and served
302 - file moved
304 - file has not changed
404 - file not found
500 - file access error, somebody tried to access a file outside the web server folder.

\n"; print "

\n\n\n"; # Open up the log file open(LOGFILE, $mylogfilename) or $error = 1; if ($error == 1) { print $errormessage; } else { # get the data @data = ; foreach $line(@data) { # get rid of the overload logs that Apache cannot filter out if (($line =~ m/^.*\"SEARCH.*\"/) or ($line =~ m/^.*\"CONNECT.*\"/)) { } else { # filter out the local net addresses (10.0.1.x and 192.168.1.x) if (($line =~ m/^10\D0\D1\D.*/) or ($line =~ m/^192\D168\D1\D.*/) or ($line =~ m/^0\D0\D0\D0\D.*/)) { } else { # convert the numbers into 3 digits each for easier readability # match first number in ip address if ($line =~ m/^\d\D/) { $first = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $first = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $first = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match second number in ip address if ($line =~ m/^\d\D/) { $second = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $second = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $second = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match third number in ip address if ($line =~ m/^\d\D/) { $third = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $third = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $third = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match fourth number in ip address if ($line =~ m/^\d\D/) { $fourth = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $fourth = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $fourth = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # convert the IP back into 4 sets of 3 digits $ip = join(".", $first, $second, $third, $fourth); # The URL of the whois server query $whois = join("", "http://ws.arin.net/cgi-bin/whois.pl?queryinput=", $ip); $linenumber++; $line =~ s/\n//; print "

",$linenumber,": ",$ip," ",$line,"

\n"; }; }; }; close(LOGFILE); if ($linenumber == 0) { print "

No log entries at this time. The log has just been freshly cleaned.

\n"; }; }; # print the HTML footer print "\n\n

\n"; print "

The End

\n"; print "

\n"; print "\n",; print "\n\n"; exit 0 ; =head1 getlog This script allows for ease of getting and reading the access logs of the website through a web page =head1 DESCRIPTION This script scans through the site's access log and ensures all IP addresses are 4 sets of 3 digits, adds a link to the whois page, and then displays that information to the screen. It strips out overloads and local accesses. =head1 README This script scans through the site's access log and ensures all IP addresses are 4 sets of 3 digits, adds a link to the whois page, and then displays that information to the screen. It strips out overloads and local accesses. You will also need a style sheet on your website according to the requisites you provide. =head1 PREREQUISITES The Apache web server and an access log. =head1 COREQUISITES CGI =pod OSNAMES any =pod SCRIPT CATEGORIES Web =cut

Cannot open the access logs.\n", $mylogfilename, "

Cannot open the log file.

",$mytitle,"

",$version,"

The End

Cannot open the access logs.
\n", $mylogfilename, "